xref: /freebsd/crypto/openssl/apps/enc.c (revision ab0b9f6b3073e6c4d1dfbf07444d7db67a189a96)
1 /* apps/enc.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62 #include "apps.h"
63 #include <openssl/bio.h>
64 #include <openssl/err.h>
65 #include <openssl/evp.h>
66 #include <openssl/objects.h>
67 #include <openssl/x509.h>
68 #include <openssl/rand.h>
69 #include <openssl/pem.h>
70 #include <openssl/comp.h>
71 #include <ctype.h>
72 
73 int set_hex(char *in,unsigned char *out,int size);
74 #undef SIZE
75 #undef BSIZE
76 #undef PROG
77 
78 #define SIZE	(512)
79 #define BSIZE	(8*1024)
80 #define	PROG	enc_main
81 
82 static void show_ciphers(const OBJ_NAME *name,void *bio_)
83 	{
84 	BIO *bio=bio_;
85 	static int n;
86 
87 	if(!islower((unsigned char)*name->name))
88 		return;
89 
90 	BIO_printf(bio,"-%-25s",name->name);
91 	if(++n == 3)
92 		{
93 		BIO_printf(bio,"\n");
94 		n=0;
95 		}
96 	else
97 		BIO_printf(bio," ");
98 	}
99 
100 int MAIN(int, char **);
101 
102 int MAIN(int argc, char **argv)
103 	{
104 	static const char magic[]="Salted__";
105 	char mbuf[sizeof magic-1];
106 	char *strbuf=NULL;
107 	unsigned char *buff=NULL,*bufsize=NULL;
108 	int bsize=BSIZE,verbose=0;
109 	int ret=1,inl;
110 	int nopad = 0;
111 	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
112 	unsigned char salt[PKCS5_SALT_LEN];
113 	char *str=NULL, *passarg = NULL, *pass = NULL;
114 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
115 	char *md=NULL;
116 	int enc=1,printkey=0,i,base64=0;
117 #ifdef ZLIB
118 	int do_zlib=0;
119 	BIO *bzl = NULL;
120 #endif
121 	int debug=0,olb64=0,nosalt=0;
122 	const EVP_CIPHER *cipher=NULL,*c;
123 	EVP_CIPHER_CTX *ctx = NULL;
124 	char *inf=NULL,*outf=NULL;
125 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
126 #define PROG_NAME_SIZE  39
127 	char pname[PROG_NAME_SIZE+1];
128 #ifndef OPENSSL_NO_ENGINE
129 	char *engine = NULL;
130 #endif
131 	const EVP_MD *dgst=NULL;
132 	int non_fips_allow = 0;
133 
134 	apps_startup();
135 
136 	if (bio_err == NULL)
137 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
138 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
139 
140 	if (!load_config(bio_err, NULL))
141 		goto end;
142 
143 	/* first check the program name */
144 	program_name(argv[0],pname,sizeof pname);
145 	if (strcmp(pname,"base64") == 0)
146 		base64=1;
147 #ifdef ZLIB
148 	if (strcmp(pname,"zlib") == 0)
149 		do_zlib=1;
150 #endif
151 
152 	cipher=EVP_get_cipherbyname(pname);
153 #ifdef ZLIB
154 	if (!do_zlib && !base64 && (cipher == NULL)
155 				&& (strcmp(pname,"enc") != 0))
156 #else
157 	if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
158 #endif
159 		{
160 		BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
161 		goto bad;
162 		}
163 
164 	argc--;
165 	argv++;
166 	while (argc >= 1)
167 		{
168 		if	(strcmp(*argv,"-e") == 0)
169 			enc=1;
170 		else if (strcmp(*argv,"-in") == 0)
171 			{
172 			if (--argc < 1) goto bad;
173 			inf= *(++argv);
174 			}
175 		else if (strcmp(*argv,"-out") == 0)
176 			{
177 			if (--argc < 1) goto bad;
178 			outf= *(++argv);
179 			}
180 		else if (strcmp(*argv,"-pass") == 0)
181 			{
182 			if (--argc < 1) goto bad;
183 			passarg= *(++argv);
184 			}
185 #ifndef OPENSSL_NO_ENGINE
186 		else if (strcmp(*argv,"-engine") == 0)
187 			{
188 			if (--argc < 1) goto bad;
189 			engine= *(++argv);
190 			}
191 #endif
192 		else if	(strcmp(*argv,"-d") == 0)
193 			enc=0;
194 		else if	(strcmp(*argv,"-p") == 0)
195 			printkey=1;
196 		else if	(strcmp(*argv,"-v") == 0)
197 			verbose=1;
198 		else if	(strcmp(*argv,"-nopad") == 0)
199 			nopad=1;
200 		else if	(strcmp(*argv,"-salt") == 0)
201 			nosalt=0;
202 		else if	(strcmp(*argv,"-nosalt") == 0)
203 			nosalt=1;
204 		else if	(strcmp(*argv,"-debug") == 0)
205 			debug=1;
206 		else if	(strcmp(*argv,"-P") == 0)
207 			printkey=2;
208 		else if	(strcmp(*argv,"-A") == 0)
