Attachment #197995 for bug #232144

Lines 3-9 Link Here

(-)net/ipdecap/Makefile (-1 / +1 lines)
3	PORTNAME= ipdecap	3	PORTNAME= ipdecap
4	PORTVERSION= 0.7.1	4	PORTVERSION= 0.7.1
5	DISTVERSIONPREFIX= v	5	DISTVERSIONPREFIX= v
6	PORTREVISION= 1	6	PORTREVISION= 2
7	CATEGORIES= net	7	CATEGORIES= net
8		8
9	MAINTAINER= loic-freebsd@loicp.eu	9	MAINTAINER= loic-freebsd@loicp.eu

Line 0 Link Here

(-)net/ipdecap/files/patch-configure.ac (+11 lines)
	1	--- configure.ac.orig 2018-10-10 02:16:26 UTC
	2	+++ configure.ac
	3	@@ -23,7 +23,7 @@ esac
	4	# Checks for libraries.
	5	AC_CHECK_LIB(pcap, pcap_offline_filter, [],
	6	AC_MSG_ERROR(pcap library not found ))
	7	-AC_CHECK_LIB(crypto, EVP_CIPHER_CTX_init, [],
	8	+AC_CHECK_LIB(crypto, EVP_CIPHER_CTX_new, [],
	9	AC_MSG_ERROR(OpenSSL library not found))
	10
	11	# Checks for header files.

Line 0 Link Here

(-)net/ipdecap/files/patch-src_esp.h (+11 lines)
	1	--- src/esp.h.orig 2018-10-10 02:21:27 UTC
	2	+++ src/esp.h
	3	@@ -47,7 +47,7 @@ typedef struct auth_method_t {
	4	typedef struct llflow_t {
	5	address_t addr_src;
	6	address_t addr_dst;
	7	- EVP_CIPHER_CTX ctx;
	8	+ EVP_CIPHER_CTX *ctx;
	9	unsigned char *key;
	10	u_int32_t spi;
	11	char *crypt_name;




--- src/ipdecap.c.orig	2016-04-21 18:02:27 UTC
+++ src/ipdecap.c
@@ -356,8 +356,8 @@ int add_flow(char *ip_src, char *ip_dst, char *crypt_n
   flow->auth_name = strdup(auth_name);
   flow->key = dec_key;
 
-  EVP_CIPHER_CTX ctx;
-  EVP_CIPHER_CTX_init(&ctx);
+  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+  EVP_CIPHER_CTX_init(ctx);
   flow->ctx = ctx;
 
   // Adding to linked list
@@ -543,7 +543,7 @@ void dump_flows() {
     printf("dump_flows: src:%s dst:%s crypt:%s auth:%s spi:%lx\n",
       src, dst, e->crypt_name, e->auth_name, (long unsigned int) e->spi);
 
-      dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(&e->ctx), 0);
+      dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(e->ctx), 0);
       printf("\n");
 
     e = e->next;
@@ -743,7 +743,7 @@ void process_esp_packet(u_char const *payload, const i
   char ip_src[INET_ADDRSTRLEN+1];
   char ip_dst[INET_ADDRSTRLEN+1];
   llflow_t *flow = NULL;
-  EVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
   const EVP_CIPHER *cipher = NULL;
   int packet_size, rc, len, remaining;
   int ivlen;
@@ -821,7 +821,7 @@ void process_esp_packet(u_char const *payload, const i
     if ((cipher = EVP_get_cipherbyname(flow->crypt_method->openssl_cipher)) == NULL)
       error("Cannot find cipher %s - EVP_get_cipherbyname() err", flow->crypt_method->openssl_cipher);
 
-    EVP_CIPHER_CTX_init(&ctx);
+    EVP_CIPHER_CTX_init(ctx);
 
     // Copy initialization vector
     ivlen = EVP_CIPHER_iv_length(cipher);
@@ -829,7 +829,7 @@ void process_esp_packet(u_char const *payload, const i
     memcpy(&esp_packet.iv, payload_src, ivlen);
     payload_src += ivlen;
 
-    rc = EVP_DecryptInit_ex(&ctx, cipher,NULL, flow->key, esp_packet.iv);
+    rc = EVP_DecryptInit_ex(ctx, cipher,NULL, flow->key, esp_packet.iv);
     if (rc != 1) {
       error("Error during the initialization of crypto system. Please report this bug with your .pcap file");
     }
@@ -847,7 +847,7 @@ void process_esp_packet(u_char const *payload, const i
     }
 
     // Do the decryption work
-    rc = EVP_DecryptUpdate(&ctx, payload_dst, &len, payload_src, remaining);
+    rc = EVP_DecryptUpdate(ctx, payload_dst, &len, payload_src, remaining);
     packet_size += len;
 
     if (rc != 1) {
@@ -857,16 +857,16 @@ void process_esp_packet(u_char const *payload, const i
         return;
     }
 
-    EVP_DecryptFinal_ex(&ctx, payload_dst+len, &len);
+    EVP_DecryptFinal_ex(ctx, payload_dst+len, &len);
     packet_size += len;
 
     // http://www.mail-archive.com/openssl-users@openssl.org/msg23434.html
-    packet_size +=EVP_CIPHER_CTX_block_size(&ctx);
+    packet_size +=EVP_CIPHER_CTX_block_size(ctx);
 
     u_char *pad_len = (new_packet_payload + packet_size -2);
 
