fw_update(8) improve verbose output

[Andrew Hewus Fresh]

After getting fw_update(8) into a state where it could get some testing,
I found that the man page indicated that -v should indicate different
levels of verbosity and I currently only had one.

This was useful as I didn't really like the output anyway.

Now one -v prints out an additional line when it's doing something to
the firmware.  Two add a progress bar and mentions "detecting". Three
provide a bit more debugging mostly from ftp(1).

Also a couple extra small improvements, hiding errors from killing the
ftp subprocess which could happen if it exits before we do, just
using `firmware_devicename "$_d"` instead of `echo "${...}"`, and using
a normal [=] comparison instead of [[=]] because we don't want pattern
matching there.


Comments, OK?


Index: usr.sbin/fw_update/fw_update.sh
===
RCS file: /cvs/src/usr.sbin/fw_update/fw_update.sh,v
retrieving revision 1.24
diff -u -p -r1.24 fw_update.sh
--- usr.sbin/fw_update/fw_update.sh 5 Jan 2022 16:32:46 -   1.24
+++ usr.sbin/fw_update/fw_update.sh 6 Jan 2022 01:28:03 -
@@ -35,7 +35,7 @@ FWURL=http://firmware.openbsd.org/firmwa
 FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub
 
 DRYRUN=false
-VERBOSE=false
+VERBOSE=0
 DELETE=false
 DOWNLOAD=true
 INSTALL=true
@@ -75,14 +75,17 @@ fetch() {
# we have su(1) and doas(1) is unlikely to be configured.
set -o monitor # make sure ftp gets its own process group
(
-   flags=-VM
-   "$VERBOSE" && flags=-vm
+   _flags=-vm
+   case "$VERBOSE" in
+   0|1) _flags=-VM ;;
+ 2) _flags=-Vm ;;
+   esac
if [ -x /usr/bin/su ]; then
exec /usr/bin/su -s /bin/ksh "$_user" -c \
-   "/usr/bin/ftp -N '${0##/}' -D 'Get/Verify' $flags -o- 
'$_src'" > "$_dst"
+   "/usr/bin/ftp -N '${0##/}' -D 'Get/Verify' $_flags -o- 
'$_src'" > "$_dst"
else
exec /usr/bin/doas -u "$_user" \
-   /usr/bin/ftp -N "${0##/}" -D 'Get/Verify' $flags -o- 
"$_src" > "$_dst"
+   /usr/bin/ftp -N "${0##/}" -D 'Get/Verify' $_flags -o- 
"$_src" > "$_dst"
fi
) & FTPPID=$!
set +o monitor
@@ -97,7 +100,7 @@ fetch() {
SECONDS=0
sleep 1
else
-   kill -INT -"$FTPPID"
+   kill -INT -"$FTPPID" 2>/dev/null
_error=" (timed out)"
fi
else
@@ -183,24 +186,28 @@ detect_firmware() {
set -sA _devices -- $(
firmware_in_dmesg
for _d in $( installed_firmware '*' '-firmware-' '*' ); do
-   echo "$( firmware_devicename "$_d" )"
+   firmware_devicename "$_d"
done
)
 
[ "${_devices[*]:-}" ] || return 0
for _d in "${_devices[@]}"; do
-   [[ $_last = $_d ]] && continue
-   echo $_d
+   [ "$_last" = "$_d" ] && continue
+   echo "$_d"
_last="$_d"
done
 }
 
 add_firmware () {
-   local _f="${1##*/}" _pkgname
+   local _f="${1##*/}" _m="${2:-Install}" _pkgname
FWPKGTMP="$( tmpdir "${DESTDIR}/var/db/pkg/.firmware" )"
-   local flags=-VM
-   "$VERBOSE" && flags=-vm
-   ftp -N "${0##/}" -D "Install" "$flags" -o- "file:${1}" |
+   local _flags=-vm
+   case "$VERBOSE" in
+   0|1) _flags=-VM ;;
+   2|3) _flags=-Vm ;;
+   esac
+
+   ftp -N "${0##/}" -D "$_m" "$_flags" -o- "file:${1}" |
tar -s ",^\+,${FWPKGTMP}/+," \
-s ",^firmware,${DESTDIR}/etc/firmware," \
-C / -zxphf - "+*" "firmware/*"
@@ -232,7 +239,7 @@ delete_firmware() {
local _cwd _pkg="$1" _pkgdir="${DESTDIR}/var/db/pkg"
 
# TODO: Check hash for files before deleting
-   "$VERBOSE" && echo "Uninstalling $_pkg"
+   [ "$VERBOSE" -gt 2 ] && echo -n "Uninstall $_pkg ..."
_cwd="${_pkgdir}/$_pkg"
 
if [ ! -e "$_cwd/+CONTENTS" ] ||
@@ -267,6 +274,10 @@ delete_firmware() {
rm -f "$_r"
fi
done
+
+   [ "$VERBOSE" -gt 2 ] && echo " done."
+
+   return 0
 }
 
 usage() {
@@ -284,7 +295,7 @@ do
D) OPT_D=true ;;
n) DRYRUN=true ;;
p) LOCALSRC="$OPTARG" ;;
-   v) VERBOSE=true ;;
+   v) VERBOSE=$(( VERBOSE + 1 )) ;;
:)
   echo "${0##*/}: option requires an argument -- -$OPTARG" >&2
   usage 2
@@ -327,6 +338,9 @@ set -sA devices -- "$@"
 if "$DELETE"; then
[ "$OPT_D" ] && usage 22
 
+   # Show the "Uninstalling" message when just deleting not upgrading
+   [ "$VERBOSE" -gt 1 ] && VEROBOSE=3
+
set -A installed
if [ "${devices[*]:-}" ]; then
"$ALL" && usage 22
@@ -354,7 +368,7 @@

msk(4): handle status ring entries as a single 64bit word

[David Gwynne]

and then shift and mask the interesting bits out.

this works on an overdrive 1000, where i discovered that arm64 appears
to have a single instruction for shift/mask.

maybe too much churn to be worth it?

Index: if_msk.c
===
RCS file: /cvs/src/sys/dev/pci/if_msk.c,v
retrieving revision 1.137
diff -u -p -r1.137 if_msk.c
--- if_msk.c5 Jan 2022 03:53:26 -   1.137
+++ if_msk.c6 Jan 2022 00:38:18 -
@@ -120,6 +120,53 @@
 #include 
 #include 
 