209 			olb64=1;
210 		else if	(strcmp(*argv,"-a") == 0)
211 			base64=1;
212 		else if	(strcmp(*argv,"-base64") == 0)
213 			base64=1;
214 #ifdef ZLIB
215 		else if	(strcmp(*argv,"-z") == 0)
216 			do_zlib=1;
217 #endif
218 		else if (strcmp(*argv,"-bufsize") == 0)
219 			{
220 			if (--argc < 1) goto bad;
221 			bufsize=(unsigned char *)*(++argv);
222 			}
223 		else if (strcmp(*argv,"-k") == 0)
224 			{
225 			if (--argc < 1) goto bad;
226 			str= *(++argv);
227 			}
228 		else if (strcmp(*argv,"-kfile") == 0)
229 			{
230 			static char buf[128];
231 			FILE *infile;
232 			char *file;
233 
234 			if (--argc < 1) goto bad;
235 			file= *(++argv);
236 			infile=fopen(file,"r");
237 			if (infile == NULL)
238 				{
239 				BIO_printf(bio_err,"unable to read key from '%s'\n",
240 					file);
241 				goto bad;
242 				}
243 			buf[0]='\0';
244 			if (!fgets(buf,sizeof buf,infile))
245 				{
246 				BIO_printf(bio_err,"unable to read key from '%s'\n",
247 					file);
248 				goto bad;
249 				}
250 			fclose(infile);
251 			i=strlen(buf);
252 			if ((i > 0) &&
253 				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
254 				buf[--i]='\0';
255 			if ((i > 0) &&
256 				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
257 				buf[--i]='\0';
258 			if (i < 1)
259 				{
260 				BIO_printf(bio_err,"zero length password\n");
261 				goto bad;
262 				}
263 			str=buf;
264 			}
265 		else if (strcmp(*argv,"-K") == 0)
266 			{
267 			if (--argc < 1) goto bad;
268 			hkey= *(++argv);
269 			}
270 		else if (strcmp(*argv,"-S") == 0)
271 			{
272 			if (--argc < 1) goto bad;
273 			hsalt= *(++argv);
274 			}
275 		else if (strcmp(*argv,"-iv") == 0)
276 			{
277 			if (--argc < 1) goto bad;
278 			hiv= *(++argv);
279 			}
280 		else if (strcmp(*argv,"-md") == 0)
281 			{
282 			if (--argc < 1) goto bad;
283 			md= *(++argv);
284 			}
285 		else if (strcmp(*argv,"-non-fips-allow") == 0)
286 			non_fips_allow = 1;
287 		else if	((argv[0][0] == '-') &&
288 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
289 			{
290 			cipher=c;
291 			}
292 		else if (strcmp(*argv,"-none") == 0)
293 			cipher=NULL;
294 		else
295 			{
296 			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
297 bad:
298 			BIO_printf(bio_err,"options are\n");
299 			BIO_printf(bio_err,"%-14s input file\n","-in <file>");
300 			BIO_printf(bio_err,"%-14s output file\n","-out <file>");
301 			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
302 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
303 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
304 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
305 			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
306 			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
307 			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
308 			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
309 			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
310 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
311 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
312 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
313 			BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
314 #ifndef OPENSSL_NO_ENGINE
315 			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
316 #endif
317 
318 			BIO_printf(bio_err,"Cipher Types\n");
319 			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
320 					       show_ciphers,
321 					       bio_err);
322 			BIO_printf(bio_err,"\n");
323 
324 			goto end;
325 			}
326 		argc--;
327 		argv++;
328 		}
329 
330 #ifndef OPENSSL_NO_ENGINE
331         setup_engine(bio_err, engine, 0);
332 #endif
333 
334 	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
335 		{
336 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
337 		goto end;
338 		}
339 
340 	if (dgst == NULL)
341 		{
342 		dgst = EVP_md5();
343 		}
344 
345 	if (bufsize != NULL)
346 		{
