aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2013-10-17 17:45:54 +0200
committerMicael Karlberg <[email protected]>2013-10-17 17:49:48 +0200
commita803a95c00f89932d2cfd7a7b424aad05fa276b8 (patch)
tree993ac7e123db5c336eb3f9324a6664b369bf1de1
parente0ecc86e35475b434efa6cccba44074ca1040b7a (diff)
downloadotp-a803a95c00f89932d2cfd7a7b424aad05fa276b8.tar.gz
otp-a803a95c00f89932d2cfd7a7b424aad05fa276b8.tar.bz2
otp-a803a95c00f89932d2cfd7a7b424aad05fa276b8.zip
[snmp] Wrong block cypher type used for AES
Wrong block cypher type used for AES ('aes_cbf128' instead of 'aes_cfb128') when performing AES block encrypt/decrypt which breaks SNMP usmAesCfb128Protocol in agent and manager. OTP-11412
-rw-r--r--lib/snmp/doc/src/notes.xml68
-rw-r--r--lib/snmp/src/app/snmp.appup.src42
-rw-r--r--lib/snmp/src/misc/snmp_usm.erl15
-rw-r--r--lib/snmp/vsn.mk2
4 files changed, 86 insertions, 41 deletions
diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml
index 7514c52dda..7155402ab1 100644
--- a/lib/snmp/doc/src/notes.xml
+++ b/lib/snmp/doc/src/notes.xml
@@ -34,6 +34,74 @@
<section>
+ <title>SNMP Development Toolkit 4.25</title>
+ <p>Version 4.25 supports code replacement in runtime from/to
+ version 4.24.2, 4.24.1, 4.24, 4.23.1 and 4.23. </p>
+
+ <section>
+ <title>Improvements and new features</title>
+ <p>-</p>
+
+<!--
+ <list type="bulleted">
+ <item>
+ <p>[agent] Improved documentation for the functions for
+ loading and unloading mibs,
+ see <seealso marker="snmpa#load_mibs">load_mibs</seealso> and
+ <seealso marker="snmpa#unload_mibs">unload_mibs</seealso> for
+ more info. </p>
+ <p>Also added new functions for loading and unloading a single mib,
+ see <seealso marker="snmpa#load_mib">load_mib</seealso> and
+ <seealso marker="snmpa#unload_mib">unload_mib</seealso> for
+ more info. </p>
+ <p>Own Id: OTP-11216</p>
+ </item>
+
+ </list>
+-->
+
+ </section>
+
+ <section>
+ <title>Fixed Bugs and Malfunctions</title>
+<!--
+ <p>-</p>
+-->
+
+ <list type="bulleted">
+ <item>
+ <p>Wrong block cypher type used for AES ('aes_cbf128'
+ instead of 'aes_cfb128') when performing AES block
+ encrypt/decrypt which breaks SNMP usmAesCfb128Protocol
+ in agent and manager. </p>
+ <p>Own Id: OTP-11412</p>
+ </item>
+
+ </list>
+
+ </section>
+
+ <section>
+ <title>Incompatibilities</title>
+ <p>-</p>
+
+<!--
+ <list type="bulleted">
+ <item>
+ <p>[manager] The old Addr-and-Port based API functions, previously
+ long deprecated and marked for deletion in R16B, has now been
+ removed. </p>
+ <p>Own Id: OTP-10027</p>
+ </item>
+
+ </list>
+-->
+ </section>
+
+ </section> <!-- 4.25 -->
+
+
+ <section>
<title>SNMP Development Toolkit 4.24.2</title>
<p>Version 4.24.2 supports code replacement in runtime from/to
version 4.24.1, 4.24, 4.23.1 and 4.23. </p>
diff --git a/lib/snmp/src/app/snmp.appup.src b/lib/snmp/src/app/snmp.appup.src
index 6edcf7e833..e1bf7692b3 100644
--- a/lib/snmp/src/app/snmp.appup.src
+++ b/lib/snmp/src/app/snmp.appup.src
@@ -29,24 +29,9 @@
%% {add_module, snmpm_net_if_mt}
[
- {"4.24.1",
- [
- {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_mib, soft, soft_purge, soft_purge, []}
- ]
- },
- {"4.24",
- [
- {load_module, snmp_conf, soft_purge, soft_purge, []},
- {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge,
- [snmp_conf]},
- {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
- {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_mib, soft, soft_purge, soft_purge, []}
- ]
- },
+ {"4.24.2", [{restart_application, snmp}]},
+ {"4.24.1", [{restart_application, snmp}]},
+ {"4.24", [{restart_application, snmp}]},
{"4.23.1", [{restart_application, snmp}]},
{"4.23", [{restart_application, snmp}]}
],
@@ -57,24 +42,9 @@
%% {remove, {snmpm_net_if_mt, soft_purge, soft_purge}}
[
- {"4.24.1",
- [
- {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_mib, soft, soft_purge, soft_purge, []}
- ]
- },
- {"4.24",
- [
- {load_module, snmp_conf, soft_purge, soft_purge, []},
- {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge,
- [snmp_conf]},
- {load_module, snmpa, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_local_db, soft, soft_purge, soft_purge, []},
- {update, snmpa_agent, soft, soft_purge, soft_purge, [snmpa_agent]},
- {update, snmpa_mib, soft, soft_purge, soft_purge, []}
- ]
- },
+ {"4.24.2", [{restart_application, snmp}]},
+ {"4.24.1", [{restart_application, snmp}]},
+ {"4.24", [{restart_application, snmp}]},
{"4.23.1", [{restart_application, snmp}]},
{"4.23", [{restart_application, snmp}]}
]
diff --git a/lib/snmp/src/misc/snmp_usm.erl b/lib/snmp/src/misc/snmp_usm.erl
index 67e3476816..0c57f535cd 100644
--- a/lib/snmp/src/misc/snmp_usm.erl
+++ b/lib/snmp/src/misc/snmp_usm.erl
@@ -42,6 +42,9 @@
-define(i32(Int), (Int bsr 24) band 255, (Int bsr 16) band 255, (Int bsr 8) band 255, Int band 255).