+#define MSK_STATUS_OWN_SHIFT   63
+#define MSK_STATUS_OWN_MASK0x1
+#define MSK_STATUS_OPCODE_SHIFT56
+#define MSK_STATUS_OPCODE_MASK 0x7f
+
+#define MSK_STATUS_OWN(_d) \
+(((_d) >> MSK_STATUS_OWN_SHIFT) & MSK_STATUS_OWN_MASK)
+#define MSK_STATUS_OPCODE(_d) \
+(((_d) >> MSK_STATUS_OPCODE_SHIFT) & MSK_STATUS_OPCODE_MASK)
+
+#define MSK_STATUS_OPCODE_RXSTAT   0x60
+#define MSK_STATUS_OPCODE_RXTIMESTAMP  0x61
+#define MSK_STATUS_OPCODE_RXVLAN   0x62
+#define MSK_STATUS_OPCODE_RXCKSUM  0x64
+#define MSK_STATUS_OPCODE_RXCKSUMVLAN  \
+(MSK_STATUS_OPCODE_RXVLAN | MSK_STATUS_OPCODE_RXCKSUM)
+#define MSK_STATUS_OPCODE_RXTIMEVLAN   \
+(MSK_STATUS_OPCODE_RXVLAN | MSK_STATUS_OPCODE_RXTIMESTAMP)
+#define MSK_STATUS_OPCODE_RSS_HASH 0x65
+#define MSK_STATUS_OPCODE_TXIDX0x68
+#define MSK_STATUS_OPCODE_MACSEC   0x6c
+#define MSK_STATUS_OPCODE_PUTIDX   0x70
+
+#define MSK_STATUS_RXSTAT_PORT_SHIFT   48
+#define MSK_STATUS_RXSTAT_PORT_MASK0x1
+#define MSK_STATUS_RXSTAT_LEN_SHIFT32
+#define MSK_STATUS_RXSTAT_LEN_MASK 0x
+#define MSK_STATUS_RXSTAT_STATUS_SHIFT 0
+#define MSK_STATUS_RXSTAT_STATUS_MASK  0x
+
+#define MSK_STATUS_RXSTAT_PORT(_d) \
+(((_d) >> MSK_STATUS_RXSTAT_PORT_SHIFT) & MSK_STATUS_RXSTAT_PORT_MASK)
+#define MSK_STATUS_RXSTAT_LEN(_d) \
+(((_d) >> MSK_STATUS_RXSTAT_LEN_SHIFT) & MSK_STATUS_RXSTAT_LEN_MASK)
+#define MSK_STATUS_RXSTAT_STATUS(_d) \
+(((_d) >> MSK_STATUS_RXSTAT_STATUS_SHIFT) & MSK_STATUS_RXSTAT_STATUS_MASK)
+
+#define MSK_STATUS_TXIDX_PORTA_SHIFT   0
+#define MSK_STATUS_TXIDX_PORTA_MASK0xfff
+#define MSK_STATUS_TXIDX_PORTB_SHIFT   24
+#define MSK_STATUS_TXIDX_PORTB_MASK0xfff
+
+#define MSK_STATUS_TXIDX_PORTA(_d) \
+(((_d) >> MSK_STATUS_TXIDX_PORTA_SHIFT) & MSK_STATUS_TXIDX_PORTA_MASK)
+#define MSK_STATUS_TXIDX_PORTB(_d) \
+(((_d) >> MSK_STATUS_TXIDX_PORTB_SHIFT) & MSK_STATUS_TXIDX_PORTB_MASK)
+
 int mskc_probe(struct device *, void *, void *);
 void mskc_attach(struct device *, struct device *self, void *aux);
 int mskc_detach(struct device *, int);
@@ -624,6 +671,7 @@ mskc_reset(struct sk_softc *sc)
 {
u_int32_t imtimer_ticks, reg1;
int reg;
+   unsigned int i;
 
DPRINTFN(2, ("mskc_reset\n"));
 
@@ -758,8 +806,8 @@ mskc_reset(struct sk_softc *sc)
}
 
/* Reset status ring. */
-   bzero(sc->sk_status_ring,
-   MSK_STATUS_RING_CNT * sizeof(struct msk_status_desc));
+   for (i = 0; i < MSK_STATUS_RING_CNT; i++)
+   sc->sk_status_ring[i] = htole64(0);
sc->sk_status_idx = 0;
 
sk_win_write_4(sc, SK_STAT_BMU_CSR, SK_STAT_BMU_RESET);
@@ -1138,8 +1186,8 @@ mskc_attach(struct device *parent, struc
sc->sk_pc = pc;
 
if (bus_dmamem_alloc(sc->sc_dmatag,
-   MSK_STATUS_RING_CNT * sizeof(struct msk_status_desc),
-   MSK_STATUS_RING_CNT * sizeof(struct msk_status_desc),
+   MSK_STATUS_RING_CNT * sizeof(uint64_t),
+   MSK_STATUS_RING_CNT * sizeof(uint64_t),
0, &sc->sk_status_seg, 1, &sc->sk_status_nseg,
BUS_DMA_NOWAIT | BUS_DMA_ZERO)) {
printf(": can't alloc status buffers\n");
@@ -1148,27 +1196,27 @@ mskc_attach(struct device *parent, struc
 
if (bus_dmamem_map(sc->sc_dmatag,
&sc->sk_status_seg, sc->sk_status_nseg,
-   MSK_STATUS_RING_CNT * sizeof(struct msk_status_desc),
+   MSK_STATUS_RING_CNT * sizeof(uint64_t),
&kva, BUS_DMA_NOWAIT)) {
-   printf(": can't map dma buffers (%lu bytes)\n",
-   (ulong)(MSK_STATUS_RING_CNT * sizeof(struct 
msk_status_desc)));
+   printf(": can't map dma buffers (%zu bytes)\n",
+   MSK_STATUS_RING_CNT * sizeof(uint64_t));
goto fail_3;
}
if (bus_dmamap_create(sc->sc_dmatag,
-   MSK_STATUS_RING_CNT * sizeof(struct msk_status_desc), 1,
-   MSK_STATUS_RING_CNT * sizeof(struct msk_status_desc), 0,
+   MSK_STATUS_RING_CNT * sizeof(uint64_t), 1,
+   MSK_STATUS_RING_CNT * sizeof(uint64_t), 0,
BUS_DMA_NOWAIT | BUS_DMA_ALLOCNOW | BUS_DMA_64BIT,
&sc->sk_status_map)) {
printf(": can't create dma map\n");
goto fail_4;
}
if (bus_dmamap_load(sc->sc_dmatag, sc->sk_status_map, kva,
-   MSK_STATUS_RING_CNT * sizeof(struct

Re: snmpd(8): New application layer - step towards agentx support

[Joel Carnat]

On Wed, Jan 05, 2022 at 06:17:46PM +0100, Martijn van Duren wrote:
> Problem found: The code was compiled on -stable, which I apparently
> misread. There's changes in libutil in current that this diff needs.
> 
> Pending Joel's results: Anyone else wanting to chime in?
> 

I installed -current on a VM, grabbed -current sources and applied your
patches. Then I ran the patched snmpd using my "standard configuration"
which implies authenticated v3 only.

Targetting the patched snmpd:
- Using "-current snmp walk" from that VM works properly.
- Using "-stable snmpwalk" from my 7.0-stable laptop works properly.
- Using "snmpwalk" from a Synology works properly.
- Using "telegraf inputs.snmp" from Docker works properly.

Regards,
Joel C.

Re: hi?

[Crystal Kolipe]

On Wed, Jan 05, 2022 at 03:51:32PM -0500, fo...@dnmx.org wrote:
> Hello? I am new to mailing lists

You are successfully subscribed to the list and your posts are being received.

hi?