347 		unsigned long n;
348 
349 		for (n=0; *bufsize; bufsize++)
350 			{
351 			i= *bufsize;
352 			if ((i <= '9') && (i >= '0'))
353 				n=n*10+i-'0';
354 			else if (i == 'k')
355 				{
356 				n*=1024;
357 				bufsize++;
358 				break;
359 				}
360 			}
361 		if (*bufsize != '\0')
362 			{
363 			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
364 			goto end;
365 			}
366 
367 		/* It must be large enough for a base64 encoded line */
368 		if (base64 && n < 80) n=80;
369 
370 		bsize=(int)n;
371 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
372 		}
373 
374 	strbuf=OPENSSL_malloc(SIZE);
375 	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
376 	if ((buff == NULL) || (strbuf == NULL))
377 		{
378 		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
379 		goto end;
380 		}
381 
382 	in=BIO_new(BIO_s_file());
383 	out=BIO_new(BIO_s_file());
384 	if ((in == NULL) || (out == NULL))
385 		{
386 		ERR_print_errors(bio_err);
387 		goto end;
388 		}
389 	if (debug)
390 		{
391 		BIO_set_callback(in,BIO_debug_callback);
392 		BIO_set_callback(out,BIO_debug_callback);
393 		BIO_set_callback_arg(in,(char *)bio_err);
394 		BIO_set_callback_arg(out,(char *)bio_err);
395 		}
396 
397 	if (inf == NULL)
398 	        {
399 #ifndef OPENSSL_NO_SETVBUF_IONBF
400 		if (bufsize != NULL)
401 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
402 #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
403 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
404 	        }
405 	else
406 		{
407 		if (BIO_read_filename(in,inf) <= 0)
408 			{
409 			perror(inf);
410 			goto end;
411 			}
412 		}
413 
414 	if(!str && passarg) {
415 		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
416 			BIO_printf(bio_err, "Error getting password\n");
417 			goto end;
418 		}
419 		str = pass;
420 	}
421 
422 	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
423 		{
424 		for (;;)
425 			{
426 			char buf[200];
427 
428 			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
429 				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
430 				     (enc)?"encryption":"decryption");
431 			strbuf[0]='\0';
432 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
433 			if (i == 0)
434 				{
435 				if (strbuf[0] == '\0')
436 					{
437 					ret=1;
438 					goto end;
439 					}
440 				str=strbuf;
441 				break;
442 				}
443 			if (i < 0)
444 				{
445 				BIO_printf(bio_err,"bad password read\n");
446 				goto end;
447 				}
448 			}
449 		}
450 
451 
452 	if (outf == NULL)
453 		{
454 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
455 #ifndef OPENSSL_NO_SETVBUF_IONBF
456 		if (bufsize != NULL)
457 			setvbuf(stdout, (char *)NULL, _IONBF, 0);
458 #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
459 #ifdef OPENSSL_SYS_VMS
460 		{
461 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
462 		out = BIO_push(tmpbio, out);
463 		}
464 #endif
465 		}
466 	else
467 		{
468 		if (BIO_write_filename(out,outf) <= 0)
469 			{
470 			perror(outf);
471 			goto end;
472 			}
473 		}
474 
475 	rbio=in;
476 	wbio=out;
477 
478 #ifdef ZLIB
479 
480 	if (do_zlib)
481 		{
482 		if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
483 			goto end;
484 		if (enc)
485 			wbio=BIO_push(bzl,wbio);
486 		else
487 			rbio=BIO_push(bzl,rbio);
488 		}
489 #endif
490 
491 	if (base64)
492 		{
493 		if ((b64=BIO_new(BIO_f_base64())) == NULL)
494 			goto end;
495 		if (debug)
496 			{
497 			BIO_set_callback(b64,BIO_debug_callback);
498 			BIO_set_callback_arg(b64,(char *)bio_err);
499 			}
500 		if (olb64)
501 			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
502 		if (enc)
503 			wbio=BIO_push(b64,wbio);
504 		else
505 			rbio=BIO_push(b64,rbio);
506 		}
507 
508 	if (cipher != NULL)
509 		{
510 		/* Note that str is NULL if a key was passed on the command
511 		 * line, so we get no salt in that case. Is this a bug?
