summaryrefslogtreecommitdiff
path: root/lib/lanplus
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2017-01-03 02:33:48 +0100
committerJörg Frings-Fürst <debian@jff-webhosting.net>2017-01-03 02:33:48 +0100
commit96376f0df63c5df8c1380f0dd58b70d33566d48e (patch)
tree5c9eb82320f601e2f7637d36e58dd783d38a5914 /lib/lanplus
parent62a52f983e23e7b63b6bd5db6bd1f08a0259002a (diff)
parentf85b8b834b7ff85c80503faa73f237040330087b (diff)
Merge tag 'upstream/3.0.1'
Upstream version 3.0.1
Diffstat (limited to 'lib/lanplus')
-rw-r--r--lib/lanplus/lanplus_crypt.c27
-rw-r--r--lib/lanplus/lanplus_crypt_impl.c56
2 files changed, 56 insertions, 27 deletions
diff --git a/lib/lanplus/lanplus_crypt.c b/lib/lanplus/lanplus_crypt.c
index 7f3095e..5554898 100644
--- a/lib/lanplus/lanplus_crypt.c
+++ b/lib/lanplus/lanplus_crypt.c
@@ -623,11 +623,14 @@ int lanplus_generate_sik(struct ipmi_session * session)
switch(session->v2_data.auth_alg)
{
case IPMI_AUTH_RAKP_HMAC_SHA1 :
- if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1;
+ break;
case IPMI_AUTH_RAKP_HMAC_MD5 :
- if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1;
+ break;
case IPMI_AUTH_RAKP_HMAC_SHA256:
- if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1;
+ break;
default : unsupported = 1; break;
}
if (unsupported) { /*was assert*/
@@ -685,11 +688,14 @@ int lanplus_generate_k1(struct ipmi_session * session)
switch(session->v2_data.auth_alg)
{
case IPMI_AUTH_RAKP_HMAC_SHA1 :
- if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1;
+ break;
case IPMI_AUTH_RAKP_HMAC_MD5 :
- if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1;
+ break;
case IPMI_AUTH_RAKP_HMAC_SHA256:
- if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1;
+ break;
default : unsupported = 1; break;
}
if (unsupported) { /*was assert*/
@@ -743,11 +749,14 @@ int lanplus_generate_k2(struct ipmi_session * session)
switch(session->v2_data.auth_alg)
{
case IPMI_AUTH_RAKP_HMAC_SHA1 :
- if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1;
+ break;
case IPMI_AUTH_RAKP_HMAC_MD5 :
- if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1;
+ break;
case IPMI_AUTH_RAKP_HMAC_SHA256:
- if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break;
+ if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1;
+ break;
default : unsupported = 1; break;
}
if (unsupported) { /*was assert*/
diff --git a/lib/lanplus/lanplus_crypt_impl.c b/lib/lanplus/lanplus_crypt_impl.c
index d12ad9c..1daf230 100644
--- a/lib/lanplus/lanplus_crypt_impl.c
+++ b/lib/lanplus/lanplus_crypt_impl.c
@@ -196,10 +196,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
{
int nwritten = 0;
int inlen = 0;
+ EVP_CIPHER_CTX *pctx;
+#ifdef SSL11
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ pctx = ctx;
+#else
EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ pctx = &ctx;
+#endif
+ EVP_CIPHER_CTX_init(pctx);
+ EVP_EncryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(pctx, 0);
*bytes_written = 0;
if (input_length == 0) return;
@@ -219,28 +226,29 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
inlen = input_length;
- if(!EVP_EncryptUpdate(&ctx, output, &nwritten, input, inlen))
+ if(!EVP_EncryptUpdate(pctx, output, &nwritten, input, inlen))
{
- /* Error */
- *bytes_written = 0;
- return;
+ *bytes_written = 0; /* Error */
}
else
{
int tmplen;
- if(!EVP_EncryptFinal_ex(&ctx, output + nwritten, &tmplen))
+ if(!EVP_EncryptFinal_ex(pctx, output + nwritten, &tmplen))
{
- *bytes_written = 0;
- return; /* Error */
+ *bytes_written = 0; /* Error */
}
else
{
/* Success */
*bytes_written = nwritten + tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(pctx);
}
}
+#ifdef SSL11
+ EVP_CIPHER_CTX_free(ctx);
+#endif
+ return;
}
@@ -268,10 +276,17 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
{
int nwritten = 0;
int inlen = 0;
+ EVP_CIPHER_CTX *pctx;
+#ifdef SSL11
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ pctx = ctx;
+#else
EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ pctx = &ctx;
+#endif
+ EVP_CIPHER_CTX_init(pctx);
+ EVP_DecryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv);
+ EVP_CIPHER_CTX_set_padding(pctx, 0);
if (verbose >= 5)
{
@@ -291,7 +306,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0);
inlen = input_length;
- if (!EVP_DecryptUpdate(&ctx, output, &nwritten, input, inlen))
+ if (!EVP_DecryptUpdate(pctx, output, &nwritten, input, inlen))
{
/* Error */
lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
@@ -302,20 +317,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
{
int tmplen;
- if (!EVP_DecryptFinal_ex(&ctx, output + nwritten, &tmplen))
+ if (!EVP_DecryptFinal_ex(pctx, output + nwritten, &tmplen))
{
char buffer[1000];
ERR_error_string(ERR_get_error(), buffer);
lprintf(LOG_DEBUG, "the ERR error %s", buffer);
lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
*bytes_written = 0;
- return; /* Error */
+ goto evpfin2;
}
else
{
/* Success */
*bytes_written = nwritten + tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_cleanup(pctx);
}
}
@@ -324,4 +339,9 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes",input_length);
printbuf(output, *bytes_written, "Decrypted this data");
}
+evpfin2:
+#ifdef SSL11
+ EVP_CIPHER_CTX_free(ctx);
+#endif
+ return;
}