net-snmp: add support for openssl 1.1x

Patch was copied from [https://sourceforge.net/p/net-snmp/patches/1336]. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Andrej Valek <andrej.valek@siemens.com> 2018-06-07 15:21:08 +0200
committer: Khem Raj <raj.khem@gmail.com> 2018-06-12 09:13:46 -0700
commit: d3bd6dac4496dd66251a75fcaee5e39d5a1ffc27 (patch)
tree: fb590717bbeae7b0d5e5015d3f37e2517ee63b35
parent: c27756081d79da84f40bdc77e24b4d5e23bc7159 (diff)
download: meta-openembedded-d3bd6dac4496dd66251a75fcaee5e39d5a1ffc27.tar.gz
2 files changed, 172 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-openssl-build-errors.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-openssl-build-errors.patch
new file mode 100644
index 0000000000..53bc372267
--- /dev/null
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-openssl-build-errors.patch
@@ -0,0 +1,171 @@
+net-snmp build fails on Debian 9 with OpenSSL 1.1.0
+With these changes, net-snmp builds with both
+OpenSSL 1.0.x and 1.1.x.
+Author: Sharmila Podury <sharmila.podury@brocade.com>
+--- a/apps/snmpusm.c
+++ b/apps/snmpusm.c
+@@ -125,6 +125,32 @@ char           *usmUserPublic_val = NULL
+ int             docreateandwait = 0;
+ 
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+#include <openssl/engine.h>
+
+void DH_get0_pqg(const DH *dh,
+                const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+   if (p != NULL)
+       *p = dh->p;
+   if (q != NULL)
+       *q = dh->q;
+   if (g != NULL)
+       *g = dh->g;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+   if (pub_key != NULL)
+       *pub_key = dh->pub_key;
+   if (priv_key != NULL)
+       *priv_key = dh->priv_key;
+}
+
+#endif
+
+ void
+ usage(void)
+ {
+@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
+                oid *keyoid, size_t keyoid_len) {
+     u_char *dhkeychange;
+     DH *dh;
+-    BIGNUM *other_pub;
+    BIGNUM *p, *g, *pub_key, *other_pub;
+     u_char *key;
+     size_t key_len;
+             
+@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
+         dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
+     }
+ 
+-    if (!dh || !dh->g || !dh->p) {
+    if (dh)
+        DH_get0_pqg(dh, &p, NULL, &g);
+
+    if (!dh || !g || !p) {
+         SNMP_FREE(dhkeychange);
+         return SNMPERR_GENERR;
+     }
+ 
+-    DH_generate_key(dh);
+-    if (!dh->pub_key) {
+    if (!DH_generate_key(dh)) {
+         SNMP_FREE(dhkeychange);
+         return SNMPERR_GENERR;
+     }
+             
+-    if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+    DH_get0_key(dh, &pub_key, NULL);
+
+    if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
+         SNMP_FREE(dhkeychange);
+         fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
+-                (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+                (unsigned long)vars->val_len, BN_num_bytes(pub_key));
+         return SNMPERR_GENERR;
+     }
+ 
+-    BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+    BN_bn2bin(pub_key, dhkeychange + vars->val_len);
+ 
+     key_len = DH_size(dh);
+     if (!key_len) {
+--- a/configure.d/config_os_libs2
+++ b/configure.d/config_os_libs2
+@@ -327,10 +327,16 @@ if test "x$tryopenssl" != "xno" -a "x$tr
+              [[#include <openssl/evp.h>]])
+ 
+             AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
+-                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
+                AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1],
+                     [Define to 1 if you have the `EVP_MD_CTX_create' function.])
+-                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
+                AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1],
+                     [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+
+            AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
+                AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
+                    [Define to 1 if you have the `EVP_MD_CTX_new' function.])
