From patchwork Wed Feb 27 16:03:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ummeegge X-Patchwork-Id: 2099 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 5A1E088B0D6 for ; Wed, 27 Feb 2019 05:04:10 +0000 (GMT) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 448NrT6NqSz5JKXL; Wed, 27 Feb 2019 05:04:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1551243850; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:list-id:list-unsubscribe:list-subscribe:list-post; bh=kpfG25aMOcD/BlxiSgkBSkFDxrzAvfyOLBRdxrjv1fg=; b=Ex8SVWn0umM4TK/cBE6wxLAa23gPVFM/2u8pi+u75i35YXbh1iYlE2DUU6aZ8FHLoo1aOL ThjfwH725NufTO+vGE1hTT1vWgEJeqerhhrHpi0i2N6GsFwte4LqdVVs17+C58G3bJHqxd GiDkravOD8aQ8iWwq85bZ4GB8OoDIKLpgPBZgcYzAZ1xYqFjUAnI8TL24EPMb6c9+ODZuM 1HGFyb9+2awk2PHxDg/6qMvpgHgfellpEV98iksKfOpJs9MNFhkTMyIb5aHCa4NxPEtrx2 e3DsVhwJei+j7vqXxVb7q2KtNl2vkN8+bNsl3S5US9/TwzILkc97FbofExuD2g== Received: from ipfire-server.local (i59F4D2F7.versanet.de [89.244.210.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 448NrP0XSyz5HMfG; Wed, 27 Feb 2019 05:04:05 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1551243845; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=kpfG25aMOcD/BlxiSgkBSkFDxrzAvfyOLBRdxrjv1fg=; b=UU8luXJBX10Q0OdTHDdXG0t5NHHYg4bKkcEqLutW5JoK040RD+rMKXtddfUEk0lWZhIQwP jCYAWSD0HTqrZZSsiGpDtp6v9nIUG4tvc5U7Mx2VARP0FMVr6tzt+MdO949RbpMFisAMX7 pwfAXciHaRuezE+rxFWrUzelOl56Bc5tM4gacIZxgExeCvJ7tpqYdeKJWi8sXd12Uy54NQ SlmD5xUbGik6kQvxIdqsS6Q0qYDq0f07zVcamqrKw1u7PNUtjbX+N1fIcQTYrOmi33Hc2Y HjZqgCsF8oy2sx1FH33NE1wGnNegL5eK/4Ez9zsGiWQT39yXEQpseaMuqHH12Q== From: Erik Kapfer To: development@lists.ipfire.org Subject: [PATCH 2/2] netsnmpd: OpenSSL patch is incl. in new version Date: Wed, 27 Feb 2019 06:03:48 +0100 Message-Id: <20190227050348.791-2-ummeegge@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20190227050348.791-1-ummeegge@ipfire.org> References: <20190227050348.791-1-ummeegge@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ummeegge smtp.mailfrom=ummeegge@ipfire.org X-Spamd-Result: default: False [-8.19 / 11.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; REPLY(-4.00)[]; DKIM_SIGNED(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-2.09)[-0.698,0]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8881, ipnet:89.244.208.0/20, country:DE]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] X-Spam-Status: No, score=-8.19 X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Erik Kapfer --- src/patches/net-snmp-5.7.3-openssl.patch | 303 ------------------------------- 1 file changed, 303 deletions(-) delete mode 100644 src/patches/net-snmp-5.7.3-openssl.patch diff --git a/src/patches/net-snmp-5.7.3-openssl.patch b/src/patches/net-snmp-5.7.3-openssl.patch deleted file mode 100644 index 0651a24ec..000000000 --- a/src/patches/net-snmp-5.7.3-openssl.patch +++ /dev/null @@ -1,303 +0,0 @@ -diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c ---- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100 -+++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100 -@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va - oid *keyoid, size_t keyoid_len) { - u_char *dhkeychange; - DH *dh; -- BIGNUM *other_pub; -+ BIGNUM *p, *g, *pub_key, *other_pub; - u_char *key; - size_t key_len; - -@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va - dh = d2i_DHparams(NULL, &cp, dhvar->val_len); - } - -- if (!dh || !dh->g || !dh->p) { -+ if (dh) -+ DH_get0_pqg(dh, &p, NULL, &g); -+ -+ if (!dh || !g || !p) { - SNMP_FREE(dhkeychange); - return SNMPERR_GENERR; - } - -- DH_generate_key(dh); -- if (!dh->pub_key) { -+ if (!DH_generate_key(dh)) { - SNMP_FREE(dhkeychange); - return SNMPERR_GENERR; - } - -- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) { -+ DH_get0_key(dh, &pub_key, NULL); -+ -+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) { - SNMP_FREE(dhkeychange); - fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n", -- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key)); -+ (unsigned long)vars->val_len, BN_num_bytes(pub_key)); - return SNMPERR_GENERR; - } - -- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len); -+ BN_bn2bin(pub_key, dhkeychange + vars->val_len); - - key_len = DH_size(dh); - if (!key_len) { -diff -urNp old/configure new/configure ---- old/configure 2017-02-20 10:08:16.440396223 +0100 -+++ new/configure 2017-02-20 10:57:15.749734281 +0100 -@@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP - fi - - -- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh` --{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5 --$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; } -+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh` -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5 -+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; } - if eval \${$as_ac_Lib+:} false; then : - $as_echo_n "(cached) " >&6 - else -@@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ - #ifdef __cplusplus - extern "C" - #endif --char EVP_MD_CTX_create (); -+char EVP_MD_CTX_new (); - int - main () - { --return EVP_MD_CTX_create (); -+return EVP_MD_CTX_new (); - ; - return 0; - } -@@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib - $as_echo "$ac_res" >&6; } - if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : - --$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h -+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h - - --$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h -+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h - - fi - -@@ -23293,7 +23293,7 @@ char SSL_library_init (); - int - main () - { --return SSL_library_init (); -+return OPENSSL_init_ssl(0, NULL); - ; - return 0; - } -diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2 ---- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100 -+++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100 -@@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr - AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1, - [Define to 1 if you have the `AES_cfb128_encrypt' function.])) - -- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create, -- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [], -- [Define to 1 if you have the `EVP_MD_CTX_create' function.]) -- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [], -- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.])) -+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new, -+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [], -+ [Define to 1 if you have the `EVP_MD_CTX_new' function.]) -+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [], -+ [Define to 1 if you have the `EVP_MD_CTX_free' function.])) - fi - if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then - AC_CHECK_LIB(ssl, DTLSv1_method, -@@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr - TLSPROG=yes - fi - if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then -- AC_CHECK_LIB(ssl, SSL_library_init, -+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, - AC_DEFINE(HAVE_LIBSSL, 1, - [Define to 1 if you have the `ssl' library (-lssl).]) - LIBCRYPTO=" -lssl $LIBCRYPTO", -diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in ---- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100 -+++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100 -@@ -149,11 +149,11 @@ - /* Define to 1 if you have the `eval_pv' function. */ - #undef HAVE_EVAL_PV - --/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ --#undef HAVE_EVP_MD_CTX_CREATE -+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ -+#undef HAVE_EVP_MD_CTX_NEW - --/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ --#undef HAVE_EVP_MD_CTX_DESTROY -+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ -+#undef HAVE_EVP_MD_CTX_FREE - - /* Define if you have EVP_sha224/256 in openssl */ - #undef HAVE_EVP_SHA224 -diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c ---- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100 -+++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100 -@@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int - */ - #ifdef NETSNMP_USE_OPENSSL - --#ifdef HAVE_EVP_MD_CTX_CREATE -- ctx = EVP_MD_CTX_create(); -+#ifdef HAVE_EVP_MD_CTX_NEW -+ ctx = EVP_MD_CTX_new(); - #else - ctx = malloc(sizeof(*ctx)); - if (!EVP_MD_CTX_init(ctx)) -@@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int - memset(buf, 0, sizeof(buf)); - #ifdef NETSNMP_USE_OPENSSL - if (ctx) { --#ifdef HAVE_EVP_MD_CTX_DESTROY -- EVP_MD_CTX_destroy(ctx); -+#ifdef HAVE_EVP_MD_CTX_FREE -+ EVP_MD_CTX_free(ctx); - #else - EVP_MD_CTX_cleanup(ctx); - free(ctx); -diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c ---- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100 -+++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100 -@@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has - } - - /** initialize the pointer */ --#ifdef HAVE_EVP_MD_CTX_CREATE -- cptr = EVP_MD_CTX_create(); -+#ifdef HAVE_EVP_MD_CTX_NEW -+ cptr = EVP_MD_CTX_new(); - #else - cptr = malloc(sizeof(*cptr)); - #if defined(OLD_DES) - memset(cptr, 0, sizeof(*cptr)); - #else -- EVP_MD_CTX_init(cptr); -+ EVP_MD_CTX_init(&cptr); - #endif - #endif - if (!EVP_DigestInit(cptr, hashfn)) { -@@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has - /** do the final pass */ - EVP_DigestFinal(cptr, MAC, &tmp_len); - *MAC_len = tmp_len; --#ifdef HAVE_EVP_MD_CTX_DESTROY -- EVP_MD_CTX_destroy(cptr); -+#ifdef HAVE_EVP_MD_CTX_FREE -+ EVP_MD_CTX_free(cptr); - #else - #if !defined(OLD_DES) -- EVP_MD_CTX_cleanup(cptr); -+ EVP_MD_CTX_cleanup(&cptr); - #endif - free(cptr); - #endif -diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c ---- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100 -+++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100 -@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) { - DEBUGMSGTL(("snmp_openssl", "initializing\n")); - - /* Initializing OpenSSL */ -- SSL_library_init(); -+ OPENSSL_init_ssl(0, NULL); - SSL_load_error_strings(); - ERR_load_BIO_strings(); - OpenSSL_add_all_algorithms(); -@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc - oname_entry = X509_NAME_get_entry(osubj_name, i); - netsnmp_assert(NULL != oname_entry); - -- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING) -+ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING) - continue; - - /** get NID */ -- onid = OBJ_obj2nid(oname_entry->object); -+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry)); - if (onid == NID_undef) { - prefix_long = prefix_short = "UNKNOWN"; - } -@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc - - DEBUGMSGT(("9:cert:dump:names", - "[%02d] NID type %d, ASN type %d\n", i, onid, -- oname_entry->value->type)); -+ X509_NAME_ENTRY_get_data(oname_entry)->type)); - DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long, -- prefix_short, ASN1_STRING_data(oname_entry->value))); -+ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry)))); - } - } - #endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */ -@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509 - if (NULL == ocert) - return 0; - -- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm)); -+ return _nid2ht(X509_get_signature_nid(ocert)); - } - - /** -@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50 - if (NULL == ocert) - return NULL; - -- nid = OBJ_obj2nid(ocert->sig_alg->algorithm); -+ nid = X509_get_signature_nid(ocert); - DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid, - _nid2ht(nid))); - -diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h ---- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100 -+++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100 -@@ -1366,11 +1366,11 @@ - /* Define to 1 if you have the header file. */ - #define HAVE_OPENSSL_AES_H 1 - --/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ --#define HAVE_EVP_MD_CTX_CREATE 1 -+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ -+#define HAVE_EVP_MD_CTX_NEW 1 - --/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ --#define HAVE_EVP_MD_CTX_DESTROY 1 -+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ -+#define HAVE_EVP_MD_CTX_FREE 1 - - /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ - #define HAVE_AES_CFB128_ENCRYPT 1 -diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in ---- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100 -+++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100 -@@ -1366,11 +1366,11 @@ - /* Define to 1 if you have the header file. */ - #define HAVE_OPENSSL_AES_H 1 - --/* Define to 1 if you have the `EVP_MD_CTX_create' function. */ --#define HAVE_EVP_MD_CTX_CREATE 1 -+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ -+#define HAVE_EVP_MD_CTX_NEW 1 - --/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */ --#define HAVE_EVP_MD_CTX_DESTROY 1 -+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ -+#define HAVE_EVP_MD_CTX_FREE 1 - - /* Define to 1 if you have the `AES_cfb128_encrypt' function. */ - #define HAVE_AES_CFB128_ENCRYPT 1