From: tb <tb@openbsd.org>
Date: Wed, 5 Jan 2022 11:00:49 +0000 (+0000)
Subject: snmpd: Straightforward conversion to EVP_* on the heap.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ffcf6683aadf0c66b327cfe9c6bf82e34dc9f541;p=openbsd

snmpd: Straightforward conversion to EVP_* on the heap.
It would be nice if someone added error checking for the EVP_Digest*
calls.

tested by & ok martijn
---

diff --git a/usr.sbin/snmpd/usm.c b/usr.sbin/snmpd/usm.c
index 04e8ef7cd5f..40356c88d59 100644
--- a/usr.sbin/snmpd/usm.c
+++ b/usr.sbin/snmpd/usm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: usm.c,v 1.21 2021/08/01 11:30:56 martijn Exp $	*/
+/*	$OpenBSD: usm.c,v 1.22 2022/01/05 11:00:49 tb Exp $	*/
 
 /*
  * Copyright (c) 2012 GeNUA mbH
@@ -650,7 +650,7 @@ usm_crypt(struct snmp_message *msg, u_char *inbuf, int inlen, u_char *outbuf,
 	int do_encrypt)
 {
 	const EVP_CIPHER	*cipher;
-	EVP_CIPHER_CTX		 ctx;
+	EVP_CIPHER_CTX		*ctx;
 	u_char			*privkey;
 	int			 i;
 	u_char			 iv[EVP_MAX_IV_LENGTH];
@@ -683,19 +683,24 @@ usm_crypt(struct snmp_message *msg, u_char *inbuf, int inlen, u_char *outbuf,
 		return -1;
 	}
 
-	if (!EVP_CipherInit(&ctx, cipher, privkey, iv, do_encrypt))
+	if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
 		return -1;
 
+	if (!EVP_CipherInit(ctx, cipher, privkey, iv, do_encrypt)) {
+		EVP_CIPHER_CTX_free(ctx);
+		return -1;
+	}
+
 	if (!do_encrypt)
-		EVP_CIPHER_CTX_set_padding(&ctx, 0);
+		EVP_CIPHER_CTX_set_padding(ctx, 0);
 
-	if (EVP_CipherUpdate(&ctx, outbuf, &len, inbuf, inlen) &&
-	    EVP_CipherFinal_ex(&ctx, outbuf + len, &len2))
+	if (EVP_CipherUpdate(ctx, outbuf, &len, inbuf, inlen) &&
+	    EVP_CipherFinal_ex(ctx, outbuf + len, &len2))
 		rv = len + len2;
 	else
 		rv = -1;
 
-	EVP_CIPHER_CTX_cleanup(&ctx);
+	EVP_CIPHER_CTX_free(ctx);
 	return rv;
 }
 
@@ -705,7 +710,7 @@ usm_crypt(struct snmp_message *msg, u_char *inbuf, int inlen, u_char *outbuf,
 char *
 usm_passwd2key(const EVP_MD *md, char *passwd, int *maxlen)
 {
-	EVP_MD_CTX	 ctx;
+	EVP_MD_CTX	*ctx;
 	int		 i, count;
 	u_char		*pw, *c;
 	u_char		 pwbuf[2 * EVP_MAX_MD_SIZE + SNMPD_MAXENGINEIDLEN];
@@ -713,7 +718,9 @@ usm_passwd2key(const EVP_MD *md, char *passwd, int *maxlen)
 	unsigned	 dlen;
 	char		*key;
 
-	EVP_DigestInit(&ctx, md);
+	if ((ctx = EVP_MD_CTX_new()) == NULL)
+		return NULL;
+	EVP_DigestInit(ctx, md);
 	pw = (u_char *)passwd;
 	for (count = 0; count < 1048576; count += 64) {
 		c = pwbuf;
@@ -722,10 +729,10 @@ usm_passwd2key(const EVP_MD *md, char *passwd, int *maxlen)
 				pw = (u_char *)passwd;
 			*c++ = *pw++;
 		}
-		EVP_DigestUpdate(&ctx, pwbuf, 64);
+		EVP_DigestUpdate(ctx, pwbuf, 64);
 	}
-	EVP_DigestFinal(&ctx, keybuf, &dlen);
-	EVP_MD_CTX_cleanup(&ctx);
+	EVP_DigestFinal(ctx, keybuf, &dlen);
+	EVP_MD_CTX_reset(ctx);
 
 	/* Localize the key */
 #ifdef DEBUG
@@ -736,10 +743,10 @@ usm_passwd2key(const EVP_MD *md, char *passwd, int *maxlen)
 	    snmpd_env->sc_engineid_len);
 	memcpy(pwbuf + dlen + snmpd_env->sc_engineid_len, keybuf, dlen);
 
-	EVP_DigestInit(&ctx, md);
-	EVP_DigestUpdate(&ctx, pwbuf, 2 * dlen + snmpd_env->sc_engineid_len);
-	EVP_DigestFinal(&ctx, keybuf, &dlen);
-	EVP_MD_CTX_cleanup(&ctx);
+	EVP_DigestInit(ctx, md);
+	EVP_DigestUpdate(ctx, pwbuf, 2 * dlen + snmpd_env->sc_engineid_len);
+	EVP_DigestFinal(ctx, keybuf, &dlen);
+	EVP_MD_CTX_free(ctx);
 
 	if (*maxlen > 0 && dlen > (unsigned)*maxlen)
 		dlen = (unsigned)*maxlen;