projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 0d0fe16e MT |
1 | diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c |
| 2 | --- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100 | |
| 3 | +++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100 | |
| 4 | @@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va | |
| 5 | oid *keyoid, size_t keyoid_len) { | |
| 6 | u_char *dhkeychange; | |
| 7 | DH *dh; | |
| 8 | - BIGNUM *other_pub; | |
| 9 | + BIGNUM *p, *g, *pub_key, *other_pub; | |
| 10 | u_char *key; | |
| 11 | size_t key_len; | |
| 12 | ||
| 13 | @@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va | |
| 14 | dh = d2i_DHparams(NULL, &cp, dhvar->val_len); | |
| 15 | } | |
| 16 | ||
| 17 | - if (!dh || !dh->g || !dh->p) { | |
| 18 | + if (dh) | |
| 19 | + DH_get0_pqg(dh, &p, NULL, &g); | |
| 20 | + | |
| 21 | + if (!dh || !g || !p) { | |
| 22 | SNMP_FREE(dhkeychange); | |
| 23 | return SNMPERR_GENERR; | |
| 24 | } | |
| 25 | ||
| 26 | - DH_generate_key(dh); | |
| 27 | - if (!dh->pub_key) { | |
| 28 | + if (!DH_generate_key(dh)) { | |
| 29 | SNMP_FREE(dhkeychange); | |
| 30 | return SNMPERR_GENERR; | |
| 31 | } | |
| 32 | ||
| 33 | - if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { | |
| 34 | + DH_get0_key(dh, &pub_key, NULL); | |
| 35 | + | |
| 36 | + if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { | |
| 37 | SNMP_FREE(dhkeychange); | |
| 38 | fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", | |
| 39 | - (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); | |
| 40 | + (unsigned long)vars->val_len, BN_num_bytes(pub_key)); | |
| 41 | return SNMPERR_GENERR; | |
| 42 | } | |
| 43 | ||
| 44 | - BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); | |
| 45 | + BN_bn2bin(pub_key, dhkeychange + vars->val_len); | |
| 46 | ||
| 47 | key_len = DH_size(dh); | |
| 48 | if (!key_len) { | |
| 49 | diff -urNp old/configure new/configure | |
| 50 | --- old/configure 2017-02-20 10:08:16.440396223 +0100 | |
| 51 | +++ new/configure 2017-02-20 10:57:15.749734281 +0100 | |
| 52 | @@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP | |
| 53 | fi | |
| 54 | ||
| 55 | ||
| 56 | - as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh` | |
| 57 | -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5 | |
| 58 | -$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; } | |
| 59 | + as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` | |
| 60 | +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 | |
| 61 | +$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } | |
| 62 | if eval \${$as_ac_Lib+:} false; then : | |
| 63 | $as_echo_n "(cached) " >&6 | |
| 64 | else | |
| 65 | @@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ | |
| 66 | #ifdef __cplusplus | |
| 67 | extern "C" | |
| 68 | #endif | |
| 69 | -char EVP_MD_CTX_create (); | |
| 70 | +char EVP_MD_CTX_new (); | |
| 71 | int | |
| 72 | main () | |
| 73 | { | |
| 74 | -return EVP_MD_CTX_create (); | |
| 75 | +return EVP_MD_CTX_new (); | |
| 76 | ; | |
| 77 | return 0; | |
| 78 | } | |
| 79 | @@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib | |
| 80 | $as_echo "$ac_res" >&6; } | |
| 81 | if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : | |
| 82 | ||
| 83 | -$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h | |
| 84 | +$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h | |
| 85 | ||
| 86 | ||
| 87 | -$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h | |
| 88 | +$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h | |
| 89 | ||
| 90 | fi | |
| 91 | ||
| 92 | @@ -23293,7 +23293,7 @@ char SSL_library_init (); | |
| 93 | int | |
| 94 | main () | |
| 95 | { | |
| 96 | -return SSL_library_init (); | |
| 97 | +return OPENSSL_init_ssl(0, NULL); | |
| 98 | ; | |
| 99 | return 0; | |
| 100 | } | |
| 101 | diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2 | |
| 102 | --- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100 | |
| 103 | +++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100 | |
| 104 | @@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr | |
| 105 | AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1, | |
| 106 | [Define to 1 if you have the `AES_cfb128_encrypt' function.])) | |
| 107 | ||
| 108 | - AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, | |
| 109 | - AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], | |
