From c4c8791e145a7cb2d59e73410505e36e4d57ff78 Mon Sep 17 00:00:00 2001 From: EasySec Date: Sat, 30 Dec 2017 16:19:47 +0100 Subject: change salt handling, way 1 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/4486) --- apps/enc.c | 74 ++++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 41 insertions(+), 33 deletions(-) diff --git a/apps/enc.c b/apps/enc.c index 4339ba4114..32ed08d943 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -429,14 +429,11 @@ int enc_main(int argc, char **argv) } if (cipher != NULL) { - /* - * Note that str is NULL if a key was passed on the command line, so - * we get no salt in that case. Is this a bug? - */ - if (str != NULL) { + if (str != NULL) { /* a passphrase is available */ /* - * Salt handling: if encrypting generate a salt and write to - * output BIO. If decrypting read salt from input BIO. + * Salt handling: if encrypting generate a salt if not supplied, + * and write to output BIO. If decrypting use salt from input BIO + * if not given with args */ unsigned char *sptr; size_t str_len = strlen(str); @@ -444,36 +441,47 @@ int enc_main(int argc, char **argv) if (nosalt) { sptr = NULL; } else { - if (enc) { - if (hsalt) { - if (!set_hex(hsalt, salt, sizeof(salt))) { - BIO_printf(bio_err, "invalid hex salt value\n"); + if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) { + BIO_printf(bio_err, "invalid hex salt value\n"); + goto end; + } + if (enc) { /* encryption */ + if (hsalt == NULL) { + if (RAND_bytes(salt, sizeof(salt)) <= 0) { + BIO_printf(bio_err, "RAND_bytes failed\n"); + goto end; + } + /* + * If -P option then don't bother writing. + * If salt is given, shouldn't either ? + */ + if ((printkey != 2) + && (BIO_write(wbio, magic, + sizeof(magic) - 1) != sizeof(magic) - 1 + || BIO_write(wbio, + (char *)salt, + sizeof(salt)) != sizeof(salt))) { + BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if (RAND_bytes(salt, sizeof(salt)) <= 0) { - goto end; } - /* - * If -P option then don't bother writing - */ - if ((printkey != 2) - && (BIO_write(wbio, magic, - sizeof(magic) - 1) != sizeof(magic) - 1 - || BIO_write(wbio, - (char *)salt, - sizeof(salt)) != sizeof(salt))) { - BIO_printf(bio_err, "error writing output file\n"); - goto end; + } else { /* decryption */ + if (hsalt == NULL) { + if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) { + BIO_printf(bio_err, "error reading input file\n"); + goto end; + } + if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */ + if (BIO_read(rbio, salt, + sizeof(salt)) != sizeof(salt)) { + BIO_printf(bio_err, "error reading input file\n"); + goto end; + } + } else { /* file is NOT salted, NO salt available */ + BIO_printf(bio_err, "bad magic number\n"); + goto end; + } } - } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf) - || BIO_read(rbio, - (unsigned char *)salt, - sizeof(salt)) != sizeof(salt)) { - BIO_printf(bio_err, "error reading input file\n"); - goto end; - } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) { - BIO_printf(bio_err, "bad magic number\n"); - goto end; } sptr = salt; } -- cgit v1.2.3