}
return mlen;
}
-#endif
-
+#endif /*OPENSSL*/
static size_t
make_mac(
/* Check if CMAC key type specific code required */
if (ktype == NID_cmac) {
- CMAC_CTX * ctx = CMAC_CTX_new();
+ CMAC_CTX * ctx = NULL;
+ void const * keyptr = key->buf;
+ u_char keybuf[AES_128_KEY_SIZE];
+
+ /* adjust key size (zero padded buffer) if necessary */
+ if (AES_128_KEY_SIZE > key->len) {
+ memcpy(keybuf, keyptr, key->len);
+ memset((keybuf + key->len), 0,
+ (AES_128_KEY_SIZE - key->len));
+ keyptr = keybuf;
+ }
- if ( ! ctx) {
+ if (NULL == (ctx = CMAC_CTX_new())) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s CTX new failed.", CMAC);
goto cmac_fail;
}
- if (!CMAC_Init(ctx, key->buf, key->len,
- EVP_aes_128_cbc(), NULL)) {
+ if (!CMAC_Init(ctx, keyptr, AES_128_KEY_SIZE, EVP_aes_128_cbc(), NULL)) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s Init failed.", CMAC);
goto cmac_fail;
}
#define CMAC "AES128CMAC"
#ifdef OPENSSL
# include "openssl/cmac.h"
-#endif
+# define AES_128_KEY_SIZE 16
+#endif /* OPENSSL */
struct key *key_ptr;
size_t key_cnt = 0;
#ifdef OPENSSL
/* Check if CMAC key type specific code required */
if (key_type == NID_cmac) {
- CMAC_CTX * ctx;
-
- if (debug) {
- fprintf(stderr, "%s:%d:%s():%s:nid\n",
- __FILE__, __LINE__, __func__, CMAC);
+ CMAC_CTX * ctx = NULL;
+ void const * keyptr = cmp_key->key_seq;
+ u_char keybuf[AES_128_KEY_SIZE];
+
+ /* adjust key size (zero padded buffer) if necessary */
+ if (AES_128_KEY_SIZE > cmp_key->key_len) {
+ memcpy(keybuf, keyptr, cmp_key->key_len);
+ memset((keybuf + cmp_key->key_len), 0,
+ (AES_128_KEY_SIZE - cmp_key->key_len));
+ keyptr = keybuf;
}
-
+
if (!(ctx = CMAC_CTX_new())) {
- fprintf(stderr, "make_mac: CMAC %s CTX new failed.\n", CMAC);
msyslog(LOG_ERR, "make_mac: CMAC %s CTX new failed.", CMAC);
}
- else if (!CMAC_Init(ctx, cmp_key->key_seq,
- (size_t)cmp_key->key_len, EVP_aes_128_cbc(), NULL)) {
- fprintf(stderr, "make_mac: CMAC %s Init failed.\n", CMAC);
+ else if (!CMAC_Init(ctx, keyptr, AES_128_KEY_SIZE,
+ EVP_aes_128_cbc(), NULL)) {
msyslog(LOG_ERR, "make_mac: CMAC %s Init failed.", CMAC);
}
else if (!CMAC_Update(ctx, pkt_data, (size_t)pkt_size)) {
- fprintf(stderr, "make_mac: CMAC %s Update failed.\n", CMAC);
msyslog(LOG_ERR, "make_mac: CMAC %s Update failed.", CMAC);
}
else if (!CMAC_Final(ctx, digest, &slen)) {
- fprintf(stderr, "make_mac: CMAC %s Final failed.\n", CMAC);
msyslog(LOG_ERR, "make_mac: CMAC %s Final failed.", CMAC);
slen = 0;
}
EVP_MD_CTX * ctx;
if (!(ctx = EVP_MD_CTX_new())) {
- fprintf(stderr, "make_mac: MAC %s Digest CTX new failed.\n",
- cmp_key->typen);
msyslog(LOG_ERR, "make_mac: MAC %s Digest CTX new failed.",
cmp_key->typen);
}
#ifdef OPENSSL /* OpenSSL 1 supports return codes 0 fail, 1 okay */
else if (!EVP_DigestInit(ctx, EVP_get_digestbynid(key_type))) {
- fprintf(stderr, "make_mac: MAC %s Digest Init failed.\n",
- cmp_key->typen);
msyslog(LOG_ERR, "make_mac: MAC %s Digest Init failed.",
cmp_key->typen);
}
else if (!EVP_DigestUpdate(ctx, (const u_char *)cmp_key->key_seq,
(u_int)cmp_key->key_len)) {
- fprintf(stderr, "make_mac: MAC %s Digest Update key failed.\n",
- cmp_key->typen);
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update key failed.",
cmp_key->typen);
}
else if (!EVP_DigestUpdate(ctx, pkt_data, (u_int)pkt_size)) {
- fprintf(stderr, "make_mac: MAC %s Digest Update data failed.\n",
- cmp_key->typen);
msyslog(LOG_ERR, "make_mac: MAC %s Digest Update data failed.",
cmp_key->typen);
}
else if (!EVP_DigestFinal(ctx, digest, &len)) {
- fprintf(stderr, "make_mac: MAC %s Digest Final failed.\n",
- cmp_key->typen);
msyslog(LOG_ERR, "make_mac: MAC %s Digest Final failed.",
cmp_key->typen);
len = 0;
projects / thirdparty / ntp.git / commitdiff
