From owner-svn-ports-branches@freebsd.org  Wed Oct 31 14:38:32 2018
Return-Path: <owner-svn-ports-branches@freebsd.org>
Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFE4110DBC73;
 Wed, 31 Oct 2018 14:38:32 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 656CA7867E;
 Wed, 31 Oct 2018 14:38:32 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 409185D1C;
 Wed, 31 Oct 2018 14:38:32 +0000 (UTC) (envelope-from mat@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9VEcWje033964;
 Wed, 31 Oct 2018 14:38:32 GMT (envelope-from mat@FreeBSD.org)
Received: (from mat@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9VEcVQm033962;
 Wed, 31 Oct 2018 14:38:31 GMT (envelope-from mat@FreeBSD.org)
Message-Id: <201810311438.w9VEcVQm033962@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mat set sender to mat@FreeBSD.org
 using -f
From: Mathieu Arnold <mat@FreeBSD.org>
Date: Wed, 31 Oct 2018 14:38:31 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r483587 - in branches/2018Q4/net-mgmt/net-snmp: . files
X-SVN-Group: ports-branches
X-SVN-Commit-Author: mat
X-SVN-Commit-Paths: in branches/2018Q4/net-mgmt/net-snmp: . files
X-SVN-Commit-Revision: 483587
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-branches@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for all the branches of the ports tree
 <svn-ports-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-branches/>
List-Post: <mailto:svn-ports-branches@freebsd.org>
List-Help: <mailto:svn-ports-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-branches>, 
 <mailto:svn-ports-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 14:38:32 -0000

Author: mat
Date: Wed Oct 31 14:38:31 2018
New Revision: 483587
URL: https://svnweb.freebsd.org/changeset/ports/483587

Log:
  MFH: r483586
  
  Fix build with OpenSSL 1.1.1 in base.
  
  PR:		228898
  Submitted by:	w.schwarzenfeld@utanet.at
  Reported by:	brnrd
  Approved by:	maintainer

Added:
  branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11
     - copied unchanged from r483586, head/net-mgmt/net-snmp/files/extra-patch-openssl11
Modified:
  branches/2018Q4/net-mgmt/net-snmp/Makefile
Directory Properties:
  branches/2018Q4/   (props changed)

Modified: branches/2018Q4/net-mgmt/net-snmp/Makefile
==============================================================================
--- branches/2018Q4/net-mgmt/net-snmp/Makefile	Wed Oct 31 14:35:16 2018	(r483586)
+++ branches/2018Q4/net-mgmt/net-snmp/Makefile	Wed Oct 31 14:38:31 2018	(r483587)
@@ -77,6 +77,10 @@ TLS_CONFIGURE_ON=	--with-security-modules=tsm --with-t
 
 .include <bsd.port.options.mk>
 
+.if ${OSVERSION} >= 1200085
+EXTRA_PATCHES=	${PATCHDIR}/extra-patch-openssl11
+.endif
+
 .if ${PORT_OPTIONS:MPYTHON}
 PYDISTUTILS_PKGNAME?=		netsnmp-python
 PYDISTUTILS_PKGVERSION?=	1.0a1

