aboutsummaryrefslogtreecommitdiffstats
path: root/lib/snmp
diff options
context:
space:
mode:
authorMicael Karlberg <bmk@erlang.org>2013-05-28 16:56:44 +0200
committerMicael Karlberg <bmk@erlang.org>2013-05-28 16:56:44 +0200
commit6aca7052709ea0f88503b08685c1699845a6de89 (patch)
treeeb5adbabbb2e40d6909f3d0511f239b827c7c374 /lib/snmp
parent80c02173c9fc1d76ac1b404a05e2706817a4c308 (diff)
downloadotp-6aca7052709ea0f88503b08685c1699845a6de89.tar.gz
otp-6aca7052709ea0f88503b08685c1699845a6de89.tar.bz2
otp-6aca7052709ea0f88503b08685c1699845a6de89.zip
[snmp] Use of new crypto interface correctd in manager
Added a common utility function (in the snmp_misc module) for testing for crypto support (sed both by the manager and agent code). OTP-11009
Diffstat (limited to 'lib/snmp')
-rw-r--r--lib/snmp/src/agent/snmp_user_based_sm_mib.erl14
-rw-r--r--lib/snmp/src/manager/snmpm_config.erl41
-rw-r--r--lib/snmp/src/misc/snmp_misc.erl17
3 files changed, 39 insertions, 33 deletions
diff --git a/lib/snmp/src/agent/snmp_user_based_sm_mib.erl b/lib/snmp/src/agent/snmp_user_based_sm_mib.erl
index e675cf1b83..223d3f7218 100644
--- a/lib/snmp/src/agent/snmp_user_based_sm_mib.erl
+++ b/lib/snmp/src/agent/snmp_user_based_sm_mib.erl
@@ -1219,16 +1219,10 @@ split(N, [H | T], FirstRev) when N > 0 ->
split(N-1, T, [H | FirstRev]).
-is_crypto_supported(Algo) ->
- %% The 'catch' handles the case when 'crypto' is
- %% not present in the system (or not started).
- Supported = crypto:supports(),
- Hashs = proplists:get_value(hashs, Supported),
- Ciphers = proplists:get_value(ciphers, Supported),
- case catch lists:member(Algo, Hashs ++ Ciphers) of
- true -> true;
- _ -> false
- end.
+-compile({inline, [{is_crypto_supported,1}]}).
+is_crypto_supported(Func) ->
+ snmp_misc:is_crypto_supported(Func).
+
inconsistentValue(V) -> throw({inconsistentValue, V}).
inconsistentName(N) -> throw({inconsistentName, N}).
diff --git a/lib/snmp/src/manager/snmpm_config.erl b/lib/snmp/src/manager/snmpm_config.erl
index 5bbf9e5542..9d687f1d31 100644
--- a/lib/snmp/src/manager/snmpm_config.erl
+++ b/lib/snmp/src/manager/snmpm_config.erl
@@ -2028,7 +2028,7 @@ verify_usm_user_auth(usmNoAuthProtocol, AuthKey) ->
end;
verify_usm_user_auth(usmHMACMD5AuthProtocol, AuthKey)
when is_list(AuthKey) andalso (length(AuthKey) =:= 16) ->
- case is_crypto_supported(md5_mac_96) of
+ case is_crypto_supported(md5) of
true ->
case snmp_conf:all_integer(AuthKey) of
true ->
@@ -2037,7 +2037,7 @@ verify_usm_user_auth(usmHMACMD5AuthProtocol, AuthKey)
error({invalid_auth_key, usmHMACMD5AuthProtocol})
end;
false ->
- error({unsupported_crypto, md5_mac_96})
+ error({unsupported_crypto, md5})
end;
verify_usm_user_auth(usmHMACMD5AuthProtocol, AuthKey) when is_list(AuthKey) ->
Len = length(AuthKey),
@@ -2046,7 +2046,7 @@ verify_usm_user_auth(usmHMACMD5AuthProtocol, _AuthKey) ->
error({invalid_auth_key, usmHMACMD5AuthProtocol});
verify_usm_user_auth(usmHMACSHAAuthProtocol, AuthKey)
when is_list(AuthKey) andalso (length(AuthKey) =:= 20) ->
- case is_crypto_supported(sha_mac_96) of
+ case is_crypto_supported(sha) of
true ->
case snmp_conf:all_integer(AuthKey) of
true ->
@@ -2055,7 +2055,7 @@ verify_usm_user_auth(usmHMACSHAAuthProtocol, AuthKey)
error({invalid_auth_key, usmHMACSHAAuthProtocol})
end;
false ->
- error({unsupported_crypto, sha_mac_96})
+ error({unsupported_crypto, sha})
end;
verify_usm_user_auth(usmHMACSHAAuthProtocol, AuthKey) when is_list(AuthKey) ->
Len = length(AuthKey),
@@ -2074,7 +2074,7 @@ verify_usm_user_priv(usmNoPrivProtocol, PrivKey) ->
end;
verify_usm_user_priv(usmDESPrivProtocol, PrivKey)
when (length(PrivKey) =:= 16) ->
- case is_crypto_supported(des_cbc_decrypt) of
+ case is_crypto_supported(des_cbc) of
true ->
case snmp_conf:all_integer(PrivKey) of
true ->
@@ -2083,7 +2083,7 @@ verify_usm_user_priv(usmDESPrivProtocol, PrivKey)
error({invalid_priv_key, usmDESPrivProtocol})
end;
false ->
- error({unsupported_crypto, des_cbc_decrypt})
+ error({unsupported_crypto, des_cbc})
end;
verify_usm_user_priv(usmDESPrivProtocol, PrivKey) when is_list(PrivKey) ->
Len = length(PrivKey),
@@ -2092,7 +2092,7 @@ verify_usm_user_priv(usmDESPrivProtocol, _PrivKey) ->
error({invalid_priv_key, usmDESPrivProtocol});
verify_usm_user_priv(usmAesCfb128Protocol, PrivKey)
when (length(PrivKey) =:= 16) ->
- case is_crypto_supported(aes_cfb_128_decrypt) of
+ case is_crypto_supported(aes_cfb128) of
true ->
case snmp_conf:all_integer(PrivKey) of
true ->
@@ -2101,7 +2101,7 @@ verify_usm_user_priv(usmAesCfb128Protocol, PrivKey)
error({invalid_priv_key, usmAesCfb128Protocol})
end;
false ->
- error({unsupported_crypto, aes_cfb_128_decrypt})
+ error({unsupported_crypto, aes_cfb128})
end;
verify_usm_user_priv(usmAesCfb128Protocol, PrivKey) when is_list(PrivKey) ->
Len = length(PrivKey),
@@ -2111,13 +2111,10 @@ verify_usm_user_priv(usmAesCfb128Protocol, _PrivKey) ->
verify_usm_user_priv(PrivP, _PrivKey) ->
error({invalid_priv_protocol, PrivP}).