+-define(BLOCK_CIPHER_AES, aes_cfb128).
+-define(BLOCK_CIPHER_DES, des_cbc).
+
%%-----------------------------------------------------------------
%% Func: passwd2localized_key/3
@@ -210,7 +213,8 @@ des_encrypt(PrivKey, Data, SaltFun) ->
IV = list_to_binary(snmp_misc:str_xor(PreIV, Salt)),
TailLen = (8 - (length(Data) rem 8)) rem 8,
Tail = mk_tail(TailLen),
- EncData = crypto:block_encrypt(des_cbc, DesKey, IV, [Data,Tail]),
+ EncData = crypto:block_encrypt(?BLOCK_CIPHER_DES,
+ DesKey, IV, [Data,Tail]),
{ok, binary_to_list(EncData), Salt}.
des_decrypt(PrivKey, MsgPrivParams, EncData)
@@ -224,7 +228,8 @@ des_decrypt(PrivKey, MsgPrivParams, EncData)
Salt = MsgPrivParams,
IV = list_to_binary(snmp_misc:str_xor(PreIV, Salt)),
%% Whatabout errors here??? E.g. not a mulitple of 8!
- Data = binary_to_list(crypto:block_decrypt(des_cbc, DesKey, IV, EncData)),
+ Data = binary_to_list(crypto:block_decrypt(?BLOCK_CIPHER_DES,
+ DesKey, IV, EncData)),
Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data),
{ok, Data2};
des_decrypt(PrivKey, BadMsgPrivParams, EncData) ->
@@ -242,7 +247,8 @@ aes_encrypt(PrivKey, Data, SaltFun) ->
EngineBoots = snmp_framework_mib:get_engine_boots(),
EngineTime = snmp_framework_mib:get_engine_time(),
IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
- EncData = crypto:block_encrypt(aes_cbf128, AesKey, IV, Data),
+ EncData = crypto:block_encrypt(?BLOCK_CIPHER_AES,
+ AesKey, IV, Data),
{ok, binary_to_list(EncData), Salt}.
aes_decrypt(PrivKey, MsgPrivParams, EncData, EngineBoots, EngineTime)
@@ -251,7 +257,8 @@ aes_decrypt(PrivKey, MsgPrivParams, EncData, EngineBoots, EngineTime)
Salt = MsgPrivParams,
IV = list_to_binary([?i32(EngineBoots), ?i32(EngineTime) | Salt]),
%% Whatabout errors here??? E.g. not a mulitple of 8!
- Data = binary_to_list(crypto:block_decrypt(aes_cbf128, AesKey, IV, EncData)),
+ Data = binary_to_list(crypto:block_decrypt(?BLOCK_CIPHER_AES,
+ AesKey, IV, EncData)),
Data2 = snmp_pdus:strip_encrypted_scoped_pdu_data(Data),
{ok, Data2}.
diff --git a/lib/snmp/vsn.mk b/lib/snmp/vsn.mk
index 2164121e86..70f7c2b19a 100644
--- a/lib/snmp/vsn.mk
+++ b/lib/snmp/vsn.mk
@@ -18,6 +18,6 @@
# %CopyrightEnd%
APPLICATION = snmp
-SNMP_VSN = 4.24.2
+SNMP_VSN = 4.25
PRE_VSN =
APP_VSN = "$(APPLICATION)-$(SNMP_VSN)$(PRE_VSN)"