+                AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
+                    [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
+         fi
+         if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
+            AC_CHECK_LIB(ssl, DTLSv1_method,
+--- a/include/net-snmp/net-snmp-config.h.in
+++ b/include/net-snmp/net-snmp-config.h.in
+@@ -164,6 +164,12 @@
+ /* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
+ #undef HAVE_EVP_MD_CTX_DESTROY
+ 
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
+
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
+
+ /* Define if you have EVP_sha224/256 in openssl */
+ #undef HAVE_EVP_SHA224
+ 
+--- a/snmplib/keytools.c
+++ b/snmplib/keytools.c
+@@ -176,7 +176,9 @@ generate_Ku(const oid * hashtype, u_int
+         QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
+     }
+ 
+-#ifdef HAVE_EVP_MD_CTX_CREATE
+#ifdef HAVE_EVP_MD_CTX_NEW
+    ctx = EVP_MD_CTX_new();
+#elif HAVE_EVP_MD_CTX_CREATE
+     ctx = EVP_MD_CTX_create();
+ #else
+     ctx = malloc(sizeof(*ctx));
+@@ -278,7 +280,9 @@ generate_Ku(const oid * hashtype, u_int
+     memset(buf, 0, sizeof(buf));
+ #ifdef NETSNMP_USE_OPENSSL
+     if (ctx) {
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
+#ifdef HAVE_EVP_MD_CTX_FREE
+        EVP_MD_CTX_free(ctx);
+#elif HAVE_EVP_MD_CTX_DESTROY
+         EVP_MD_CTX_destroy(ctx);
+ #else
+         EVP_MD_CTX_cleanup(ctx);
+--- a/snmplib/scapi.c
+++ b/snmplib/scapi.c
+@@ -627,7 +627,9 @@ sc_hash(const oid * hashtype, size_t has
+         return SNMPERR_GENERR;
+ 
+ /** initialize the pointer */
+-#ifdef HAVE_EVP_MD_CTX_CREATE
+#ifdef HAVE_EVP_MD_CTX_NEW
+    cptr = EVP_MD_CTX_new();
+#elif HAVE_EVP_MD_CTX_CREATE
+     cptr = EVP_MD_CTX_create();
+ #else
+     cptr = malloc(sizeof(*cptr));
+@@ -648,7 +650,9 @@ sc_hash(const oid * hashtype, size_t has
+ /** do the final pass */
+     EVP_DigestFinal(cptr, MAC, &tmp_len);
+     *MAC_len = tmp_len;
+-#ifdef HAVE_EVP_MD_CTX_DESTROY
+#ifdef HAVE_EVP_MD_CTX_FREE
+    EVP_MD_CTX_free(cptr);
+#elif HAVE_EVP_MD_CTX_DESTROY
+     EVP_MD_CTX_destroy(cptr);
+ #else
+ #if !defined(OLD_DES)
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb
index 6832b078d5..5c827bb86a 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb
@@ -33,6 +33,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.zip \
           file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \
           file://net-snmp-fix-for-disable-des.patch \
           file://0001-Remove-U64-typedef.patch \
+           file://fix-openssl-build-errors.patch \
           "
 SRC_URI[md5sum] = "9f682bd70c717efdd9f15b686d07baee"
 SRC_URI[sha256sum] = "e8dfc79b6539b71a6ff335746ce63d2da2239062ad41872fff4354cafed07a3e"
author	Andrej Valek <andrej.valek@siemens.com>	2018-06-07 15:21:08 +0200
committer	Khem Raj <raj.khem@gmail.com>	2018-06-12 09:13:46 -0700
commit	d3bd6dac4496dd66251a75fcaee5e39d5a1ffc27 (patch)
tree	fb590717bbeae7b0d5e5015d3f37e2517ee63b35
parent	c27756081d79da84f40bdc77e24b4d5e23bc7159 (diff)
download	meta-openembedded-d3bd6dac4496dd66251a75fcaee5e39d5a1ffc27.tar.gz

diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-openssl-build-errors.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-openssl-build-errors.patch new file mode 100644 index 0000000000..53bc372267 --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/fix-openssl-build-errors.patch
