netsnmpd: Update to version 5.8
[people/pmueller/ipfire-2.x.git] / src / patches / net-snmp-5.7.3-openssl.patch
CommitLineData
0d0fe16e
MT
1diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c
2--- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100
3+++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100
4@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va
5 oid *keyoid, size_t keyoid_len) {
6 u_char *dhkeychange;
7 DH *dh;
8- BIGNUM *other_pub;
9+ BIGNUM *p, *g, *pub_key, *other_pub;
10 u_char *key;
11 size_t key_len;
12
13@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va
14 dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
15 }
16
17- if (!dh || !dh->g || !dh->p) {
18+ if (dh)
19+ DH_get0_pqg(dh, &p, NULL, &g);
20+
21+ if (!dh || !g || !p) {
22 SNMP_FREE(dhkeychange);
23 return SNMPERR_GENERR;
24 }
25
26- DH_generate_key(dh);
27- if (!dh->pub_key) {
28+ if (!DH_generate_key(dh)) {
29 SNMP_FREE(dhkeychange);
30 return SNMPERR_GENERR;
31 }
32
33- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
34+ DH_get0_key(dh, &pub_key, NULL);
35+
36+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
37 SNMP_FREE(dhkeychange);
38 fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
39- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
40+ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
41 return SNMPERR_GENERR;
42 }
43
44- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
45+ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
46
47 key_len = DH_size(dh);
48 if (!key_len) {
49diff -urNp old/configure new/configure
50--- old/configure 2017-02-20 10:08:16.440396223 +0100
51+++ new/configure 2017-02-20 10:57:15.749734281 +0100
52@@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP
53 fi
54
55
56- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh`
57-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5
58-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; }
59+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh`
60+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5
61+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; }
62 if eval \${$as_ac_Lib+:} false; then :
63 $as_echo_n "(cached) " >&6
64 else
65@@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
66 #ifdef __cplusplus
67 extern "C"
68 #endif
69-char EVP_MD_CTX_create ();
70+char EVP_MD_CTX_new ();
71 int
72 main ()
73 {
74-return EVP_MD_CTX_create ();
75+return EVP_MD_CTX_new ();
76 ;
77 return 0;
78 }
79@@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib
80 $as_echo "$ac_res" >&6; }
81 if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
82
83-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h
84+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h
85
86
87-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h
88+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h
89
90 fi
91
92@@ -23293,7 +23293,7 @@ char SSL_library_init ();
93 int
94 main ()
95 {
96-return SSL_library_init ();
97+return OPENSSL_init_ssl(0, NULL);
98 ;
99 return 0;
100 }
101diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2
102--- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100
103+++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100
104@@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr
105 AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
106 [Define to 1 if you have the `AES_cfb128_encrypt' function.]))
107
108- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
109- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
110- [Define to 1 if you have the `EVP_MD_CTX_create' function.])
111- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
112- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
113+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
114+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [],
115+ [Define to 1 if you have the `EVP_MD_CTX_new' function.])
116+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [],
117+ [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
118 fi
119 if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
120 AC_CHECK_LIB(ssl, DTLSv1_method,
121@@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr
122 TLSPROG=yes
123 fi
124 if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then
125- AC_CHECK_LIB(ssl, SSL_library_init,
126+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl,
127 AC_DEFINE(HAVE_LIBSSL, 1,
128 [Define to 1 if you have the `ssl' library (-lssl).])