512 		 */
513 		if (str != NULL)
514 			{
515 			/* Salt handling: if encrypting generate a salt and
516 			 * write to output BIO. If decrypting read salt from
517 			 * input BIO.
518 			 */
519 			unsigned char *sptr;
520 			if(nosalt) sptr = NULL;
521 			else {
522 				if(enc) {
523 					if(hsalt) {
524 						if(!set_hex(hsalt,salt,sizeof salt)) {
525 							BIO_printf(bio_err,
526 								"invalid hex salt value\n");
527 							goto end;
528 						}
529 					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
530 						goto end;
531 					/* If -P option then don't bother writing */
532 					if((printkey != 2)
533 					   && (BIO_write(wbio,magic,
534 							 sizeof magic-1) != sizeof magic-1
535 					       || BIO_write(wbio,
536 							    (char *)salt,
537 							    sizeof salt) != sizeof salt)) {
538 						BIO_printf(bio_err,"error writing output file\n");
539 						goto end;
540 					}
541 				} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
542 					  || BIO_read(rbio,
543 						      (unsigned char *)salt,
544 				    sizeof salt) != sizeof salt) {
545 					BIO_printf(bio_err,"error reading input file\n");
546 					goto end;
547 				} else if(memcmp(mbuf,magic,sizeof magic-1)) {
548 				    BIO_printf(bio_err,"bad magic number\n");
549 				    goto end;
550 				}
551 
552 				sptr = salt;
553 			}
554 
555 			EVP_BytesToKey(cipher,dgst,sptr,
556 				(unsigned char *)str,
557 				strlen(str),1,key,iv);
558 			/* zero the complete buffer or the string
559 			 * passed from the command line
560 			 * bug picked up by
561 			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
562 			if (str == strbuf)
563 				OPENSSL_cleanse(str,SIZE);
564 			else
565 				OPENSSL_cleanse(str,strlen(str));
566 			}
567 		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
568 			{
569 			BIO_printf(bio_err,"invalid hex iv value\n");
570 			goto end;
571 			}
572 		if ((hiv == NULL) && (str == NULL)
573 		    && EVP_CIPHER_iv_length(cipher) != 0)
574 			{
575 			/* No IV was explicitly set and no IV was generated
576 			 * during EVP_BytesToKey. Hence the IV is undefined,
577 			 * making correct decryption impossible. */
578 			BIO_printf(bio_err, "iv undefined\n");
579 			goto end;
580 			}
581 		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
582 			{
583 			BIO_printf(bio_err,"invalid hex key value\n");
584 			goto end;
585 			}
586 
587 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
588 			goto end;
589 
590 		/* Since we may be changing parameters work on the encryption
591 		 * context rather than calling BIO_set_cipher().
