|
|
f13900 |
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
|
|
|
f13900 |
From: Bart Van Assche <bvanassche@acm.org>
|
|
|
f13900 |
Date: Mon, 27 Apr 2020 08:23:16 -0700
|
|
|
f13900 |
Subject: [PATCH] configure: Report supported authentication and encryption
|
|
|
f13900 |
modes correctly
|
|
|
f13900 |
|
|
|
f13900 |
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
|
|
|
f13900 |
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
|
|
|
f13900 |
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
|
|
|
f13900 |
protocol constants handling") added support for several AES encryption modes.
|
|
|
f13900 |
Make the configure script report which modes are supported.
|
|
|
f13900 |
---
|
|
|
f13900 |
configure | 15 ++++++++++++++-
|
|
|
f13900 |
configure.d/config_os_misc2 | 15 ++++++++++++++-
|
|
|
f13900 |
2 files changed, 28 insertions(+), 2 deletions(-)
|
|
|
f13900 |
|
|
|
f13900 |
diff --git a/configure b/configure
|
|
|
f13900 |
index 46402589f..7481ebd07 100755
|
|
|
f13900 |
--- a/configure
|
|
|
f13900 |
+++ b/configure
|
|
|
f13900 |
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
|
|
|
f13900 |
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
|
|
|
f13900 |
$as_echo "Internal Crypto Support" >&6; }
|
|
|
f13900 |
elif test "x$useopenssl" != "xno" ; then
|
|
|
f13900 |
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
|
|
|
f13900 |
+ authmodes="MD5 SHA1"
|
|
|
f13900 |
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
|
|
|
f13900 |
+ authmodes="$authmodes SHA224 SHA256"
|
|
|
f13900 |
+ fi
|
|
|
f13900 |
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
|
|
|
f13900 |
+ authmodes="$authmodes SHA384 SHA512"
|
|
|
f13900 |
+ fi
|
|
|
f13900 |
if test "x$enable_privacy" != "xno" ; then
|
|
|
f13900 |
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
|
|
|
f13900 |
encrmodes="DES AES"
|
|
|
f13900 |
@@ -26492,6 +26498,13 @@ fi
|
|
|
f13900 |
if test "x$enable_md5" = "xno"; then
|
|
|
f13900 |
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
|
|
|
f13900 |
fi
|
|
|
f13900 |
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
|
|
|
f13900 |
+ test "x$CRYPTO" = xinternal; then
|
|
|
f13900 |
+ encrmodes="$encrmodes AES128"
|
|
|
f13900 |
+ if test "x$aes_capable" = "xyes"; then
|
|
|
f13900 |
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
|
|
|
f13900 |
+ fi
|
|
|
f13900 |
+fi
|
|
|
f13900 |
|
|
|
f13900 |
|
|
|
f13900 |
|
|
|
f13900 |
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
|
|
|
f13900 |
index 1df9bf0a2..be0bccec0 100644
|
|
|
f13900 |
--- a/configure.d/config_os_misc2
|
|
|
f13900 |
+++ b/configure.d/config_os_misc2
|
|
|
f13900 |
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
|
|
|
f13900 |
AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
|
|
|
f13900 |
AC_MSG_RESULT(Internal Crypto Support)
|
|
|
f13900 |
elif test "x$useopenssl" != "xno" ; then
|
|
|
f13900 |
- authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
|
|
|
f13900 |
+ authmodes="MD5 SHA1"
|
|
|
f13900 |
+ if test "x$ac_cv_func_EVP_sha224" = xyes; then
|
|
|
f13900 |
+ authmodes="$authmodes SHA224 SHA256"
|
|
|
f13900 |
+ fi
|
|
|
f13900 |
+ if test "x$ac_cv_func_EVP_sha384" = xyes; then
|
|
|
f13900 |
+ authmodes="$authmodes SHA384 SHA512"
|
|
|
f13900 |
+ fi
|
|
|
f13900 |
if test "x$enable_privacy" != "xno" ; then
|
|
|
f13900 |
if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
|
|
|
f13900 |
encrmodes="DES AES"
|
|
|
f13900 |
@@ -86,6 +92,13 @@ fi
|
|
|
f13900 |
if test "x$enable_md5" = "xno"; then
|
|
|
f13900 |
authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
|
|
|
f13900 |
fi
|
|
|
f13900 |
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
|
|
|
f13900 |
+ test "x$CRYPTO" = xinternal; then
|
|
|
f13900 |
+ encrmodes="$encrmodes AES128"
|
|
|
f13900 |
+ if test "x$aes_capable" = "xyes"; then
|
|
|
f13900 |
+ encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
|
|
|
f13900 |
+ fi
|
|
|
f13900 |
+fi
|
|
|
f13900 |
AC_SUBST(LNETSNMPLIBS)
|
|
|
f13900 |
AC_SUBST(LAGENTLIBS)
|
|
|
f13900 |
|
|
|
f13900 |
|
|
|
f13900 |
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
|
|
|
f13900 |
--- a/net-snmp-create-v3-user.in 2020-06-15 12:59:05.117432700 +0200
|
|
|
f13900 |
+++ b/net-snmp-create-v3-user.in 2020-06-15 13:01:36.151905241 +0200
|
|
|
f13900 |
@@ -58,11 +58,11 @@ case $1 in
|
|
|
f13900 |
exit 1
|
|
|
f13900 |
fi
|
|
|
f13900 |
case $1 in
|
|
|
f13900 |
- DES|AES|AES128)
|
|
|
f13900 |
+ DES|AES|AES128|AES192|AES256)
|
|
|
f13900 |
Xalgorithm=$1
|
|
|
f13900 |
shift
|
|
|
f13900 |
;;
|
|
|
f13900 |
- des|aes|aes128)
|
|
|
f13900 |
+ des|aes|aes128|aes192|aes256)
|
|
|
f13900 |
Xalgorithm=`echo $1 | tr a-z A-Z`
|
|
|
f13900 |
shift
|
|
|
f13900 |
;;
|