diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c --- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100 +++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100 @@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va oid *keyoid, size_t keyoid_len) { u_char *dhkeychange; DH *dh; - BIGNUM *other_pub; + BIGNUM *p, *g, *pub_key, *other_pub; u_char *key; size_t key_len; @@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va dh = d2i_DHparams(NULL, &cp, dhvar->val_len); } - if (!dh || !dh->g || !dh->p) { + if (dh) + DH_get0_pqg(dh, &p, NULL, &g); + + if (!dh || !g || !p) { SNMP_FREE(dhkeychange); return SNMPERR_GENERR; } - DH_generate_key(dh); - if (!dh->pub_key) { + if (!DH_generate_key(dh)) { SNMP_FREE(dhkeychange); return SNMPERR_GENERR; } - if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { + DH_get0_key(dh, &pub_key, NULL); + + if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { SNMP_FREE(dhkeychange); fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", - (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); + (unsigned long)vars->val_len, BN_num_bytes(pub_key)); return SNMPERR_GENERR; } - BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); + BN_bn2bin(pub_key, dhkeychange + vars->val_len); key_len = DH_size(dh); if (!key_len) { diff -urNp old/configure new/configure --- old/configure 2017-02-20 10:08:16.440396223 +0100 +++ new/configure 2017-02-20 10:57:15.749734281 +0100 @@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP fi - as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5 -$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; } + as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 +$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } if eval \${$as_ac_Lib+:} false; then : $as_echo_n "(cached) " >&6 else @@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ #ifdef __cplusplus extern "C" #endif -char EVP_MD_CTX_create (); +char EVP_MD_CTX_new (); int main () { -return EVP_MD_CTX_create (); +return EVP_MD_CTX_new (); ; return 0; } @@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : -$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h +$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h -$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h +$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h fi @@ -23293,7 +23293,7 @@ char SSL_library_init (); int main () { -return SSL_library_init (); +return OPENSSL_init_ssl(0, NULL); ; return 0; } diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2 --- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100 +++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100 @@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1, [Define to 1 if you have the `AES_cfb128_encrypt' function.])) - AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, - AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], - [Define to 1 if you have the `EVP_MD_CTX_create' function.]) - AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], - [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) + AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, + AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [], + [Define to 1 if you have the `EVP_MD_CTX_new' function.]) + AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [], + [Define to 1 if you have the `EVP_MD_CTX_free' function.])) fi if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then AC_CHECK_LIB(ssl, DTLSv1_method, @@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr TLSPROG=yes fi if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then - AC_CHECK_LIB(ssl, SSL_library_init, + AC_CHECK_LIB(ssl, OPENSSL_init_ssl, AC_DEFINE(HAVE_LIBSSL, 1, [Define to 1 if you have the `ssl' library (-lssl).]) LIBCRYPTO=" -lssl $LIBCRYPTO", diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in --- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100 +++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100 @@ -149,11 +149,11 @@ /* Define to 1 if you have the `eval_pv' function. */ #undef HAVE_EVAL_PV -/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ -#undef HAVE_EVP_MD_CTX_CREATE +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#undef HAVE_EVP_MD_CTX_NEW -/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ -#undef HAVE_EVP_MD_CTX_DESTROY +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ +#undef HAVE_EVP_MD_CTX_FREE /* Define if you have EVP_sha224/256 in openssl */ #undef HAVE_EVP_SHA224 diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c --- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100 +++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100 @@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int */ #ifdef NETSNMP_USE_OPENSSL -#ifdef HAVE_EVP_MD_CTX_CREATE - ctx = EVP_MD_CTX_create(); +#ifdef HAVE_EVP_MD_CTX_NEW + ctx = EVP_MD_CTX_new(); #else ctx = malloc(sizeof(*ctx)); if (!EVP_MD_CTX_init(ctx)) @@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int memset(buf, 0, sizeof(buf)); #ifdef NETSNMP_USE_OPENSSL if (ctx) { -#ifdef HAVE_EVP_MD_CTX_DESTROY - EVP_MD_CTX_destroy(ctx); +#ifdef HAVE_EVP_MD_CTX_FREE + EVP_MD_CTX_free(ctx); #else EVP_MD_CTX_cleanup(ctx); free(ctx); diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c --- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100 +++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100 @@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has } /** initialize the pointer */ -#ifdef HAVE_EVP_MD_CTX_CREATE - cptr = EVP_MD_CTX_create(); +#ifdef HAVE_EVP_MD_CTX_NEW + cptr = EVP_MD_CTX_new(); #else cptr = malloc(sizeof(*cptr)); #if defined(OLD_DES) memset(cptr, 0, sizeof(*cptr)); #else - EVP_MD_CTX_init(cptr); + EVP_MD_CTX_init(&cptr); #endif #endif if (!EVP_DigestInit(cptr, hashfn)) { @@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has /** do the final pass */ EVP_DigestFinal(cptr, MAC, &tmp_len); *MAC_len = tmp_len; -#ifdef HAVE_EVP_MD_CTX_DESTROY - EVP_MD_CTX_destroy(cptr); +#ifdef HAVE_EVP_MD_CTX_FREE + EVP_MD_CTX_free(cptr); #else #if !defined(OLD_DES) - EVP_MD_CTX_cleanup(cptr); + EVP_MD_CTX_cleanup(&cptr); #endif free(cptr); #endif diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c --- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100 +++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100 @@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) { DEBUGMSGTL(("snmp_openssl", "initializing\n")); /* Initializing OpenSSL */ - SSL_library_init(); + OPENSSL_init_ssl(0, NULL); SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); @@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc oname_entry = X509_NAME_get_entry(osubj_name, i); netsnmp_assert(NULL != oname_entry); - if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) + if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING) continue; /** get NID */ - onid = OBJ_obj2nid(oname_entry->object); + onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); if (onid == NID_undef) { prefix_long = prefix_short = "UNKNOWN"; } @@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc DEBUGMSGT(("9:cert:dump:names", "[%02d] NID type %d, ASN type %d\n", i, onid, - oname_entry->value->type)); + X509_NAME_ENTRY_get_data(oname_entry)->type)); DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, - prefix_short, ASN1_STRING_data(oname_entry->value))); + prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry)))); } } #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ @@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509 if (NULL == ocert) return 0; - return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); + return _nid2ht(X509_get_signature_nid(ocert)); } /** @@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50 if (NULL == ocert) return NULL; - nid = OBJ_obj2nid(ocert->sig_alg->algorithm); + nid = X509_get_signature_nid(ocert); DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, _nid2ht(nid))); diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h --- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100 +++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100 @@ -1366,11 +1366,11 @@ /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_AES_H 1 -/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ -#define HAVE_EVP_MD_CTX_CREATE 1 +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#define HAVE_EVP_MD_CTX_NEW 1 -/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ -#define HAVE_EVP_MD_CTX_DESTROY 1 +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ +#define HAVE_EVP_MD_CTX_FREE 1 /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ #define HAVE_AES_CFB128_ENCRYPT 1 diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in --- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100 +++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100 @@ -1366,11 +1366,11 @@ /* Define to 1 if you have the header file. */ #define HAVE_OPENSSL_AES_H 1 -/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ -#define HAVE_EVP_MD_CTX_CREATE 1 +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#define HAVE_EVP_MD_CTX_NEW 1 -/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ -#define HAVE_EVP_MD_CTX_DESTROY 1 +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ +#define HAVE_EVP_MD_CTX_FREE 1 /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ #define HAVE_AES_CFB128_ENCRYPT 1