Attachment #198051 for bug #228898

Lines 3-9 Link Here

(-)Makefile (-2 / +2 lines)
3		3
4	PORTNAME= snmp	4	PORTNAME= snmp
5	PORTVERSION= 5.7.3	5	PORTVERSION= 5.7.3
6	PORTREVISION= 19	6	PORTREVISION= 20
7	CATEGORIES= net-mgmt ipv6	7	CATEGORIES= net-mgmt ipv6
8	MASTER_SITES= SF/net-${PORTNAME}/net-${PORTNAME}/${PORTVERSION} \	8	MASTER_SITES= SF/net-${PORTNAME}/net-${PORTNAME}/${PORTVERSION} \
9	ZI	9	ZI
Lines 92-98 Link Here
92	PLIST_SUB+= WITH_PYTHON="@comment "	92	PLIST_SUB+= WITH_PYTHON="@comment "
93	.endif	93	.endif
94		94
95	CONFIGURE_ARGS+=--with-openssl="/usr"	95	CONFIGURE_ARGS+=--with-openssl="${OPENSSLBASE}"
96		96
97	.if ${PORT_OPTIONS:MDUMMY}	97	.if ${PORT_OPTIONS:MDUMMY}
98	CONFIGURE_ARGS+=--with-dummy-values	98	CONFIGURE_ARGS+=--with-dummy-values




--- apps/snmpusm.c
+++ apps/snmpusm.c
@@ -125,6 +125,32 @@ char           *usmUserPublic_val = NULL
 int             docreateandwait = 0;
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+#include <string.h>
+#include <openssl/engine.h>
+
+void DH_get0_pqg(const DH *dh,
+                const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+   if (p != NULL)
+       *p = dh->p;
+   if (q != NULL)
+       *q = dh->q;
+   if (g != NULL)
+       *g = dh->g;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+   if (pub_key != NULL)
+       *pub_key = dh->pub_key;
+   if (priv_key != NULL)
+       *priv_key = dh->priv_key;
+}
+
+#endif
+
 void
 usage(void)
 {
@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
                oid *keyoid, size_t keyoid_len) {
     u_char *dhkeychange;
     DH *dh;
-    BIGNUM *other_pub;
+    BIGNUM *p, *g, *pub_key, *other_pub;
     u_char *key;
     size_t key_len;
             
@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
         dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
     }
 
-    if (!dh || !dh->g || !dh->p) {
+    if (dh)
+        DH_get0_pqg(dh, &p, NULL, &g);
+
+    if (!dh || !g || !p) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
 
-    DH_generate_key(dh);
-    if (!dh->pub_key) {
+    if (!DH_generate_key(dh)) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
             
-    if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+    DH_get0_key(dh, &pub_key, NULL);
+
+    if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
         SNMP_FREE(dhkeychange);
         fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
-                (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+                (unsigned long)vars->val_len, BN_num_bytes(pub_key));
         return SNMPERR_GENERR;
     }
 
-    BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+    BN_bn2bin(pub_key, dhkeychange + vars->val_len);
 
     key_len = DH_size(dh);
     if (!key_len) {
--- configure.d/config_os_libs2
+++ configure.d/config_os_libs2
@@ -291,12 +291,6 @@ if test "x$tryopenssl" != "xno" -a "x$tr
             AC_CHECK_LIB(${CRYPTO}, AES_cfb128_encrypt, 
                 AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
                     [Define to 1 if you have the `AES_cfb128_encrypt' function.]))
-
-            AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
-                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
-                    [Define to 1 if you have the `EVP_MD_CTX_create' function.])
-                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
-                    [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
         fi
         if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
 	    AC_CHECK_LIB(ssl, DTLSv1_method,
--- snmplib/keytools.c
+++ snmplib/keytools.c
@@ -149,13 +149,13 @@ generate_Ku(const oid * hashtype, u_int
      */
 #ifdef NETSNMP_USE_OPENSSL
 