Copied: branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11 (from r483586, head/net-mgmt/net-snmp/files/extra-patch-openssl11)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11	Wed Oct 31 14:38:31 2018	(r483587, copy of r483586, head/net-mgmt/net-snmp/files/extra-patch-openssl11)
@@ -0,0 +1,223 @@
+--- apps/snmpusm.c
++++ apps/snmpusm.c
+@@ -125,6 +125,32 @@ char           *usmUserPublic_val = NULL
+ int             docreateandwait = 0;
+ 
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++
++#include <string.h>
++#include <openssl/engine.h>
++
++void DH_get0_pqg(const DH *dh,
++                const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++   if (p != NULL)
++       *p = dh->p;
++   if (q != NULL)
++       *q = dh->q;
++   if (g != NULL)
++       *g = dh->g;
++}
++
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++   if (pub_key != NULL)
++       *pub_key = dh->pub_key;
++   if (priv_key != NULL)
++       *priv_key = dh->priv_key;
++}
++
++#endif
++
+ void
+ usage(void)
+ {
+@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
+                oid *keyoid, size_t keyoid_len) {
+     u_char *dhkeychange;
+     DH *dh;
+-    BIGNUM *other_pub;
++    BIGNUM *p, *g, *pub_key, *other_pub;
+     u_char *key;
+     size_t key_len;
+             
+@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
+         dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
+     }
+ 
+-    if (!dh || !dh->g || !dh->p) {
++    if (dh)
++        DH_get0_pqg(dh, &p, NULL, &g);
++
++    if (!dh || !g || !p) {
+         SNMP_FREE(dhkeychange);
+         return SNMPERR_GENERR;
+     }
+ 
+-    DH_generate_key(dh);
+-    if (!dh->pub_key) {
++    if (!DH_generate_key(dh)) {
+         SNMP_FREE(dhkeychange);
+         return SNMPERR_GENERR;
+     }
+             
+-    if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
++    DH_get0_key(dh, &pub_key, NULL);
++
++    if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
+         SNMP_FREE(dhkeychange);
+         fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
+-                (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
++                (unsigned long)vars->val_len, BN_num_bytes(pub_key));
+         return SNMPERR_GENERR;
+     }
+ 
+-    BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
++    BN_bn2bin(pub_key, dhkeychange + vars->val_len);
+ 
+     key_len = DH_size(dh);
+     if (!key_len) {
+--- configure.d/config_os_libs2
++++ configure.d/config_os_libs2
+@@ -291,12 +291,6 @@ if test "x$tryopenssl" != "xno" -a "x$tr
+             AC_CHECK_LIB(${CRYPTO}, AES_cfb128_encrypt, 
+                 AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
+                     [Define to 1 if you have the `AES_cfb128_encrypt' function.]))
+-
+-            AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
+-                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
+-                    [Define to 1 if you have the `EVP_MD_CTX_create' function.])
+-                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
+-                    [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+         fi
+         if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
+ 	    AC_CHECK_LIB(ssl, DTLSv1_method,
+--- snmplib/keytools.c
++++ snmplib/keytools.c
+@@ -149,13 +149,13 @@ generate_Ku(const oid * hashtype, u_int
+      */
+ #ifdef NETSNMP_USE_OPENSSL
+ 
+-#ifdef HAVE_EVP_MD_CTX_CREATE
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+     ctx = EVP_MD_CTX_create();
+ #else
+-    ctx = malloc(sizeof(*ctx));
+-    if (!EVP_MD_CTX_init(ctx))
+-        return SNMPERR_GENERR;
++    ctx = EVP_MD_CTX_new();
+ #endif
++    if (!ctx)
++        return SNMPERR_GENERR;
+ #ifndef NETSNMP_DISABLE_MD5
+     if (ISTRANSFORM(hashtype, HMACMD5Auth)) {
+         if (!EVP_DigestInit(ctx, EVP_md5()))
+@@ -259,11 +259,10 @@ generate_Ku(const oid * hashtype, u_int
+     memset(buf, 0, sizeof(buf));
+ #ifdef NETSNMP_USE_OPENSSL
+     if (ctx) {
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+         EVP_MD_CTX_destroy(ctx);
+ #else
+-        EVP_MD_CTX_cleanup(ctx);
+-        free(ctx);
++        EVP_MD_CTX_free(ctx);
+ #endif
+     }
+ #endif
+--- snmplib/scapi.c
++++ snmplib/scapi.c
+@@ -486,15 +486,10 @@ sc_hash(const oid * hashtype, size_t has
+     }
+ 
+ /** initialize the pointer */
+-#ifdef HAVE_EVP_MD_CTX_CREATE
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+     cptr = EVP_MD_CTX_create();
+ #else
+-    cptr = malloc(sizeof(*cptr));
+-#if defined(OLD_DES)
+-    memset(cptr, 0, sizeof(*cptr));
+-#else
+-    EVP_MD_CTX_init(cptr);
+-#endif
++    cptr = EVP_MD_CTX_new();
+ #endif
+     if (!EVP_DigestInit(cptr, hashfn)) {
+         /* requested hash function is not available */
+@@ -507,13 +502,11 @@ sc_hash(const oid * hashtype, size_t has
+ /** do the final pass */
+     EVP_DigestFinal(cptr, MAC, &tmp_len);
+     *MAC_len = tmp_len;
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
++
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
+     EVP_MD_CTX_destroy(cptr);
+ #else
+-#if !defined(OLD_DES)
+-    EVP_MD_CTX_cleanup(cptr);
+-#endif
+-    free(cptr);
++    EVP_MD_CTX_free(cptr);
+ #endif
+     return (rval);
+ 
+
+--- snmplib/snmp_openssl.c	2014-12-08 21:23:22.000000000 +0100
++++ snmplib/snmp_openssl.c	2017-02-20 12:46:00.059727928 +0100
+@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) {
+     DEBUGMSGTL(("snmp_openssl", "initializing\n"));
+ 
+     /* Initializing OpenSSL */
+-    SSL_library_init();
++    OPENSSL_init_ssl(0, NULL);
+     SSL_load_error_strings();
+     ERR_load_BIO_strings();
+     OpenSSL_add_all_algorithms();
+@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc
+         oname_entry = X509_NAME_get_entry(osubj_name, i);
+         netsnmp_assert(NULL != oname_entry);
+ 
+-        if (oname_entry->value->type != V_ASN1_PRINTABLESTRING)
++        if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING)
+             continue;
+ 
+         /** get NID */
+-        onid = OBJ_obj2nid(oname_entry->object);
++        onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry));
+         if (onid == NID_undef) {
+             prefix_long = prefix_short = "UNKNOWN";
+         }
+@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc
+ 
+         DEBUGMSGT(("9:cert:dump:names",
+                    "[%02d] NID type %d, ASN type %d\n", i, onid,
+-                   oname_entry->value->type));
++                   X509_NAME_ENTRY_get_data(oname_entry)->type));
+         DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long,
+-                   prefix_short, ASN1_STRING_data(oname_entry->value)));
++                   prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry))));
+     }
+ }
+ #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */
+@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509
+     if (NULL == ocert)
+         return 0;
+ 
+-    return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm));
++    return _nid2ht(X509_get_signature_nid(ocert));
+ }
+ 
+ /**
+@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50
+     if (NULL == ocert)
+         return NULL;
+ 
+-    nid = OBJ_obj2nid(ocert->sig_alg->algorithm);
++    nid = X509_get_signature_nid(ocert);
+     DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid,
+                _nid2ht(nid)));
+         
+