Resolves: #1423984 - add support for OpenSSL-1.1.0 library

This commit is contained in:
Josef Ridky 2017-02-20 15:35:45 +01:00
parent 66cc77b080
commit e4d5ceb957
2 changed files with 384 additions and 1 deletions

View File

@ -0,0 +1,374 @@
diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c
--- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100
+++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100
@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va
oid *keyoid, size_t keyoid_len) {
u_char *dhkeychange;
DH *dh;
- BIGNUM *other_pub;
+ BIGNUM *p, *g, *pub_key, *other_pub;
u_char *key;
size_t key_len;
@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va
dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
}
- if (!dh || !dh->g || !dh->p) {
+ if (dh)
+ DH_get0_pqg(dh, &p, NULL, &g);
+
+ if (!dh || !g || !p) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- DH_generate_key(dh);
- if (!dh->pub_key) {
+ if (!DH_generate_key(dh)) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+ DH_get0_key(dh, &pub_key, NULL);
+
+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
SNMP_FREE(dhkeychange);
fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
return SNMPERR_GENERR;
}
- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
key_len = DH_size(dh);
if (!key_len) {
diff -urNp old/configure new/configure
--- old/configure 2017-02-20 10:08:16.440396223 +0100
+++ new/configure 2017-02-20 10:57:15.749734281 +0100
@@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP
fi
- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5
-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; }
+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5
+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; }
if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
@@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
#ifdef __cplusplus
extern "C"
#endif
-char EVP_MD_CTX_create ();
+char EVP_MD_CTX_new ();
int
main ()
{
-return EVP_MD_CTX_create ();
+return EVP_MD_CTX_new ();
;
return 0;
}
@@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib
$as_echo "$ac_res" >&6; }
if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h
-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h
fi
@@ -23293,7 +23293,7 @@ char SSL_library_init ();
int
main ()
{
-return SSL_library_init ();
+return OPENSSL_init_ssl(0, NULL);
;
return 0;
}
diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2
--- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100
+++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100
@@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr
AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
[Define to 1 if you have the `AES_cfb128_encrypt' function.]))
- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
- [Define to 1 if you have the `EVP_MD_CTX_create' function.])
- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [],
+ [Define to 1 if you have the `EVP_MD_CTX_new' function.])
+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [],
+ [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
fi
if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
AC_CHECK_LIB(ssl, DTLSv1_method,
@@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr
TLSPROG=yes
fi
if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then
- AC_CHECK_LIB(ssl, SSL_library_init,
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl,
AC_DEFINE(HAVE_LIBSSL, 1,
[Define to 1 if you have the `ssl' library (-lssl).])
LIBCRYPTO=" -lssl $LIBCRYPTO",
diff -urNp old/configure.systemd new/configure.systemd
--- old/configure.systemd 2014-12-08 21:23:37.000000000 +0100
+++ new/configure.systemd 2017-02-20 10:49:36.601692898 +0100
@@ -23146,9 +23146,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP
fi
- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5
-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; }
+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5
+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; }
if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
@@ -23163,11 +23163,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
#ifdef __cplusplus
extern "C"
#endif
-char EVP_MD_CTX_create ();
+char EVP_MD_CTX_new ();
int
main ()
{
-return EVP_MD_CTX_create ();
+return EVP_MD_CTX_new ();
;
return 0;
}
@@ -23186,10 +23186,10 @@ eval ac_res=\$$as_ac_Lib
$as_echo "$ac_res" >&6; }
if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h
-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h
fi
@@ -23263,7 +23263,7 @@ char SSL_library_init ();
int
main ()
{
-return SSL_library_init ();
+return OPENSSL_init_ssl(0, NULL);
;
return 0;
}
diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in
--- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100
+++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100
@@ -149,11 +149,11 @@
/* Define to 1 if you have the `eval_pv' function. */
#undef HAVE_EVAL_PV
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#undef HAVE_EVP_MD_CTX_CREATE
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#undef HAVE_EVP_MD_CTX_DESTROY
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
