Line 0
Link Here
|
|
|
1 |
--- src/ipdecap.c.orig 2016-04-21 18:02:27 UTC |
2 |
+++ src/ipdecap.c |
3 |
@@ -356,8 +356,8 @@ int add_flow(char *ip_src, char *ip_dst, char *crypt_n |
4 |
flow->auth_name = strdup(auth_name); |
5 |
flow->key = dec_key; |
6 |
|
7 |
- EVP_CIPHER_CTX ctx; |
8 |
- EVP_CIPHER_CTX_init(&ctx); |
9 |
+ EVP_CIPHER_CTX *ctx; |
10 |
+ EVP_CIPHER_CTX_init(ctx); |
11 |
flow->ctx = ctx; |
12 |
|
13 |
// Adding to linked list |
14 |
@@ -543,7 +543,7 @@ void dump_flows() { |
15 |
printf("dump_flows: src:%s dst:%s crypt:%s auth:%s spi:%lx\n", |
16 |
src, dst, e->crypt_name, e->auth_name, (long unsigned int) e->spi); |
17 |
|
18 |
- dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(&e->ctx), 0); |
19 |
+ dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(e->ctx), 0); |
20 |
printf("\n"); |
21 |
|
22 |
e = e->next; |
23 |
@@ -743,7 +743,7 @@ void process_esp_packet(u_char const *payload, const i |
24 |
char ip_src[INET_ADDRSTRLEN+1]; |
25 |
char ip_dst[INET_ADDRSTRLEN+1]; |
26 |
llflow_t *flow = NULL; |
27 |
- EVP_CIPHER_CTX ctx; |
28 |
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
29 |
const EVP_CIPHER *cipher = NULL; |
30 |
int packet_size, rc, len, remaining; |
31 |
int ivlen; |
32 |
@@ -821,7 +821,7 @@ void process_esp_packet(u_char const *payload, const i |
33 |
if ((cipher = EVP_get_cipherbyname(flow->crypt_method->openssl_cipher)) == NULL) |
34 |
error("Cannot find cipher %s - EVP_get_cipherbyname() err", flow->crypt_method->openssl_cipher); |
35 |
|
36 |
- EVP_CIPHER_CTX_init(&ctx); |
37 |
+ EVP_CIPHER_CTX_init(ctx); |
38 |
|
39 |
// Copy initialization vector |
40 |
ivlen = EVP_CIPHER_iv_length(cipher); |
41 |
@@ -829,7 +829,7 @@ void process_esp_packet(u_char const *payload, const i |
42 |
memcpy(&esp_packet.iv, payload_src, ivlen); |
43 |
payload_src += ivlen; |
44 |
|
45 |
- rc = EVP_DecryptInit_ex(&ctx, cipher,NULL, flow->key, esp_packet.iv); |
46 |
+ rc = EVP_DecryptInit_ex(ctx, cipher,NULL, flow->key, esp_packet.iv); |
47 |
if (rc != 1) { |
48 |
error("Error during the initialization of crypto system. Please report this bug with your .pcap file"); |
49 |
} |
50 |
@@ -847,7 +847,7 @@ void process_esp_packet(u_char const *payload, const i |
51 |
} |
52 |
|
53 |
// Do the decryption work |
54 |
- rc = EVP_DecryptUpdate(&ctx, payload_dst, &len, payload_src, remaining); |
55 |
+ rc = EVP_DecryptUpdate(ctx, payload_dst, &len, payload_src, remaining); |
56 |
packet_size += len; |
57 |
|
58 |
if (rc != 1) { |
59 |
@@ -857,7 +857,7 @@ void process_esp_packet(u_char const *payload, const i |
60 |
return; |
61 |
} |
62 |
|
63 |
- EVP_DecryptFinal_ex(&ctx, payload_dst+len, &len); |
64 |
+ EVP_DecryptFinal_ex(ctx, payload_dst+len, &len); |
65 |
packet_size += len; |
66 |
|
67 |
// http://www.mail-archive.com/openssl-users@openssl.org/msg23434.html |
68 |
@@ -866,7 +866,7 @@ void process_esp_packet(u_char const *payload, const i |
69 |
u_char *pad_len = (new_packet_payload + packet_size -2); |
70 |
|
71 |
// Detect obviously badly decrypted packet |
72 |
- if (*pad_len >= EVP_CIPHER_CTX_block_size(&ctx)) { |
73 |
+ if (*pad_len >= EVP_CIPHER_CTX_block_size(ctx)) { |
74 |
verbose("Warning: invalid pad_len field, wrong encryption key ? copying raw packet...\n"); |
75 |
process_nonip_packet(payload, payload_len, new_packet_hdr, new_packet_payload); |
76 |
return; |
77 |
@@ -880,7 +880,7 @@ void process_esp_packet(u_char const *payload, const i |
78 |
|
79 |
new_packet_hdr->len = packet_size; |
80 |
|
81 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
82 |
+ EVP_CIPHER_CTX_cleanup(ctx); |
83 |
|
84 |
} /* flow->crypt_method->openssl_cipher == NULL */ |
85 |
|