Date: Wed, 31 Oct 2018 14:38:31 +0000 (UTC) From: Mathieu Arnold <mat@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r483587 - in branches/2018Q4/net-mgmt/net-snmp: . files Message-ID: <201810311438.w9VEcVQm033962@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mat Date: Wed Oct 31 14:38:31 2018 New Revision: 483587 URL: https://svnweb.freebsd.org/changeset/ports/483587 Log: MFH: r483586 Fix build with OpenSSL 1.1.1 in base. PR: 228898 Submitted by: w.schwarzenfeld@utanet.at Reported by: brnrd Approved by: maintainer Added: branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11 - copied unchanged from r483586, head/net-mgmt/net-snmp/files/extra-patch-openssl11 Modified: branches/2018Q4/net-mgmt/net-snmp/Makefile Directory Properties: branches/2018Q4/ (props changed) Modified: branches/2018Q4/net-mgmt/net-snmp/Makefile ============================================================================== --- branches/2018Q4/net-mgmt/net-snmp/Makefile Wed Oct 31 14:35:16 2018 (r483586) +++ branches/2018Q4/net-mgmt/net-snmp/Makefile Wed Oct 31 14:38:31 2018 (r483587) @@ -77,6 +77,10 @@ TLS_CONFIGURE_ON= --with-security-modules=tsm --with-t .include <bsd.port.options.mk> +.if ${OSVERSION} >= 1200085 +EXTRA_PATCHES= ${PATCHDIR}/extra-patch-openssl11 +.endif + .if ${PORT_OPTIONS:MPYTHON} PYDISTUTILS_PKGNAME?= netsnmp-python PYDISTUTILS_PKGVERSION?= 1.0a1 Copied: branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11 (from r483586, head/net-mgmt/net-snmp/files/extra-patch-openssl11) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q4/net-mgmt/net-snmp/files/extra-patch-openssl11 Wed Oct 31 14:38:31 2018 (r483587, copy of r483586, head/net-mgmt/net-snmp/files/extra-patch-openssl11) @@ -0,0 +1,223 @@ +--- apps/snmpusm.c ++++ apps/snmpusm.c +@@ -125,6 +125,32 @@ char *usmUserPublic_val = NULL + int docreateandwait = 0; + + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ ++#include <string.h> ++#include <openssl/engine.h> ++ ++void DH_get0_pqg(const DH *dh, ++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) ++{ ++ if (p != NULL) ++ *p = dh->p; ++ if (q != NULL) ++ *q = dh->q; ++ if (g != NULL) ++ *g = dh->g; ++} ++ ++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) ++{ ++ if (pub_key != NULL) ++ *pub_key = dh->pub_key; ++ if (priv_key != NULL) ++ *priv_key = dh->priv_key; ++} ++ ++#endif ++ + void + usage(void) + { +@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va + oid *keyoid, size_t keyoid_len) { + u_char *dhkeychange; + DH *dh; +- BIGNUM *other_pub; ++ BIGNUM *p, *g, *pub_key, *other_pub; + u_char *key; + size_t key_len; + +@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va + dh = d2i_DHparams(NULL, &cp, dhvar->val_len); + } + +- if (!dh || !dh->g || !dh->p) { ++ if (dh) ++ DH_get0_pqg(dh, &p, NULL, &g); ++ ++ if (!dh || !g || !p) { + SNMP_FREE(dhkeychange); + return SNMPERR_GENERR; + } + +- DH_generate_key(dh); +- if (!dh->pub_key) { ++ if (!DH_generate_key(dh)) { + SNMP_FREE(dhkeychange); + return SNMPERR_GENERR; + } + +- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { ++ DH_get0_key(dh, &pub_key, NULL); ++ ++ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { + SNMP_FREE(dhkeychange); + fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", +- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); ++ (unsigned long)vars->val_len, BN_num_bytes(pub_key)); + return SNMPERR_GENERR; + } + +- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); ++ BN_bn2bin(pub_key, dhkeychange + vars->val_len); + + key_len = DH_size(dh); + if (!key_len) { +--- configure.d/config_os_libs2 ++++ configure.d/config_os_libs2 +@@ -291,12 +291,6 @@ if test "x$tryopenssl" != "xno" -a "x$tr + AC_CHECK_LIB(${CRYPTO}, AES_cfb128_encrypt, + AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1, + [Define to 1 if you have the `AES_cfb128_encrypt' function.])) +- +- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, +- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], +- [Define to 1 if