From a22a8b626737d209ba1d12868e6f236dfc93fd6a Mon Sep 17 00:00:00 2001
From: Theo Buehler <tb@openbsd.org>
Date: Thu, 30 May 2024 19:10:17 +0200
Subject: [PATCH] Don't rely on libcrypto returning static buffers

ike-scan is one of very few applications relying on being able to pass
NULL as last argument to the one-step hashing functions. BoringSSL
has removed this functionality in 2017 [1] and LibreSSL 4.0 will do
the same. Applications can pass in a correctly-sized buffer on the
stack.

[1]: https://boringssl-review.googlesource.com/14528
---
 ike-scan.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ike-scan.c b/ike-scan.c
index b14c82a..ccc2960 100644
--- a/ike-scan.c
+++ b/ike-scan.c
@@ -1329,6 +1329,7 @@ add_host(const char *name, unsigned timeout, unsigned *num_hosts,
       memset(he->icookie, '\0', sizeof(he->icookie));
       memcpy(he->icookie, cookie_data, cookie_data_len);
    } else {
+      unsigned char md[MD5_DIGEST_LENGTH];
 /*
  * We cast the timeval elements to unsigned long because different vendors
  * use different types for them (int, long, unsigned int and unsigned long).
@@ -1337,7 +1338,7 @@ add_host(const char *name, unsigned timeout, unsigned *num_hosts,
  */
       snprintf(str, sizeof(str), "%lu %lu %u %s", (unsigned long) now.tv_sec,
               (unsigned long) now.tv_usec, *num_hosts, inet_ntoa(he->addr));
-      memcpy(he->icookie, MD5((unsigned char *)str, strlen(str), NULL),
+      memcpy(he->icookie, MD5((unsigned char *)str, strlen(str), md),
              sizeof(he->icookie));
    }
 }