| 110 | - [Define to 1 if you have the `EVP_MD_CTX_create' function.]) | |
| 111 | - AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], | |
| 112 | - [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) | |
| 113 | + AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, | |
| 114 | + AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [], | |
| 115 | + [Define to 1 if you have the `EVP_MD_CTX_new' function.]) | |
| 116 | + AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [], | |
| 117 | + [Define to 1 if you have the `EVP_MD_CTX_free' function.])) | |
| 118 | fi | |
| 119 | if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then | |
| 120 | AC_CHECK_LIB(ssl, DTLSv1_method, | |
| 121 | @@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr | |
| 122 | TLSPROG=yes | |
| 123 | fi | |
| 124 | if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then | |
| 125 | - AC_CHECK_LIB(ssl, SSL_library_init, | |
| 126 | + AC_CHECK_LIB(ssl, OPENSSL_init_ssl, | |
| 127 | AC_DEFINE(HAVE_LIBSSL, 1, | |
| 128 | [Define to 1 if you have the `ssl' library (-lssl).]) | |
| 129 | LIBCRYPTO=" -lssl $LIBCRYPTO", | |
| 130 | diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in | |
| 131 | --- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100 | |
| 132 | +++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100 | |
| 133 | @@ -149,11 +149,11 @@ | |
| 134 | /* Define to 1 if you have the `eval_pv' function. */ | |
| 135 | #undef HAVE_EVAL_PV | |
| 136 | ||
| 137 | -/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ | |
| 138 | -#undef HAVE_EVP_MD_CTX_CREATE | |
| 139 | +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ | |
| 140 | +#undef HAVE_EVP_MD_CTX_NEW | |
| 141 | ||
| 142 | -/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ | |
| 143 | -#undef HAVE_EVP_MD_CTX_DESTROY | |
| 144 | +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ | |
| 145 | +#undef HAVE_EVP_MD_CTX_FREE | |
| 146 | ||
| 147 | /* Define if you have EVP_sha224/256 in openssl */ | |
| 148 | #undef HAVE_EVP_SHA224 | |
| 149 | diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c | |
| 150 | --- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100 | |
| 151 | +++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100 | |
| 152 | @@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int | |
| 153 | */ | |
| 154 | #ifdef NETSNMP_USE_OPENSSL | |
| 155 | ||
| 156 | -#ifdef HAVE_EVP_MD_CTX_CREATE | |
| 157 | - ctx = EVP_MD_CTX_create(); | |
| 158 | +#ifdef HAVE_EVP_MD_CTX_NEW | |
| 159 | + ctx = EVP_MD_CTX_new(); | |
| 160 | #else | |
| 161 | ctx = malloc(sizeof(*ctx)); | |
| 162 | if (!EVP_MD_CTX_init(ctx)) | |
| 163 | @@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int | |
| 164 | memset(buf, 0, sizeof(buf)); | |
| 165 | #ifdef NETSNMP_USE_OPENSSL | |
| 166 | if (ctx) { | |
| 167 | -#ifdef HAVE_EVP_MD_CTX_DESTROY | |
| 168 | - EVP_MD_CTX_destroy(ctx); | |
| 169 | +#ifdef HAVE_EVP_MD_CTX_FREE | |
| 170 | + EVP_MD_CTX_free(ctx); | |
| 171 | #else | |
| 172 | EVP_MD_CTX_cleanup(ctx); | |
| 173 | free(ctx); | |
| 174 | diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c | |
| 175 | --- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100 | |
| 176 | +++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100 | |
| 177 | @@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has | |
| 178 | } | |
| 179 | ||
| 180 | /** initialize the pointer */ | |
| 181 | -#ifdef HAVE_EVP_MD_CTX_CREATE | |
| 182 | - cptr = EVP_MD_CTX_create(); | |
| 183 | +#ifdef HAVE_EVP_MD_CTX_NEW | |
| 184 | + cptr = EVP_MD_CTX_new(); | |
| 185 | #else | |
| 186 | cptr = malloc(sizeof(*cptr)); | |
| 187 | #if defined(OLD_DES) | |
| 188 | memset(cptr, 0, sizeof(*cptr)); | |
| 189 | #else | |
| 190 | - EVP_MD_CTX_init(cptr); | |
| 191 | + EVP_MD_CTX_init(&cptr); | |
| 192 | #endif | |
| 193 | #endif | |
| 194 | if (!EVP_DigestInit(cptr, hashfn)) { | |
| 195 | @@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has | |
| 196 | /** do the final pass */ | |
| 197 | EVP_DigestFinal(cptr, MAC, &tmp_len); | |
| 198 | *MAC_len = tmp_len; | |
| 199 | -#ifdef HAVE_EVP_MD_CTX_DESTROY | |
| 200 | - EVP_MD_CTX_destroy(cptr); | |
| 201 | +#ifdef HAVE_EVP_MD_CTX_FREE | |
| 202 | + EVP_MD_CTX_free(cptr); | |
| 203 | #else | |
| 204 | #if !defined(OLD_DES) | |
| 205 | - EVP_MD_CTX_cleanup(cptr); | |
| 206 | + EVP_MD_CTX_cleanup(&cptr); | |
| 207 | #endif | |
| 208 | free(cptr); | |