[fossy]

Hello? I am new to mailing lists

Re: snmpd(8): New application layer - step towards agentx support

[Martijn van Duren]

Problem found: The code was compiled on -stable, which I apparently
misread. There's changes in libutil in current that this diff needs.

Pending Joel's results: Anyone else wanting to chime in?

On Mon, 2022-01-03 at 15:09 +0100, Joel Carnat wrote:
> Hello,
> 
> I have just patched my snmpd from -current ; everything else is 
> 7.0-stable. I'm not sure what happens but I use the same snmpd.conf and 
> connects to snmpd from another machine using
> 
> # snmpwalk -v 3 -a SHA -A "changeme" -l authPriv -u telegraf \
> -x AES -X "changeme" server
> 
> But using the patched snmpd, I get the following error:
> mib_2 = No Such Object available on this agent at this OID. Using the 
> 7.0 version, it works perfectly.
> 
> I can send full snmpd logs if you think it's usefull.
> 
> Regards,
> Joel C.
> 
> On 1/3/22 13:57, Martijn van Duren wrote:
> > On Sun, 2021-11-21 at 14:58 +0100, Martijn van Duren wrote:
> > > On Sun, 2021-11-14 at 14:35 +, Stuart Henderson wrote:
> > > > On 2021/11/14 11:49, Martijn van Duren wrote:
> > > > > sthen@ found an issue when using this diff with netsnmp tools.
> > > > > 
> > > > > The problem was that I put the requestID in the msgID, resulting
> > > > > in a mismatch upon receiving the reply. The reason that snmp(1)
> > > > > works is because msgID and requestID are the same.
> > > > > Diff below fixes things.
> > > > 
> > > > This version works for me, and the runtime increase with librenms
> > > > fetches and polls (which use a mixture of get/bulkwalk) is acceptable
> > > > (10% or so).
> > > > 
> > > Anyone else put this through a test? I want to move forward with this.
> > > 
> > > martijn@
> > > 
> > 2 month ping.
> > So far I only have gotten test results from sthen@.
> > Should I just put this in or is someone planning to actually look into
> > the code?
> > 
> > martijn@

Re: npppd: move EVP_* to heap

[Todd C . Miller]

On Wed, 05 Jan 2022 17:37:19 +0100, Theo Buehler wrote:

> Right, thanks. Changed to use EVP_DigestInit_ex, EVP_DigestFinal_ex and
> dropping EVP_MD_CTX_reset() which is no longer needed.
>
> I included the radiusctl diff here since it is really the same diff.

Looks good to me.  OK millert@

 - todd

Re: npppd: move EVP_* to heap

[Theo Buehler]

On Wed, Jan 05, 2022 at 09:00:32AM -0700, Todd C. Miller wrote:
> On Wed, 05 Jan 2022 10:56:02 +0100, Theo Buehler wrote:
> 
> > Another change needed for the upcoming libcrypto bump. Unfortunately,
> > the code is structured in a way that it makes error checking hard since
> > there are several layers of void functions.
> 
> Should this not be using EVP_DigestInit_ex() instead?
> Otherwise there is a useless call to EVP_MD_CTX_init().

Right, thanks. Changed to use EVP_DigestInit_ex, EVP_DigestFinal_ex and
dropping EVP_MD_CTX_reset() which is no longer needed.

I included the radiusctl diff here since it is really the same diff.

Index: usr.sbin/npppd/npppd/chap_ms.c
===
RCS file: /cvs/src/usr.sbin/npppd/npppd/chap_ms.c,v
retrieving revision 1.8
diff -u -p -r1.8 chap_ms.c
--- usr.sbin/npppd/npppd/chap_ms.c  29 Mar 2021 03:54:39 -  1.8
+++ usr.sbin/npppd/npppd/chap_ms.c  5 Jan 2022 16:35:45 -
@@ -134,19 +134,21 @@ mschap_challenge_response(u_int8_t *chal
 void
 mschap_ntpassword_hash(u_int8_t *in, int inlen, u_int8_t *hash)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_intmdlen;
 
-   EVP_DigestInit(&ctx, EVP_md4());
-   EVP_DigestUpdate(&ctx, in, inlen);
-   EVP_DigestFinal(&ctx, hash, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
+   EVP_DigestUpdate(ctx, in, inlen);
+   EVP_DigestFinal_ex(ctx, hash, &mdlen);
+   EVP_MD_CTX_free(ctx);
 }
 
 void
 mschap_challenge_hash(u_int8_t *peer_challenge, u_int8_t *auth_challenge,
 u_int8_t *username, int usernamelen, u_int8_t *challenge)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_int8_t md[SHA_DIGEST_LENGTH];
u_intmdlen;
u_int8_t*name;
@@ -156,11 +158,13 @@ mschap_challenge_hash(u_int8_t *peer_cha
else
name++;
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, peer_challenge, MSCHAPV2_CHALLENGE_SZ);
-   EVP_DigestUpdate(&ctx, auth_challenge, MSCHAPV2_CHALLENGE_SZ);
-   EVP_DigestUpdate(&ctx, name, strlen(name));
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+   EVP_DigestUpdate(ctx, peer_challenge, MSCHAPV2_CHALLENGE_SZ);
+   EVP_DigestUpdate(ctx, auth_challenge, MSCHAPV2_CHALLENGE_SZ);
+   EVP_DigestUpdate(ctx, name, strlen(name));
+   EVP_DigestFinal_ex(ctx, md, &mdlen);
+   EVP_MD_CTX_free(ctx);
 
memcpy(challenge, md, MSCHAP_CHALLENGE_SZ);
 }
@@ -185,7 +189,7 @@ mschap_auth_response(u_int8_t *password,
 u_int8_t *ntresponse, u_int8_t *auth_challenge, u_int8_t *peer_challenge,
 u_int8_t *username, int usernamelen, u_int8_t *auth_response)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_int8_t password_hash[MSCHAP_HASH_SZ];
u_int8_t password_hash2[MSCHAP_HASH_SZ];
u_int8_t challenge[MSCHAP_CHALLENGE_SZ];
@@ -210,20 +214,22 @@ mschap_auth_response(u_int8_t *password,
mschap_ntpassword_hash(password, passwordlen, password_hash);
mschap_ntpassword_hash(password_hash, MSCHAP_HASH_SZ, password_hash2);
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, password_hash2, sizeof(password_hash2));
-   EVP_DigestUpdate(&ctx, ntresponse, 24);
-   EVP_DigestUpdate(&ctx, magic1, 39);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+   EVP_DigestUpdate(ctx, password_hash2, sizeof(password_hash2));
+   EVP_DigestUpdate(ctx, ntresponse, 24);
+   EVP_DigestUpdate(ctx, magic1, 39);
+   EVP_DigestFinal_ex(ctx, md, &mdlen);
 
mschap_challenge_hash(peer_challenge, auth_challenge,
username, usernamelen, challenge);
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, md, sizeof(md));
-   EVP_DigestUpdate(&ctx, challenge, sizeof(challenge));
-   EVP_DigestUpdate(&ctx, magic2, 41);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
+   EVP_DigestUpdate(ctx, md, sizeof(md));
+   EVP_DigestUpdate(ctx, challenge, sizeof(challenge));
+   EVP_DigestUpdate(ctx, magic2, 41);
+   EVP_DigestFinal_ex(ctx, md, &mdlen);
+   EVP_MD_CTX_free(ctx);
 
/*
 * Encode the value of 'Digest' as "S=" followed by
@@ -247,18 +253,20 @@ mschap_masterkey(u_int8_t *password_hash
 {
u_int8_t md[SHA_DIGEST_LENGTH];
u_intmdlen;
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
static u_int8_t  magic1[27] = {
0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65

Re: fpos_t in funopen(3)

[Todd C . Miller]

On Wed, 29 Dec 2021 15:28:57 -0600, Joe Nelson wrote:

> Here's a patch.

