From 0be093688013b90896f2db3204bb20e790d70149 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Mon, 27 Apr 2020 08:23:16 -0700
Subject: [PATCH] configure: Report supported authentication and encryption
 modes correctly

Commit 9e49de2e03b1 ("NEWS: snmplib: AES-192/AES-256 compatibility with SNMP
Research / CISCO") removed SHA-128 and SHA-192 support and added support for
SHA-224, SHA-256, SHA-384 and SHA-512. Commit 329a9d3c9d63 ("revamp auth/priv
protocol constants handling") added support for several AES encryption modes.
Make the configure script report which modes are supported.
---
 configure                   | 15 ++++++++++++++-
 configure.d/config_os_misc2 | 15 ++++++++++++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 46402589f..7481ebd07 100755
--- a/configure
+++ b/configure
@@ -26453,7 +26453,13 @@ $as_echo "#define NETSNMP_USE_INTERNAL_CRYPTO 1" >>confdefs.h
     { $as_echo "$as_me:${as_lineno-$LINENO}: result: Internal Crypto Support" >&5
 $as_echo "Internal Crypto Support" >&6; }
 elif test "x$useopenssl" != "xno" ; then
-    authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+    authmodes="MD5 SHA1"
+    if test "x$ac_cv_func_EVP_sha224" = xyes; then
+        authmodes="$authmodes SHA224 SHA256"
+    fi
+    if test "x$ac_cv_func_EVP_sha384" = xyes; then
+        authmodes="$authmodes SHA384 SHA512"
+    fi
     if test "x$enable_privacy" != "xno" ; then
         if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
             encrmodes="DES AES"
@@ -26492,6 +26498,13 @@ fi
 if test "x$enable_md5" = "xno"; then
     authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
 fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+   test "x$CRYPTO" = xinternal; then
+    encrmodes="$encrmodes AES128"
+    if test "x$aes_capable" = "xyes"; then
+        encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+    fi
+fi
 
 
 
diff --git a/configure.d/config_os_misc2 b/configure.d/config_os_misc2
index 1df9bf0a2..be0bccec0 100644
--- a/configure.d/config_os_misc2
+++ b/configure.d/config_os_misc2
@@ -53,7 +53,13 @@ if test "x$CRYPTO" = "xinternal" ; then
     AC_DEFINE(NETSNMP_USE_INTERNAL_CRYPTO, 1, "Define if internal cryptography code should be used")
     AC_MSG_RESULT(Internal Crypto Support)
 elif test "x$useopenssl" != "xno" ; then
-    authmodes="MD5 SHA1 SHA512 SHA384 SHA256 SHA192"
+    authmodes="MD5 SHA1"
+    if test "x$ac_cv_func_EVP_sha224" = xyes; then
+        authmodes="$authmodes SHA224 SHA256"
+    fi
+    if test "x$ac_cv_func_EVP_sha384" = xyes; then
+        authmodes="$authmodes SHA384 SHA512"
+    fi
     if test "x$enable_privacy" != "xno" ; then
         if test "x$ac_cv_header_openssl_aes_h" = "xyes" ; then
             encrmodes="DES AES"
@@ -86,6 +92,13 @@ fi
 if test "x$enable_md5" = "xno"; then
     authmodes=`echo $authmodes | $SED 's/MD5 *//;'`
 fi
+if test "x$ac_cv_func_AES_cfb128_encrypt" = xyes ||
+   test "x$CRYPTO" = xinternal; then
+    encrmodes="$encrmodes AES128"
+    if test "x$aes_capable" = "xyes"; then
+        encrmodes="$encrmodes AES192 AES192C AES256 AES256C"
+    fi
+fi
 AC_SUBST(LNETSNMPLIBS)
 AC_SUBST(LAGENTLIBS)
 

diff -urNp a/net-snmp-create-v3-user.in b/net-snmp-create-v3-user.in
--- a/net-snmp-create-v3-user.in	2020-06-15 12:59:05.117432700 +0200
+++ b/net-snmp-create-v3-user.in	2020-06-15 13:01:36.151905241 +0200
@@ -58,11 +58,11 @@ case $1 in
 	    exit 1
 	fi
         case $1 in
-            DES|AES|AES128)
+            DES|AES|AES128|AES192|AES256)
 	    Xalgorithm=$1
 	    shift
 	    ;;
-            des|aes|aes128)
+            des|aes|aes128|aes192|aes256)
 	    Xalgorithm=`echo $1 | tr a-z A-Z`
 	    shift
 	    ;;