From: Guy Harris Date: Thu, 31 Aug 2017 07:03:59 +0000 (-0700) Subject: The cipher context must be initialized before we can get the block size. X-Git-Tag: tcpdump-4.99-bp~2007 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/0d2cdb5dad1a983d0e1884497e439efb39c9609d The cipher context must be initialized before we can get the block size. --- diff --git a/print-esp.c b/print-esp.c index 5548bf18..f2b4ab3c 100644 --- a/print-esp.c +++ b/print-esp.c @@ -190,6 +190,9 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) return 0; + if (EVP_CipherInit(ctx, sa->evp, sa->secret, NULL, 0) < 0) + (*ndo->ndo_warning)(ndo, "espkey init failed"); + EVP_CipherInit(ctx, NULL, NULL, iv, 0); /* * Allocate a buffer for the decrypted data. * The output buffer must be separate from the input buffer, and @@ -202,9 +205,6 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); return 0; } - if (EVP_CipherInit(ctx, sa->evp, sa->secret, NULL, 0) < 0) - (*ndo->ndo_warning)(ndo, "espkey init failed"); - EVP_CipherInit(ctx, NULL, NULL, iv, 0); EVP_Cipher(ctx, output_buffer, buf, len); EVP_CIPHER_CTX_free(ctx); @@ -735,6 +735,13 @@ esp_print(netdissect_options *ndo, if (sa->evp) { ctx = EVP_CIPHER_CTX_new(); if (ctx != NULL) { + if (EVP_CipherInit(ctx, sa->evp, secret, NULL, 0) < 0) + (*ndo->ndo_warning)(ndo, "espkey init failed"); + + p = ivoff; + EVP_CipherInit(ctx, NULL, NULL, p, 0); + len = ep - (p + ivlen); + /* * Allocate a buffer for the decrypted data. * The output buffer must be separate from the @@ -749,13 +756,6 @@ esp_print(netdissect_options *ndo, return -1; } - if (EVP_CipherInit(ctx, sa->evp, secret, NULL, 0) < 0) - (*ndo->ndo_warning)(ndo, "espkey init failed"); - - p = ivoff; - EVP_CipherInit(ctx, NULL, NULL, p, 0); - len = ep - (p + ivlen); - EVP_Cipher(ctx, output_buffer, p + ivlen, len); EVP_CIPHER_CTX_free(ctx); /*