129 LIBCRYPTO=" -lssl $LIBCRYPTO",
130diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in
131--- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100
132+++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100
133@@ -149,11 +149,11 @@
134 /* Define to 1 if you have the `eval_pv' function. */
135 #undef HAVE_EVAL_PV
136
137-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
138-#undef HAVE_EVP_MD_CTX_CREATE
139+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
140+#undef HAVE_EVP_MD_CTX_NEW
141
142-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
143-#undef HAVE_EVP_MD_CTX_DESTROY
144+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
145+#undef HAVE_EVP_MD_CTX_FREE
146
147 /* Define if you have EVP_sha224/256 in openssl */
148 #undef HAVE_EVP_SHA224
149diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c
150--- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100
151+++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100
152@@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int
153 */
154 #ifdef NETSNMP_USE_OPENSSL
155
156-#ifdef HAVE_EVP_MD_CTX_CREATE
157- ctx = EVP_MD_CTX_create();
158+#ifdef HAVE_EVP_MD_CTX_NEW
159+ ctx = EVP_MD_CTX_new();
160 #else
161 ctx = malloc(sizeof(*ctx));
162 if (!EVP_MD_CTX_init(ctx))
163@@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int
164 memset(buf, 0, sizeof(buf));
165 #ifdef NETSNMP_USE_OPENSSL
166 if (ctx) {
167-#ifdef HAVE_EVP_MD_CTX_DESTROY
168- EVP_MD_CTX_destroy(ctx);
169+#ifdef HAVE_EVP_MD_CTX_FREE
170+ EVP_MD_CTX_free(ctx);
171 #else
172 EVP_MD_CTX_cleanup(ctx);
173 free(ctx);
174diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c
175--- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100
176+++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100
177@@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has
178 }
179
180 /** initialize the pointer */
181-#ifdef HAVE_EVP_MD_CTX_CREATE
182- cptr = EVP_MD_CTX_create();
183+#ifdef HAVE_EVP_MD_CTX_NEW
184+ cptr = EVP_MD_CTX_new();
185 #else
186 cptr = malloc(sizeof(*cptr));
187 #if defined(OLD_DES)
188 memset(cptr, 0, sizeof(*cptr));
189 #else
190- EVP_MD_CTX_init(cptr);
191+ EVP_MD_CTX_init(&cptr);
192 #endif
193 #endif
194 if (!EVP_DigestInit(cptr, hashfn)) {
195@@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has
196 /** do the final pass */
197 EVP_DigestFinal(cptr, MAC, &tmp_len);
198 *MAC_len = tmp_len;
199-#ifdef HAVE_EVP_MD_CTX_DESTROY
200- EVP_MD_CTX_destroy(cptr);
201+#ifdef HAVE_EVP_MD_CTX_FREE
202+ EVP_MD_CTX_free(cptr);
203 #else
204 #if !defined(OLD_DES)
205- EVP_MD_CTX_cleanup(cptr);
206+ EVP_MD_CTX_cleanup(&cptr);
207 #endif
208 free(cptr);
209 #endif
210diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c
211--- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100
212+++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100
213@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) {
214 DEBUGMSGTL(("snmp_openssl", "initializing\n"));
215
216 /* Initializing OpenSSL */
217- SSL_library_init();
218+ OPENSSL_init_ssl(0, NULL);
219 SSL_load_error_strings();
220 ERR_load_BIO_strings();
221 OpenSSL_add_all_algorithms();
222@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc
223 oname_entry = X509_NAME_get_entry(osubj_name, i);
224 netsnmp_assert(NULL != oname_entry);
225
226- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING)
227+ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING)
228 continue;
229
230 /** get NID */
231- onid = OBJ_obj2nid(oname_entry->object);
232+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry));
233 if (onid == NID_undef) {
234 prefix_long = prefix_short = "UNKNOWN";
235 }
236@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc
237
238 DEBUGMSGT(("9:cert:dump:names",
239 "[%02d] NID type %d, ASN type %d\n", i, onid,
240- oname_entry->value->type));
241+ X509_NAME_ENTRY_get_data(oname_entry)->type));
242 DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long,
243- prefix_short, ASN1_STRING_data(oname_entry->value)));
244+ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry))));
245 }
246 }
247 #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */
248@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509
249 if (NULL == ocert)
250 return 0;
251
252- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm));
253+ return _nid2ht(X509_get_signature_nid(ocert));
254 }
255
256 /**
257@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50
258 if (NULL == ocert)
259 return NULL;
260
261- nid = OBJ_obj2nid(ocert->sig_alg->algorithm);
262+ nid = X509_get_signature_nid(ocert);
263 DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid,
264 _nid2ht(nid)));
265
266diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h
267--- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100
268+++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100
269@@ -1366,11 +1366,11 @@
270 /* Define to 1 if you have the <openssl/aes.h> header file. */
271 #define HAVE_OPENSSL_AES_H 1
272
273-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
274-#define HAVE_EVP_MD_CTX_CREATE 1
275+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
276+#define HAVE_EVP_MD_CTX_NEW 1
277
278-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
279-#define HAVE_EVP_MD_CTX_DESTROY 1
280+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
281+#define HAVE_EVP_MD_CTX_FREE 1
282
283 /* Define to 1 if you have the `AES_cfb128_encrypt' function. */
284 #define HAVE_AES_CFB128_ENCRYPT 1
285diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in
286--- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100
287+++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100
288@@ -1366,11 +1366,11 @@
289 /* Define to 1 if you have the <openssl/aes.h> header file. */
290 #define HAVE_OPENSSL_AES_H 1
291
292-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
293-#define HAVE_EVP_MD_CTX_CREATE 1
294+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
295+#define HAVE_EVP_MD_CTX_NEW 1
296
297-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
298-#define HAVE_EVP_MD_CTX_DESTROY 1
299+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
300+#define HAVE_EVP_MD_CTX_FREE 1
301
302 /* Define to 1 if you have the `AES_cfb128_encrypt' function. */
303 #define HAVE_AES_CFB128_ENCRYPT 1