summaryrefslogtreecommitdiffstats
path: root/abs/extra/net-snmp/fix-openssl-build-errors.patch
blob: 53bc3722674510b97ce5ff2546329a679a78eb7d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
net-snmp build fails on Debian 9 with OpenSSL 1.1.0

With these changes, net-snmp builds with both
OpenSSL 1.0.x and 1.1.x.

Author: Sharmila Podury <sharmila.podury@brocade.com>

--- a/apps/snmpusm.c
+++ b/apps/snmpusm.c
@@ -125,6 +125,32 @@ char           *usmUserPublic_val = NULL
 int             docreateandwait = 0;
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+#include <openssl/engine.h>
+
+void DH_get0_pqg(const DH *dh,
+                const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+   if (p != NULL)
+       *p = dh->p;
+   if (q != NULL)
+       *q = dh->q;
+   if (g != NULL)
+       *g = dh->g;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+   if (pub_key != NULL)
+       *pub_key = dh->pub_key;
+   if (priv_key != NULL)
+       *priv_key = dh->priv_key;
+}
+
+#endif
+
 void
 usage(void)
 {
@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
                oid *keyoid, size_t keyoid_len) {
     u_char *dhkeychange;
     DH *dh;
-    BIGNUM *other_pub;
+    BIGNUM *p, *g, *pub_key, *other_pub;
     u_char *key;
     size_t key_len;
             
@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
         dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
     }
 
-    if (!dh || !dh->g || !dh->p) {
+    if (dh)
+        DH_get0_pqg(dh, &p, NULL, &g);
+
+    if (!dh || !g || !p) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
 
-    DH_generate_key(dh);
-    if (!dh->pub_key) {
+    if (!DH_generate_key(dh)) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
             
-    if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+    DH_get0_key(dh, &pub_key, NULL);
+
+    if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
         SNMP_FREE(dhkeychange);
         fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
-                (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+                (unsigned long)vars->val_len, BN_num_bytes(pub_key));
         return SNMPERR_GENERR;
     }
 
-    BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+    BN_bn2bin(pub_key, dhkeychange + vars->val_len);
 
     key_len = DH_size(dh);
     if (!key_len) {
--- a/configure.d/config_os_libs2
+++ b/configure.d/config_os_libs2
@@ -327,10 +327,16 @@ if test "x$tryopenssl" != "xno" -a "x$tr
              [[#include <openssl/evp.h>]])
 
             AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
-                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
+                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1],
                     [Define to 1 if you have the `EVP_MD_CTX_create' function.])
-                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
+                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1],
                     [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+
+            AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
+                AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
+                    [Define to 1 if you have the `EVP_MD_CTX_new' function.])
+                AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
+                    [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
         fi
         if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
 	    AC_CHECK_LIB(ssl, DTLSv1_method,
--- a/include/net-snmp/net-snmp-config.h.in
+++ b/include/net-snmp/net-snmp-config.h.in
@@ -164,6 +164,12 @@
 /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
 #undef HAVE_EVP_MD_CTX_DESTROY
 
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
+
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
+
 /* Define if you have EVP_sha224/256 in openssl */
 #undef HAVE_EVP_SHA224
 
--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
@@ -176,7 +176,9 @@ generate_Ku(const oid * hashtype, u_int
         QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
     }
 
-#ifdef HAVE_EVP_MD_CTX_CREATE
+#ifdef HAVE_EVP_MD_CTX_NEW
+    ctx = EVP_MD_CTX_new();
+#elif HAVE_EVP_MD_CTX_CREATE
     ctx = EVP_MD_CTX_create();
 #else
     ctx = malloc(sizeof(*ctx));
@@ -278,7 +280,9 @@ generate_Ku(const oid * hashtype, u_int
     memset(buf, 0, sizeof(buf));
 #ifdef NETSNMP_USE_OPENSSL
     if (ctx) {
-#ifdef HAVE_EVP_MD_CTX_DESTROY
+#ifdef HAVE_EVP_MD_CTX_FREE
+        EVP_MD_CTX_free(ctx);
+#elif HAVE_EVP_MD_CTX_DESTROY
         EVP_MD_CTX_destroy(ctx);
 #else
         EVP_MD_CTX_cleanup(ctx);
--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
@@ -627,7 +627,9 @@ sc_hash(const oid * hashtype, size_t has
         return SNMPERR_GENERR;
 
 /** initialize the pointer */
-#ifdef HAVE_EVP_MD_CTX_CREATE
+#ifdef HAVE_EVP_MD_CTX_NEW
+    cptr = EVP_MD_CTX_new();
+#elif HAVE_EVP_MD_CTX_CREATE
     cptr = EVP_MD_CTX_create();
 #else
     cptr = malloc(sizeof(*cptr));
@@ -648,7 +650,9 @@ sc_hash(const oid * hashtype, size_t has
 /** do the final pass */
     EVP_DigestFinal(cptr, MAC, &tmp_len);
     *MAC_len = tmp_len;
-#ifdef HAVE_EVP_MD_CTX_DESTROY
+#ifdef HAVE_EVP_MD_CTX_FREE
+    EVP_MD_CTX_free(cptr);
+#elif HAVE_EVP_MD_CTX_DESTROY
     EVP_MD_CTX_destroy(cptr);
 #else
 #if !defined(OLD_DES)