diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-19 04:52:31 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-09-19 04:52:31 +0000 |
commit | 31cd589d20ba8d3d6b3fc4fccacc40d38a163c5d (patch) | |
tree | 99d6c086833d530e5d1d33a8128961f8149843f0 /print-esp.c | |
parent | Adding upstream version 4.99.4. (diff) | |
download | tcpdump-31cd589d20ba8d3d6b3fc4fccacc40d38a163c5d.tar.xz tcpdump-31cd589d20ba8d3d6b3fc4fccacc40d38a163c5d.zip |
Adding upstream version 4.99.5.upstream/4.99.5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | print-esp.c | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/print-esp.c b/print-esp.c index 2cee088..53ee6c8 100644 --- a/print-esp.c +++ b/print-esp.c @@ -23,25 +23,15 @@ /* \summary: IPSEC Encapsulating Security Payload (ESP) printer */ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif #include "netdissect-stdinc.h" #include <string.h> #include <stdlib.h> -/* Any code in this file that depends on HAVE_LIBCRYPTO depends on - * HAVE_OPENSSL_EVP_H too. Undefining the former when the latter isn't defined - * is the simplest way of handling the dependency. - */ #ifdef HAVE_LIBCRYPTO -#ifdef HAVE_OPENSSL_EVP_H #include <openssl/evp.h> -#else -#undef HAVE_LIBCRYPTO -#endif #endif #include "netdissect.h" @@ -424,6 +414,7 @@ espprint_decode_encalgo(netdissect_options *ndo, const EVP_CIPHER *evp; int authlen = 0; char *colon, *p; + const char *real_decode; colon = strchr(decode, ':'); if (colon == NULL) { @@ -444,10 +435,23 @@ espprint_decode_encalgo(netdissect_options *ndo, p = strstr(decode, "-cbc"); *p = '\0'; } - evp = EVP_get_cipherbyname(decode); + /* + * Not all versions of libcrypto support calls to add aliases + * to ciphers - newer versions of libressl don't - so, instead + * of making "3des" an alias for "des_ede3_cbc", if attempting + * to get the cipher fails and the name is "3des", we try + * "des_ede3_cbc". + */ + real_decode = decode; + if (strcmp(real_decode, "3des") == 0) + real_decode = "des-ede3-cbc"; + evp = EVP_get_cipherbyname(real_decode); if (!evp) { - (*ndo->ndo_warning)(ndo, "failed to find cipher algo %s\n", decode); + if (decode != real_decode) + (*ndo->ndo_warning)(ndo, "failed to find cipher algo %s (%s)\n", real_decode, decode); + else + (*ndo->ndo_warning)(ndo, "failed to find cipher algo %s\n", decode); sa->evp = NULL; sa->authlen = 0; sa->ivlen = 0; @@ -683,7 +687,6 @@ static void esp_init(netdissect_options *ndo _U_) #if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L OpenSSL_add_all_algorithms(); #endif - EVP_add_cipher_alias(SN_des_ede3_cbc, "3des"); } DIAG_ON_DEPRECATION |