FreeBSD Bugzilla – Attachment 198051 Details for
Bug 228898
net-mgmt/net-snmp: Fails to link with OpenSSL 1.1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svm-diff-net-snmp-openssl_v3
svn-diff-net-snmp (text/plain), 6.04 KB, created by
Walter Schwarzenfeld
on 2018-10-12 02:07:50 UTC
(
hide
)
Description:
svm-diff-net-snmp-openssl_v3
Filename:
MIME Type:
Creator:
Walter Schwarzenfeld
Created:
2018-10-12 02:07:50 UTC
Size:
6.04 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 481840) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= snmp > PORTVERSION= 5.7.3 >-PORTREVISION= 19 >+PORTREVISION= 20 > CATEGORIES= net-mgmt ipv6 > MASTER_SITES= SF/net-${PORTNAME}/net-${PORTNAME}/${PORTVERSION} \ > ZI >@@ -92,7 +92,7 @@ > PLIST_SUB+= WITH_PYTHON="@comment " > .endif > >-CONFIGURE_ARGS+=--with-openssl="/usr" >+CONFIGURE_ARGS+=--with-openssl="${OPENSSLBASE}" > > .if ${PORT_OPTIONS:MDUMMY} > CONFIGURE_ARGS+=--with-dummy-values >Index: files/patch-openssl >=================================================================== >--- files/patch-openssl (nonexistent) >+++ files/patch-openssl (working copy) >@@ -0,0 +1,167 @@ >+--- apps/snmpusm.c >++++ apps/snmpusm.c >+@@ -125,6 +125,32 @@ char *usmUserPublic_val = NULL >+ int docreateandwait = 0; >+ >+ >++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >++ >++#include <string.h> >++#include <openssl/engine.h> >++ >++void DH_get0_pqg(const DH *dh, >++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) >++{ >++ if (p != NULL) >++ *p = dh->p; >++ if (q != NULL) >++ *q = dh->q; >++ if (g != NULL) >++ *g = dh->g; >++} >++ >++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) >++{ >++ if (pub_key != NULL) >++ *pub_key = dh->pub_key; >++ if (priv_key != NULL) >++ *priv_key = dh->priv_key; >++} >++ >++#endif >++ >+ void >+ usage(void) >+ { >+@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va >+ oid *keyoid, size_t keyoid_len) { >+ u_char *dhkeychange; >+ DH *dh; >+- BIGNUM *other_pub; >++ BIGNUM *p, *g, *pub_key, *other_pub; >+ u_char *key; >+ size_t key_len; >+ >+@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va >+ dh = d2i_DHparams(NULL, &cp, dhvar->val_len); >+ } >+ >+- if (!dh || !dh->g || !dh->p) { >++ if (dh) >++ DH_get0_pqg(dh, &p, NULL, &g); >++ >++ if (!dh || !g || !p) { >+ SNMP_FREE(dhkeychange); >+ return SNMPERR_GENERR; >+ } >+ >+- DH_generate_key(dh); >+- if (!dh->pub_key) { >++ if (!DH_generate_key(dh)) { >+ SNMP_FREE(dhkeychange); >+ return SNMPERR_GENERR; >+ } >+ >+- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { >++ DH_get0_key(dh, &pub_key, NULL); >++ >++ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { >+ SNMP_FREE(dhkeychange); >+ fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", >+- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); >++ (unsigned long)vars->val_len, BN_num_bytes(pub_key)); >+ return SNMPERR_GENERR; >+ } >+ >+- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); >++ BN_bn2bin(pub_key, dhkeychange + vars->val_len); >+ >+ key_len = DH_size(dh); >+ if (!key_len) { >+--- configure.d/config_os_libs2 >++++ configure.d/config_os_libs2 >+@@ -291,12 +291,6 @@ if test "x$tryopenssl" != "xno" -a "x$tr >+ AC_CHECK_LIB(${CRYPTO}, AES_cfb128_encrypt, >+ AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1, >+ [Define to 1 if you have the `AES_cfb128_encrypt' function.])) >+- >+- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, >+- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], >+- [Define to 1 if you have the `EVP_MD_CTX_create' function.]) >+- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], >+- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) >+ fi >+ if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then >+ AC_CHECK_LIB(ssl, DTLSv1_method, >+--- snmplib/keytools.c >++++ snmplib/keytools.c >+@@ -149,13 +149,13 @@ generate_Ku(const oid * hashtype, u_int >+ */ >+ #ifdef NETSNMP_USE_OPENSSL >+ >+-#ifdef HAVE_EVP_MD_CTX_CREATE >++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) >+ ctx = EVP_MD_CTX_create(); >+ #else >+- ctx = malloc(sizeof(*ctx)); >+- if (!EVP_MD_CTX_init(ctx)) >+- return SNMPERR_GENERR; >++ ctx = EVP_MD_CTX_new(); >+ #endif >++ if (!ctx) >++ return SNMPERR_GENERR; >+ #ifndef NETSNMP_DISABLE_MD5 >+ if (ISTRANSFORM(hashtype, HMACMD5Auth)) { >+ if (!EVP_DigestInit(ctx, EVP_md5())) >+@@ -259,11 +259,10 @@ generate_Ku(const oid * hashtype, u_int >+ memset(buf, 0, sizeof(buf)); >+ #ifdef NETSNMP_USE_OPENSSL >+ if (ctx) { >+-#ifdef HAVE_EVP_MD_CTX_DESTROY >++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) >+ EVP_MD_CTX_destroy(ctx); >+ #else >+- EVP_MD_CTX_cleanup(ctx); >+- free(ctx); >++ EVP_MD_CTX_free(ctx); >+ #endif >+ } >+ #endif >+--- snmplib/scapi.c >++++ snmplib/scapi.c >+@@ -486,15 +486,10 @@ sc_hash(const oid * hashtype, size_t has >+ } >+ >+ /** initialize the pointer */ >+-#ifdef HAVE_EVP_MD_CTX_CREATE >++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) >+ cptr = EVP_MD_CTX_create(); >+ #else >+- cptr = malloc(sizeof(*cptr)); >+-#if defined(OLD_DES) >+- memset(cptr, 0, sizeof(*cptr)); >+-#else >+- EVP_MD_CTX_init(cptr); >+-#endif >++ cptr = EVP_MD_CTX_new(); >+ #endif >+ if (!EVP_DigestInit(cptr, hashfn)) { >+ /* requested hash function is not available */ >+@@ -507,13 +502,11 @@ sc_hash(const oid * hashtype, size_t has >+ /** do the final pass */ >+ EVP_DigestFinal(cptr, MAC, &tmp_len); >+ *MAC_len = tmp_len; >+-#ifdef HAVE_EVP_MD_CTX_DESTROY >++ >++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) >+ EVP_MD_CTX_destroy(cptr); >+ #else >+-#if !defined(OLD_DES) >+- EVP_MD_CTX_cleanup(cptr); >+-#endif >+- free(cptr); >++ EVP_MD_CTX_free(cptr); >+ #endif >+ return (rval); >+ >+ > >Property changes on: files/patch-openssl >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=198051">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 228898
:
198040
|
198050
| 198051 |
198690
|
198805
|
203784