     // Detect obviously badly decrypted packet
-    if (*pad_len >=  EVP_CIPHER_CTX_block_size(&ctx)) {
+    if (*pad_len >=  EVP_CIPHER_CTX_block_size(ctx)) {
       verbose("Warning: invalid pad_len field, wrong encryption key ? copying raw packet...\n");
       process_nonip_packet(payload, payload_len, new_packet_hdr, new_packet_payload);
       return;
@@ -880,7 +880,7 @@ void process_esp_packet(u_char const *payload, const i
 
     new_packet_hdr->len = packet_size;
 
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    EVP_CIPHER_CTX_cleanup(ctx);
 
     } /*  flow->crypt_method->openssl_cipher == NULL */
 

Return to bug 232144

Line 0 Link Here

(-)net/ipdecap/files/patch-src_ipdecap.c (+87 lines)
		1	--- src/ipdecap.c.orig 2016-04-21 18:02:27 UTC
		2	+++ src/ipdecap.c
		3	@@ -356,8 +356,8 @@ int add_flow(char ip_src, char ip_dst, char *crypt_n
		4	flow->auth_name = strdup(auth_name);
		5	flow->key = dec_key;
		6
		7	- EVP_CIPHER_CTX ctx;
		8	- EVP_CIPHER_CTX_init(&ctx);
		9	+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
		10	+ EVP_CIPHER_CTX_init(ctx);
		11	flow->ctx = ctx;
		12
		13	// Adding to linked list
		14	@@ -543,7 +543,7 @@ void dump_flows() {
		15	printf("dump_flows: src:%s dst:%s crypt:%s auth:%s spi:%lx\n",
		16	src, dst, e->crypt_name, e->auth_name, (long unsigned int) e->spi);
		17
		18	- dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(&e->ctx), 0);
		19	+ dumpmem("key", e->key, EVP_CIPHER_CTX_key_length(e->ctx), 0);
		20	printf("\n");
		21
		22	e = e->next;
		23	@@ -743,7 +743,7 @@ void process_esp_packet(u_char const *payload, const i
		24	char ip_src[INET_ADDRSTRLEN+1];
		25	char ip_dst[INET_ADDRSTRLEN+1];
		26	llflow_t *flow = NULL;
		27	- EVP_CIPHER_CTX ctx;
		28	+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
		29	const EVP_CIPHER *cipher = NULL;
		30	int packet_size, rc, len, remaining;
		31	int ivlen;
		32	@@ -821,7 +821,7 @@ void process_esp_packet(u_char const *payload, const i
		33	if ((cipher = EVP_get_cipherbyname(flow->crypt_method->openssl_cipher)) == NULL)
		34	error("Cannot find cipher %s - EVP_get_cipherbyname() err", flow->crypt_method->openssl_cipher);
		35
		36	- EVP_CIPHER_CTX_init(&ctx);
		37	+ EVP_CIPHER_CTX_init(ctx);
		38
		39	// Copy initialization vector
		40	ivlen = EVP_CIPHER_iv_length(cipher);
		41	@@ -829,7 +829,7 @@ void process_esp_packet(u_char const *payload, const i
		42	memcpy(&esp_packet.iv, payload_src, ivlen);
		43	payload_src += ivlen;
		44
		45	- rc = EVP_DecryptInit_ex(&ctx, cipher,NULL, flow->key, esp_packet.iv);
		46	+ rc = EVP_DecryptInit_ex(ctx, cipher,NULL, flow->key, esp_packet.iv);
		47	if (rc != 1) {
		48	error("Error during the initialization of crypto system. Please report this bug with your .pcap file");
		49	}
		50	@@ -847,7 +847,7 @@ void process_esp_packet(u_char const *payload, const i
		51	}
		52
		53	// Do the decryption work
		54	- rc = EVP_DecryptUpdate(&ctx, payload_dst, &len, payload_src, remaining);
		55	+ rc = EVP_DecryptUpdate(ctx, payload_dst, &len, payload_src, remaining);
		56	packet_size += len;
		57
		58	if (rc != 1) {
		59	@@ -857,16 +857,16 @@ void process_esp_packet(u_char const *payload, const i
		60	return;
		61	}
		62
		63	- EVP_DecryptFinal_ex(&ctx, payload_dst+len, &len);
		64	+ EVP_DecryptFinal_ex(ctx, payload_dst+len, &len);
65	packet_size += len;
66
67	// http://www.mail-archive.com/openssl-users@openssl.org/msg23434.html
68	- packet_size +=EVP_CIPHER_CTX_block_size(&ctx);
69	+ packet_size +=EVP_CIPHER_CTX_block_size(ctx);
70
71	u_char *pad_len = (new_packet_payload + packet_size -2);
72
73	// Detect obviously badly decrypted packet
74	- if (*pad_len >= EVP_CIPHER_CTX_block_size(&ctx)) {
75	+ if (*pad_len >= EVP_CIPHER_CTX_block_size(ctx)) {
76	verbose("Warning: invalid pad_len field, wrong encryption key ? copying raw packet...\n");
77	process_nonip_packet(payload, payload_len, new_packet_hdr, new_packet_payload);
78	return;
79	@@ -880,7 +880,7 @@ void process_esp_packet(u_char const *payload, const i
80
81	new_packet_hdr->len = packet_size;
82
83	- EVP_CIPHER_CTX_cleanup(&ctx);
84	+ EVP_CIPHER_CTX_cleanup(ctx);
85
86	} /* flow->crypt_method->openssl_cipher == NULL */
87