summaryrefslogtreecommitdiff
path: root/src/plugins/lanplus/lanplus_crypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/lanplus/lanplus_crypt.c')
-rw-r--r--src/plugins/lanplus/lanplus_crypt.c52
1 files changed, 34 insertions, 18 deletions
diff --git a/src/plugins/lanplus/lanplus_crypt.c b/src/plugins/lanplus/lanplus_crypt.c
index cb963f4..b4d677b 100644
--- a/src/plugins/lanplus/lanplus_crypt.c
+++ b/src/plugins/lanplus/lanplus_crypt.c
@@ -84,12 +84,16 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session,
return 1;
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
bufferLength =
@@ -103,7 +107,7 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session,
strlen((const char *)intf->ssn_params.username); /* optional */
buffer = malloc(bufferLength);
- if (buffer == NULL) {
+ if (!buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -251,12 +255,16 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session,
return 1;
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
}
bufferLength =
@@ -265,7 +273,7 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session,
16; /* GUIDc */
buffer = (uint8_t *)malloc(bufferLength);
- if (buffer == NULL) {
+ if (!buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -417,12 +425,16 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer,
}
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
input_buffer_length =
16 + /* Rc */
@@ -432,7 +444,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer,
strlen((const char *)intf->ssn_params.username);
input_buffer = malloc(input_buffer_length);
- if (input_buffer == NULL) {
+ if (!input_buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -512,7 +524,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer,
* <USERNAME> - Usename (absent for null usernames)
*
* The key used to generated the SIK is Kg if Kg is not null (two-key logins are
- * enabled). Otherwise Kuid (the user authcode) is used as the key to genereate
+ * enabled). Otherwise Kuid (the user authcode) is used as the key to generate
* the SIK.
*
* I am aware that the subscripts look backwards, but that is the way they are
@@ -539,12 +551,16 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf)
return 0;
/* We don't yet support other algorithms */
+#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it
assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
-#ifdef HAVE_CRYPTO_SHA256
|| (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256)
-#endif /* HAVE_CRYPTO_SHA256 */
);
+#else
+ assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1)
+ || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5)
+ );
+#endif /* HAVE_CRYPTO_SHA256 */
input_buffer_length =
16 + /* Rm */
@@ -554,7 +570,7 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf)
strlen((const char *)intf->ssn_params.username);
input_buffer = malloc(input_buffer_length);
- if (input_buffer == NULL) {
+ if (!input_buffer) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -836,7 +852,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg,
pad_length = IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE - mod;
padded_input = (uint8_t*)malloc(input_length + pad_length + 1);
- if (padded_input == NULL) {
+ if (!padded_input) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -853,7 +869,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg,
if (lanplus_rand(output, IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE))
{
lprintf(LOG_ERR, "lanplus_encrypt_payload: Error generating IV");
- if (padded_input != NULL) {
+ if (padded_input) {
free(padded_input);
padded_input = NULL;
}
@@ -897,7 +913,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg,
*
* The authcode is computed using the specified integrity algorithm starting
* with the AuthType / Format field, and ending with the field immediately
- * preceeding the authcode itself.
+ * preceding the authcode itself.
*
* The key key used to generate the authcode MAC is K1.
*
@@ -1003,7 +1019,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key,
assert(crypt_alg == IPMI_CRYPT_AES_CBC_128);
decrypted_payload = (uint8_t*)malloc(input_length);
- if (decrypted_payload == NULL) {
+ if (!decrypted_payload) {
lprintf(LOG_ERR, "ipmitool: malloc failure");
return 1;
}
@@ -1029,7 +1045,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key,
bytes_decrypted);
/*
- * We have to determine the payload size, by substracting the padding, etc.
+ * We have to determine the payload size, by subtracting the padding, etc.
* The last byte of the decrypted payload is the confidentiality pad length.
*/
conf_pad_length = decrypted_payload[bytes_decrypted - 1];