--- net-snmp-5.9.4/snmplib/scapi.c.orig +++ net-snmp-5.9.4/snmplib/scapi.c @@ -207,6 +207,10 @@ #ifdef NETSNMP_USE_OPENSSL static +void EVP_hmac(const EVP_MD *evp_md, const void *key, + const unsigned char *msg, unsigned char *md, + size_t *md_len); +static int EVP_decrypt(const EVP_CIPHER *type, u_char * key, u_int keylen, u_char * iv, u_char * ciphertext, u_int ctlen, u_char * plaintext); @@ -744,7 +748,7 @@ size_t properlength; u_char buf[SNMP_MAXBUF_SMALL]; #if defined(NETSNMP_USE_OPENSSL) || defined(NETSNMP_USE_PKCS11) - unsigned int buf_len = sizeof(buf); + size_t buf_len = sizeof(buf); #endif #ifdef NETSNMP_USE_OPENSSL const EVP_MD *hashfn; @@ -791,7 +795,12 @@ if (NULL == hashfn) { QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit); } - HMAC(hashfn, key, keylen, message, msglen, buf, &buf_len); +#ifndef NETSNMP_DISABLE_MD5 + if (auth_type == NETSNMP_USMAUTH_HMACMD5) + EVP_hmac(hashfn, key, message, buf, &buf_len); + else +#endif + HMAC(hashfn, key, keylen, message, msglen, buf, &buf_len); if (buf_len != properlength) { QUITFUN(rval, sc_generate_keyed_hash_quit); } @@ -1827,6 +1836,49 @@ #endif /* NETSNMP_USE_INTERNAL_CRYPTO */ #ifdef NETSNMP_USE_OPENSSL static +void EVP_hmac(const EVP_MD *evp_md, const void *key, + const unsigned char *msg, unsigned char *md, + size_t *md_len) +{ + EVP_MD_CTX* mdctx = NULL; + EVP_PKEY *pkey = NULL; + + if(!(mdctx = EVP_MD_CTX_create())) { + snmp_log(LOG_ERR, "EVP_MD_CTX_create failure.\n"); + return; + } + if(!(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + key, EVP_MD_size(evp_md)))) { + snmp_log(LOG_ERR, "EVP_PKEY_new_mac_key failure.\n"); + EVP_MD_CTX_destroy(mdctx); + return; + } +#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + EVP_MD_CTX_set_flags (mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +#endif + if(EVP_DigestSignInit(mdctx, NULL, evp_md, NULL, pkey) != 1) { + snmp_log(LOG_ERR, "EVP_DigestSignInit failure.\n"); + EVP_MD_CTX_destroy(mdctx); + EVP_PKEY_free(pkey); + return; + } + if(EVP_DigestSignUpdate(mdctx, msg, strlen(msg)) != 1) { + snmp_log(LOG_ERR, "EVP_DigestSignUpdate failure.\n"); + EVP_MD_CTX_destroy(mdctx); + EVP_PKEY_free(pkey); + return; + } + if(EVP_DigestSignFinal(mdctx, md, md_len) != 1) { + snmp_log(LOG_ERR, "EVP_DigestSignFinal failure.\n"); + EVP_MD_CTX_destroy(mdctx); + EVP_PKEY_free(pkey); + return; + } + EVP_MD_CTX_destroy(mdctx); + EVP_PKEY_free(pkey); +} + +static int EVP_encrypt(const EVP_CIPHER *type, u_char * key, u_int keylen, u_char * iv, const u_char * plaintext, u_int ptlen, u_char * ciphertext, size_t * ctlen)