Removal of excess 16 bytes padding
Cipher block padding is applied twice(once manually, and
once through EVP_CipherFinal()) causing excess 16 bytes of
data. Manual padding is removed to fix the issue.
Unit-Test:
1. Verified that files are padded correctly without
excess 16 bytes. Also, verified the password update and
RMCP+ login using ipmitool
ipmitool user set password <userid> <password>
ipmitool -I lanplus -H 127.0.0.1 -U <userid> -P <password>
raw 6 1
2. Also verified renaming of user name and login
after that
Resolves openbmc/openbmc#3463
Change-Id: Icc29c4747388ef377a00cb79be6096938a360f6b
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/src/pam_ipmisave/pam_ipmisave.c b/src/pam_ipmisave/pam_ipmisave.c
index 6617627..f53ea86 100644
--- a/src/pam_ipmisave/pam_ipmisave.c
+++ b/src/pam_ipmisave/pam_ipmisave.c
@@ -41,8 +41,6 @@
#define MAX_KEY_SIZE 8
#define DEFAULT_SPEC_PASS_FILE "/etc/ipmi_pass"
#define META_PASSWD_SIG "=OPENBMC="
-#define block_round(ODD, BLK) \
- ((ODD) + (((BLK) - ((ODD) & ((BLK)-1))) & ((BLK)-1)))
/*
* Meta data struct for storing the encrypted password file
@@ -480,24 +478,13 @@
fclose(opwfile);
}
- if (wroteentry) {
- // user password pair already updated, round it off as per the
- // CIPHER block
- pwptextlen =
- block_round(writtensize, EVP_CIPHER_block_size(cipher));
- // memset the padding bytes
- memset(pwptext + writtensize, 0, pwptextlen - writtensize);
- } else {
- // Write the new user:password pair at the end and round it off
- // as per the CIPHER block.
+ if (!wroteentry) {
+ // Write the new user:password pair at the end.
writtensize += snprintf(pwptext + writtensize,
pwptextlen - writtensize, "%s:%s\n",
forwho, towhat);
- pwptextlen =
- block_round(writtensize, EVP_CIPHER_block_size(cipher));
- // memset the padding bytes
- memset(pwptext + writtensize, 0, pwptextlen - writtensize);
}
+ pwptextlen = writtensize;
// Step 4: Encrypt the data and write to the temporary file
if (RAND_bytes(hash, EVP_MD_block_size(digest)) != 1) {