New upstream version 3.0.1upstream/3.0.1

2 files changed, 56 insertions, 27 deletions

diff --git a/lib/lanplus/lanplus_crypt.c b/lib/lanplus/lanplus_crypt.c
index 7f3095e..5554898 100644
--- a/lib/lanplus/lanplus_crypt.c
+++ b/lib/lanplus/lanplus_crypt.c
@@ -623,11 +623,14 @@ int lanplus_generate_sik(struct ipmi_session * session)
 	switch(session->v2_data.auth_alg)
 	{
 	case IPMI_AUTH_RAKP_HMAC_SHA1  : 
-		if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break;
+		if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; 
+		break;
 	case IPMI_AUTH_RAKP_HMAC_MD5   : 
-		if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break;
+		if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; 
+		break;
 	case IPMI_AUTH_RAKP_HMAC_SHA256: 
-		if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break;
+		if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; 
+		break;
 	default                        : unsupported = 1; break;
 	}
 	if (unsupported) {  /*was assert*/
@@ -685,11 +688,14 @@ int lanplus_generate_k1(struct ipmi_session * session)
 		switch(session->v2_data.auth_alg)
 		{
 		case IPMI_AUTH_RAKP_HMAC_SHA1  : 
-		if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break;
+			if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; 
+			break;
 		case IPMI_AUTH_RAKP_HMAC_MD5   : 
-		if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break;
+			if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; 
+			break;
 		case IPMI_AUTH_RAKP_HMAC_SHA256: 
-		if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break;
+			if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; 
+			break;
 		default                        : unsupported = 1; break;
 		}
 		if (unsupported) {  /*was assert*/
@@ -743,11 +749,14 @@ int lanplus_generate_k2(struct ipmi_session * session)
 		switch(session->v2_data.auth_alg)
 		{
 		case IPMI_AUTH_RAKP_HMAC_SHA1  : 
-		if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break;
+			if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; 
+			break;
 		case IPMI_AUTH_RAKP_HMAC_MD5   : 
-		if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break;
+			if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; 
+			break;
 		case IPMI_AUTH_RAKP_HMAC_SHA256: 
-		if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break;
+			if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; 
+			break;
 		default                        : unsupported = 1; break;
 		}
 		if (unsupported) {  /*was assert*/
diff --git a/lib/lanplus/lanplus_crypt_impl.c b/lib/lanplus/lanplus_crypt_impl.c
index d12ad9c..1daf230 100644
--- a/lib/lanplus/lanplus_crypt_impl.c
+++ b/lib/lanplus/lanplus_crypt_impl.c
@@ -196,10 +196,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 {
 	int nwritten = 0;
 	int inlen = 0;
+	EVP_CIPHER_CTX *pctx;
+#ifdef SSL11
+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+	pctx = ctx;
+#else
 	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+	pctx = &ctx;
+#endif
+	EVP_CIPHER_CTX_init(pctx);
+	EVP_EncryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv);
+	EVP_CIPHER_CTX_set_padding(pctx, 0);
 
 	*bytes_written = 0;
 	if (input_length == 0) return;
@@ -219,28 +226,29 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
 	inlen = input_length;
 
-	if(!EVP_EncryptUpdate(&ctx, output, &nwritten, input, inlen))
+	if(!EVP_EncryptUpdate(pctx, output, &nwritten, input, inlen))
 	{
-		/* Error */
-		*bytes_written = 0;
-		return;
+		*bytes_written = 0; /* Error */
 	}
 	else
 	{
 		int tmplen;
 
-		if(!EVP_EncryptFinal_ex(&ctx, output + nwritten, &tmplen))
+		if(!EVP_EncryptFinal_ex(pctx, output + nwritten, &tmplen))
 		{
-			*bytes_written = 0;
-			return; /* Error */
+			*bytes_written = 0; /* Error */
 		}
 		else
 		{
 			/* Success */
 			*bytes_written = nwritten + tmplen;
-			EVP_CIPHER_CTX_cleanup(&ctx);
+			EVP_CIPHER_CTX_cleanup(pctx);
 		}
 	}
+#ifdef SSL11
+    EVP_CIPHER_CTX_free(ctx);
+#endif
+    return;
 }
 
 
@@ -268,10 +276,17 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 {
 	int nwritten = 0;
 	int inlen = 0;
+	EVP_CIPHER_CTX *pctx;
+#ifdef SSL11
+	EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+	pctx = ctx;
+#else
 	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+	pctx = &ctx;
+#endif
+	EVP_CIPHER_CTX_init(pctx);
+	EVP_DecryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv);
+	EVP_CIPHER_CTX_set_padding(pctx, 0);
 
 	if (verbose >= 5)
 	{
@@ -291,7 +306,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 	assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
 	inlen = input_length;
 
-	if (!EVP_DecryptUpdate(&ctx, output, &nwritten, input, inlen))
+	if (!EVP_DecryptUpdate(pctx, output, &nwritten, input, inlen))
 	{
 		/* Error */
 		lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
@@ -302,20 +317,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 	{
 		int tmplen;
 
-		if (!EVP_DecryptFinal_ex(&ctx, output + nwritten, &tmplen))
+		if (!EVP_DecryptFinal_ex(pctx, output + nwritten, &tmplen))
 		{
 			char buffer[1000];
 			ERR_error_string(ERR_get_error(), buffer);
 			lprintf(LOG_DEBUG, "the ERR error %s", buffer);
 			lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
 			*bytes_written = 0;
-			return; /* Error */
+			goto evpfin2;
 		}
 		else
 		{
 			/* Success */
 			*bytes_written = nwritten + tmplen;
-			EVP_CIPHER_CTX_cleanup(&ctx);
+			EVP_CIPHER_CTX_cleanup(pctx);
 		}
 	}
 
@@ -324,4 +339,9 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
 		lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes",input_length);
 		printbuf(output, *bytes_written, "Decrypted this data");
 	}
+evpfin2:
+#ifdef SSL11
+    EVP_CIPHER_CTX_free(ctx);
+#endif
+    return;
 }