Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1255724 Details for
Bug 1423984
net-snmp: FTBFS in rawhide -> add support for OpenSSL-1.1.0
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh90 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
OpenSSL-1.1.0 support in net-snmp
net-snmp-5.7.3-openssl.patch (text/plain), 13.48 KB, created by
Josef Ridky
on 2017-02-20 14:59:21 UTC
(
hide
)
Description:
OpenSSL-1.1.0 support in net-snmp
Filename:
MIME Type:
Creator:
Josef Ridky
Created:
2017-02-20 14:59:21 UTC
Size:
13.48 KB
patch
obsolete
>diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c >--- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100 >+++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100 >@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va > oid *keyoid, size_t keyoid_len) { > u_char *dhkeychange; > DH *dh; >- BIGNUM *other_pub; >+ BIGNUM *p, *g, *pub_key, *other_pub; > u_char *key; > size_t key_len; > >@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va > dh = d2i_DHparams(NULL, &cp, dhvar->val_len); > } > >- if (!dh || !dh->g || !dh->p) { >+ if (dh) >+ DH_get0_pqg(dh, &p, NULL, &g); >+ >+ if (!dh || !g || !p) { > SNMP_FREE(dhkeychange); > return SNMPERR_GENERR; > } > >- DH_generate_key(dh); >- if (!dh->pub_key) { >+ if (!DH_generate_key(dh)) { > SNMP_FREE(dhkeychange); > return SNMPERR_GENERR; > } > >- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { >+ DH_get0_key(dh, &pub_key, NULL); >+ >+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { > SNMP_FREE(dhkeychange); > fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", >- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); >+ (unsigned long)vars->val_len, BN_num_bytes(pub_key)); > return SNMPERR_GENERR; > } > >- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); >+ BN_bn2bin(pub_key, dhkeychange + vars->val_len); > > key_len = DH_size(dh); > if (!key_len) { >diff -urNp old/configure new/configure >--- old/configure 2017-02-20 10:08:16.440396223 +0100 >+++ new/configure 2017-02-20 10:57:15.749734281 +0100 >@@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP > fi > > >- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh` >-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5 >-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; } >+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` >+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 >+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } > if eval \${$as_ac_Lib+:} false; then : > $as_echo_n "(cached) " >&6 > else >@@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ > #ifdef __cplusplus > extern "C" > #endif >-char EVP_MD_CTX_create (); >+char EVP_MD_CTX_new (); > int > main () > { >-return EVP_MD_CTX_create (); >+return EVP_MD_CTX_new (); > ; > return 0; > } >@@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib > $as_echo "$ac_res" >&6; } > if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : > >-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h >+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h > > >-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h >+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h > > fi > >@@ -23293,7 +23293,7 @@ char SSL_library_init (); > int > main () > { >-return SSL_library_init (); >+return OPENSSL_init_ssl(0, NULL); > ; > return 0; > } >diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2 >--- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100 >+++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100 >@@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr > AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1, > [Define to 1 if you have the `AES_cfb128_encrypt' function.])) > >- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, >- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], >- [Define to 1 if you have the `EVP_MD_CTX_create' function.]) >- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], >- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) >+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, >+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [], >+ [Define to 1 if you have the `EVP_MD_CTX_new' function.]) >+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [], >+ [Define to 1 if you have the `EVP_MD_CTX_free' function.])) > fi > if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then > AC_CHECK_LIB(ssl, DTLSv1_method, >@@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr > TLSPROG=yes > fi > if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then >- AC_CHECK_LIB(ssl, SSL_library_init, >+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, > AC_DEFINE(HAVE_LIBSSL, 1, > [Define to 1 if you have the `ssl' library (-lssl).]) > LIBCRYPTO=" -lssl $LIBCRYPTO", >diff -urNp old/configure.systemd new/configure.systemd >--- old/configure.systemd 2014-12-08 21:23:37.000000000 +0100 >+++ new/configure.systemd 2017-02-20 10:49:36.601692898 +0100 >@@ -23146,9 +23146,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP > fi > > >- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh` >-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5 >-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; } >+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` >+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 >+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } > if eval \${$as_ac_Lib+:} false; then : > $as_echo_n "(cached) " >&6 > else >@@ -23163,11 +23163,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ > #ifdef __cplusplus > extern "C" > #endif >-char EVP_MD_CTX_create (); >+char EVP_MD_CTX_new (); > int > main () > { >-return EVP_MD_CTX_create (); >+return EVP_MD_CTX_new (); > ; > return 0; > } >@@ -23186,10 +23186,10 @@ eval ac_res=\$$as_ac_Lib > $as_echo "$ac_res" >&6; } > if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : > >-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h >+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h > > >-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h >+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h > > fi > >@@ -23263,7 +23263,7 @@ char SSL_library_init (); > int > main () > { >-return SSL_library_init (); >+return OPENSSL_init_ssl(0, NULL); > ; > return 0; > } >diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in >--- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100 >+++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100 >@@ -149,11 +149,11 @@ > /* Define to 1 if you have the `eval_pv' function. */ > #undef HAVE_EVAL_PV > >-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ >-#undef HAVE_EVP_MD_CTX_CREATE >+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ >+#undef HAVE_EVP_MD_CTX_NEW > >-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ >-#undef HAVE_EVP_MD_CTX_DESTROY >+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ >+#undef HAVE_EVP_MD_CTX_FREE > > /* Define if you have EVP_sha224/256 in openssl */ > #undef HAVE_EVP_SHA224 >diff -urNp old/include/net-snmp/net-snmp-config.h.in.systemd new/include/net-snmp/net-snmp-config.h.in.systemd >--- old/include/net-snmp/net-snmp-config.h.in.systemd 2014-12-08 21:23:22.000000000 +0100 >+++ new/include/net-snmp/net-snmp-config.h.in.systemd 2017-02-20 10:24:43.996918184 +0100 >@@ -149,11 +149,11 @@ > /* Define to 1 if you have the `eval_pv' function. */ > #undef HAVE_EVAL_PV > >-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ >-#undef HAVE_EVP_MD_CTX_CREATE >+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ >+#undef HAVE_EVP_MD_CTX_NEW > >-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ >-#undef HAVE_EVP_MD_CTX_DESTROY >+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ >+#undef HAVE_EVP_MD_CTX_FREE > > /* Define if you have EVP_sha224/256 in openssl */ > #undef HAVE_EVP_SHA224 >diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c >--- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100 >+++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100 >@@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int > */ > #ifdef NETSNMP_USE_OPENSSL > >-#ifdef HAVE_EVP_MD_CTX_CREATE >- ctx = EVP_MD_CTX_create(); >+#ifdef HAVE_EVP_MD_CTX_NEW >+ ctx = EVP_MD_CTX_new(); > #else > ctx = malloc(sizeof(*ctx)); > if (!EVP_MD_CTX_init(ctx)) >@@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int > memset(buf, 0, sizeof(buf)); > #ifdef NETSNMP_USE_OPENSSL > if (ctx) { >-#ifdef HAVE_EVP_MD_CTX_DESTROY >- EVP_MD_CTX_destroy(ctx); >+#ifdef HAVE_EVP_MD_CTX_FREE >+ EVP_MD_CTX_free(ctx); > #else > EVP_MD_CTX_cleanup(ctx); > free(ctx); >diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c >--- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100 >+++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100 >@@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has > } > > /** initialize the pointer */ >-#ifdef HAVE_EVP_MD_CTX_CREATE >- cptr = EVP_MD_CTX_create(); >+#ifdef HAVE_EVP_MD_CTX_NEW >+ cptr = EVP_MD_CTX_new(); > #else > cptr = malloc(sizeof(*cptr)); > #if defined(OLD_DES) > memset(cptr, 0, sizeof(*cptr)); > #else >- EVP_MD_CTX_init(cptr); >+ EVP_MD_CTX_init(&cptr); > #endif > #endif > if (!EVP_DigestInit(cptr, hashfn)) { >@@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has > /** do the final pass */ > EVP_DigestFinal(cptr, MAC, &tmp_len); > *MAC_len = tmp_len; >-#ifdef HAVE_EVP_MD_CTX_DESTROY >- EVP_MD_CTX_destroy(cptr); >+#ifdef HAVE_EVP_MD_CTX_FREE >+ EVP_MD_CTX_free(cptr); > #else > #if !defined(OLD_DES) >- EVP_MD_CTX_cleanup(cptr); >+ EVP_MD_CTX_cleanup(&cptr); > #endif > free(cptr); > #endif >diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c >--- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100 >+++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100 >@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) { > DEBUGMSGTL(("snmp_openssl", "initializing\n")); > > /* Initializing OpenSSL */ >- SSL_library_init(); >+ OPENSSL_init_ssl(0, NULL); > SSL_load_error_strings(); > ERR_load_BIO_strings(); > OpenSSL_add_all_algorithms(); >@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc > oname_entry = X509_NAME_get_entry(osubj_name, i); > netsnmp_assert(NULL != oname_entry); > >- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) >+ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING) > continue; > > /** get NID */ >- onid = OBJ_obj2nid(oname_entry->object); >+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); > if (onid == NID_undef) { > prefix_long = prefix_short = "UNKNOWN"; > } >@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc > > DEBUGMSGT(("9:cert:dump:names", > "[%02d] NID type %d, ASN type %d\n", i, onid, >- oname_entry->value->type)); >+ X509_NAME_ENTRY_get_data(oname_entry)->type)); > DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, >- prefix_short, ASN1_STRING_data(oname_entry->value))); >+ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry)))); > } > } > #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ >@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509 > if (NULL == ocert) > return 0; > >- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); >+ return _nid2ht(X509_get_signature_nid(ocert)); > } > > /** >@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50 > if (NULL == ocert) > return NULL; > >- nid = OBJ_obj2nid(ocert->sig_alg->algorithm); >+ nid = X509_get_signature_nid(ocert); > DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, > _nid2ht(nid))); > >diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h >--- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100 >+++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100 >@@ -1366,11 +1366,11 @@ > /* Define to 1 if you have the <openssl/aes.h> header file. */ > #define HAVE_OPENSSL_AES_H 1 > >-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ >-#define HAVE_EVP_MD_CTX_CREATE 1 >+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ >+#define HAVE_EVP_MD_CTX_NEW 1 > >-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ >-#define HAVE_EVP_MD_CTX_DESTROY 1 >+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ >+#define HAVE_EVP_MD_CTX_FREE 1 > > /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ > #define HAVE_AES_CFB128_ENCRYPT 1 >diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in >--- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100 >+++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100 >@@ -1366,11 +1366,11 @@ > /* Define to 1 if you have the <openssl/aes.h> header file. */ > #define HAVE_OPENSSL_AES_H 1 > >-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ >-#define HAVE_EVP_MD_CTX_CREATE 1 >+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ >+#define HAVE_EVP_MD_CTX_NEW 1 > >-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ >-#define HAVE_EVP_MD_CTX_DESTROY 1 >+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ >+#define HAVE_EVP_MD_CTX_FREE 1 > > /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ > #define HAVE_AES_CFB128_ENCRYPT 1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1255724">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1423984
:
1253275
|
1253276
|
1253277
| 1255724