That looks correct to me.  Since fpos_t just an alias for off_t on
OpenBSD I don't think we need any shared library version bumps.

 - todd

Re: npppd: move EVP_* to heap

[Todd C . Miller]

On Wed, 05 Jan 2022 10:56:02 +0100, Theo Buehler wrote:

> Another change needed for the upcoming libcrypto bump. Unfortunately,
> the code is structured in a way that it makes error checking hard since
> there are several layers of void functions.

Should this not be using EVP_DigestInit_ex() instead?
Otherwise there is a useless call to EVP_MD_CTX_init().

 - todd

Re: rpki-client parser refactor

[Theo Buehler]

On Wed, Jan 05, 2022 at 11:45:55AM +0100, Claudio Jeker wrote:
> This changes the last proc_parser function over to not pass the entity to
> the function. In this case apart from file we also need to pass the public
> key of the TA and the tal identifier.
> 
> Change is mechanical and makes all callers work the same way.

ok tb

> -- 
> :wq Claudio
> 
> Index: parser.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
> retrieving revision 1.32
> diff -u -p -r1.32 parser.c
> --- parser.c  4 Jan 2022 18:41:32 -   1.32
> +++ parser.c  5 Jan 2022 09:49:07 -
> @@ -246,8 +246,7 @@ proc_parser_mft(char *file, const unsign
>   * parse failure.
>   */
>  static struct cert *
> -proc_parser_cert(char *file, const unsigned char *der,
> -size_t len)
> +proc_parser_cert(char *file, const unsigned char *der, size_t len)
>  {
>   struct cert *cert;
>   X509*x509;
> @@ -325,8 +324,8 @@ proc_parser_cert(char *file, const unsig
>   * parse failure.
>   */
>  static struct cert *
> -proc_parser_root_cert(const struct entity *entp, const unsigned char *der,
> -size_t len)
> +proc_parser_root_cert(char *file, const unsigned char *der, size_t len,
> +unsigned char *pkey, size_t pkeysz, int talid)
>  {
>   charsubject[256];
>   ASN1_TIME   *notBefore, *notAfter;
> @@ -334,52 +333,49 @@ proc_parser_root_cert(const struct entit
>   struct cert *cert;
>   X509*x509;
>  
> - assert(entp->data != NULL);
> -
>   /* Extract certificate data and X509. */
>  
> - cert = ta_parse(&x509, entp->file, der, len, entp->data, entp->datasz);
> + cert = ta_parse(&x509, file, der, len, pkey, pkeysz);
>   if (cert == NULL)
>   return NULL;
>  
>   if ((name = X509_get_subject_name(x509)) == NULL) {
> - warnx("%s Unable to get certificate subject", entp->file);
> + warnx("%s Unable to get certificate subject", file);
>   goto badcert;
>   }
>   if (X509_NAME_oneline(name, subject, sizeof(subject)) == NULL) {
> - warnx("%s: Unable to parse certificate subject name",
> - entp->file);
> + warnx("%s: Unable to parse certificate subject name", file);
>   goto badcert;
>   }
>   if ((notBefore = X509_get_notBefore(x509)) == NULL) {
>   warnx("%s: certificate has invalid notBefore, subject='%s'",
> - entp->file, subject);
> + file, subject);
>   goto badcert;
>   }
>   if ((notAfter = X509_get_notAfter(x509)) == NULL) {
>   warnx("%s: certificate has invalid notAfter, subject='%s'",
> - entp->file, subject);
> + file, subject);
>   goto badcert;
>   }
>   if (X509_cmp_current_time(notBefore) != -1) {
> - warnx("%s: certificate not yet valid, subject='%s'", entp->file,
> + warnx("%s: certificate not yet valid, subject='%s'", file,
>   subject);
>   goto badcert;
>   }
>   if (X509_cmp_current_time(notAfter) != 1)  {
> - warnx("%s: certificate has expired, subject='%s'", entp->file,
> + warnx("%s: certificate has expired, subject='%s'", file,
>   subject);
>   goto badcert;
>   }
> - if (!valid_ta(entp->file, &auths, cert)) {
> + if (!valid_ta(file, &auths, cert)) {
>   warnx("%s: certificate not a valid ta, subject='%s'",
> - entp->file, subject);
> + file, subject);
>   goto badcert;
>   }
>  
>   X509_free(x509);
>  
> - cert->talid = entp->talid;
> + cert->talid = talid;
>  
>   /*
>* Add valid roots to the RPKI auth tree.
> @@ -589,7 +585,9 @@ parse_entity(struct entityq *q, struct m
>   break;
>   case RTYPE_CER:
>   if (entp->data != NULL)
> - cert = proc_parser_root_cert(entp, f, flen);
> + cert = proc_parser_root_cert(entp->file,
> + f, flen, entp->data, entp->datasz,
> + entp->talid);
>   else
>   cert = proc_parser_cert(entp->file, f, flen);
>   c = (cert != NULL);
> 

rpki-client parser refactor

[Claudio Jeker]

This changes the last proc_parser function over to not pass the entity to
the function. In this case apart from file we also need to pass the public
key of the TA and the tal identifier.

Change is mechanical and makes all callers work the same way.
-- 
:wq Claudio

Index: parser.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.32
diff -u -p -r1.32 parser.c
--- parser.c4 Jan 2022 18:41:32 -   1.32
+++ parser.c5 Jan 2022 09:49:07 -
@@ -246,8 +246,7 @@ proc_parser_mft(char *file, const unsign
  * parse failure.
  */
 static struct cert *
-proc_parser_cert(char *file, const unsigned char *der,
-size_t len)
+proc_parser_cert(char *file, const unsigned char *der, size_t len)
 {
struct cert *cert;
X509*x509;
@@ -325,8 +324,8 @@ proc_parser_cert(char *file, const unsig
  * parse failure.
  */
 static struct cert *
-proc_parser_root_cert(const struct entity *entp, const unsigned char *der,
-size_t len)
+proc_parser_root_cert(char *file, const unsigned char *der, size_t len,
+unsigned char *pkey, size_t pkeysz, int talid)
 {
charsubject[256];
ASN1_TIME   *notBefore, *notAfter;
@@ -334,52 +333,49 @@ proc_parser_root_cert(const struct entit
struct cert *cert;
X509*x509;
 