-#ifdef HAVE_EVP_MD_CTX_CREATE
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
     ctx = EVP_MD_CTX_create();
 #else
-    ctx = malloc(sizeof(*ctx));
-    if (!EVP_MD_CTX_init(ctx))
-        return SNMPERR_GENERR;
+    ctx = EVP_MD_CTX_new();
 #endif
+    if (!ctx)
+        return SNMPERR_GENERR;
 #ifndef NETSNMP_DISABLE_MD5
     if (ISTRANSFORM(hashtype, HMACMD5Auth)) {
         if (!EVP_DigestInit(ctx, EVP_md5()))
@@ -259,11 +259,10 @@ generate_Ku(const oid * hashtype, u_int
     memset(buf, 0, sizeof(buf));
 #ifdef NETSNMP_USE_OPENSSL
     if (ctx) {
-#ifdef HAVE_EVP_MD_CTX_DESTROY
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
         EVP_MD_CTX_destroy(ctx);
 #else
-        EVP_MD_CTX_cleanup(ctx);
-        free(ctx);
+        EVP_MD_CTX_free(ctx);
 #endif
     }
 #endif
--- snmplib/scapi.c
+++ snmplib/scapi.c
@@ -486,15 +486,10 @@ sc_hash(const oid * hashtype, size_t has
     }
 
 /** initialize the pointer */
-#ifdef HAVE_EVP_MD_CTX_CREATE
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
     cptr = EVP_MD_CTX_create();
 #else
-    cptr = malloc(sizeof(*cptr));
-#if defined(OLD_DES)
-    memset(cptr, 0, sizeof(*cptr));
-#else
-    EVP_MD_CTX_init(cptr);
-#endif
+    cptr = EVP_MD_CTX_new();
 #endif
     if (!EVP_DigestInit(cptr, hashfn)) {
         /* requested hash function is not available */
@@ -507,13 +502,11 @@ sc_hash(const oid * hashtype, size_t has
 /** do the final pass */
     EVP_DigestFinal(cptr, MAC, &tmp_len);
     *MAC_len = tmp_len;
-#ifdef HAVE_EVP_MD_CTX_DESTROY
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
     EVP_MD_CTX_destroy(cptr);
 #else
-#if !defined(OLD_DES)
-    EVP_MD_CTX_cleanup(cptr);
-#endif
-    free(cptr);
+    EVP_MD_CTX_free(cptr);
 #endif
     return (rval);
 


