openssl.patch

   1 diff -urN dump-0.4b46.org/common/transformation_ssl.c dump-0.4b46/common/transformation_ssl.c
   2 --- dump-0.4b46.org/common/transformation_ssl.c 2016-06-08 07:01:45.000000000 +0200
   3 +++ dump-0.4b46/common/transformation_ssl.c     2018-09-20 12:09:51.499235266 +0200
   4 @@ -515,7 +515,7 @@
   5                 //EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
   6                 //EVP_CIPHER_CTX_cleanup(ctx);
   7                 //EVP_CIPHER_CTX_free(ctx);
   8 -               RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
   9 +               RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
  10         } else {
  11                 // how do we get keys?
  12         }
  13 diff -urN dump-0.4b46.org/rmt/cipher.c dump-0.4b46/rmt/cipher.c
  14 --- dump-0.4b46.org/rmt/cipher.c        2016-06-07 20:09:12.000000000 +0200
  15 +++ dump-0.4b46/rmt/cipher.c    2018-09-20 12:17:23.936324758 +0200
  16 @@ -23,7 +23,7 @@
  17  char *
  18  cipher(char *buf, int buflen, int do_encrypt)
  19  {
  20 -       static EVP_CIPHER_CTX ctx;
  21 +       static EVP_CIPHER_CTX *ctx;
  22         static char *out = NULL;        /* return value, grown as necessary */
  23         static int outlen = 0;
  24         static int init = 0, which, blocksize;
  25 @@ -71,41 +71,52 @@
  26                 }
  27                 EVP_BytesToKey(cipher, EVP_md5(), NULL,
  28                         buf, strlen(buf), 1, key, iv);
  29 -               EVP_CIPHER_CTX_init(&ctx);
  30 -               EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
  31 -               EVP_CIPHER_CTX_set_padding(&ctx, 0);    // -nopad
  32 +               ctx = EVP_CIPHER_CTX_new();
  33 +               if (ctx == NULL) {
  34 +                        syslog(LOG_ERR, "Failed to allocate crypto context");
  35 +                        errno = EINVAL;
  36 +                        return NULL;
  37 +               }
  38 +               EVP_CIPHER_CTX_init(ctx);
  39 +               EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
  40 +               EVP_CIPHER_CTX_set_padding(ctx, 0);     // -nopad
  41                 OPENSSL_cleanse(buf, sizeof buf);
  42                 OPENSSL_cleanse(key, sizeof key);
  43                 OPENSSL_cleanse(iv, sizeof iv);
  44 -               blocksize = EVP_CIPHER_CTX_block_size(&ctx);
  45 +               blocksize = EVP_CIPHER_CTX_block_size(ctx);
  46                 which = do_encrypt;
  47                 init = 1;
  48         }
  49         if (which != do_encrypt) {
  50                 syslog(LOG_ERR, "Cannot switch modes");
  51                 errno = EINVAL;
  52 +               EVP_CIPHER_CTX_free(ctx);
  53                 return NULL;
  54         }
  55         if ((buflen % blocksize) != 0) {
  56                 syslog(LOG_ERR, "Buffer size is not a multiple of cipher block size");
  57                 errno = EINVAL;
  58 +               EVP_CIPHER_CTX_free(ctx);
  59                 return NULL;
  60         }
  61         if (outlen < buflen+blocksize) {
  62                 outlen = (buflen+blocksize) * 2;
  63                 out = realloc(out, outlen);
  64         }
  65 -       if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
  66 +       if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
  67                 syslog(LOG_ERR, "EVP_CipherUpdate failed");
  68                 errno = EINVAL;
  69 +               EVP_CIPHER_CTX_free(ctx);
  70                 return NULL;
  71         }
  72         if (n != buflen) {
  73                 syslog(LOG_ERR, "EVP_CipherUpdate: %d != %d", n, buflen);
  74                 errno = EINVAL;
  75 +               EVP_CIPHER_CTX_free(ctx);
  76                 return NULL;
  77         }
  78         // assert(ctx->buf_len == 0);
  79 +       EVP_CIPHER_CTX_free(ctx);
  80         return out;
  81  }
  82