1From c9dcb6afef9c343d070aaff208d11a997a45a105 Mon Sep 17 00:00:00 2001 2From: Khem Raj <raj.khem@gmail.com> 3Date: Wed, 5 Sep 2018 22:19:38 -0700 4Subject: [PATCH] Migrate to openssl 1.1 5 6Upstream-Status: Backport [https://sourceforge.net/p/ipmitool/source/ci/1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1/] 7 8Signed-off-by: Khem Raj <raj.khem@gmail.com> 9--- 10 src/plugins/lanplus/lanplus_crypt_impl.c | 50 ++++++++++++++---------- 11 1 file changed, 29 insertions(+), 21 deletions(-) 12 13diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c 14index d5fac37..9652a5e 100644 15--- a/src/plugins/lanplus/lanplus_crypt_impl.c 16+++ b/src/plugins/lanplus/lanplus_crypt_impl.c 17@@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, 18 uint8_t * output, 19 uint32_t * bytes_written) 20 { 21- EVP_CIPHER_CTX ctx; 22- EVP_CIPHER_CTX_init(&ctx); 23- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); 24- EVP_CIPHER_CTX_set_padding(&ctx, 0); 25- 26+ EVP_CIPHER_CTX *ctx = NULL; 27 28 *bytes_written = 0; 29 30@@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, 31 printbuf(input, input_length, "encrypting this data"); 32 } 33 34+ ctx = EVP_CIPHER_CTX_new(); 35+ if (ctx == NULL) { 36+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); 37+ return; 38+ } 39+ EVP_CIPHER_CTX_init(ctx); 40+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); 41+ EVP_CIPHER_CTX_set_padding(ctx, 0); 42 43 /* 44 * The default implementation adds a whole block of padding if the input 45@@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, 46 assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); 47 48 49- if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) 50+ if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) 51 { 52 /* Error */ 53 *bytes_written = 0; 54- return; 55 } 56 else 57 { 58 uint32_t tmplen; 59 60- if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) 61+ if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) 62 { 63+ /* Error */ 64 *bytes_written = 0; 65- return; /* Error */ 66 } 67 else 68 { 69 /* Success */ 70 *bytes_written += tmplen; 71- EVP_CIPHER_CTX_cleanup(&ctx); 72 } 73 } 74+ /* performs cleanup and free */ 75+ EVP_CIPHER_CTX_free(ctx); 76 } 77 78 79@@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, 80 uint8_t * output, 81 uint32_t * bytes_written) 82 { 83- EVP_CIPHER_CTX ctx; 84- EVP_CIPHER_CTX_init(&ctx); 85- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); 86- EVP_CIPHER_CTX_set_padding(&ctx, 0); 87- 88+ EVP_CIPHER_CTX *ctx = NULL; 89 90 if (verbose >= 5) 91 { 92@@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, 93 printbuf(input, input_length, "decrypting this data"); 94 } 95 96- 97 *bytes_written = 0; 98 99 if (input_length == 0) 100 return; 101 102+ ctx = EVP_CIPHER_CTX_new(); 103+ if (ctx == NULL) { 104+ lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); 105+ return; 106+ } 107+ EVP_CIPHER_CTX_init(ctx); 108+ EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); 109+ EVP_CIPHER_CTX_set_padding(ctx, 0); 110+ 111 /* 112 * The default implementation adds a whole block of padding if the input 113 * data is perfectly aligned. We would like to keep that from happening. 114@@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, 115 assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); 116 117 118- if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) 119+ if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) 120 { 121 /* Error */ 122 lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); 123 *bytes_written = 0; 124- return; 125 } 126 else 127 { 128 uint32_t tmplen; 129 130- if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) 131+ if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) 132 { 133+ /* Error */ 134 char buffer[1000]; 135 ERR_error_string(ERR_get_error(), buffer); 136 lprintf(LOG_DEBUG, "the ERR error %s", buffer); 137 lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); 138 *bytes_written = 0; 139- return; /* Error */ 140 } 141 else 142 { 143 /* Success */ 144 *bytes_written += tmplen; 145- EVP_CIPHER_CTX_cleanup(&ctx); 146 } 147 } 148+ /* performs cleanup and free */ 149+ EVP_CIPHER_CTX_free(ctx); 150 151 if (verbose >= 5) 152 { 153