diff options
| -rw-r--r-- | sbin/iked/crypto.c | 12 | ||||
| -rw-r--r-- | sbin/iked/ikev2_msg.c | 20 |
2 files changed, 11 insertions, 21 deletions
diff --git a/sbin/iked/crypto.c b/sbin/iked/crypto.c index f66cc77b8dc..83d85934424 100644 --- a/sbin/iked/crypto.c +++ b/sbin/iked/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.2 2010/06/14 16:31:29 reyk Exp $ */ +/* $OpenBSD: crypto.c,v 1.3 2010/09/30 10:34:56 mikeb Exp $ */ /* $vantronix: crypto.c,v 1.18 2010/05/28 15:34:35 reyk Exp $ */ /* @@ -307,7 +307,6 @@ cipher_new(u_int8_t type, u_int16_t id, u_int16_t id_length) } EVP_CIPHER_CTX_init(ctx); - EVP_CIPHER_CTX_set_padding(ctx, 0); encr->encr_ctx = ctx; return (encr); @@ -363,6 +362,7 @@ cipher_init(struct iked_cipher *encr, int enc) { EVP_CipherInit_ex(encr->encr_ctx, encr->encr_priv, NULL, ibuf_data(encr->encr_key), ibuf_data(encr->encr_iv), enc); + EVP_CIPHER_CTX_set_padding(encr->encr_ctx, 0); } void @@ -384,7 +384,11 @@ cipher_update(struct iked_cipher *encr, void *in, size_t inlen, int olen; olen = 0; - EVP_CipherUpdate(encr->encr_ctx, out, &olen, in, inlen); + if (!EVP_CipherUpdate(encr->encr_ctx, out, &olen, in, inlen)) { + ca_sslerror(); + *outlen = 0; + return; + } *outlen = (size_t)olen; } @@ -427,7 +431,7 @@ cipher_ivlength(struct iked_cipher *encr) size_t cipher_outlength(struct iked_cipher *encr, size_t inlen) { - return (inlen + encr->encr_length); + return (inlen + inlen % encr->encr_length); } struct iked_dsa * diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c index a47bb53a798..be4b5231ecd 100644 --- a/sbin/iked/ikev2_msg.c +++ b/sbin/iked/ikev2_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_msg.c,v 1.7 2010/06/27 01:03:22 reyk Exp $ */ +/* $OpenBSD: ikev2_msg.c,v 1.8 2010/09/30 10:34:56 mikeb Exp $ */ /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ /* @@ -333,11 +333,6 @@ ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src) if (outlen && ibuf_add(dst, ibuf_data(out), outlen) != 0) goto done; - outlen = cipher_outlength(sa->sa_encr, 0); - cipher_final(sa->sa_encr, out->buf, &outlen); - if (outlen) - ibuf_add(dst, out->buf, outlen); - if ((ptr = ibuf_advance(dst, integrlen)) == NULL) goto done; bzero(ptr, integrlen); @@ -498,19 +493,10 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa, goto done; outlen = ibuf_length(out); - /* XXX why does it need encrlen + blocklen to work correctly? */ - cipher_update(sa->sa_encr, - ibuf_data(src) + encroff, encrlen + blocklen, + + cipher_update(sa->sa_encr, ibuf_data(src) + encroff, encrlen, ibuf_data(out), &outlen); - cipher_final(sa->sa_encr, ibuf_seek(out, outlen, blocklen), &tmplen); - if (tmplen) - outlen += tmplen; - /* - * XXX - * XXX the padding is wrong - * XXX - */ ptr = ibuf_seek(out, outlen - 1, 1); pad = *ptr; |