From f85b8b834b7ff85c80503faa73f237040330087b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Tue, 3 Jan 2017 02:33:44 +0100 Subject: New upstream version 3.0.1 --- lib/lanplus/lanplus_crypt.c | 27 ++++++++++++------- lib/lanplus/lanplus_crypt_impl.c | 56 +++++++++++++++++++++++++++------------- 2 files changed, 56 insertions(+), 27 deletions(-) (limited to 'lib/lanplus') diff --git a/lib/lanplus/lanplus_crypt.c b/lib/lanplus/lanplus_crypt.c index 7f3095e..5554898 100644 --- a/lib/lanplus/lanplus_crypt.c +++ b/lib/lanplus/lanplus_crypt.c @@ -623,11 +623,14 @@ int lanplus_generate_sik(struct ipmi_session * session) switch(session->v2_data.auth_alg) { case IPMI_AUTH_RAKP_HMAC_SHA1 : - if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_MD5 : - if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_SHA256: - if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; + break; default : unsupported = 1; break; } if (unsupported) { /*was assert*/ @@ -685,11 +688,14 @@ int lanplus_generate_k1(struct ipmi_session * session) switch(session->v2_data.auth_alg) { case IPMI_AUTH_RAKP_HMAC_SHA1 : - if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_MD5 : - if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_SHA256: - if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; + break; default : unsupported = 1; break; } if (unsupported) { /*was assert*/ @@ -743,11 +749,14 @@ int lanplus_generate_k2(struct ipmi_session * session) switch(session->v2_data.auth_alg) { case IPMI_AUTH_RAKP_HMAC_SHA1 : - if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_MD5 : - if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != MD5_DIGEST_LENGTH) unsupported = 1; + break; case IPMI_AUTH_RAKP_HMAC_SHA256: - if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; break; + if (mac_length != SHA256_DIGEST_LENGTH) unsupported = 1; + break; default : unsupported = 1; break; } if (unsupported) { /*was assert*/ diff --git a/lib/lanplus/lanplus_crypt_impl.c b/lib/lanplus/lanplus_crypt_impl.c index d12ad9c..1daf230 100644 --- a/lib/lanplus/lanplus_crypt_impl.c +++ b/lib/lanplus/lanplus_crypt_impl.c @@ -196,10 +196,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, { int nwritten = 0; int inlen = 0; + EVP_CIPHER_CTX *pctx; +#ifdef SSL11 + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + pctx = ctx; +#else EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); + pctx = &ctx; +#endif + EVP_CIPHER_CTX_init(pctx); + EVP_EncryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(pctx, 0); *bytes_written = 0; if (input_length == 0) return; @@ -219,28 +226,29 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); inlen = input_length; - if(!EVP_EncryptUpdate(&ctx, output, &nwritten, input, inlen)) + if(!EVP_EncryptUpdate(pctx, output, &nwritten, input, inlen)) { - /* Error */ - *bytes_written = 0; - return; + *bytes_written = 0; /* Error */ } else { int tmplen; - if(!EVP_EncryptFinal_ex(&ctx, output + nwritten, &tmplen)) + if(!EVP_EncryptFinal_ex(pctx, output + nwritten, &tmplen)) { - *bytes_written = 0; - return; /* Error */ + *bytes_written = 0; /* Error */ } else { /* Success */ *bytes_written = nwritten + tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_cleanup(pctx); } } +#ifdef SSL11 + EVP_CIPHER_CTX_free(ctx); +#endif + return; } @@ -268,10 +276,17 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, { int nwritten = 0; int inlen = 0; + EVP_CIPHER_CTX *pctx; +#ifdef SSL11 + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + pctx = ctx; +#else EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); + pctx = &ctx; +#endif + EVP_CIPHER_CTX_init(pctx); + EVP_DecryptInit_ex(pctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(pctx, 0); if (verbose >= 5) { @@ -291,7 +306,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); inlen = input_length; - if (!EVP_DecryptUpdate(&ctx, output, &nwritten, input, inlen)) + if (!EVP_DecryptUpdate(pctx, output, &nwritten, input, inlen)) { /* Error */ lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); @@ -302,20 +317,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, { int tmplen; - if (!EVP_DecryptFinal_ex(&ctx, output + nwritten, &tmplen)) + if (!EVP_DecryptFinal_ex(pctx, output + nwritten, &tmplen)) { char buffer[1000]; ERR_error_string(ERR_get_error(), buffer); lprintf(LOG_DEBUG, "the ERR error %s", buffer); lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); *bytes_written = 0; - return; /* Error */ + goto evpfin2; } else { /* Success */ *bytes_written = nwritten + tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_cleanup(pctx); } } @@ -324,4 +339,9 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes",input_length); printbuf(output, *bytes_written, "Decrypted this data"); } +evpfin2: +#ifdef SSL11 + EVP_CIPHER_CTX_free(ctx); +#endif + return; } -- cgit v1.2.3