]>
Commit | Line | Data |
---|---|---|
bc30bcb3 AM |
1 | diff -urN dump-0.4b46.org/common/transformation_ssl.c dump-0.4b46/common/transformation_ssl.c |
2 | --- dump-0.4b46.org/common/transformation_ssl.c 2016-06-08 07:01:45.000000000 +0200 | |
3 | +++ dump-0.4b46/common/transformation_ssl.c 2018-09-20 12:09:51.499235266 +0200 | |
4 | @@ -515,7 +515,7 @@ | |
5 | //EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key); | |
6 | //EVP_CIPHER_CTX_cleanup(ctx); | |
7 | //EVP_CIPHER_CTX_free(ctx); | |
8 | - RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len); | |
9 | + RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher)); | |
10 | } else { | |
11 | // how do we get keys? | |
12 | } | |
13 | diff -urN dump-0.4b46.org/rmt/cipher.c dump-0.4b46/rmt/cipher.c | |
14 | --- dump-0.4b46.org/rmt/cipher.c 2016-06-07 20:09:12.000000000 +0200 | |
15 | +++ dump-0.4b46/rmt/cipher.c 2018-09-20 12:17:23.936324758 +0200 | |
16 | @@ -23,7 +23,7 @@ | |
17 | char * | |
18 | cipher(char *buf, int buflen, int do_encrypt) | |
19 | { | |
20 | - static EVP_CIPHER_CTX ctx; | |
21 | + static EVP_CIPHER_CTX *ctx; | |
22 | static char *out = NULL; /* return value, grown as necessary */ | |
23 | static int outlen = 0; | |
24 | static int init = 0, which, blocksize; | |
25 | @@ -71,41 +71,52 @@ | |
26 | } | |
27 | EVP_BytesToKey(cipher, EVP_md5(), NULL, | |
28 | buf, strlen(buf), 1, key, iv); | |
29 | - EVP_CIPHER_CTX_init(&ctx); | |
30 | - EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt); | |
31 | - EVP_CIPHER_CTX_set_padding(&ctx, 0); // -nopad | |
32 | + ctx = EVP_CIPHER_CTX_new(); | |
33 | + if (ctx == NULL) { | |
34 | + syslog(LOG_ERR, "Failed to allocate crypto context"); | |
35 | + errno = EINVAL; | |
36 | + return NULL; | |
37 | + } | |
38 | + EVP_CIPHER_CTX_init(ctx); | |
39 | + EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt); | |
40 | + EVP_CIPHER_CTX_set_padding(ctx, 0); // -nopad | |
41 | OPENSSL_cleanse(buf, sizeof buf); | |
42 | OPENSSL_cleanse(key, sizeof key); | |
43 | OPENSSL_cleanse(iv, sizeof iv); | |
44 | - blocksize = EVP_CIPHER_CTX_block_size(&ctx); | |
45 | + blocksize = EVP_CIPHER_CTX_block_size(ctx); | |
46 | which = do_encrypt; | |
47 | init = 1; | |
48 | } | |
49 | if (which != do_encrypt) { | |
50 | syslog(LOG_ERR, "Cannot switch modes"); | |
51 | errno = EINVAL; | |
52 | + EVP_CIPHER_CTX_free(ctx); | |
53 | return NULL; | |
54 | } | |
55 | if ((buflen % blocksize) != 0) { | |
56 | syslog(LOG_ERR, "Buffer size is not a multiple of cipher block size"); | |
57 | errno = EINVAL; | |
58 | + EVP_CIPHER_CTX_free(ctx); | |
59 | return NULL; | |
60 | } | |
61 | if (outlen < buflen+blocksize) { | |
62 | outlen = (buflen+blocksize) * 2; | |
63 | out = realloc(out, outlen); | |
64 | } | |
65 | - if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) { | |
66 | + if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) { | |
67 | syslog(LOG_ERR, "EVP_CipherUpdate failed"); | |
68 | errno = EINVAL; | |
69 | + EVP_CIPHER_CTX_free(ctx); | |
70 | return NULL; | |
71 | } | |
72 | if (n != buflen) { | |
73 | syslog(LOG_ERR, "EVP_CipherUpdate: %d != %d", n, buflen); | |
74 | errno = EINVAL; | |
75 | + EVP_CIPHER_CTX_free(ctx); | |
76 | return NULL; | |
77 | } | |
78 | // assert(ctx->buf_len == 0); | |
79 | + EVP_CIPHER_CTX_free(ctx); | |
80 | return out; | |
81 | } | |
82 |