-   assert(entp->data != NULL);
-
/* Extract certificate data and X509. */
 
-   cert = ta_parse(&x509, entp->file, der, len, entp->data, entp->datasz);
+   cert = ta_parse(&x509, file, der, len, pkey, pkeysz);
if (cert == NULL)
return NULL;
 
if ((name = X509_get_subject_name(x509)) == NULL) {
-   warnx("%s Unable to get certificate subject", entp->file);
+   warnx("%s Unable to get certificate subject", file);
goto badcert;
}
if (X509_NAME_oneline(name, subject, sizeof(subject)) == NULL) {
-   warnx("%s: Unable to parse certificate subject name",
-   entp->file);
+   warnx("%s: Unable to parse certificate subject name", file);
goto badcert;
}
if ((notBefore = X509_get_notBefore(x509)) == NULL) {
warnx("%s: certificate has invalid notBefore, subject='%s'",
-   entp->file, subject);
+   file, subject);
goto badcert;
}
if ((notAfter = X509_get_notAfter(x509)) == NULL) {
warnx("%s: certificate has invalid notAfter, subject='%s'",
-   entp->file, subject);
+   file, subject);
goto badcert;
}
if (X509_cmp_current_time(notBefore) != -1) {
-   warnx("%s: certificate not yet valid, subject='%s'", entp->file,
+   warnx("%s: certificate not yet valid, subject='%s'", file,
subject);
goto badcert;
}
if (X509_cmp_current_time(notAfter) != 1)  {
-   warnx("%s: certificate has expired, subject='%s'", entp->file,
+   warnx("%s: certificate has expired, subject='%s'", file,
subject);
goto badcert;
}
-   if (!valid_ta(entp->file, &auths, cert)) {
+   if (!valid_ta(file, &auths, cert)) {
warnx("%s: certificate not a valid ta, subject='%s'",
-   entp->file, subject);
+   file, subject);
goto badcert;
}
 
X509_free(x509);
 
-   cert->talid = entp->talid;
+   cert->talid = talid;
 
/*
 * Add valid roots to the RPKI auth tree.
@@ -589,7 +585,9 @@ parse_entity(struct entityq *q, struct m
break;
case RTYPE_CER:
if (entp->data != NULL)
-   cert = proc_parser_root_cert(entp, f, flen);
+   cert = proc_parser_root_cert(entp->file,
+   f, flen, entp->data, entp->datasz,
+   entp->talid);
else
cert = proc_parser_cert(entp->file, f, flen);
c = (cert != NULL);

Re: snmp(d): move EVP_* to heap

[Theo Buehler]

On Wed, Jan 05, 2022 at 10:43:33AM +0100, Theo Buehler wrote:
> This is needed for the upcoming libcrypto bump. While it would be better
> to do error checking for EVP_Digest* (for example EVP_DigestInit*
> usually allocates internally), I kept the change as mechanical as
> possible and left that one for someone else to fix.

Here's a better diff. As found by martijn, one EVP_MD_CTX_free() should
have been a EVP_MD_CTX_reset().

Index: usr.bin/snmp/usm.c
===
RCS file: /cvs/src/usr.bin/snmp/usm.c,v
retrieving revision 1.5
diff -u -p -r1.5 usm.c
--- usr.bin/snmp/usm.c  24 Oct 2019 12:39:26 -  1.5
+++ usr.bin/snmp/usm.c  5 Jan 2022 09:37:40 -
@@ -252,7 +252,7 @@ static char *
 usm_crypt(const EVP_CIPHER *cipher, int do_enc, char *key,
 struct usm_cookie *cookie, char *serialpdu, size_t pdulen, size_t *outlen)
 {
-   EVP_CIPHER_CTX ctx;
+   EVP_CIPHER_CTX *ctx;
size_t i;
char iv[EVP_MAX_IV_LENGTH];
char *salt = (char *)&(cookie->salt);
@@ -279,28 +279,34 @@ usm_crypt(const EVP_CIPHER *cipher, int 
return NULL;
}
 
-   bzero(&ctx, sizeof(ctx));
-   if (!EVP_CipherInit(&ctx, cipher, key, iv, do_enc))
+   if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
return NULL;
 
-   EVP_CIPHER_CTX_set_padding(&ctx, do_enc);
+   if (!EVP_CipherInit(ctx, cipher, key, iv, do_enc)) {
+   EVP_CIPHER_CTX_free(ctx);
+   return NULL;
+   }
+
+   EVP_CIPHER_CTX_set_padding(ctx, do_enc);
 
bs = EVP_CIPHER_block_size(cipher);
/* Maximum output size */
*outlen = pdulen + (bs - (pdulen % bs));
 
-   if ((outtext = malloc(*outlen)) == NULL)
+   if ((outtext = malloc(*outlen)) == NULL) {
+   EVP_CIPHER_CTX_free(ctx);
return NULL;
+   }
 
-   if (EVP_CipherUpdate(&ctx, outtext, &len, serialpdu, pdulen) &&
-   EVP_CipherFinal_ex(&ctx, outtext + len, &len2))
+   if (EVP_CipherUpdate(ctx, outtext, &len, serialpdu, pdulen) &&
+   EVP_CipherFinal_ex(ctx, outtext + len, &len2))
*outlen = len + len2;
else {
free(outtext);
outtext = NULL;
}
 
-   EVP_CIPHER_CTX_cleanup(&ctx);
+   EVP_CIPHER_CTX_free(ctx);
 
return outtext;
 }
@@ -616,7 +622,7 @@ usm_setbootstime(struct snmp_sec *sec, u
 static char *
 usm_passwd2mkey(const EVP_MD *md, const char *passwd)
 {
-   EVP_MD_CTX ctx;
+   EVP_MD_CTX *ctx;
int i, count;
const u_char *pw;
u_char *c;
@@ -624,8 +630,9 @@ usm_passwd2mkey(const EVP_MD *md, const 
unsigned dlen;
char *key;
 
-   bzero(&ctx, sizeof(ctx));
-   EVP_DigestInit_ex(&ctx, md, NULL);
+   if ((ctx = EVP_MD_CTX_new()) == NULL)
+   return NULL;
+   EVP_DigestInit_ex(ctx, md, NULL);
pw = (const u_char *)passwd;
for (count = 0; count < 1048576; count += 64) {
c = keybuf;
@@ -634,10 +641,10 @@ usm_passwd2mkey(const EVP_MD *md, const 
pw = (const u_char *)passwd;
*c++ = *pw++;
}
-   EVP_DigestUpdate(&ctx, keybuf, 64);
+   EVP_DigestUpdate(ctx, keybuf, 64);
}
-   EVP_DigestFinal_ex(&ctx, keybuf, &dlen);
-   EVP_MD_CTX_cleanup(&ctx);
+   EVP_DigestFinal_ex(ctx, keybuf, &dlen);
+   EVP_MD_CTX_free(ctx);
 
if ((key = malloc(dlen)) == NULL)
return NULL;
@@ -648,20 +655,21 @@ usm_passwd2mkey(const EVP_MD *md, const 
 static char *
 usm_mkey2lkey(struct usm_sec *usm, const EVP_MD *md, const char *mkey)
 {
-   EVP_MD_CTX ctx;
+   EVP_MD_CTX *ctx;
u_char buf[EVP_MAX_MD_SIZE];
u_char *lkey;
unsigned lklen;
 
