rpms/net-snmp
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add support for digests detected from ECC certificates

Browse Source
This commit is contained in:
Josef Řídký 2021-01-28 12:46:06 +01:00
parent f532a181bf
commit 9fa55abb4b
2 changed files with 104 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
net-snmp-5.9-ECC-cert.patch Normal file
View File

@ -0,0 +1,98 @@
From a1968db524e087a36a19a351b89bf6f1633819aa Mon Sep 17 00:00:00 2001
From: minfrin <minfrin@users.noreply.github.com>
Date: Tue, 5 Jan 2021 23:17:14 +0000
Subject: [PATCH] Add support for digests detected from ECC certificates
Previously, the digest could be detected on RSA certificates only. This
patch adds detection for ECC certificates.
[ bvanassche: changed _htmap2 into a two-dimensional array and renamed _htmap2
back to _htmap ]
---
snmplib/snmp_openssl.c | 60 +++++++++++++++++++++++++++++++++++-------
1 file changed, 50 insertions(+), 10 deletions(-)
diff --git a/snmplib/snmp_openssl.c b/snmplib/snmp_openssl.c
index c092a007a..432cb5c27 100644
--- a/snmplib/snmp_openssl.c
+++ b/snmplib/snmp_openssl.c
@@ -521,18 +521,54 @@ netsnmp_openssl_cert_dump_extensions(X509 *ocert)
}
}
-static int _htmap[NS_HASH_MAX + 1] = {
- 0, NID_md5WithRSAEncryption, NID_sha1WithRSAEncryption,
- NID_sha224WithRSAEncryption, NID_sha256WithRSAEncryption,
- NID_sha384WithRSAEncryption, NID_sha512WithRSAEncryption };
+static const struct {
+ uint16_t nid;
+ uint16_t ht;
+} _htmap[] = {
+ { 0, NS_HASH_NONE },
+#ifdef NID_md5WithRSAEncryption
+ { NID_md5WithRSAEncryption, NS_HASH_MD5 },
+#endif
+#ifdef NID_sha1WithRSAEncryption
+ { NID_sha1WithRSAEncryption, NS_HASH_SHA1 },
+#endif
+#ifdef NID_ecdsa_with_SHA1
+ { NID_ecdsa_with_SHA1, NS_HASH_SHA1 },
+#endif
+#ifdef NID_sha224WithRSAEncryption
+ { NID_sha224WithRSAEncryption, NS_HASH_SHA224 },
+#endif
+#ifdef NID_ecdsa_with_SHA224
+ { NID_ecdsa_with_SHA224, NS_HASH_SHA224 },
+#endif
+#ifdef NID_sha256WithRSAEncryption
+ { NID_sha256WithRSAEncryption, NS_HASH_SHA256 },
+#endif
+#ifdef NID_ecdsa_with_SHA256
+ { NID_ecdsa_with_SHA256, NS_HASH_SHA256 },
+#endif
+#ifdef NID_sha384WithRSAEncryption
+ { NID_sha384WithRSAEncryption, NS_HASH_SHA384 },
+#endif
+#ifdef NID_ecdsa_with_SHA384
+ { NID_ecdsa_with_SHA384, NS_HASH_SHA384 },
+#endif
+#ifdef NID_sha512WithRSAEncryption
+ { NID_sha512WithRSAEncryption, NS_HASH_SHA512 },
+#endif
+#ifdef NID_ecdsa_with_SHA512
+ { NID_ecdsa_with_SHA512, NS_HASH_SHA512 },
+#endif
+};
int
_nid2ht(int nid)
{
int i;
- for (i=1; i<= NS_HASH_MAX; ++i) {
- if (nid == _htmap[i])
- return i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].nid == nid)
+ return _htmap[i].ht;
}
return 0;
}
@@ -541,9 +577,13 @@ _nid2ht(int nid)
int
_ht2nid(int ht)
{
- if ((ht < 0) || (ht > NS_HASH_MAX))
- return 0;
- return _htmap[ht];
+ int i;
+
+ for (i = 0; i < sizeof(_htmap) / sizeof(_htmap[0]); i++) {
+ if (_htmap[i].ht == ht)
+ return _htmap[i].nid;
+ }
+ return 0;
}
#endif /* NETSNMP_FEATURE_REMOVE_OPENSSL_HT2NID */

7
net-snmp.spec
View File

@ -10,7 +10,7 @@
Summary: A collection of SNMP protocol tools and libraries Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp Name: net-snmp
Version: 5.9 Version: 5.9
Release: 5%{?dist} Release: 6%{?dist}
Epoch: 1 Epoch: 1
License: BSD License: BSD
@ -53,6 +53,7 @@ Patch23: net-snmp-5.9-available-memory.patch
Patch24: net-snmp-5.8-asn-parse-nlength.patch Patch24: net-snmp-5.8-asn-parse-nlength.patch
Patch25: net-snmp-5.8-clientaddr-error-message.patch Patch25: net-snmp-5.8-clientaddr-error-message.patch
Patch26: net-snmp-5.8-empty-passphrase.patch Patch26: net-snmp-5.8-empty-passphrase.patch
Patch27: net-snmp-5.9-ECC-cert.patch
# Modern RPM API means at least EL6 # Modern RPM API means at least EL6
Patch101: net-snmp-5.8-modern-rpm-api.patch Patch101: net-snmp-5.8-modern-rpm-api.patch
@ -230,6 +231,7 @@ cp %{SOURCE10} .
%patch24 -p1 -b .asn-parse-nlength %patch24 -p1 -b .asn-parse-nlength
%patch25 -p1 -b .clientaddr-error-message %patch25 -p1 -b .clientaddr-error-message
%patch26 -p1 -b .empty-passphrase %patch26 -p1 -b .empty-passphrase
%patch27 -p1 -b .ECC-cert
%patch101 -p1 -b .modern-rpm-api %patch101 -p1 -b .modern-rpm-api
%patch102 -p1 %patch102 -p1
@ -497,6 +499,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test
%{_libdir}/libnetsnmptrapd*.so.%{soname}* %{_libdir}/libnetsnmptrapd*.so.%{soname}*
%changelog %changelog
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 1:5.9-6
- add support for digests detected from ECC certificates
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:5.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild