diff options
| author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2022-10-30 18:12:02 +0100 |
|---|---|---|
| committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2022-10-30 18:12:02 +0100 |
| commit | 1f3c9b4ae26ce1d46d954d509b83b8684ada5625 (patch) | |
| tree | 260b922ec4d5d153cc6db745e27931cfd464472f /src/plugins/lanplus/lanplus_crypt_impl.c | |
| parent | 8fcf0ba6f182918bd584bb80bf0b8998acad26a8 (diff) | |
| parent | 8b758ee941f4c1ffea0532caa74b1fcd8101d1d8 (diff) | |
Merge branch 'release/debian/1.8.19-1'debian/1.8.19-1
Diffstat (limited to 'src/plugins/lanplus/lanplus_crypt_impl.c')
| -rw-r--r-- | src/plugins/lanplus/lanplus_crypt_impl.c | 60 |
1 files changed, 38 insertions, 22 deletions
diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c index d5fac37..7603e6d 100644 --- a/src/plugins/lanplus/lanplus_crypt_impl.c +++ b/src/plugins/lanplus/lanplus_crypt_impl.c @@ -102,7 +102,7 @@ lanplus_rand(uint8_t * buffer, uint32_t num_bytes) * param mac specifies the algorithm to be used, currently SHA1, SHA256 and MD5 * are supported * param key is the key used for HMAC generation - * param key_len is the lenght of key + * param key_len is the length of key * param d is the data to be MAC'd * param n is the length of the data at d * param md is the result of the HMAC algorithm @@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - + EVP_CIPHER_CTX *ctx = NULL; *bytes_written = 0; @@ -182,6 +178,18 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "encrypting this data"); } + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) { + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_init(ctx); +#else + EVP_CIPHER_CTX_reset(ctx); +#endif + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); /* * The default implementation adds a whole block of padding if the input @@ -191,28 +199,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ *bytes_written = 0; - return; } else { uint32_t tmplen; - if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); } @@ -239,11 +247,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - + EVP_CIPHER_CTX *ctx = NULL; if (verbose >= 5) { @@ -252,12 +256,24 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "decrypting this data"); } - *bytes_written = 0; if (input_length == 0) return; + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) { + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_init(ctx); +#else + EVP_CIPHER_CTX_reset(ctx); +#endif + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); + /* * The default implementation adds a whole block of padding if the input * data is perfectly aligned. We would like to keep that from happening. @@ -266,33 +282,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); *bytes_written = 0; - return; } else { uint32_t tmplen; - if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ char buffer[1000]; ERR_error_string(ERR_get_error(), buffer); lprintf(LOG_DEBUG, "the ERR error %s", buffer); lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); if (verbose >= 5) { |