-   bzero(&ctx, sizeof(ctx));
-   EVP_DigestInit_ex(&ctx, md, NULL);
+   if ((ctx = EVP_MD_CTX_new()) == NULL)
+   return NULL;
+   EVP_DigestInit_ex(ctx, md, NULL);
 
-   EVP_DigestUpdate(&ctx, mkey, EVP_MD_size(md));
-   EVP_DigestUpdate(&ctx, usm->engineid, usm->engineidlen);
-   EVP_DigestUpdate(&ctx, mkey, EVP_MD_size(md));
+   EVP_DigestUpdate(ctx, mkey, EVP_MD_size(md));
+   EVP_DigestUpdate(ctx, usm->engineid, usm->engineidlen);
+   EVP_DigestUpdate(ctx, mkey, EVP_MD_size(md));
 
-   EVP_DigestFinal_ex(&ctx, buf, &lklen);
-   EVP_MD_CTX_cleanup(&ctx);
+   EVP_DigestFinal_ex(ctx, buf, &lklen);
+   EVP_MD_CTX_free(ctx);
 
if ((lkey = malloc(lklen)) == NULL)
return NULL;
Index: usr.sbin/snmpd/usm.c
===
RCS file: /cvs/src/usr.sbin/snmpd/usm.c,v
retrieving revision 1.21
diff -u -p -r1.21 usm.c
--- usr.sbin/snmpd/usm.c1 Aug 2021 11:30:56 -   1.21
+++ usr.sbin/snmpd/usm.c5 Jan 2022 10:25:44 -
@@ -650,7 +650,7 @@ usm_crypt(struct sn

radiusctl: move EVP_* to heap

[Theo Buehler]

This is needed for the upcoming libcrypto bump. The code is essentially
the same as in npppd(8), so it has the same issue: several layers of
void functions that make error checking hard to add.

Index: usr.sbin/radiusctl/chap_ms.c
===
RCS file: /cvs/src/usr.sbin/radiusctl/chap_ms.c,v
retrieving revision 1.1
diff -u -p -r1.1 chap_ms.c
--- usr.sbin/radiusctl/chap_ms.c21 Jul 2015 04:06:04 -  1.1
+++ usr.sbin/radiusctl/chap_ms.c5 Jan 2022 09:57:43 -
@@ -134,19 +134,21 @@ mschap_challenge_response(u_int8_t *chal
 void
 mschap_ntpassword_hash(u_int8_t *in, int inlen, u_int8_t *hash)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_intmdlen;
 
-   EVP_DigestInit(&ctx, EVP_md4());
-   EVP_DigestUpdate(&ctx, in, inlen);
-   EVP_DigestFinal(&ctx, hash, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_md4());
+   EVP_DigestUpdate(ctx, in, inlen);
+   EVP_DigestFinal(ctx, hash, &mdlen);
+   EVP_MD_CTX_free(ctx);
 }
 
 void
 mschap_challenge_hash(u_int8_t *peer_challenge, u_int8_t *auth_challenge,
 u_int8_t *username, int usernamelen, u_int8_t *challenge)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_int8_t md[SHA_DIGEST_LENGTH];
u_intmdlen;
u_int8_t*name;
@@ -156,11 +158,13 @@ mschap_challenge_hash(u_int8_t *peer_cha
else
name++;
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, peer_challenge, MSCHAPV2_CHALLENGE_SZ);
-   EVP_DigestUpdate(&ctx, auth_challenge, MSCHAPV2_CHALLENGE_SZ);
-   EVP_DigestUpdate(&ctx, name, strlen(name));
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, peer_challenge, MSCHAPV2_CHALLENGE_SZ);
+   EVP_DigestUpdate(ctx, auth_challenge, MSCHAPV2_CHALLENGE_SZ);
+   EVP_DigestUpdate(ctx, name, strlen(name));
+   EVP_DigestFinal(ctx, md, &mdlen);
+   EVP_MD_CTX_free(ctx);
 
memcpy(challenge, md, MSCHAP_CHALLENGE_SZ);
 }
@@ -185,7 +189,7 @@ mschap_auth_response(u_int8_t *password,
 u_int8_t *ntresponse, u_int8_t *auth_challenge, u_int8_t *peer_challenge,
 u_int8_t *username, int usernamelen, u_int8_t *auth_response)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_int8_t password_hash[MSCHAP_HASH_SZ];
u_int8_t password_hash2[MSCHAP_HASH_SZ];
u_int8_t challenge[MSCHAP_CHALLENGE_SZ];
@@ -210,20 +214,23 @@ mschap_auth_response(u_int8_t *password,
mschap_ntpassword_hash(password, passwordlen, password_hash);
mschap_ntpassword_hash(password_hash, MSCHAP_HASH_SZ, password_hash2);
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, password_hash2, sizeof(password_hash2));
-   EVP_DigestUpdate(&ctx, ntresponse, 24);
-   EVP_DigestUpdate(&ctx, magic1, 39);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, password_hash2, sizeof(password_hash2));
+   EVP_DigestUpdate(ctx, ntresponse, 24);
+   EVP_DigestUpdate(ctx, magic1, 39);
+   EVP_DigestFinal(ctx, md, &mdlen);
+   EVP_MD_CTX_reset(ctx);
 
mschap_challenge_hash(peer_challenge, auth_challenge,
username, usernamelen, challenge);
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, md, sizeof(md));
-   EVP_DigestUpdate(&ctx, challenge, sizeof(challenge));
-   EVP_DigestUpdate(&ctx, magic2, 41);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, md, sizeof(md));
+   EVP_DigestUpdate(ctx, challenge, sizeof(challenge));
+   EVP_DigestUpdate(ctx, magic2, 41);
+   EVP_DigestFinal(ctx, md, &mdlen);
+   EVP_MD_CTX_free(ctx);
 
/*
 * Encode the value of 'Digest' as "S=" followed by
@@ -247,18 +254,20 @@ mschap_masterkey(u_int8_t *password_hash
 {
u_int8_t md[SHA_DIGEST_LENGTH];
u_intmdlen;
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
static u_int8_t  magic1[27] = {
0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
};
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, password_hash2, MSCHAP_HASH_SZ);
-   EVP_DigestUpdate(&ctx, ntresponse, 24);
-   EVP_DigestUpdate(&ctx, magic1, 27);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, password_hash2, MSCHAP_HASH_SZ);
+   EVP_DigestUpdate(ctx, ntresponse, 24);
+   EVP_DigestUpd

npppd: move EVP_* to heap

[Theo Buehler]

Another change needed for the upcoming libcrypto bump. Unfortunately,
the code is structured in a way that it makes error checking hard since
there are several layers of void functions.

This now does two unchecked allocations per stanza instead of just one.