@@ -0,0 +1,171 @@
		1	net-snmp build fails on Debian 9 with OpenSSL 1.1.0
		2
		3	With these changes, net-snmp builds with both
		4	OpenSSL 1.0.x and 1.1.x.
		5
		6	Author: Sharmila Podury <sharmila.podury@brocade.com>
		7
		8	--- a/apps/snmpusm.c
		9	+++ b/apps/snmpusm.c
		10	@@ -125,6 +125,32 @@ char *usmUserPublic_val = NULL
		11	int docreateandwait = 0;
		12
		13
		14	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		15	+
		16	+#include <string.h>
		17	+#include <openssl/engine.h>
		18	+
		19	+void DH_get0_pqg(const DH *dh,
		20	+ const BIGNUM p, const BIGNUM q, const BIGNUM **g)
		21	+{
		22	+ if (p != NULL)
		23	+ *p = dh->p;
		24	+ if (q != NULL)
		25	+ *q = dh->q;
		26	+ if (g != NULL)
		27	+ *g = dh->g;
		28	+}
		29	+
		30	+void DH_get0_key(const DH dh, const BIGNUM pub_key, const BIGNUM *priv_key)
		31	+{
		32	+ if (pub_key != NULL)
		33	+ *pub_key = dh->pub_key;
		34	+ if (priv_key != NULL)
		35	+ *priv_key = dh->priv_key;
		36	+}
		37	+
		38	+#endif
		39	+
		40	void
		41	usage(void)
		42	{
		43	@@ -190,7 +216,7 @@ get_USM_DH_key(netsnmp_variable_list *va
		44	oid *keyoid, size_t keyoid_len) {
		45	u_char *dhkeychange;
		46	DH *dh;
		47	- BIGNUM *other_pub;
		48	+ BIGNUM p, g, pub_key, other_pub;
		49	u_char *key;
		50	size_t key_len;
		51
		52	@@ -205,25 +231,29 @@ get_USM_DH_key(netsnmp_variable_list *va
		53	dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
		54	}
		55
		56	- if (!dh \|\| !dh->g \|\| !dh->p) {
		57	+ if (dh)
		58	+ DH_get0_pqg(dh, &p, NULL, &g);
		59	+
		60	+ if (!dh \|\| !g \|\| !p) {
		61	SNMP_FREE(dhkeychange);
		62	return SNMPERR_GENERR;
		63	}
		64
		65	- DH_generate_key(dh);
		66	- if (!dh->pub_key) {
		67	+ if (!DH_generate_key(dh)) {
		68	SNMP_FREE(dhkeychange);
		69	return SNMPERR_GENERR;
		70	}
		71
		72	- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
		73	+ DH_get0_key(dh, &pub_key, NULL);
		74	+
		75	+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
		76	SNMP_FREE(dhkeychange);
		77	fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
		78	- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
		79	+ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
		80	return SNMPERR_GENERR;
		81	}
		82
		83	- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
		84	+ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
		85
		86	key_len = DH_size(dh);
		87	if (!key_len) {
		88	--- a/configure.d/config_os_libs2
		89	+++ b/configure.d/config_os_libs2
		90	@@ -327,10 +327,16 @@ if test "x$tryopenssl" != "xno" -a "x$tr
		91	[[#include <openssl/evp.h>]])
		92
		93	AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
		94	- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
		95	+ AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [1],
		96	[Define to 1 if you have the `EVP_MD_CTX_create' function.])
		97	- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
		98	+ AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [1],
		99	[Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
		100	+
		101	+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
		102	+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
		103	+ [Define to 1 if you have the `EVP_MD_CTX_new' function.])
