net-snmp: add support for openssl 1.1x

Patch was copied from [https://sourceforge.net/p/net-snmp/patches/1336]. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-06-01 13:40:04 +00:00 · 2018-06-07 15:21:08 +02:00
parent c27756081d
commit d3bd6dac44
2 changed files with 172 additions and 0 deletions
@@ -0,0 +1,171 @@
 net-snmp build fails on Debian 9 with OpenSSL 1.1.0
 With these changes, net-snmp builds with both
 OpenSSL 1.0.x and 1.1.x.
 Author: Sharmila Podury <sharmila.podury@brocade.com>
 --- a/apps/snmpusm.c
 +++ b/apps/snmpusm.c
@@ -125,6 +125,32 @@ char           *usmUserPublic_val = NULL
 int             docreateandwait = 0;
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +
 +#include <string.h>
 +#include <openssl/engine.h>
 +
 +void DH_get0_pqg(const DH *dh,
 +                const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
 +{
 +   if (p != NULL)
 +       *p = dh->p;
 +   if (q != NULL)
 +       *q = dh->q;
 +   if (g != NULL)
 +       *g = dh->g;
 +}
 +
 +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
 +{
 +   if (pub_key != NULL)
 +       *pub_key = dh->pub_key;
 +   if (priv_key != NULL)
 +       *priv_key = dh->priv_key;
 +}
 +
 +#endif
 +
 void
 usage(void)
 {
@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
                oid *keyoid, size_t keyoid_len) {
     u_char *dhkeychange;
     DH *dh;
 -    BIGNUM *other_pub;
 +    BIGNUM *p, *g, *pub_key, *other_pub;
     u_char *key;
     size_t key_len;
@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
         dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
     }
 -    if (!dh || !dh->g || !dh->p) {
 +    if (dh)
 +        DH_get0_pqg(dh, &p, NULL, &g);
 +
 +    if (!dh || !g || !p) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
 -    DH_generate_key(dh);
 -    if (!dh->pub_key) {
 +    if (!DH_generate_key(dh)) {
         SNMP_FREE(dhkeychange);
         return SNMPERR_GENERR;
     }
 -    if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
 +    DH_get0_key(dh, &pub_key, NULL);
 +
 +    if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
         SNMP_FREE(dhkeychange);
         fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
 -                (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
 +                (unsigned long)vars->val_len, BN_num_bytes(pub_key));
         return SNMPERR_GENERR;
     }
 -    BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
 +    BN_bn2bin(pub_key, dhkeychange + vars->val_len);
     key_len = DH_size(dh);
     if (!key_len) {
 --- a/configure.d/config_os_libs2
 +++ b/configure.d/config_os_libs2
@@ -327,10 +327,16 @@ if test "x$tryopenssl" != "xno" -a "x$tr
              [[#include <openssl/evp.h>]])
             AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
 -                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
 +                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1],
                     [Define to 1 if you have the `EVP_MD_CTX_create' function.])
 -                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
 +                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1],
                     [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
 +
 +            AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
 +                AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
 +                    [Define to 1 if you have the `EVP_MD_CTX_new' function.])
 +                AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
 +                    [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
         fi
         if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
 	    AC_CHECK_LIB(ssl, DTLSv1_method,
 --- a/include/net-snmp/net-snmp-config.h.in
 +++ b/include/net-snmp/net-snmp-config.h.in
@@ -164,6 +164,12 @@
 /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
 #undef HAVE_EVP_MD_CTX_DESTROY
 +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
 +#undef HAVE_EVP_MD_CTX_FREE
 +
 +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
 +#undef HAVE_EVP_MD_CTX_NEW
 +
 /* Define if you have EVP_sha224/256 in openssl */
 #undef HAVE_EVP_SHA224
 --- a/snmplib/keytools.c
 +++ b/snmplib/keytools.c
@@ -176,7 +176,9 @@ generate_Ku(const oid * hashtype, u_int
         QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
     }
 -#ifdef HAVE_EVP_MD_CTX_CREATE
 +#ifdef HAVE_EVP_MD_CTX_NEW
 +    ctx = EVP_MD_CTX_new();
 +#elif HAVE_EVP_MD_CTX_CREATE
     ctx = EVP_MD_CTX_create();
 #else
     ctx = malloc(sizeof(*ctx));
@@ -278,7 +280,9 @@ generate_Ku(const oid * hashtype, u_int
     memset(buf, 0, sizeof(buf));
 #ifdef NETSNMP_USE_OPENSSL
     if (ctx) {
 -#ifdef HAVE_EVP_MD_CTX_DESTROY
 +#ifdef HAVE_EVP_MD_CTX_FREE
 +        EVP_MD_CTX_free(ctx);
 +#elif HAVE_EVP_MD_CTX_DESTROY
         EVP_MD_CTX_destroy(ctx);
 #else
         EVP_MD_CTX_cleanup(ctx);
 --- a/snmplib/scapi.c
 +++ b/snmplib/scapi.c
@@ -627,7 +627,9 @@ sc_hash(const oid * hashtype, size_t has
         return SNMPERR_GENERR;
 /** initialize the pointer */
 -#ifdef HAVE_EVP_MD_CTX_CREATE
 +#ifdef HAVE_EVP_MD_CTX_NEW
 +    cptr = EVP_MD_CTX_new();
 +#elif HAVE_EVP_MD_CTX_CREATE
     cptr = EVP_MD_CTX_create();
 #else
     cptr = malloc(sizeof(*cptr));
@@ -648,7 +650,9 @@ sc_hash(const oid * hashtype, size_t has
 /** do the final pass */
     EVP_DigestFinal(cptr, MAC, &tmp_len);
     *MAC_len = tmp_len;
 -#ifdef HAVE_EVP_MD_CTX_DESTROY
 +#ifdef HAVE_EVP_MD_CTX_FREE
 +    EVP_MD_CTX_free(cptr);
 +#elif HAVE_EVP_MD_CTX_DESTROY
     EVP_MD_CTX_destroy(cptr);
 #else
 #if !defined(OLD_DES)
@@ -33,6 +33,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.zip \
           file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \
           file://net-snmp-fix-for-disable-des.patch \
           file://0001-Remove-U64-typedef.patch \
           file://fix-openssl-build-errors.patch \
           "
 SRC_URI[md5sum] = "9f682bd70c717efdd9f15b686d07baee"
 SRC_URI[sha256sum] = "e8dfc79b6539b71a6ff335746ce63d2da2239062ad41872fff4354cafed07a3e"