Index: usr.sbin/npppd/npppd/chap_ms.c
===
RCS file: /cvs/src/usr.sbin/npppd/npppd/chap_ms.c,v
retrieving revision 1.8
diff -u -p -r1.8 chap_ms.c
--- usr.sbin/npppd/npppd/chap_ms.c  29 Mar 2021 03:54:39 -  1.8
+++ usr.sbin/npppd/npppd/chap_ms.c  5 Jan 2022 09:49:33 -
@@ -134,19 +134,21 @@ mschap_challenge_response(u_int8_t *chal
 void
 mschap_ntpassword_hash(u_int8_t *in, int inlen, u_int8_t *hash)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_intmdlen;
 
-   EVP_DigestInit(&ctx, EVP_md4());
-   EVP_DigestUpdate(&ctx, in, inlen);
-   EVP_DigestFinal(&ctx, hash, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_md4());
+   EVP_DigestUpdate(ctx, in, inlen);
+   EVP_DigestFinal(ctx, hash, &mdlen);
+   EVP_MD_CTX_free(ctx);
 }
 
 void
 mschap_challenge_hash(u_int8_t *peer_challenge, u_int8_t *auth_challenge,
 u_int8_t *username, int usernamelen, u_int8_t *challenge)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_int8_t md[SHA_DIGEST_LENGTH];
u_intmdlen;
u_int8_t*name;
@@ -156,11 +158,13 @@ mschap_challenge_hash(u_int8_t *peer_cha
else
name++;
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, peer_challenge, MSCHAPV2_CHALLENGE_SZ);
-   EVP_DigestUpdate(&ctx, auth_challenge, MSCHAPV2_CHALLENGE_SZ);
-   EVP_DigestUpdate(&ctx, name, strlen(name));
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, peer_challenge, MSCHAPV2_CHALLENGE_SZ);
+   EVP_DigestUpdate(ctx, auth_challenge, MSCHAPV2_CHALLENGE_SZ);
+   EVP_DigestUpdate(ctx, name, strlen(name));
+   EVP_DigestFinal(ctx, md, &mdlen);
+   EVP_MD_CTX_free(ctx);
 
memcpy(challenge, md, MSCHAP_CHALLENGE_SZ);
 }
@@ -185,7 +189,7 @@ mschap_auth_response(u_int8_t *password,
 u_int8_t *ntresponse, u_int8_t *auth_challenge, u_int8_t *peer_challenge,
 u_int8_t *username, int usernamelen, u_int8_t *auth_response)
 {
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
u_int8_t password_hash[MSCHAP_HASH_SZ];
u_int8_t password_hash2[MSCHAP_HASH_SZ];
u_int8_t challenge[MSCHAP_CHALLENGE_SZ];
@@ -210,20 +214,23 @@ mschap_auth_response(u_int8_t *password,
mschap_ntpassword_hash(password, passwordlen, password_hash);
mschap_ntpassword_hash(password_hash, MSCHAP_HASH_SZ, password_hash2);
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, password_hash2, sizeof(password_hash2));
-   EVP_DigestUpdate(&ctx, ntresponse, 24);
-   EVP_DigestUpdate(&ctx, magic1, 39);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, password_hash2, sizeof(password_hash2));
+   EVP_DigestUpdate(ctx, ntresponse, 24);
+   EVP_DigestUpdate(ctx, magic1, 39);
+   EVP_DigestFinal(ctx, md, &mdlen);
+   EVP_MD_CTX_reset(ctx);
 
mschap_challenge_hash(peer_challenge, auth_challenge,
username, usernamelen, challenge);
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, md, sizeof(md));
-   EVP_DigestUpdate(&ctx, challenge, sizeof(challenge));
-   EVP_DigestUpdate(&ctx, magic2, 41);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, md, sizeof(md));
+   EVP_DigestUpdate(ctx, challenge, sizeof(challenge));
+   EVP_DigestUpdate(ctx, magic2, 41);
+   EVP_DigestFinal(ctx, md, &mdlen);
+   EVP_MD_CTX_free(ctx);
 
/*
 * Encode the value of 'Digest' as "S=" followed by
@@ -247,18 +254,20 @@ mschap_masterkey(u_int8_t *password_hash
 {
u_int8_t md[SHA_DIGEST_LENGTH];
u_intmdlen;
-   EVP_MD_CTX   ctx;
+   EVP_MD_CTX  *ctx;
static u_int8_t  magic1[27] = {
0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79
};
 
-   EVP_DigestInit(&ctx, EVP_sha1());
-   EVP_DigestUpdate(&ctx, password_hash2, MSCHAP_HASH_SZ);
-   EVP_DigestUpdate(&ctx, ntresponse, 24);
-   EVP_DigestUpdate(&ctx, magic1, 27);
-   EVP_DigestFinal(&ctx, md, &mdlen);
+   ctx = EVP_MD_CTX_new();
+   EVP_DigestInit(ctx, EVP_sha1());
+   EVP_DigestUpdate(ctx, password_hash2, MSCHAP_HASH_SZ);

dhcpd: move HMAC_CTX to heap, add error checking

[Theo Buehler]

This fairly mechanical conversion is needed for the upcoming libcrypto
bump. This is similar to the changes made in libexec/spamd/sync.c a
while back.

Index: usr.sbin/dhcpd/sync.c
===
RCS file: /cvs/src/usr.sbin/dhcpd/sync.c,v
retrieving revision 1.23
diff -u -p -r1.23 sync.c
--- usr.sbin/dhcpd/sync.c   13 Feb 2017 23:04:05 -  1.23
+++ usr.sbin/dhcpd/sync.c   5 Jan 2022 09:44:21 -
@@ -393,7 +393,7 @@ sync_lease(struct lease *lease)
char pad[DHCP_ALIGNBYTES];
u_int16_t leaselen, padlen;
int i = 0;
-   HMAC_CTX ctx;
+   HMAC_CTX *ctx;
u_int hmac_len;
 
if (sync_key == NULL)
@@ -403,8 +403,10 @@ sync_lease(struct lease *lease)
memset(&lv, 0, sizeof(lv));
memset(&pad, 0, sizeof(pad));
 
-   HMAC_CTX_init(&ctx);
-   HMAC_Init(&ctx, sync_key, strlen(sync_key), EVP_sha1());
+   if ((ctx = HMAC_CTX_new()) == NULL)
+   goto bad;
+   if (!HMAC_Init_ex(ctx, sync_key, strlen(sync_key), EVP_sha1(), NULL))
+   goto bad;
 
leaselen = sizeof(lv);
padlen = DHCP_ALIGN(leaselen) - leaselen;
@@ -416,7 +418,8 @@ sync_lease(struct lease *lease)
hdr.sh_length = htons(sizeof(hdr) + sizeof(lv) + padlen + sizeof(end));
iov[i].iov_base = &hdr;
iov[i].iov_len = sizeof(hdr);
-   HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+   if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+   goto bad;
i++;
 
/* Add single DHCP sync address entry */
@@ -434,12 +437,14 @@ sync_lease(struct lease *lease)
piaddr(lease->ip_addr), ntohl(lv.lv_starts), ntohl(lv.lv_ends));
iov[i].iov_base = &lv;
iov[i].iov_len = sizeof(lv);
-   HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+   if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+   goto bad;
i++;
 
iov[i].iov_base = pad;
iov[i].iov_len = padlen;
-   HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+   if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+   goto bad;
i++;
 
/* Add end marker */
@@ -447,12 +452,16 @@ sync_lease(struct lease *lease)
end.st_length = htons(sizeof(end));
iov[i].iov_base = &end;
iov[i].iov_len = sizeof(end);
-   HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
+   if (!HMAC_Update(ctx, iov[i].iov_base, iov[i].iov_len))
+   goto bad;
i++;
 
-   HMAC_Final(&ctx, hdr.sh_hmac, &hmac_len);
+   if (!HMAC_Final(ctx, hdr.sh_hmac, &hmac_len))
+   goto bad;
 
/* Send message to the target hosts */
sync_send(iov, i);
-   HMAC_CTX_cleanup(&ctx);
+
+ bad:
+   HMAC_CTX_free(ctx);
 }

snmp(d): move EVP_* to heap

[Theo Buehler]

This is needed for the upcoming libcrypto bump. While it would be better
to do error checking for EVP_Digest* (for example EVP_DigestInit*
usually allocates internally), I kept the change as mechanical as
possible and left that one for someone else to fix.

