1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
|
diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c
--- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100
+++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100
@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va
oid *keyoid, size_t keyoid_len) {
u_char *dhkeychange;
DH *dh;
- BIGNUM *other_pub;
+ BIGNUM *p, *g, *pub_key, *other_pub;
u_char *key;
size_t key_len;
@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va
dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
}
- if (!dh || !dh->g || !dh->p) {
+ if (dh)
+ DH_get0_pqg(dh, &p, NULL, &g);
+
+ if (!dh || !g || !p) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- DH_generate_key(dh);
- if (!dh->pub_key) {
+ if (!DH_generate_key(dh)) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+ DH_get0_key(dh, &pub_key, NULL);
+
+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
SNMP_FREE(dhkeychange);
fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
return SNMPERR_GENERR;
}
- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
key_len = DH_size(dh);
if (!key_len) {
diff -urNp old/configure new/configure
--- old/configure 2017-02-20 10:08:16.440396223 +0100
+++ new/configure 2017-02-20 10:57:15.749734281 +0100
@@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP
fi
- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5
-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; }
+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5
+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; }
if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
@@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
#ifdef __cplusplus
extern "C"
#endif
-char EVP_MD_CTX_create ();
+char EVP_MD_CTX_new ();
int
main ()
{
-return EVP_MD_CTX_create ();
+return EVP_MD_CTX_new ();
;
return 0;
}
@@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib
$as_echo "$ac_res" >&6; }
if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h
-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h
fi
@@ -23293,7 +23293,7 @@ char SSL_library_init ();
int
main ()
{
-return SSL_library_init ();
+return OPENSSL_init_ssl(0, NULL);
;
return 0;
}
diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2
--- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100
+++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100
@@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr
AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
[Define to 1 if you have the `AES_cfb128_encrypt' function.]))
- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
- [Define to 1 if you have the `EVP_MD_CTX_create' function.])
- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [],
+ [Define to 1 if you have the `EVP_MD_CTX_new' function.])
+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [],
+ [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
fi
if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
AC_CHECK_LIB(ssl, DTLSv1_method,
@@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr
TLSPROG=yes
fi
if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then
- AC_CHECK_LIB(ssl, SSL_library_init,
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl,
AC_DEFINE(HAVE_LIBSSL, 1,
[Define to 1 if you have the `ssl' library (-lssl).])
LIBCRYPTO=" -lssl $LIBCRYPTO",
diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in
--- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100
+++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100
@@ -149,11 +149,11 @@
/* Define to 1 if you have the `eval_pv' function. */
#undef HAVE_EVAL_PV
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#undef HAVE_EVP_MD_CTX_CREATE
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#undef HAVE_EVP_MD_CTX_DESTROY
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
/* Define if you have EVP_sha224/256 in openssl */
#undef HAVE_EVP_SHA224
diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c
--- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100
@@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int
*/
#ifdef NETSNMP_USE_OPENSSL
-#ifdef HAVE_EVP_MD_CTX_CREATE
- ctx = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ ctx = EVP_MD_CTX_new();
#else
ctx = malloc(sizeof(*ctx));
if (!EVP_MD_CTX_init(ctx))
@@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int
memset(buf, 0, sizeof(buf));
#ifdef NETSNMP_USE_OPENSSL
if (ctx) {
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(ctx);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(ctx);
#else
EVP_MD_CTX_cleanup(ctx);
free(ctx);
diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c
--- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100
@@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has
}
/** initialize the pointer */
-#ifdef HAVE_EVP_MD_CTX_CREATE
- cptr = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ cptr = EVP_MD_CTX_new();
#else
cptr = malloc(sizeof(*cptr));
#if defined(OLD_DES)
memset(cptr, 0, sizeof(*cptr));
#else
- EVP_MD_CTX_init(cptr);
+ EVP_MD_CTX_init(&cptr);
#endif
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
@@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(cptr);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(cptr);
#else
#if !defined(OLD_DES)
- EVP_MD_CTX_cleanup(cptr);
+ EVP_MD_CTX_cleanup(&cptr);
#endif
free(cptr);
#endif
diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c
--- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100
@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) {
DEBUGMSGTL(("snmp_openssl", "initializing\n"));
/* Initializing OpenSSL */
- SSL_library_init();
+ OPENSSL_init_ssl(0, NULL);
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc
oname_entry = X509_NAME_get_entry(osubj_name, i);
netsnmp_assert(NULL != oname_entry);
- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING)
+ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING)
continue;
/** get NID */
- onid = OBJ_obj2nid(oname_entry->object);
+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry));
if (onid == NID_undef) {
prefix_long = prefix_short = "UNKNOWN";
}
@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc
DEBUGMSGT(("9:cert:dump:names",
"[%02d] NID type %d, ASN type %d\n", i, onid,
- oname_entry->value->type));
+ X509_NAME_ENTRY_get_data(oname_entry)->type));
DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long,
- prefix_short, ASN1_STRING_data(oname_entry->value)));
+ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry))));
}
}
#endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */
@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509
if (NULL == ocert)
return 0;
- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm));
+ return _nid2ht(X509_get_signature_nid(ocert));
}
/**
@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50
if (NULL == ocert)
return NULL;
- nid = OBJ_obj2nid(ocert->sig_alg->algorithm);
+ nid = X509_get_signature_nid(ocert);
DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid,
_nid2ht(nid)));
diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h
--- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1
diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in
--- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1
|
