1 diff -urN dump-0.4b46.org/common/transformation_ssl.c dump-0.4b46/common/transformation_ssl.c
2 --- dump-0.4b46.org/common/transformation_ssl.c 2016-06-08 07:01:45.000000000 +0200
3 +++ dump-0.4b46/common/transformation_ssl.c 2018-09-20 12:09:51.499235266 +0200
5 //EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
6 //EVP_CIPHER_CTX_cleanup(ctx);
7 //EVP_CIPHER_CTX_free(ctx);
8 - RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
9 + RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
11 // how do we get keys?
13 diff -urN dump-0.4b46.org/rmt/cipher.c dump-0.4b46/rmt/cipher.c
14 --- dump-0.4b46.org/rmt/cipher.c 2016-06-07 20:09:12.000000000 +0200
15 +++ dump-0.4b46/rmt/cipher.c 2018-09-20 12:17:23.936324758 +0200
18 cipher(char *buf, int buflen, int do_encrypt)
20 - static EVP_CIPHER_CTX ctx;
21 + static EVP_CIPHER_CTX *ctx;
22 static char *out = NULL; /* return value, grown as necessary */
23 static int outlen = 0;
24 static int init = 0, which, blocksize;
27 EVP_BytesToKey(cipher, EVP_md5(), NULL,
28 buf, strlen(buf), 1, key, iv);
29 - EVP_CIPHER_CTX_init(&ctx);
30 - EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
31 - EVP_CIPHER_CTX_set_padding(&ctx, 0); // -nopad
32 + ctx = EVP_CIPHER_CTX_new();
34 + syslog(LOG_ERR, "Failed to allocate crypto context");
38 + EVP_CIPHER_CTX_init(ctx);
39 + EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
40 + EVP_CIPHER_CTX_set_padding(ctx, 0); // -nopad
41 OPENSSL_cleanse(buf, sizeof buf);
42 OPENSSL_cleanse(key, sizeof key);
43 OPENSSL_cleanse(iv, sizeof iv);
44 - blocksize = EVP_CIPHER_CTX_block_size(&ctx);
45 + blocksize = EVP_CIPHER_CTX_block_size(ctx);
49 if (which != do_encrypt) {
50 syslog(LOG_ERR, "Cannot switch modes");
52 + EVP_CIPHER_CTX_free(ctx);
55 if ((buflen % blocksize) != 0) {
56 syslog(LOG_ERR, "Buffer size is not a multiple of cipher block size");
58 + EVP_CIPHER_CTX_free(ctx);
61 if (outlen < buflen+blocksize) {
62 outlen = (buflen+blocksize) * 2;
63 out = realloc(out, outlen);
65 - if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
66 + if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
67 syslog(LOG_ERR, "EVP_CipherUpdate failed");
69 + EVP_CIPHER_CTX_free(ctx);
73 syslog(LOG_ERR, "EVP_CipherUpdate: %d != %d", n, buflen);
75 + EVP_CIPHER_CTX_free(ctx);
78 // assert(ctx->buf_len == 0);
79 + EVP_CIPHER_CTX_free(ctx);