An issue with how Net-SNMP currently interfaces with OpenSSL, especially on
Windows, is that replacing the OpenSSL binaries may cause Net-SNMP to crash.
That is because in at least one place the EVP_MD_CTX structure is allocated
on the stack and the size of this structure differs between OpenSSL versions.
One possible solution is to let the OpenSSL library allocate the EVP_MD_CTX
data structure instead of Net-SNMP. However, doing that is only possible
with OpenSSL 0.9.7 (released on December 31, 2002). That shouldn't be an
issue though - older distros like e.g. RHEL 4 include OpenSSL version 0.9.7.
diff --git a/snmplib/keytools.c b/snmplib/keytools.c
index 810a063..72f39b9 100644
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -118,7 +118,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
u_char buf[USM_LENGTH_KU_HASHBLOCK], *bufp;
#ifdef NETSNMP_USE_OPENSSL
- EVP_MD_CTX *ctx = (EVP_MD_CTX *)malloc(sizeof(EVP_MD_CTX));
+ EVP_MD_CTX *ctx = EVP_MD_CTX_create();
unsigned int tmp_len;
#elif NETSNMP_USE_INTERNAL_CRYPTO
SHA_CTX csha1;
@@ -158,10 +158,8 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
#endif
if (ISTRANSFORM(hashtype, HMACSHA1Auth))
EVP_DigestInit(ctx, EVP_sha1());
- else {
- free(ctx);
- return (SNMPERR_GENERR);
- }
+ else
+ QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
#elif NETSNMP_USE_INTERNAL_CRYPTO
#ifndef NETSNMP_DISABLE_MD5
if (ISTRANSFORM(hashtype, HMACMD5Auth)) {
@@ -248,7 +246,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
generate_Ku_quit:
memset(buf, 0, sizeof(buf));
#ifdef NETSNMP_USE_OPENSSL
- free(ctx);
+ EVP_MD_CTX_destroy(ctx);
#endif
return rval;
diff --git a/snmplib/scapi.c b/snmplib/scapi.c
index a397344..2b2eeb1 100644
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -454,7 +454,7 @@ sc_hash(const oid * hashtype, size_t hashtypelen,
const u_char * buf,
#ifdef NETSNMP_USE_OPENSSL
const EVP_MD *hashfn;
- EVP_MD_CTX ctx, *cptr;
+ EVP_MD_CTX *cptr;
#endif
#ifdef NETSNMP_USE_INTERNAL_CRYPTO
MD5_CTX cmd5;
@@ -485,42 +485,16 @@ sc_hash(const oid * hashtype, size_t
hashtypelen, const u_char * buf,
}
/** initialize the pointer */
- memset(&ctx, 0, sizeof(ctx));
- cptr = &ctx;
-#if defined(OLD_DES)
+ cptr = EVP_MD_CTX_create();
EVP_DigestInit(cptr, hashfn);
-#else /* !OLD_DES */
- /* this is needed if the runtime library is different than the compiled
- library since the openssl versions are very different. */
- if (SSLeay() < 0x907000) {
- /* the old version of the struct was bigger and thus more
- memory is needed. should be 152, but we use 256 for safety. */
- cptr = (EVP_MD_CTX *)malloc(256);
- EVP_DigestInit(cptr, hashfn);
- } else {
- EVP_MD_CTX_init(cptr);
- EVP_DigestInit(cptr, hashfn);
- }
-#endif
/** pass the data */
EVP_DigestUpdate(cptr, buf, buf_len);
/** do the final pass */
-#if defined(OLD_DES)
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
-#else /* !OLD_DES */
- if (SSLeay() < 0x907000) {
- EVP_DigestFinal(cptr, MAC, &tmp_len);
- *MAC_len = tmp_len;
- free(cptr);
- } else {
- EVP_DigestFinal_ex(cptr, MAC, &tmp_len);
- *MAC_len = tmp_len;
- EVP_MD_CTX_cleanup(cptr);
- }
-#endif /* OLD_DES */
+ EVP_MD_CTX_destroy(cptr);
return (rval);
#elif NETSNMP_USE_INTERNAL_CRYPTO
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
