net-snmp and openssl 1.1.0

Tue, 08 Nov 2016 01:39:29 -0800 

Control: tags -1 + upstream patch

Hello!

The attached patch (in combination with the fix for #841554) makes the
Debian net-snmp package build against openssl 1.1.0. This patch has only
been compile-tested. No runtime testing. No guarantees. Please review
carefully.

(Additional ifdefs likely needed to keep this compiling against
older openssl versions.)

Regards,
Andreas Henriksson

diff -urip net-snmp-5.7.3+dfsg/apps/snmpusm.c net-snmp-5.7.3+dfsg.openssl110/apps/snmpusm.c
--- net-snmp-5.7.3+dfsg/apps/snmpusm.c	2016-11-01 17:10:04.000000000 +0000
+++ net-snmp-5.7.3+dfsg.openssl110/apps/snmpusm.c	2016-11-01 16:57:15.725165019 +0000
@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va
                oid *keyoid, size_t keyoid_len) {
     u_char *dhkeychange;
     DH *dh;
-    BIGNUM *other_pub;
+    BIGNUM *p, *g, *pub_key, *other_pub;
     u_char *key;
     size_t key_len;
             
@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va
         dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
     }
 
-    if (!dh || !dh->g || !dh->p) {
+    if (dh)
+        DH_get0_pqg(dh, &p, NULL, &g); 
+
+    if (!dh || !g || !p) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
 
-    DH_generate_key(dh);
-    if (!dh->pub_key) {
+    if (!DH_generate_key(dh)) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
             
-    if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+    DH_get0_key(dh, &pub_key, NULL);
+
+    if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
         SNMP_FREE(dhkeychange);
         fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
-                (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+                (unsigned long)vars->val_len, BN_num_bytes(pub_key));
         return SNMPERR_GENERR;
     }
 
-    BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+    BN_bn2bin(pub_key, dhkeychange + vars->val_len);
 
     key_len = DH_size(dh);
     if (!key_len) {
diff -urip net-snmp-5.7.3+dfsg/include/net-snmp/net-snmp-config.h.in net-snmp-5.7.3+dfsg.openssl110/include/net-snmp/net-snmp-config.h.in
--- net-snmp-5.7.3+dfsg/include/net-snmp/net-snmp-config.h.in	2014-12-08 20:23:22.000000000 +0000
+++ net-snmp-5.7.3+dfsg.openssl110/include/net-snmp/net-snmp-config.h.in	2016-11-01 17:09:13.113156001 +0000
@@ -155,6 +155,12 @@
 /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
 #undef HAVE_EVP_MD_CTX_DESTROY
 
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
+
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
+
 /* Define if you have EVP_sha224/256 in openssl */
 #undef HAVE_EVP_SHA224
 
diff -urip net-snmp-5.7.3+dfsg/snmplib/keytools.c net-snmp-5.7.3+dfsg.openssl110/snmplib/keytools.c
--- net-snmp-5.7.3+dfsg/snmplib/keytools.c	2014-12-08 20:23:22.000000000 +0000
+++ net-snmp-5.7.3+dfsg.openssl110/snmplib/keytools.c	2016-11-01 16:10:35.749200214 +0000
@@ -149,7 +149,9 @@ generate_Ku(const oid * hashtype, u_int
      */
 #ifdef NETSNMP_USE_OPENSSL
 
-#ifdef HAVE_EVP_MD_CTX_CREATE
+#ifdef HAVE_EVP_MD_CTX_NEW
+    ctx = EVP_MD_CTX_new();
+#elif HAVE_EVP_MD_CTX_CREATE
     ctx = EVP_MD_CTX_create();
 #else
     ctx = malloc(sizeof(*ctx));
@@ -259,7 +261,9 @@ generate_Ku(const oid * hashtype, u_int
     memset(buf, 0, sizeof(buf));
 #ifdef NETSNMP_USE_OPENSSL
     if (ctx) {
-#ifdef HAVE_EVP_MD_CTX_DESTROY
+#ifdef HAVE_EVP_MD_CTX_FREE
+        EVP_MD_CTX_free(ctx);
+#elif HAVE_EVP_MD_CTX_DESTROY
         EVP_MD_CTX_destroy(ctx);
 #else
         EVP_MD_CTX_cleanup(ctx);
diff -urip net-snmp-5.7.3+dfsg/snmplib/scapi.c net-snmp-5.7.3+dfsg.openssl110/snmplib/scapi.c
--- net-snmp-5.7.3+dfsg/snmplib/scapi.c	2014-12-08 20:23:22.000000000 +0000
+++ net-snmp-5.7.3+dfsg.openssl110/snmplib/scapi.c	2016-11-01 16:10:13.837200490 +0000
@@ -486,7 +486,9 @@ sc_hash(const oid * hashtype, size_t has
     }
 
 /** initialize the pointer */
-#ifdef HAVE_EVP_MD_CTX_CREATE
+#ifdef HAVE_EVP_MD_CTX_NEW
+    cptr = EVP_MD_CTX_new();
+#elif HAVE_EVP_MD_CTX_CREATE
     cptr = EVP_MD_CTX_create();
 #else
     cptr = malloc(sizeof(*cptr));
@@ -507,7 +509,9 @@ sc_hash(const oid * hashtype, size_t has
 /** do the final pass */
     EVP_DigestFinal(cptr, MAC, &tmp_len);
     *MAC_len = tmp_len;
-#ifdef HAVE_EVP_MD_CTX_DESTROY
+#ifdef HAVE_EVP_MD_CTX_FREE
+    EVP_MD_CTX_free(cptr);
+#elif HAVE_EVP_MD_CTX_DESTROY
     EVP_MD_CTX_destroy(cptr);
 #else
 #if !defined(OLD_DES)

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to