| 209 | #endif | |
| 210 | diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c | |
| 211 | --- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100 | |
| 212 | +++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100 | |
| 213 | @@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) { | |
| 214 | DEBUGMSGTL(("snmp_openssl", "initializing\n")); | |
| 215 | ||
| 216 | /* Initializing OpenSSL */ | |
| 217 | - SSL_library_init(); | |
| 218 | + OPENSSL_init_ssl(0, NULL); | |
| 219 | SSL_load_error_strings(); | |
| 220 | ERR_load_BIO_strings(); | |
| 221 | OpenSSL_add_all_algorithms(); | |
| 222 | @@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc | |
| 223 | oname_entry = X509_NAME_get_entry(osubj_name, i); | |
| 224 | netsnmp_assert(NULL != oname_entry); | |
| 225 | ||
| 226 | - if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) | |
| 227 | + if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING) | |
| 228 | continue; | |
| 229 | ||
| 230 | /** get NID */ | |
| 231 | - onid = OBJ_obj2nid(oname_entry->object); | |
| 232 | + onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); | |
| 233 | if (onid == NID_undef) { | |
| 234 | prefix_long = prefix_short = "UNKNOWN"; | |
| 235 | } | |
| 236 | @@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc | |
| 237 | ||
| 238 | DEBUGMSGT(("9:cert:dump:names", | |
| 239 | "[%02d] NID type %d, ASN type %d\n", i, onid, | |
| 240 | - oname_entry->value->type)); | |
| 241 | + X509_NAME_ENTRY_get_data(oname_entry)->type)); | |
| 242 | DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, | |
| 243 | - prefix_short, ASN1_STRING_data(oname_entry->value))); | |
| 244 | + prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry)))); | |
| 245 | } | |
| 246 | } | |
| 247 | #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ | |
| 248 | @@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509 | |
| 249 | if (NULL == ocert) | |
| 250 | return 0; | |
| 251 | ||
| 252 | - return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); | |
| 253 | + return _nid2ht(X509_get_signature_nid(ocert)); | |
| 254 | } | |
| 255 | ||
| 256 | /** | |
| 257 | @@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50 | |
| 258 | if (NULL == ocert) | |
| 259 | return NULL; | |
| 260 | ||
| 261 | - nid = OBJ_obj2nid(ocert->sig_alg->algorithm); | |
| 262 | + nid = X509_get_signature_nid(ocert); | |
| 263 | DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, | |
| 264 | _nid2ht(nid))); | |
| 265 | ||
| 266 | diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h | |
| 267 | --- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100 | |
| 268 | +++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100 | |
| 269 | @@ -1366,11 +1366,11 @@ | |
| 270 | /* Define to 1 if you have the <openssl/aes.h> header file. */ | |
| 271 | #define HAVE_OPENSSL_AES_H 1 | |
| 272 | ||
| 273 | -/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ | |
| 274 | -#define HAVE_EVP_MD_CTX_CREATE 1 | |
| 275 | +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ | |
| 276 | +#define HAVE_EVP_MD_CTX_NEW 1 | |
| 277 | ||
| 278 | -/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ | |
| 279 | -#define HAVE_EVP_MD_CTX_DESTROY 1 | |
| 280 | +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ | |
| 281 | +#define HAVE_EVP_MD_CTX_FREE 1 | |
| 282 | ||
| 283 | /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ | |
| 284 | #define HAVE_AES_CFB128_ENCRYPT 1 | |
| 285 | diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in | |
| 286 | --- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100 | |
| 287 | +++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100 | |
| 288 | @@ -1366,11 +1366,11 @@ | |
| 289 | /* Define to 1 if you have the <openssl/aes.h> header file. */ | |
| 290 | #define HAVE_OPENSSL_AES_H 1 | |
| 291 | ||
| 292 | -/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ | |
| 293 | -#define HAVE_EVP_MD_CTX_CREATE 1 | |
| 294 | +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ | |
| 295 | +#define HAVE_EVP_MD_CTX_NEW 1 | |
| 296 | ||
| 297 | -/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ | |
| 298 | -#define HAVE_EVP_MD_CTX_DESTROY 1 | |
| 299 | +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ | |
| 300 | +#define HAVE_EVP_MD_CTX_FREE 1 | |
| 301 | ||
| 302 | /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ | |
| 303 | #define HAVE_AES_CFB128_ENCRYPT 1 |