/* Define if you have EVP_sha224/256 in openssl */
#undef HAVE_EVP_SHA224
diff -urNp old/include/net-snmp/net-snmp-config.h.in.systemd new/include/net-snmp/net-snmp-config.h.in.systemd
--- old/include/net-snmp/net-snmp-config.h.in.systemd 2014-12-08 21:23:22.000000000 +0100
+++ new/include/net-snmp/net-snmp-config.h.in.systemd 2017-02-20 10:24:43.996918184 +0100
@@ -149,11 +149,11 @@
/* Define to 1 if you have the `eval_pv' function. */
#undef HAVE_EVAL_PV
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#undef HAVE_EVP_MD_CTX_CREATE
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#undef HAVE_EVP_MD_CTX_DESTROY
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
/* Define if you have EVP_sha224/256 in openssl */
#undef HAVE_EVP_SHA224
diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c
--- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100
@@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int
*/
#ifdef NETSNMP_USE_OPENSSL
-#ifdef HAVE_EVP_MD_CTX_CREATE
- ctx = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ ctx = EVP_MD_CTX_new();
#else
ctx = malloc(sizeof(*ctx));
if (!EVP_MD_CTX_init(ctx))
@@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int
memset(buf, 0, sizeof(buf));
#ifdef NETSNMP_USE_OPENSSL
if (ctx) {
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(ctx);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(ctx);
#else
EVP_MD_CTX_cleanup(ctx);
free(ctx);
diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c
--- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100
@@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has
}
/** initialize the pointer */
-#ifdef HAVE_EVP_MD_CTX_CREATE
- cptr = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ cptr = EVP_MD_CTX_new();
#else
cptr = malloc(sizeof(*cptr));
#if defined(OLD_DES)
memset(cptr, 0, sizeof(*cptr));
#else
- EVP_MD_CTX_init(cptr);
+ EVP_MD_CTX_init(&cptr);
#endif
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
@@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(cptr);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(cptr);
#else
#if !defined(OLD_DES)
- EVP_MD_CTX_cleanup(cptr);
+ EVP_MD_CTX_cleanup(&cptr);
#endif
free(cptr);
#endif
diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c
--- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100
@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) {
DEBUGMSGTL(("snmp_openssl", "initializing\n"));
/* Initializing OpenSSL */
- SSL_library_init();
+ OPENSSL_init_ssl(0, NULL);
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc
oname_entry = X509_NAME_get_entry(osubj_name, i);
netsnmp_assert(NULL != oname_entry);
- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING)
+ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING)
continue;
/** get NID */
- onid = OBJ_obj2nid(oname_entry->object);
+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry));
if (onid == NID_undef) {
prefix_long = prefix_short = "UNKNOWN";
}
@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc
DEBUGMSGT(("9:cert:dump:names",
"[%02d] NID type %d, ASN type %d\n", i, onid,
- oname_entry->value->type));
+ X509_NAME_ENTRY_get_data(oname_entry)->type));
DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long,
- prefix_short, ASN1_STRING_data(oname_entry->value)));
+ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry))));
}
}
#endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */
@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509
if (NULL == ocert)
return 0;
- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm));
+ return _nid2ht(X509_get_signature_nid(ocert));
}
/**
@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50
if (NULL == ocert)
return NULL;
- nid = OBJ_obj2nid(ocert->sig_alg->algorithm);
+ nid = X509_get_signature_nid(ocert);
DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid,
_nid2ht(nid)));
diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h
--- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1
diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in
--- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1

View File

@ -11,7 +11,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.7.3
Release: 14%{?dist}
Release: 15%{?dist}
Epoch: 1
License: BSD
@ -52,6 +52,10 @@ Patch15: net-snmp-5.7.3-Fix-Makefile-PL.patch
# Use strtok_r for strtok to avoid a race condition
Patch16: net-snmp-5.7.3-strtok-r.patch
# This patch fix issue with new OpenSLL library in rawhide (f26+)
# !!!WARNING!!! DO NOT USE IT FOR OLDER FEDORA RELEASES (>f26)
Patch100: net-snmp-5.7.3-openssl.patch
Requires(post): chkconfig
Requires(preun): chkconfig
# for /sbin/service
@ -224,6 +228,7 @@ cp %{SOURCE12} .
%patch14 -p1 -b .U64
%patch15 -p1 -b .make
%patch16 -p1 -b .strtok-r
%patch100 -p1 -b .openssl
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@ -531,6 +536,10 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
* Wed Feb 15 2017 Josef Ridky <jridky@redhat.com> - 1:5.7.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
- Add support for new version of OpenSSL library (#1423984)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.7.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild