diff options
author | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2017-01-03 02:33:44 +0100 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff-webhosting.net> | 2017-01-03 02:33:44 +0100 |
commit | f85b8b834b7ff85c80503faa73f237040330087b (patch) | |
tree | 595cb1ac38c0a8222c9a768b3c0523e36c063be4 /lib/lanplus | |
parent | db5e8f26947114f06480dd22b9db7e22e50ee133 (diff) |
New upstream version 3.0.1upstream/3.0.1
Diffstat (limited to 'lib/lanplus')
-rw-r--r-- | lib/lanplus/lanplus_crypt.c | 27 | ||||
-rw-r--r-- | lib/lanplus/lanplus_crypt_impl.c | 56 |
2 files changed, 56 insertions, 27 deletions
diff --git a/lib/lanplus/lanplus_crypt.c b/lib/lanplus/lanplus_crypt.c index 7f3095e..5554898 100644 --- a/lib/lanplus/lanplus_crypt.c +++ b/lib/lanplus/lanplus_crypt.c @@ -623,11 +623,14 @@ int lanplus_generate_sik(struct ipmi_session * session) switch(session->v2_data.auth_alg) { case IPMI_AUTH_RAKP_HMAC_SHA1 : - if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_MD5 : - if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_SHA256: - if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; + break; default : unsupported = 1; break; } if (unsupported) { /*was assert*/ @@ -685,11 +688,14 @@ int lanplus_generate_k1(struct ipmi_session * session) switch(session->v2_data.auth_alg) { case IPMI_AUTH_RAKP_HMAC_SHA1 : - if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_MD5 : - if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_SHA256: - if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; + break; default : unsupported = 1; break; } if (unsupported) { /*was assert*/ @@ -743,11 +749,14 @@ int lanplus_generate_k2(struct ipmi_session * session) switch(session->v2_data.auth_alg) { case IPMI_AUTH_RAKP_HMAC_SHA1 : - if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_MD5 : - if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_SHA256: - if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; + break; default : unsupported = 1; break; } if (unsupported) { /*was assert*/ diff --git a/lib/lanplus/lanplus_crypt_impl.c b/lib/lanplus/lanplus_crypt_impl.c index d12ad9c..1daf230 100644 --- a/lib/lanplus/lanplus_crypt_impl.c +++ b/lib/lanplus/lanplus_crypt_impl.c @@ -196,10 +196,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, { int nwritten = 0; int inlen = 0; + EVP_CIPHER_CTX *pctx; +#ifdef SSL11 + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + pctx = ctx; +#else EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); + pctx = &ctx; +#endif + EVP_CIPHER_CTX_init(pctx); + EVP_EncryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(pctx, 0); *bytes_written = 0; if (input_length == 0) return; @@ -219,28 +226,29 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); inlen = input_length; - if(!EVP_EncryptUpdate(&ctx, output, &nwritten, input, inlen)) + if(!EVP_EncryptUpdate(pctx, output, &nwritten, input, inlen)) { - /* Error */ - *bytes_written = 0; - return; + *bytes_written = 0; /* Error */ } else { int tmplen; - if(!EVP_EncryptFinal_ex(&ctx, output + nwritten, &tmplen)) + if(!EVP_EncryptFinal_ex(pctx, output + nwritten, &tmplen)) { - *bytes_written = 0; - return; /* Error */ + *bytes_written = 0; /* Error */ } else { /* Success */ *bytes_written = nwritten + tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_cleanup(pctx); } } +#ifdef SSL11 + EVP_CIPHER_CTX_free(ctx); +#endif + return; } @@ -268,10 +276,17 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, { int nwritten = 0; int inlen = 0; + EVP_CIPHER_CTX *pctx; +#ifdef SSL11 + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + pctx = ctx; +#else EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); + pctx = &ctx; +#endif + EVP_CIPHER_CTX_init(pctx); + EVP_DecryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(pctx, 0); if (verbose >= 5) { @@ -291,7 +306,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); inlen = input_length; - if (!EVP_DecryptUpdate(&ctx, output, &nwritten, input, inlen)) + if (!EVP_DecryptUpdate(pctx, output, &nwritten, input, inlen)) { /* Error */ lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); @@ -302,20 +317,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, { int tmplen; - if (!EVP_DecryptFinal_ex(&ctx, output + nwritten, &tmplen)) + if (!EVP_DecryptFinal_ex(pctx, output + nwritten, &tmplen)) { char buffer[1000]; ERR_error_string(ERR_get_error(), buffer); lprintf(LOG_DEBUG, "the ERR error %s", buffer); lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); *bytes_written = 0; - return; /* Error */ + goto evpfin2; } else { /* Success */ *bytes_written = nwritten + tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_cleanup(pctx); } } @@ -324,4 +339,9 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes",input_length); printbuf(output, *bytes_written, "Decrypted this data"); } +evpfin2: +#ifdef SSL11 + EVP_CIPHER_CTX_free(ctx); +#endif + return; } |