From a9ee361f27e0439530387765924574e5358c8a5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sat, 10 Sep 2022 15:44:41 +0200 Subject: New upstream version 1.8.19 --- src/plugins/lanplus/lanplus_crypt.c | 52 ++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 18 deletions(-) (limited to 'src/plugins/lanplus/lanplus_crypt.c') diff --git a/src/plugins/lanplus/lanplus_crypt.c b/src/plugins/lanplus/lanplus_crypt.c index cb963f4..b4d677b 100644 --- a/src/plugins/lanplus/lanplus_crypt.c +++ b/src/plugins/lanplus/lanplus_crypt.c @@ -84,12 +84,16 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session, return 1; /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ bufferLength = @@ -103,7 +107,7 @@ lanplus_rakp2_hmac_matches(const struct ipmi_session * session, strlen((const char *)intf->ssn_params.username); /* optional */ buffer = malloc(bufferLength); - if (buffer == NULL) { + if (!buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -251,12 +255,16 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session, return 1; /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ } bufferLength = @@ -265,7 +273,7 @@ lanplus_rakp4_hmac_matches(const struct ipmi_session * session, 16; /* GUIDc */ buffer = (uint8_t *)malloc(bufferLength); - if (buffer == NULL) { + if (!buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -417,12 +425,16 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer, } /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ input_buffer_length = 16 + /* Rc */ @@ -432,7 +444,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer, strlen((const char *)intf->ssn_params.username); input_buffer = malloc(input_buffer_length); - if (input_buffer == NULL) { + if (!input_buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -512,7 +524,7 @@ lanplus_generate_rakp3_authcode(uint8_t * output_buffer, * - Usename (absent for null usernames) * * The key used to generated the SIK is Kg if Kg is not null (two-key logins are - * enabled). Otherwise Kuid (the user authcode) is used as the key to genereate + * enabled). Otherwise Kuid (the user authcode) is used as the key to generate * the SIK. * * I am aware that the subscripts look backwards, but that is the way they are @@ -539,12 +551,16 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf) return 0; /* We don't yet support other algorithms */ +#ifdef HAVE_CRYPTO_SHA256 // assert() is a macro, must not put #ifdef inside it assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) -#ifdef HAVE_CRYPTO_SHA256 || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA256) -#endif /* HAVE_CRYPTO_SHA256 */ ); +#else + assert((session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_SHA1) + || (session->v2_data.auth_alg == IPMI_AUTH_RAKP_HMAC_MD5) + ); +#endif /* HAVE_CRYPTO_SHA256 */ input_buffer_length = 16 + /* Rm */ @@ -554,7 +570,7 @@ lanplus_generate_sik(struct ipmi_session * session, struct ipmi_intf * intf) strlen((const char *)intf->ssn_params.username); input_buffer = malloc(input_buffer_length); - if (input_buffer == NULL) { + if (!input_buffer) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -836,7 +852,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg, pad_length = IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE - mod; padded_input = (uint8_t*)malloc(input_length + pad_length + 1); - if (padded_input == NULL) { + if (!padded_input) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -853,7 +869,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg, if (lanplus_rand(output, IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE)) { lprintf(LOG_ERR, "lanplus_encrypt_payload: Error generating IV"); - if (padded_input != NULL) { + if (padded_input) { free(padded_input); padded_input = NULL; } @@ -897,7 +913,7 @@ lanplus_encrypt_payload(uint8_t crypt_alg, * * The authcode is computed using the specified integrity algorithm starting * with the AuthType / Format field, and ending with the field immediately - * preceeding the authcode itself. + * preceding the authcode itself. * * The key key used to generate the authcode MAC is K1. * @@ -1003,7 +1019,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key, assert(crypt_alg == IPMI_CRYPT_AES_CBC_128); decrypted_payload = (uint8_t*)malloc(input_length); - if (decrypted_payload == NULL) { + if (!decrypted_payload) { lprintf(LOG_ERR, "ipmitool: malloc failure"); return 1; } @@ -1029,7 +1045,7 @@ lanplus_decrypt_payload(uint8_t crypt_alg, const uint8_t * key, bytes_decrypted); /* - * We have to determine the payload size, by substracting the padding, etc. + * We have to determine the payload size, by subtracting the padding, etc. * The last byte of the decrypted payload is the confidentiality pad length. */ conf_pad_length = decrypted_payload[bytes_decrypted - 1]; -- cgit v1.2.3