Link Here
|
1 |
--- src/plugins/lanplus/lanplus_crypt_impl.c.orig 2016-05-28 08:20:20 UTC |
2 |
+++ src/plugins/lanplus/lanplus_crypt_impl.c |
3 |
@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, |
4 |
uint8_t * output, |
5 |
uint32_t * bytes_written) |
6 |
{ |
7 |
- EVP_CIPHER_CTX ctx; |
8 |
- EVP_CIPHER_CTX_init(&ctx); |
9 |
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); |
10 |
- EVP_CIPHER_CTX_set_padding(&ctx, 0); |
11 |
- |
12 |
+ EVP_CIPHER_CTX *ctx = NULL; |
13 |
|
14 |
*bytes_written = 0; |
15 |
|
16 |
@@ -182,6 +178,13 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, |
17 |
printbuf(input, input_length, "encrypting this data"); |
18 |
} |
19 |
|
20 |
+ ctx = EVP_CIPHER_CTX_new(); |
21 |
+ if (ctx == NULL) { |
22 |
+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); |
23 |
+ return; |
24 |
+ } |
25 |
+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); |
26 |
+ EVP_CIPHER_CTX_set_padding(ctx, 0); |
27 |
|
28 |
/* |
29 |
* The default implementation adds a whole block of padding if the input |
30 |
@@ -191,28 +194,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, |
31 |
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); |
32 |
|
33 |
|
34 |
- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) |
35 |
+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) |
36 |
{ |
37 |
/* Error */ |
38 |
*bytes_written = 0; |
39 |
- return; |
40 |
} |
41 |
else |
42 |
{ |
43 |
uint32_t tmplen; |
44 |
|
45 |
- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) |
46 |
+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) |
47 |
{ |
48 |
+ /* Error */ |
49 |
*bytes_written = 0; |
50 |
- return; /* Error */ |
51 |
} |
52 |
else |
53 |
{ |
54 |
/* Success */ |
55 |
*bytes_written += tmplen; |
56 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
57 |
} |
58 |
} |
59 |
+ /* performs cleanup and free */ |
60 |
+ EVP_CIPHER_CTX_free(ctx); |
61 |
} |
62 |
|
63 |
|
64 |
@@ -239,12 +242,8 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, |
65 |
uint8_t * output, |
66 |
uint32_t * bytes_written) |
67 |
{ |
68 |
- EVP_CIPHER_CTX ctx; |
69 |
- EVP_CIPHER_CTX_init(&ctx); |
70 |
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); |
71 |
- EVP_CIPHER_CTX_set_padding(&ctx, 0); |
72 |
+ EVP_CIPHER_CTX *ctx; |
73 |
|
74 |
- |
75 |
if (verbose >= 5) |
76 |
{ |
77 |
printbuf(iv, 16, "decrypting with this IV"); |
78 |
@@ -252,12 +251,19 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, |
79 |
printbuf(input, input_length, "decrypting this data"); |
80 |
} |
81 |
|
82 |
- |
83 |
*bytes_written = 0; |
84 |
|
85 |
if (input_length == 0) |
86 |
return; |
87 |
|
88 |
+ ctx = EVP_CIPHER_CTX_new(); |
89 |
+ if (ctx == NULL) { |
90 |
+ *bytes_written = 0; |
91 |
+ return; |
92 |
+ } |
93 |
+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); |
94 |
+ EVP_CIPHER_CTX_set_padding(ctx, 0); |
95 |
+ |
96 |
/* |
97 |
* The default implementation adds a whole block of padding if the input |
98 |
* data is perfectly aligned. We would like to keep that from happening. |
99 |
@@ -266,31 +272,29 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, |
100 |
assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); |
101 |
|
102 |
|
103 |
- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) |
104 |
+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) |
105 |
{ |
106 |
/* Error */ |
107 |
lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); |
108 |
*bytes_written = 0; |
109 |
- return; |
110 |
} |
111 |
else |
112 |
{ |
113 |
uint32_t tmplen; |
114 |
|
115 |
- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) |
116 |
+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) |
117 |
{ |
118 |
+ /* Error */ |
119 |
char buffer[1000]; |
120 |
ERR_error_string(ERR_get_error(), buffer); |
121 |
lprintf(LOG_DEBUG, "the ERR error %s", buffer); |
122 |
lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); |
123 |
*bytes_written = 0; |
124 |
- return; /* Error */ |
125 |
} |
126 |
else |
127 |
{ |
128 |
/* Success */ |
129 |
*bytes_written += tmplen; |
130 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
131 |
} |
132 |
} |
133 |
|
134 |
@@ -299,4 +303,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, |
135 |
lprintf(LOG_DEBUG, "Decrypted %d encrypted bytes", input_length); |
136 |
printbuf(output, *bytes_written, "Decrypted this data"); |
137 |
} |
138 |
+ /* performs cleanup and free */ |
139 |
+ EVP_CIPHER_CTX_free(ctx); |
140 |
} |