you have the `EVP_MD_CTX_create' function.]) +- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], +- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) + fi + if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then + AC_CHECK_LIB(ssl, DTLSv1_method, +--- snmplib/keytools.c ++++ snmplib/keytools.c +@@ -149,13 +149,13 @@ generate_Ku(const oid * hashtype, u_int + */ + #ifdef NETSNMP_USE_OPENSSL + +-#ifdef HAVE_EVP_MD_CTX_CREATE ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + ctx = EVP_MD_CTX_create(); + #else +- ctx = malloc(sizeof(*ctx)); +- if (!EVP_MD_CTX_init(ctx)) +- return SNMPERR_GENERR; ++ ctx = EVP_MD_CTX_new(); + #endif ++ if (!ctx) ++ return SNMPERR_GENERR; + #ifndef NETSNMP_DISABLE_MD5 + if (ISTRANSFORM(hashtype, HMACMD5Auth)) { + if (!EVP_DigestInit(ctx, EVP_md5())) +@@ -259,11 +259,10 @@ generate_Ku(const oid * hashtype, u_int + memset(buf, 0, sizeof(buf)); + #ifdef NETSNMP_USE_OPENSSL + if (ctx) { +-#ifdef HAVE_EVP_MD_CTX_DESTROY ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + EVP_MD_CTX_destroy(ctx); + #else +- EVP_MD_CTX_cleanup(ctx); +- free(ctx); ++ EVP_MD_CTX_free(ctx); + #endif + } + #endif +--- snmplib/scapi.c ++++ snmplib/scapi.c +@@ -486,15 +486,10 @@ sc_hash(const oid * hashtype, size_t has + } + + /** initialize the pointer */ +-#ifdef HAVE_EVP_MD_CTX_CREATE ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + cptr = EVP_MD_CTX_create(); + #else +- cptr = malloc(sizeof(*cptr)); +-#if defined(OLD_DES) +- memset(cptr, 0, sizeof(*cptr)); +-#else +- EVP_MD_CTX_init(cptr); +-#endif ++ cptr = EVP_MD_CTX_new(); + #endif + if (!EVP_DigestInit(cptr, hashfn)) { + /* requested hash function is not available */ +@@ -507,13 +502,11 @@ sc_hash(const oid * hashtype, size_t has + /** do the final pass */ + EVP_DigestFinal(cptr, MAC, &tmp_len); + *MAC_len = tmp_len; +-#ifdef HAVE_EVP_MD_CTX_DESTROY ++ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + EVP_MD_CTX_destroy(cptr); + #else +-#if !defined(OLD_DES) +- EVP_MD_CTX_cleanup(cptr); +-#endif +- free(cptr); ++ EVP_MD_CTX_free(cptr); + #endif + return (rval); + + +--- snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100 ++++ snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100 +@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) { + DEBUGMSGTL(("snmp_openssl", "initializing\n")); + + /* Initializing OpenSSL */ +- SSL_library_init(); ++ OPENSSL_init_ssl(0, NULL); + SSL_load_error_strings(); + ERR_load_BIO_strings(); + OpenSSL_add_all_algorithms(); +@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc + oname_entry = X509_NAME_get_entry(osubj_name, i); + netsnmp_assert(NULL != oname_entry); + +- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) ++ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING) + continue; + + /** get NID */ +- onid = OBJ_obj2nid(oname_entry->object); ++ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); + if (onid == NID_undef) { + prefix_long = prefix_short = "UNKNOWN"; + } +@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc + + DEBUGMSGT(("9:cert:dump:names", + "[%02d] NID type %d, ASN type %d\n", i, onid, +- oname_entry->value->type)); ++ X509_NAME_ENTRY_get_data(oname_entry)->type)); + DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, +- prefix_short, ASN1_STRING_data(oname_entry->value))); ++ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry)))); + } + } + #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ +@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509 + if (NULL == ocert) + return 0; + +- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); ++ return _nid2ht(X509_get_signature_nid(ocert)); + } + + /** +@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50 + if (NULL == ocert) + return NULL; + +- nid = OBJ_obj2nid(ocert->sig_alg->algorithm); ++ nid = X509_get_signature_nid(ocert); + DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, + _nid2ht(nid))); + +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810311438.w9VEcVQm033962>