aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2015-09-17 13:29:47 +0200
committerAris Adamantiadis <aris@0xbadc0de.be>2015-09-17 13:29:47 +0200
commit987af0238e58df7a592e26cae81bf6ec0699da54 (patch)
tree4960e3343456125a5a1321757dd2f3f371a5de84
parent747e7d05db4ef4b9c2204c58dfb0125eb5394ba3 (diff)
downloadlibssh-987af0238e58df7a592e26cae81bf6ec0699da54.tar.gz
libssh-987af0238e58df7a592e26cae81bf6ec0699da54.tar.xz
libssh-987af0238e58df7a592e26cae81bf6ec0699da54.zip
libcrypto: refactor EVP_(de|en)crypt
-rw-r--r--src/libcrypto.c117
1 files changed, 61 insertions, 56 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 1aa54b6c..f261fdbd 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -458,35 +458,38 @@ static void EVP_encrypt(struct ssh_cipher_struct *cipher,
EVP_CIPHER_CTX_init(&ctx);
rc = EVP_EncryptInit_ex(&ctx, evpCipher, NULL, (unsigned char*)cipher->key, cipher->IV);
- if (rc == 1) {
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
- rc = EVP_EncryptUpdate(&ctx, (unsigned char *)out, &outlen, (unsigned char *)in, len);
- if(rc == 1) {
- datalen += outlen;
-
- rc = EVP_EncryptFinal_ex(&ctx, (unsigned char *)out + outlen, &outlenfinal);
- if(rc == 1) {
- datalen += outlenfinal;
-
- /* Get size of source buffer from ctx object */
- ctxIvLen = EVP_CIPHER_CTX_iv_length(&ctx);
-
- /*
- * Copy updated IV from ctx to ssh struct
- * There is no access to the post encrypt/decrypt updated iv
- * from openssl via an API so I'm just accessing it directly.
- */
- memcpy(cipher->IV, ctx.iv, ctxIvLen);
- } else {
- printf("EVP_EncryptFinal_ex failed\n");
- }
- } else {
- printf("EVP_EncryptUpdate failed\n");
- }
- } else {
- printf("EVP_EncryptInit_ex failed\n");
+ if (rc != 1){
+ SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptInit_ex failed");
+ goto cleanup;
+ }
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ rc = EVP_EncryptUpdate(&ctx, (unsigned char *)out, &outlen, (unsigned char *)in, len);
+ if (rc != 1){
+ SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptUpdate failed");
+ goto cleanup;
+ }
+ datalen += outlen;
+
+ rc = EVP_EncryptFinal_ex(&ctx, (unsigned char *)out + outlen, &outlenfinal);
+ if (rc != 1){
+ SSH_LOG(SSH_LOG_WARNING, "EVP_EncryptFinal_ex failed");
+ goto cleanup;
}
+ datalen += outlenfinal;
+
+ ctxIvLen = EVP_CIPHER_CTX_iv_length(&ctx);
+
+ /*
+ * Copy updated IV from ctx to ssh struct
+ * There is no access to the post encrypt/decrypt updated iv
+ * from openssl via an API so we access it directly.
+ */
+ if (ctxIvLen > 0){
+ memcpy(cipher->IV, ctx.iv, ctxIvLen);
+ }
+
+cleanup:
/* Cleanup */
EVP_CIPHER_CTX_cleanup(&ctx);
}
@@ -507,36 +510,38 @@ static void EVP_decrypt(struct ssh_cipher_struct *cipher,
EVP_CIPHER_CTX_init(&ctx);
rc = EVP_DecryptInit_ex(&ctx, evpCipher, NULL, (unsigned char*)cipher->key, cipher->IV);
- if (rc == 1) {
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
- rc = EVP_DecryptUpdate(&ctx, (unsigned char *)out, &outlen, (unsigned char *)in, len);
- if (rc == 1) {
- datalen += outlen;
-
- rc = EVP_DecryptFinal_ex(&ctx, (unsigned char *)out + outlen, &outlenfinal);
- if (rc == 1) {
- datalen += outlenfinal;
-
- /* Get size of source buffer from ctx object */
- ctxIvLen = EVP_CIPHER_CTX_iv_length(&ctx);
-
- /*
- * Copy updated IV from ctx to ssh struct
- * There is no access to the post encrypt/decrypt updated iv
- * from openssl via an API so I'm just accessing it directly.
- */
- memcpy(cipher->IV, ctx.iv, ctxIvLen);
- } else {
- printf("EVP_DecryptFinal_ex failed\n");
- }
- } else {
- printf("EVP_DecryptUpdate failed\n");
- }
- } else {
- printf("EVP_DecryptInit_ex failed\n");
+ if (rc != 1){
+ SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptInit_ex failed");
+ goto cleanup;
+ }
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ rc = EVP_DecryptUpdate(&ctx, (unsigned char *)out, &outlen, (unsigned char *)in, len);
+ if (rc != 1){
+ SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptUpdate failed");
+ goto cleanup;
+ }
+ datalen += outlen;
+
+ rc = EVP_DecryptFinal_ex(&ctx, (unsigned char *)out + outlen, &outlenfinal);
+ if (rc != 1){
+ SSH_LOG(SSH_LOG_WARNING, "EVP_DecryptFinal_ex failed");
+ goto cleanup;
+ }
+ datalen += outlenfinal;
+
+ ctxIvLen = EVP_CIPHER_CTX_iv_length(&ctx);
+
+ /*
+ * Copy updated IV from ctx to ssh struct
+ * There is no access to the post encrypt/decrypt updated iv
+ * from openssl via an API so we access it directly.
+ */
+ if (ctxIvLen > 0){
+ memcpy(cipher->IV, ctx.iv, ctxIvLen);
}
+cleanup:
/* Cleanup */
EVP_CIPHER_CTX_cleanup(&ctx);
}