Hi - is there a plan to enable the SNMP++ libs to be used on a FIPS enabled system?
It currently complains about the low level OpenSSL Api calls.
Thanks!
Hi,
can you copy-paste the errors/warnings here?
Kind regards,
Jochen
Hi Jochen
The error originates from the OpenSSL lib -
…\crypto\aes_msc.c OpenSSL internal error, assertion failed: Low level API call to cipher AES forbidden in FIPS model.
There is more information here - http://openssl.6102.n7.nabble.com/Low-Level-Digest-if-Fips-mode-td54983.html
It will mean updating the SNMP++ library to use OpenSSL EVP.
Many Thanks!
Hi,
we are already using the EVP functions for the hash functions, but not for encryption (AES).
I will have a look at it.
Kind regards,
Jochen
Great!!!
When you know more regarding amount of work/timing etc. if you can - please update.
Many thanks Jochen.
Hi,
I have changed the AES encryption functions to use the EVP interface. If you want to check this out before it is released, download the updated file from https://sa-ha.de/auth_priv.cpp
Kind regards,
Jochen
Many thanks for getting this done! Much Appreciated!!
Hi - There appears to be a buglet which causes issues with auth_priv.cpp PrivAES::encrypt() in 3.4.5. This now checks the size of out_buffer_len - which from what I can see has been passed size of zero. This then fails with a SNMPv3_USM_ENCRYPTION_ERROR.
USM_v3.cpp - sets buf2Length to zero in USM::generate_msg.
Hi,
you’re right. The buf2Length
should be initialized with MAX_SNMP_PACKET
. This will be fixed for the next release.
Thanks and regards,
Jochen
Thanks - that’s exactly what I did earlier today. I was hesitant to do that as the value of buf2Length has always been zero, but the check on size is new for the 3.4.5 release.
Thanks again!