+
+-compile({inline, [{is_crypto_supported,1}]}).
is_crypto_supported(Func) ->
- %% The 'catch' handles the case when 'crypto' is
- %% not present in the system (or not started).
- case (catch lists:member(Func, crypto:info())) of
- true -> true;
- _ -> false
- end.
+ snmp_misc:is_crypto_supported(Func).
read_manager_config_file(Dir) ->
@@ -2879,11 +2876,11 @@ do_update_usm_user_info(Key,
#usm_user{auth = usmHMACMD5AuthProtocol} = User,
auth_key, Val)
when length(Val) =:= 16 ->
- case is_crypto_supported(md5_mac_96) of
+ case is_crypto_supported(md5) of
true ->
do_update_usm_user_info(Key, User#usm_user{auth_key = Val});
false ->
- {error, {unsupported_crypto, md5_mac_96}}
+ {error, {unsupported_crypto, md5}}
end;
do_update_usm_user_info(_Key,
#usm_user{auth = usmHMACMD5AuthProtocol},
@@ -2898,11 +2895,11 @@ do_update_usm_user_info(Key,
#usm_user{auth = usmHMACSHAAuthProtocol} = User,
auth_key, Val)
when length(Val) =:= 20 ->
- case is_crypto_supported(sha_mac_96) of
+ case is_crypto_supported(sha) of
true ->
do_update_usm_user_info(Key, User#usm_user{auth_key = Val});
false ->
- {error, {unsupported_crypto, sha_mac_96}}
+ {error, {unsupported_crypto, sha}}
end;
do_update_usm_user_info(_Key,
#usm_user{auth = usmHMACSHAAuthProtocol},
@@ -2933,21 +2930,21 @@ do_update_usm_user_info(Key,
#usm_user{priv = usmDESPrivProtocol} = User,
priv_key, Val)
when length(Val) =:= 16 ->
- case is_crypto_supported(des_cbc_decrypt) of
+ case is_crypto_supported(des_cbc) of
true ->
do_update_usm_user_info(Key, User#usm_user{priv_key = Val});
false ->
- {error, {unsupported_crypto, des_cbc_decrypt}}
+ {error, {unsupported_crypto, des_cbc}}
end;
do_update_usm_user_info(Key,
#usm_user{priv = usmAesCfb128Protocoll} = User,
priv_key, Val)
when length(Val) =:= 16 ->
- case is_crypto_supported(aes_cfb_128_decrypt) of
+ case is_crypto_supported(aes_cfb128) of
true ->
do_update_usm_user_info(Key, User#usm_user{priv_key = Val});
false ->
- {error, {unsupported_crypto, aes_cfb_128_decrypt}}
+ {error, {unsupported_crypto, aes_cfb128}}
end;
do_update_usm_user_info(_Key,
#usm_user{auth = usmHMACSHAAuthProtocol},
diff --git a/lib/snmp/src/misc/snmp_misc.erl b/lib/snmp/src/misc/snmp_misc.erl
index a061dcd97c..293b22991b 100644
--- a/lib/snmp/src/misc/snmp_misc.erl
+++ b/lib/snmp/src/misc/snmp_misc.erl
@@ -43,6 +43,7 @@
ip/1, ip/2,
is_auth/1,
is_BitString/1,
+ is_crypto_supported/1,
is_oid/1,
is_priv/1,
is_reportable/1,
@@ -117,13 +118,27 @@ now(sec) ->
(element(3,Now) div 1000000).
+is_crypto_supported(Alg) ->
+ %% The 'try catch' handles the case when 'crypto' is
+ %% not present in the system (or not started).
+ try
+ begin
+ Supported = crypto:supports(),
+ Hashs = proplists:get_value(hashs, Supported),
+ Ciphers = proplists:get_value(ciphers, Supported),
+ lists:member(Alg, Hashs ++ Ciphers)
+ end
+ catch
+ _:_ ->
+ false
+ end.
+
is_string([]) -> true;
is_string([Tkn | Str])
when is_integer(Tkn) andalso (Tkn >= 0) andalso (Tkn =< 255) ->
is_string(Str);
is_string(_) -> false.
-
is_oid([E1, E2| Rest])
when (length(Rest) =< 126) andalso (E1 *40 + E2 =< 255) ->
is_oid2(Rest);