592 		 */
593 
594 		BIO_get_cipher_ctx(benc, &ctx);
595 
596 		if (non_fips_allow)
597 			EVP_CIPHER_CTX_set_flags(ctx,
598 				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
599 
600 		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
601 			{
602 			BIO_printf(bio_err, "Error setting cipher %s\n",
603 				EVP_CIPHER_name(cipher));
604 			ERR_print_errors(bio_err);
605 			goto end;
606 			}
607 
608 		if (nopad)
609 			EVP_CIPHER_CTX_set_padding(ctx, 0);
610 
611 		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
612 			{
613 			BIO_printf(bio_err, "Error setting cipher %s\n",
614 				EVP_CIPHER_name(cipher));
615 			ERR_print_errors(bio_err);
616 			goto end;
617 			}
618 
619 		if (debug)
620 			{
621 			BIO_set_callback(benc,BIO_debug_callback);
622 			BIO_set_callback_arg(benc,(char *)bio_err);
623 			}
624 
625 		if (printkey)
626 			{
627 			if (!nosalt)
628 				{
629 				printf("salt=");
630 				for (i=0; i<(int)sizeof(salt); i++)
631 					printf("%02X",salt[i]);
632 				printf("\n");
633 				}
634 			if (cipher->key_len > 0)
635 				{
636 				printf("key=");
637 				for (i=0; i<cipher->key_len; i++)
638 					printf("%02X",key[i]);
639 				printf("\n");
640 				}
641 			if (cipher->iv_len > 0)
642 				{
643 				printf("iv =");
644 				for (i=0; i<cipher->iv_len; i++)
645 					printf("%02X",iv[i]);
646 				printf("\n");
647 				}
648 			if (printkey == 2)
649 				{
650 				ret=0;
651 				goto end;
652 				}
653 			}
654 		}
655 
656 	/* Only encrypt/decrypt as we write the file */
657 	if (benc != NULL)
658 		wbio=BIO_push(benc,wbio);
659 
660 	for (;;)
661 		{
662 		inl=BIO_read(rbio,(char *)buff,bsize);
663 		if (inl <= 0) break;
664 		if (BIO_write(wbio,(char *)buff,inl) != inl)
665 			{
666 			BIO_printf(bio_err,"error writing output file\n");
667 			goto end;
668 			}
669 		}
670 	if (!BIO_flush(wbio))
671 		{
672 		BIO_printf(bio_err,"bad decrypt\n");
673 		goto end;
674 		}
675 
676 	ret=0;
677 	if (verbose)
678 		{
679 		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
680 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
681 		}
682 end:
683 	ERR_print_errors(bio_err);
684 	if (strbuf != NULL) OPENSSL_free(strbuf);
685 	if (buff != NULL) OPENSSL_free(buff);
686 	if (in != NULL) BIO_free(in);
687 	if (out != NULL) BIO_free_all(out);
688 	if (benc != NULL) BIO_free(benc);
689 	if (b64 != NULL) BIO_free(b64);
690 #ifdef ZLIB
691 	if (bzl != NULL) BIO_free(bzl);
692 #endif
693 	if(pass) OPENSSL_free(pass);
694 	apps_shutdown();
695 	OPENSSL_EXIT(ret);
696 	}
697 
698 int set_hex(char *in, unsigned char *out, int size)
699 	{
700 	int i,n;
701 	unsigned char j;
702 
703 	n=strlen(in);
704 	if (n > (size*2))
705 		{
706 		BIO_printf(bio_err,"hex string is too long\n");
707 		return(0);
708 		}
709 	memset(out,0,size);
710 	for (i=0; i<n; i++)
711 		{
712 		j=(unsigned char)*in;
713 		*(in++)='\0';
714 		if (j == 0) break;
715 		if ((j >= '0') && (j <= '9'))
716 			j-='0';
717 		else if ((j >= 'A') && (j <= 'F'))
718 			j=j-'A'+10;
719 		else if ((j >= 'a') && (j <= 'f'))
720 			j=j-'a'+10;
721 		else
722 			{
723 			BIO_printf(bio_err,"non-hex digit\n");
724 			return(0);
725 			}
726 		if (i&1)
727 			out[i/2]|=j;
728 		else
729 			out[i/2]=(j<<4);
730 		}
731 	return(1);
732 	}
733