Blame SOURCES/net-snmp-5.8-aes-config.patch

f13900
From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
f13900
From: Bart Van Assche <bvanassche@acm.org>
f13900
Date: Mon, 27 Apr 2020 08:23:16 -0700
f13900
Subject: [PATCH] configure: Report supported authentication and encryption
f13900
 modes correctly
f13900
f13900
Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
f13900
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
f13900
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
f13900
protocol constants handling") added support for several AES encryption modes.
f13900
Make the configure script report which modes are supported.
f13900
---
f13900
 configure                   | 15 ++++++++++++++-
f13900
 configure.d/config_os_misc2 | 15 ++++++++++++++-
f13900
 2 files changed, 28 insertions(+), 2 deletions(-)
f13900
f13900
diff --git a/configure b/configure
f13900
index 46402589f..7481ebd07 100755
f13900
--- a/configure
f13900
+++ b/configure
f13900
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
f13900
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
f13900
 $as_echo "Internal Crypto Support" >&6; }
f13900
 elif test "x$useopenssl" != "xno" ; then
f13900
-    authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
f13900
+    authmodes="MD5 SHA1"
f13900
+    if test "x$ac_cv_func_EVP_sha224" = xyes; then
f13900
+        authmodes="$authmodes SHA224 SHA256"
f13900
+    fi
f13900
+    if test "x$ac_cv_func_EVP_sha384" = xyes; then
f13900
+        authmodes="$authmodes SHA384 SHA512"
f13900
+    fi
f13900
     if test "x$enable_privacy" != "xno" ; then
f13900
         if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
f13900
             encrmodes="DES AES"
f13900
@@ -26492,6 +26498,13 @@ fi
f13900
 if test "x$enable_md5" = "xno"; then
f13900
     authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
f13900
 fi
f13900
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
f13900
+   test "x$CRYPTO" = xinternal; then
f13900
+    encrmodes="$encrmodes AES128"
f13900
+    if test "x$aes_capable" = "xyes"; then
f13900
+        encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
f13900
+    fi
f13900
+fi
f13900
 
f13900
 
f13900
 
f13900
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
f13900
index 1df9bf0a2..be0bccec0 100644
f13900
--- a/configure.d/config_os_misc2
f13900
+++ b/configure.d/config_os_misc2
f13900
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
f13900
     AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
f13900
     AC_MSG_RESULT(Internal Crypto Support)
f13900
 elif test "x$useopenssl" != "xno" ; then
f13900
-    authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
f13900
+    authmodes="MD5 SHA1"
f13900
+    if test "x$ac_cv_func_EVP_sha224" = xyes; then
f13900
+        authmodes="$authmodes SHA224 SHA256"
f13900
+    fi
f13900
+    if test "x$ac_cv_func_EVP_sha384" = xyes; then
f13900
+        authmodes="$authmodes SHA384 SHA512"
f13900
+    fi
f13900
     if test "x$enable_privacy" != "xno" ; then
f13900
         if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
f13900
             encrmodes="DES AES"
f13900
@@ -86,6 +92,13 @@ fi
f13900
 if test "x$enable_md5" = "xno"; then
f13900
     authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
f13900
 fi
f13900
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
f13900
+   test "x$CRYPTO" = xinternal; then
f13900
+    encrmodes="$encrmodes AES128"
f13900
+    if test "x$aes_capable" = "xyes"; then
f13900
+        encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
f13900
+    fi
f13900
+fi
f13900
 AC_SUBST(LNETSNMPLIBS)
f13900
 AC_SUBST(LAGENTLIBS)
f13900
 
f13900
f13900
diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
f13900
--- a/net-snmp-create-v3-user.in	2020-06-15 12:59:05.117432700 +0200
f13900
+++ b/net-snmp-create-v3-user.in	2020-06-15 13:01:36.151905241 +0200
f13900
@@ -58,11 +58,11 @@ case $1 in
f13900
 	    exit 1
f13900
 	fi
f13900
         case $1 in
f13900
-            DES|AES|AES128)
f13900
+            DES|AES|AES128|AES192|AES256)
f13900
 	    Xalgorithm=$1
f13900
 	    shift
f13900
 	    ;;
f13900
-            des|aes|aes128)
f13900
+            des|aes|aes128|aes192|aes256)
f13900
 	    Xalgorithm=`echo $1 | tr a-z A-Z`
f13900
 	    shift
f13900
 	    ;;