aboutsummaryrefslogtreecommitdiffstats
path: root/lib/snmp/src/manager
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2013-10-18 11:32:25 +0200
committerMicael Karlberg <[email protected]>2013-10-21 12:50:41 +0200
commit300803837926d0bb28829f313fad07f757188d41 (patch)
tree9fdc1833b7e45b44fa3d50e48f17dcc74636336c /lib/snmp/src/manager
parenta803a95c00f89932d2cfd7a7b424aad05fa276b8 (diff)
downloadotp-300803837926d0bb28829f313fad07f757188d41.tar.gz
otp-300803837926d0bb28829f313fad07f757188d41.tar.bz2
otp-300803837926d0bb28829f313fad07f757188d41.zip
[snmp/manager] Incorrect use of EngineBoots and EngineTime when encrypting
When performing the AES encryption, invalid values for the EngineBoots and EngineTime was used. The values of the local agent was used, which would have produced some values if an agent was actually running. If not it would have caused a crash. OTP-11413
Diffstat (limited to 'lib/snmp/src/manager')
-rw-r--r--lib/snmp/src/manager/snmpm_usm.erl14
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/snmp/src/manager/snmpm_usm.erl b/lib/snmp/src/manager/snmpm_usm.erl
index 497d6d6102..0a8a6436a3 100644
--- a/lib/snmp/src/manager/snmpm_usm.erl
+++ b/lib/snmp/src/manager/snmpm_usm.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -19,6 +19,9 @@
%%-----------------------------------------------------------------
%% This module implements the User Based Security Model for SNMP,
%% as defined in rfc2274.
+%%
+%% AES: RFC 3826
+%%
%%-----------------------------------------------------------------
-module(snmpm_usm).
@@ -416,11 +419,14 @@ get_des_salt() ->
[?i32(EngineBoots), ?i32(SaltInt)].
aes_encrypt(PrivKey, Data) ->
- snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0).
+ EngineBoots = get_engine_boots(),
+ EngineTime = get_engine_time(),
+ snmp_usm:aes_encrypt(PrivKey, Data, fun get_aes_salt/0,
+ EngineBoots, EngineTime).
aes_decrypt(PrivKey, UsmSecParams, EncData) ->
- #usmSecurityParameters{msgPrivacyParameters = MsgPrivParams,
- msgAuthoritativeEngineTime = EngineTime,
+ #usmSecurityParameters{msgPrivacyParameters = MsgPrivParams,
+ msgAuthoritativeEngineTime = EngineTime,
msgAuthoritativeEngineBoots = EngineBoots} =
UsmSecParams,
snmp_usm:aes_decrypt(PrivKey, MsgPrivParams, EncData,