Return to bug 228898

Line 0 Link Here

(-)files/patch-openssl (+167 lines)
		1	--- apps/snmpusm.c
		2	+++ apps/snmpusm.c
		3	@@ -125,6 +125,32 @@ char *usmUserPublic_val = NULL
		4	int docreateandwait = 0;
		5
		6
		7	+#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
		8	+
		9	+#include <string.h>
		10	+#include <openssl/engine.h>
		11	+
		12	+void DH_get0_pqg(const DH *dh,
		13	+ const BIGNUM p, const BIGNUM q, const BIGNUM **g)
		14	+{
		15	+ if (p != NULL)
		16	+ *p = dh->p;
		17	+ if (q != NULL)
		18	+ *q = dh->q;
		19	+ if (g != NULL)
		20	+ *g = dh->g;
		21	+}
		22	+
		23	+void DH_get0_key(const DH dh, const BIGNUM pub_key, const BIGNUM *priv_key)
		24	+{
		25	+ if (pub_key != NULL)
		26	+ *pub_key = dh->pub_key;
		27	+ if (priv_key != NULL)
		28	+ *priv_key = dh->priv_key;
		29	+}
		30	+
		31	+#endif
		32	+
		33	void
		34	usage(void)
		35	{
		36	@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
		37	oid *keyoid, size_t keyoid_len) {
		38	u_char *dhkeychange;
		39	DH *dh;
		40	- BIGNUM *other_pub;
		41	+ BIGNUM p, g, pub_key, other_pub;
		42	u_char *key;
		43	size_t key_len;
		44
		45	@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
		46	dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
		47	}
		48
		49	- if (!dh \|\| !dh->g \|\| !dh->p) {
		50	+ if (dh)
		51	+ DH_get0_pqg(dh, &p, NULL, &g);
		52	+
		53	+ if (!dh \|\| !g \|\| !p) {
		54	SNMP_FREE(dhkeychange);
		55	return SNMPERR_GENERR;
		56	}
		57
		58	- DH_generate_key(dh);
		59	- if (!dh->pub_key) {
		60	+ if (!DH_generate_key(dh)) {
		61	SNMP_FREE(dhkeychange);
		62	return SNMPERR_GENERR;
		63	}
		64
65	- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
66	+ DH_get0_key(dh, &pub_key, NULL);
67	+
68	+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
69	SNMP_FREE(dhkeychange);
70	fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
71	- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
72	+ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
73	return SNMPERR_GENERR;
74	}
75
76	- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
77	+ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
78
79	key_len = DH_size(dh);
80	if (!key_len) {
81	--- configure.d/config_os_libs2
82	+++ configure.d/config_os_libs2
83	@@ -291,12 +291,6 @@ if test "x$tryopenssl" != "xno" -a "x$tr
84	AC_CHECK_LIB(${CRYPTO}, AES_cfb128_encrypt,
85	AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
86	[Define to 1 if you have the `AES_cfb128_encrypt' function.]))
87	-
88	- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
89	- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
90	- [Define to 1 if you have the `EVP_MD_CTX_create' function.])
91	- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
92	- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
93	fi
94	if echo " $transport_result_list " \| $GREP "DTLS" > /dev/null; then
95	AC_CHECK_LIB(ssl, DTLSv1_method,
96	--- snmplib/keytools.c
97	+++ snmplib/keytools.c
98	@@ -149,13 +149,13 @@ generate_Ku(const oid * hashtype, u_int
99	*/
100	#ifdef NETSNMP_USE_OPENSSL
101
102	-#ifdef HAVE_EVP_MD_CTX_CREATE
103	+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) \|\| defined(LIBRESSL_VERSION_NUMBER)
104	ctx = EVP_MD_CTX_create();
105	#else
106	- ctx = malloc(sizeof(*ctx));
107	- if (!EVP_MD_CTX_init(ctx))
108	- return SNMPERR_GENERR;
109	+ ctx = EVP_MD_CTX_new();
110	#endif
111	+ if (!ctx)
112	+ return SNMPERR_GENERR;
113	#ifndef NETSNMP_DISABLE_MD5
114	if (ISTRANSFORM(hashtype, HMACMD5Auth)) {
115	if (!EVP_DigestInit(ctx, EVP_md5()))
116	@@ -259,11 +259,10 @@ generate_Ku(const oid * hashtype, u_int
117	memset(buf, 0, sizeof(buf));
118	#ifdef NETSNMP_USE_OPENSSL
119	if (ctx) {
120	-#ifdef HAVE_EVP_MD_CTX_DESTROY
121	+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) \|\| defined(LIBRESSL_VERSION_NUMBER)
122	EVP_MD_CTX_destroy(ctx);
123	#else
124	- EVP_MD_CTX_cleanup(ctx);
125	- free(ctx);
126	+ EVP_MD_CTX_free(ctx);
127	#endif
128	}
129	#endif
130	--- snmplib/scapi.c
131	+++ snmplib/scapi.c
132	@@ -486,15 +486,10 @@ sc_hash(const oid * hashtype, size_t has
133	}
134
135	/** initialize the pointer */
136	-#ifdef HAVE_EVP_MD_CTX_CREATE
137	+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) \|\| defined(LIBRESSL_VERSION_NUMBER)
138	cptr = EVP_MD_CTX_create();
139	#else
140	- cptr = malloc(sizeof(*cptr));
141	-#if defined(OLD_DES)
142	- memset(cptr, 0, sizeof(*cptr));
143	-#else
144	- EVP_MD_CTX_init(cptr);
145	-#endif
146	+ cptr = EVP_MD_CTX_new();
147	#endif
148	if (!EVP_DigestInit(cptr, hashfn)) {
149	/* requested hash function is not available */
150	@@ -507,13 +502,11 @@ sc_hash(const oid * hashtype, size_t has
151	/** do the final pass */
152	EVP_DigestFinal(cptr, MAC, &tmp_len);
153	*MAC_len = tmp_len;
154	-#ifdef HAVE_EVP_MD_CTX_DESTROY
155	+
156	+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) \|\| defined(LIBRESSL_VERSION_NUMBER)
157	EVP_MD_CTX_destroy(cptr);
158	#else
159	-#if !defined(OLD_DES)
160	- EVP_MD_CTX_cleanup(cptr);
161	-#endif
162	- free(cptr);
163	+ EVP_MD_CTX_free(cptr);
164	#endif
165	return (rval);
166
167