jepler/ungeli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update to openssl of debian bullseye

Browse source
This commit is contained in:
Jeff Epler 2021-09-20 17:31:46 -05:00
parent da9e5d2bd4
commit fa738a53e1
2 changed files with 14 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -1,7 +1,7 @@
# ungeli # ungeli
I use geli-encrypted devices for offsite backups. I used to use geli-encrypted devices for offsite backups.
However, I worry that in the event of a disaster I'm more likely to However, I worried that in the event of a disaster I'm more likely to
have a Linux machine on hand than a (k)FreeBSD machine, so I'd like have a Linux machine on hand than a (k)FreeBSD machine, so I'd like
to be able to read my backups. to be able to read my backups.
@ -24,7 +24,7 @@ I would be interested in passing this project to a new maintainer.
## Requirements ## Requirements
* Gnu99-compatible C compiler (tested with gcc 4.8) * Gnu99-compatible C compiler (tested with gcc 4.8)
* OpenSSL (recent version required for AES-128-XTS) (tested with 1.0.1e) * OpenSSL (tested with 1.1.1k)
* Optional: Linux (for network block device support) * Optional: Linux (for network block device support)
[pc]: https://www.dlitz.net/software/pycrypto/ [pc]: https://www.dlitz.net/software/pycrypto/

24
ungeli.c
View file

@ -289,13 +289,12 @@ void eli_decrypt_range(int ifd, unsigned char *ob, uint64_t byteoffset, uint64_t
unsigned char ib[count]; unsigned char ib[count];
read_full(ifd, ib, count); read_full(ifd, ib, count);
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit_ex(ctx, EVP_aes_128_xts(), NULL, bkey, biv);
EVP_DecryptInit_ex(&ctx, EVP_aes_128_xts(), NULL, bkey, biv);
int out_len, final_out_len; int out_len, final_out_len;
EVP_DecryptUpdate(&ctx, ob, &out_len, ib, count); EVP_DecryptUpdate(ctx, ob, &out_len, ib, count);
EVP_DecryptFinal_ex(&ctx, ob+out_len, &final_out_len); EVP_DecryptFinal_ex(ctx, ob+out_len, &final_out_len);
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx);
if(out_len + final_out_len != count) fatalf("eli_decrypt_range EVP final_out_len %d != %d+%d", count, out_len, final_out_len); if(out_len + final_out_len != count) fatalf("eli_decrypt_range EVP final_out_len %d != %d+%d", count, out_len, final_out_len);
} }
@ -521,14 +520,13 @@ eli_crypto_decrypt(int ealgo, unsigned char *enckey, size_t keylen,
if(ealgo != CRYPTO_AES_XTS) fatal("unsupported ealgo"); if(ealgo != CRYPTO_AES_XTS) fatal("unsupported ealgo");
if(keylen != 16) fatal("unsupported key length"); if(keylen != 16) fatal("unsupported key length");
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, enckey, 0);
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, enckey, 0); EVP_CIPHER_CTX_set_padding(ctx, 0);
EVP_CIPHER_CTX_set_padding(&ctx, 0);
int out_len, final_out_len; int out_len, final_out_len;
EVP_DecryptUpdate(&ctx, dest, &out_len, src, len); EVP_DecryptUpdate(ctx, dest, &out_len, src, len);
EVP_DecryptFinal_ex(&ctx, dest+out_len, &final_out_len); EVP_DecryptFinal_ex(ctx, dest+out_len, &final_out_len);
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_free(ctx);
if(out_len + final_out_len != len) fatalf("eli_crypto_decrypt EVP final_out_len %d != %d+%d", len, out_len, final_out_len); if(out_len + final_out_len != len) fatalf("eli_crypto_decrypt EVP final_out_len %d != %d+%d", len, out_len, final_out_len);
} }