		104	+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
		105	+ [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
		106	fi
		107	if echo " $transport_result_list " \| $GREP "DTLS" > /dev/null; then
		108	AC_CHECK_LIB(ssl, DTLSv1_method,
		109	--- a/include/net-snmp/net-snmp-config.h.in
		110	+++ b/include/net-snmp/net-snmp-config.h.in
		111	@@ -164,6 +164,12 @@
		112	/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
		113	#undef HAVE_EVP_MD_CTX_DESTROY
		114
		115	+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
		116	+#undef HAVE_EVP_MD_CTX_FREE
		117	+
		118	+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
		119	+#undef HAVE_EVP_MD_CTX_NEW
		120	+
		121	/* Define if you have EVP_sha224/256 in openssl */
		122	#undef HAVE_EVP_SHA224
		123
		124	--- a/snmplib/keytools.c
		125	+++ b/snmplib/keytools.c
		126	@@ -176,7 +176,9 @@ generate_Ku(const oid * hashtype, u_int
		127	QUITFUN(SNMPERR_GENERR, generate_Ku_quit);
		128	}
		129
		130	-#ifdef HAVE_EVP_MD_CTX_CREATE
		131	+#ifdef HAVE_EVP_MD_CTX_NEW
		132	+ ctx = EVP_MD_CTX_new();
		133	+#elif HAVE_EVP_MD_CTX_CREATE
		134	ctx = EVP_MD_CTX_create();
		135	#else
		136	ctx = malloc(sizeof(*ctx));
		137	@@ -278,7 +280,9 @@ generate_Ku(const oid * hashtype, u_int
		138	memset(buf, 0, sizeof(buf));
		139	#ifdef NETSNMP_USE_OPENSSL
		140	if (ctx) {
		141	-#ifdef HAVE_EVP_MD_CTX_DESTROY
		142	+#ifdef HAVE_EVP_MD_CTX_FREE
		143	+ EVP_MD_CTX_free(ctx);
		144	+#elif HAVE_EVP_MD_CTX_DESTROY
		145	EVP_MD_CTX_destroy(ctx);
		146	#else
		147	EVP_MD_CTX_cleanup(ctx);
		148	--- a/snmplib/scapi.c
		149	+++ b/snmplib/scapi.c
		150	@@ -627,7 +627,9 @@ sc_hash(const oid * hashtype, size_t has
		151	return SNMPERR_GENERR;
		152
		153	/** initialize the pointer */
		154	-#ifdef HAVE_EVP_MD_CTX_CREATE
		155	+#ifdef HAVE_EVP_MD_CTX_NEW
		156	+ cptr = EVP_MD_CTX_new();
		157	+#elif HAVE_EVP_MD_CTX_CREATE
		158	cptr = EVP_MD_CTX_create();
		159	#else
		160	cptr = malloc(sizeof(*cptr));
		161	@@ -648,7 +650,9 @@ sc_hash(const oid * hashtype, size_t has
		162	/** do the final pass */
		163	EVP_DigestFinal(cptr, MAC, &tmp_len);
		164	*MAC_len = tmp_len;
		165	-#ifdef HAVE_EVP_MD_CTX_DESTROY
		166	+#ifdef HAVE_EVP_MD_CTX_FREE
		167	+ EVP_MD_CTX_free(cptr);
		168	+#elif HAVE_EVP_MD_CTX_DESTROY
		169	EVP_MD_CTX_destroy(cptr);
		170	#else
		171	#if !defined(OLD_DES)


diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb index 6832b078d5..5c827bb86a 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.7.3.bb
@@ -33,6 +33,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.zip \
33	file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \	33	file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \
34	file://net-snmp-fix-for-disable-des.patch \	34	file://net-snmp-fix-for-disable-des.patch \
35	file://0001-Remove-U64-typedef.patch \	35	file://0001-Remove-U64-typedef.patch \
		36	file://fix-openssl-build-errors.patch \
36	"	37	"
37	SRC_URI[md5sum] = "9f682bd70c717efdd9f15b686d07baee"	38	SRC_URI[md5sum] = "9f682bd70c717efdd9f15b686d07baee"
38	SRC_URI[sha256sum] = "e8dfc79b6539b71a6ff335746ce63d2da2239062ad41872fff4354cafed07a3e"	39	SRC_URI[sha256sum] = "e8dfc79b6539b71a6ff335746ce63d2da2239062ad41872fff4354cafed07a3e"