|
 |
919688 |
From e2e9adc3d9b6bb9c433ebb6404ee439b42e91746 Mon Sep 17 00:00:00 2001
|
|
|
919688 |
Message-Id: <e2e9adc3d9b6bb9c433ebb6404ee439b42e91746.1629375427.git.davide.caratti@gmail.com>
|
|
|
919688 |
From: Davide Caratti <davide.caratti@gmail.com>
|
|
|
919688 |
Date: Tue, 17 Aug 2021 10:58:53 +0200
|
|
|
919688 |
Subject: [PATCH] openssl: Disable padding after initializing the cipher suite
|
|
|
919688 |
|
|
|
919688 |
according to OpenSSL documentation [1], EVP_CIPHER_CTX_set_padding()
|
|
|
919688 |
should be called after EVP_EncryptInit_ex(), EVP_DecryptInit_ex(), or
|
|
|
919688 |
EVP_CipherInit_ex(). Not doing this causes EVP_CIPHER_CTX_set_padding()
|
|
|
919688 |
to return false on OpenSSL-3.0.0, resulting in the impossibility to
|
|
|
919688 |
connect in many scenarios. Fix this changing the order of function calls
|
|
|
919688 |
where needed.
|
|
|
919688 |
|
|
|
919688 |
[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_set_padding.html
|
|
|
919688 |
|
|
|
919688 |
Reported-by: Vladimir Benes <vbenes@redhat.com>
|
|
|
919688 |
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
|
|
|
919688 |
---
|
|
|
919688 |
src/crypto/crypto_openssl.c | 6 +++---
|
|
|
919688 |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
919688 |
|
|
|
919688 |
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
|
|
|
919688 |
index 9411cb9cf..4b87702e4 100644
|
|
|
919688 |
--- a/src/crypto/crypto_openssl.c
|
|
|
919688 |
+++ b/src/crypto/crypto_openssl.c
|
|
|
919688 |
@@ -248,8 +248,8 @@ int rc4_skip(const u8 *key, size_t keylen, size_t skip,
|
|
|
919688 |
|
|
|
919688 |
ctx = EVP_CIPHER_CTX_new();
|
|
|
919688 |
if (!ctx ||
|
|
|
919688 |
- !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
|
|
|
919688 |
!EVP_CipherInit_ex(ctx, EVP_rc4(), NULL, NULL, NULL, 1) ||
|
|
|
919688 |
+ !EVP_CIPHER_CTX_set_padding(ctx, 0) ||
|
|
|
919688 |
!EVP_CIPHER_CTX_set_key_length(ctx, keylen) ||
|
|
|
919688 |
!EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, 1))
|
|
|
919688 |
goto out;
|
|
|
919688 |
@@ -709,8 +709,8 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
|
|
919688 |
}
|
|
|
919688 |
|
|
|
919688 |
if (!(ctx->enc = EVP_CIPHER_CTX_new()) ||
|
|
|
919688 |
- !EVP_CIPHER_CTX_set_padding(ctx->enc, 0) ||
|
|
|
919688 |
!EVP_EncryptInit_ex(ctx->enc, cipher, NULL, NULL, NULL) ||
|
|
|
919688 |
+ !EVP_CIPHER_CTX_set_padding(ctx->enc, 0) ||
|
|
|
919688 |
!EVP_CIPHER_CTX_set_key_length(ctx->enc, key_len) ||
|
|
|
919688 |
!EVP_EncryptInit_ex(ctx->enc, NULL, NULL, key, iv)) {
|
|
|
919688 |
if (ctx->enc)
|
|
|
919688 |
@@ -720,8 +720,8 @@ struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg,
|
|
|
919688 |
}
|
|
|
919688 |
|
|
|
919688 |
if (!(ctx->dec = EVP_CIPHER_CTX_new()) ||
|
|
|
919688 |
- !EVP_CIPHER_CTX_set_padding(ctx->dec, 0) ||
|
|
|
919688 |
!EVP_DecryptInit_ex(ctx->dec, cipher, NULL, NULL, NULL) ||
|
|
|
919688 |
+ !EVP_CIPHER_CTX_set_padding(ctx->dec, 0) ||
|
|
|
919688 |
!EVP_CIPHER_CTX_set_key_length(ctx->dec, key_len) ||
|
|
|
919688 |
!EVP_DecryptInit_ex(ctx->dec, NULL, NULL, key, iv)) {
|
|
|
919688 |
EVP_CIPHER_CTX_free(ctx->enc);
|
|
|
919688 |
--
|
|
|
919688 |
2.31.1
|
|
|
919688 |
|