[packages/dump.git] / openssl.patch

diff -urN dump-0.4b46.org/common/transformation_ssl.c dump-0.4b46/common/transformation_ssl.c
--- dump-0.4b46.org/common/transformation_ssl.c	2016-06-08 07:01:45.000000000 +0200
+++ dump-0.4b46/common/transformation_ssl.c	2018-09-20 12:09:51.499235266 +0200
@@ -515,7 +515,7 @@
 		//EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
 		//EVP_CIPHER_CTX_cleanup(ctx);
 		//EVP_CIPHER_CTX_free(ctx);
-		RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
+		RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
 	} else {
 		// how do we get keys?
 	}
diff -urN dump-0.4b46.org/rmt/cipher.c dump-0.4b46/rmt/cipher.c
--- dump-0.4b46.org/rmt/cipher.c	2016-06-07 20:09:12.000000000 +0200
+++ dump-0.4b46/rmt/cipher.c	2018-09-20 12:17:23.936324758 +0200
@@ -23,7 +23,7 @@
 char *
 cipher(char *buf, int buflen, int do_encrypt)
 {
-	static EVP_CIPHER_CTX ctx;
+	static EVP_CIPHER_CTX *ctx;
 	static char *out = NULL;	/* return value, grown as necessary */
 	static int outlen = 0;
 	static int init = 0, which, blocksize;
@@ -71,41 +71,52 @@
 		}
 		EVP_BytesToKey(cipher, EVP_md5(), NULL,
 			buf, strlen(buf), 1, key, iv);
-		EVP_CIPHER_CTX_init(&ctx);
-		EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
-		EVP_CIPHER_CTX_set_padding(&ctx, 0);	// -nopad
+		ctx = EVP_CIPHER_CTX_new();
+		if (ctx == NULL) {
+			 syslog(LOG_ERR, "Failed to allocate crypto context");
+			 errno = EINVAL;
+			 return NULL;
+		}
+		EVP_CIPHER_CTX_init(ctx);
+		EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
+		EVP_CIPHER_CTX_set_padding(ctx, 0);	// -nopad
 		OPENSSL_cleanse(buf, sizeof buf);
 		OPENSSL_cleanse(key, sizeof key);
 		OPENSSL_cleanse(iv, sizeof iv);
-		blocksize = EVP_CIPHER_CTX_block_size(&ctx);
+		blocksize = EVP_CIPHER_CTX_block_size(ctx);
 		which = do_encrypt;
 		init = 1;
 	}
 	if (which != do_encrypt) {
 		syslog(LOG_ERR, "Cannot switch modes");
 		errno = EINVAL;
+		EVP_CIPHER_CTX_free(ctx);
 		return NULL;
 	}
 	if ((buflen % blocksize) != 0) {
 		syslog(LOG_ERR, "Buffer size is not a multiple of cipher block size");
 		errno = EINVAL;
+		EVP_CIPHER_CTX_free(ctx);
 		return NULL;
 	}
 	if (outlen < buflen+blocksize) {
 		outlen = (buflen+blocksize) * 2;
 		out = realloc(out, outlen);
 	}
-	if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
+	if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
 		syslog(LOG_ERR, "EVP_CipherUpdate failed");
 		errno = EINVAL;
+		EVP_CIPHER_CTX_free(ctx);
 		return NULL;
 	}
 	if (n != buflen) {
 		syslog(LOG_ERR, "EVP_CipherUpdate: %d != %d", n, buflen);
 		errno = EINVAL;
+		EVP_CIPHER_CTX_free(ctx);
 		return NULL;
 	}
 	// assert(ctx->buf_len == 0);
+	EVP_CIPHER_CTX_free(ctx);
 	return out;
 }
Commit	Line	Data
bc30bcb3 AM	1	diff -urN dump-0.4b46.org/common/transformation_ssl.c dump-0.4b46/common/transformation_ssl.c
	2	--- dump-0.4b46.org/common/transformation_ssl.c 2016-06-08 07:01:45.000000000 +0200
	3	+++ dump-0.4b46/common/transformation_ssl.c 2018-09-20 12:09:51.499235266 +0200
	4	@@ -515,7 +515,7 @@
	5	//EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
	6	//EVP_CIPHER_CTX_cleanup(ctx);
	7	//EVP_CIPHER_CTX_free(ctx);
	8	- RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
	9	+ RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
	10	} else {
	11	// how do we get keys?
	12	}
	13	diff -urN dump-0.4b46.org/rmt/cipher.c dump-0.4b46/rmt/cipher.c
	14	--- dump-0.4b46.org/rmt/cipher.c 2016-06-07 20:09:12.000000000 +0200
	15	+++ dump-0.4b46/rmt/cipher.c 2018-09-20 12:17:23.936324758 +0200
	16	@@ -23,7 +23,7 @@
	17	char *
	18	cipher(char *buf, int buflen, int do_encrypt)
	19	{
	20	- static EVP_CIPHER_CTX ctx;
	21	+ static EVP_CIPHER_CTX *ctx;
	22	static char out = NULL; / return value, grown as necessary */
	23	static int outlen = 0;
	24	static int init = 0, which, blocksize;
	25	@@ -71,41 +71,52 @@
	26	}
	27	EVP_BytesToKey(cipher, EVP_md5(), NULL,
	28	buf, strlen(buf), 1, key, iv);
	29	- EVP_CIPHER_CTX_init(&ctx);
	30	- EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
	31	- EVP_CIPHER_CTX_set_padding(&ctx, 0); // -nopad
	32	+ ctx = EVP_CIPHER_CTX_new();
	33	+ if (ctx == NULL) {
	34	+ syslog(LOG_ERR, "Failed to allocate crypto context");
	35	+ errno = EINVAL;
	36	+ return NULL;
	37	+ }
	38	+ EVP_CIPHER_CTX_init(ctx);
	39	+ EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
	40	+ EVP_CIPHER_CTX_set_padding(ctx, 0); // -nopad
	41	OPENSSL_cleanse(buf, sizeof buf);
	42	OPENSSL_cleanse(key, sizeof key);
	43	OPENSSL_cleanse(iv, sizeof iv);
	44	- blocksize = EVP_CIPHER_CTX_block_size(&ctx);
	45	+ blocksize = EVP_CIPHER_CTX_block_size(ctx);
	46	which = do_encrypt;
	47	init = 1;
	48	}
	49	if (which != do_encrypt) {
	50	syslog(LOG_ERR, "Cannot switch modes");
	51	errno = EINVAL;
	52	+ EVP_CIPHER_CTX_free(ctx);
	53	return NULL;
	54	}
	55	if ((buflen % blocksize) != 0) {
	56	syslog(LOG_ERR, "Buffer size is not a multiple of cipher block size");
	57	errno = EINVAL;
	58	+ EVP_CIPHER_CTX_free(ctx);
	59	return NULL;
	60	}
	61	if (outlen < buflen+blocksize) {
	62	outlen = (buflen+blocksize) * 2;
	63	out = realloc(out, outlen);
	64	}
65	- if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
66	+ if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
67	syslog(LOG_ERR, "EVP_CipherUpdate failed");
68	errno = EINVAL;
69	+ EVP_CIPHER_CTX_free(ctx);
70	return NULL;
71	}
72	if (n != buflen) {
73	syslog(LOG_ERR, "EVP_CipherUpdate: %d != %d", n, buflen);
74	errno = EINVAL;
75	+ EVP_CIPHER_CTX_free(ctx);
76	return NULL;
77	}
78	// assert(ctx->buf_len == 0);
79	+ EVP_CIPHER_CTX_free(ctx);
80	return out;
81	}
82