Index: usr.bin/snmp/usm.c
===
RCS file: /cvs/src/usr.bin/snmp/usm.c,v
retrieving revision 1.5
diff -u -p -r1.5 usm.c
--- usr.bin/snmp/usm.c  24 Oct 2019 12:39:26 -  1.5
+++ usr.bin/snmp/usm.c  5 Jan 2022 09:37:40 -
@@ -252,7 +252,7 @@ static char *
 usm_crypt(const EVP_CIPHER *cipher, int do_enc, char *key,
 struct usm_cookie *cookie, char *serialpdu, size_t pdulen, size_t *outlen)
 {
-   EVP_CIPHER_CTX ctx;
+   EVP_CIPHER_CTX *ctx;
size_t i;
char iv[EVP_MAX_IV_LENGTH];
char *salt = (char *)&(cookie->salt);
@@ -279,28 +279,34 @@ usm_crypt(const EVP_CIPHER *cipher, int 
return NULL;
}
 
-   bzero(&ctx, sizeof(ctx));
-   if (!EVP_CipherInit(&ctx, cipher, key, iv, do_enc))
+   if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
return NULL;
 
-   EVP_CIPHER_CTX_set_padding(&ctx, do_enc);
+   if (!EVP_CipherInit(ctx, cipher, key, iv, do_enc)) {
+   EVP_CIPHER_CTX_free(ctx);
+   return NULL;
+   }
+
+   EVP_CIPHER_CTX_set_padding(ctx, do_enc);
 
bs = EVP_CIPHER_block_size(cipher);
/* Maximum output size */
*outlen = pdulen + (bs - (pdulen % bs));
 
-   if ((outtext = malloc(*outlen)) == NULL)
+   if ((outtext = malloc(*outlen)) == NULL) {
+   EVP_CIPHER_CTX_free(ctx);
return NULL;
+   }
 
-   if (EVP_CipherUpdate(&ctx, outtext, &len, serialpdu, pdulen) &&
-   EVP_CipherFinal_ex(&ctx, outtext + len, &len2))
+   if (EVP_CipherUpdate(ctx, outtext, &len, serialpdu, pdulen) &&
+   EVP_CipherFinal_ex(ctx, outtext + len, &len2))
*outlen = len + len2;
else {
free(outtext);
outtext = NULL;
}
 
-   EVP_CIPHER_CTX_cleanup(&ctx);
+   EVP_CIPHER_CTX_free(ctx);
 
return outtext;
 }
@@ -616,7 +622,7 @@ usm_setbootstime(struct snmp_sec *sec, u
 static char *
 usm_passwd2mkey(const EVP_MD *md, const char *passwd)
 {
-   EVP_MD_CTX ctx;
+   EVP_MD_CTX *ctx;
int i, count;
const u_char *pw;
u_char *c;
@@ -624,8 +630,9 @@ usm_passwd2mkey(const EVP_MD *md, const 
unsigned dlen;
char *key;
 
-   bzero(&ctx, sizeof(ctx));
-   EVP_DigestInit_ex(&ctx, md, NULL);
+   if ((ctx = EVP_MD_CTX_new()) == NULL)
+   return NULL;
+   EVP_DigestInit_ex(ctx, md, NULL);
pw = (const u_char *)passwd;
for (count = 0; count < 1048576; count += 64) {
c = keybuf;
@@ -634,10 +641,10 @@ usm_passwd2mkey(const EVP_MD *md, const 
pw = (const u_char *)passwd;
*c++ = *pw++;
}
-   EVP_DigestUpdate(&ctx, keybuf, 64);
+   EVP_DigestUpdate(ctx, keybuf, 64);
}
-   EVP_DigestFinal_ex(&ctx, keybuf, &dlen);
-   EVP_MD_CTX_cleanup(&ctx);
+   EVP_DigestFinal_ex(ctx, keybuf, &dlen);
+   EVP_MD_CTX_free(ctx);
 
if ((key = malloc(dlen)) == NULL)
return NULL;
@@ -648,20 +655,21 @@ usm_passwd2mkey(const EVP_MD *md, const 
 static char *
 usm_mkey2lkey(struct usm_sec *usm, const EVP_MD *md, const char *mkey)
 {
-   EVP_MD_CTX ctx;
+   EVP_MD_CTX *ctx;
u_char buf[EVP_MAX_MD_SIZE];
u_char *lkey;
unsigned lklen;
 
-   bzero(&ctx, sizeof(ctx));
-   EVP_DigestInit_ex(&ctx, md, NULL);
+   if ((ctx = EVP_MD_CTX_new()) == NULL)
+   return NULL;
+   EVP_DigestInit_ex(ctx, md, NULL);
 
-   EVP_DigestUpdate(&ctx, mkey, EVP_MD_size(md));
-   EVP_DigestUpdate(&ctx, usm->engineid, usm->engineidlen);
-   EVP_DigestUpdate(&ctx, mkey, EVP_MD_size(md));
+   EVP_DigestUpdate(ctx, mkey, EVP_MD_size(md));
+   EVP_DigestUpdate(ctx, usm->engineid, usm->engineidlen);
+   EVP_DigestUpdate(ctx, mkey, EVP_MD_size(md));
 
-   EVP_DigestFinal_ex(&ctx, buf, &lklen);
-   EVP_MD_CTX_cleanup(&ctx);
+   EVP_DigestFinal_ex(ctx, buf, &lklen);
+   EVP_MD_CTX_free(ctx);
 
if ((lkey = malloc(lklen)) == NULL)
return NULL;
Index: usr.sbin/snmpd/usm.c
===
RCS file: /cvs/src/usr.sbin/snmpd/usm.c,v
retrieving revision 1.21
diff -u -p -r1.21 usm.c
--- usr.sbin/snmpd/usm.c1 Aug 2021 11:30:56 -   1.21
+++ usr.sbin/snmpd/usm.c5 Jan 2022 09:37:53 -
@@ -650,7 +650,7 @@ usm_crypt(struct snmp_message *msg, u_ch
int do_encrypt)
 {
const EVP_CIPHER*cipher;
-   EVP_CIPHER_CTX   ctx;
+   EVP_CIPHER_CTX  *ctx;
u