1 #ifdef BRCM_SNMP_MIB_SUPPORT
7 #include <net-snmp/net-snmp-config.h>
21 #if TIME_WITH_SYS_TIME
23 # include <sys/timeb.h>
25 # include <sys/time.h>
30 # include <sys/time.h>
35 #ifdef HAVE_NETINET_IN_H
36 #include <netinet/in.h>
43 #include <net-snmp/types.h>
44 #include <net-snmp/output_api.h>
45 #include <net-snmp/utilities.h>
47 #ifdef USE_INTERNAL_MD5
48 #include <net-snmp/library/md5.h>
50 #include <net-snmp/library/snmp_api.h>
51 #include <net-snmp/library/callback.h>
52 #include <net-snmp/library/snmp_secmod.h>
53 #include <net-snmp/library/snmpusm.h>
54 #include <net-snmp/library/keytools.h>
55 #include <net-snmp/library/scapi.h>
56 #include <net-snmp/library/mib.h>
57 #include <net-snmp/library/transform_oids.h>
60 #include <openssl/hmac.h>
61 #include <openssl/evp.h>
62 #include <openssl/rand.h>
63 #include <openssl/des.h>
65 #include <openssl/aes.h>
68 #ifdef STRUCT_DES_KS_STRUCT_HAS_WEAK_KEY
69 /* these are older names for newer structures that exist in openssl .9.7 */
70 #define DES_key_schedule des_key_schedule
71 #define DES_cblock des_cblock
72 #define DES_key_sched des_key_sched
73 #define DES_ncbc_encrypt des_ncbc_encrypt
74 #define DES_cbc_encrypt des_cbc_encrypt
78 #endif /* HAVE_OPENSSL */
82 #define QUITFUN(e, l) \
83 if (e != SNMPERR_SUCCESS) { \
84 rval = SNMPERR_SC_GENERAL_FAILURE; \
91 * sc_get_properlength(oid *hashtype, u_int hashtype_len):
93 * Given a hashing type ("hashtype" and its length hashtype_len), return
94 * the length of the hash result.
96 * Returns either the length or SNMPERR_GENERR for an unknown hashing type.
99 sc_get_properlength(const oid * hashtype, u_int hashtype_len)
103 * Determine transform type hash length.
105 if (ISTRANSFORM(hashtype, HMACMD5Auth)) {
106 return BYTESIZE(SNMP_TRANS_AUTHLEN_HMACMD5);
107 } else if (ISTRANSFORM(hashtype, HMACSHA1Auth)) {
108 return BYTESIZE(SNMP_TRANS_AUTHLEN_HMACSHA1);
110 return SNMPERR_GENERR;
114 /*******************************************************************-o-******
118 * SNMPERR_SUCCESS Success.
123 int rval = SNMPERR_SUCCESS;
126 #ifdef USE_INTERNAL_MD5
131 gettimeofday(&tv, (struct timezone *) 0);
133 srandom(tv.tv_sec ^ tv.tv_usec);
135 rval = SNMPERR_SC_NOT_CONFIGURED;
138 * XXX ogud: The only reason to do anything here with openssl is to
139 * * XXX ogud: seed random number generator
141 #endif /* ifndef USE_OPENSSL */
143 } /* end sc_init() */
145 /*******************************************************************-o-******
149 * *buf Pre-allocated buffer.
150 * *buflen Size of buffer.
153 * SNMPERR_SUCCESS Success.
156 sc_random(u_char * buf, size_t * buflen)
157 #if defined(USE_INTERNAL_MD5) || defined(USE_OPENSSL)
159 int rval = SNMPERR_SUCCESS;
160 #ifdef USE_INTERNAL_MD5
169 RAND_bytes(buf, *buflen); /* will never fail */
170 #else /* USE_INTERNAL_MD5 */
172 * fill the buffer with random integers. Note that random()
173 * is defined in config.h and may not be truly the random()
174 * system call if something better existed
176 rval = *buflen - *buflen % sizeof(rndval);
177 for (i = 0; i < rval; i += sizeof(rndval)) {
179 memcpy(ucp, &rndval, sizeof(rndval));
180 ucp += sizeof(rndval);
184 memcpy(ucp, &rndval, *buflen % sizeof(rndval));
186 rval = SNMPERR_SUCCESS;
187 #endif /* USE_OPENSSL */
190 } /* end sc_random() */
193 _SCAPI_NOT_CONFIGURED
195 /*******************************************************************-o-******
196 * sc_generate_keyed_hash
199 * authtype Type of authentication transform.
201 * *key Pointer to key (Kul) to use in keyed hash.
202 * keylen Length of key in bytes.
203 * *message Pointer to the message to hash.
204 * msglen Length of the message.
205 * *MAC Will be returned with allocated bytes containg hash.
206 * *maclen Length of the hash buffer in bytes; also indicates
207 * whether the MAC should be truncated.
210 * SNMPERR_SUCCESS Success.
211 * SNMPERR_GENERR All errs
214 * A hash of the first msglen bytes of message using a keyed hash defined
215 * by authtype is created and stored in MAC. MAC is ASSUMED to be a buffer
216 * of at least maclen bytes. If the length of the hash is greater than
217 * maclen, it is truncated to fit the buffer. If the length of the hash is
218 * less than maclen, maclen set to the number of hash bytes generated.
220 * ASSUMED that the number of hash bits is a multiple of 8.
223 sc_generate_keyed_hash(const oid * authtype, size_t authtypelen,
224 u_char * key, u_int keylen,
225 u_char * message, u_int msglen,
226 u_char * MAC, size_t * maclen)
227 #if defined(USE_INTERNAL_MD5) || defined(USE_OPENSSL)
229 int rval = SNMPERR_SUCCESS;
232 u_char buf[SNMP_MAXBUF_SMALL];
233 #if defined(USE_OPENSSL)
234 int buf_len = sizeof(buf);
239 #ifdef SNMP_TESTING_CODE
242 DEBUGMSG(("sc_generate_keyed_hash",
243 "sc_generate_keyed_hash(): key=0x"));
244 for (i = 0; i < keylen; i++)
245 DEBUGMSG(("sc_generate_keyed_hash", "%02x", key[i] & 0xff));
246 DEBUGMSG(("sc_generate_keyed_hash", " (%d)\n", keylen));
248 #endif /* SNMP_TESTING_CODE */
253 if (!authtype || !key || !message || !MAC || !maclen
254 || (keylen <= 0) || (msglen <= 0) || (*maclen <= 0)
255 || (authtypelen != USM_LENGTH_OID_TRANSFORM)) {
256 QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit);
259 properlength = sc_get_properlength(authtype, authtypelen);
260 if (properlength == SNMPERR_GENERR)
263 if (((int) keylen < properlength)) {
264 QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit);
268 * Determine transform type.
270 if (ISTRANSFORM(authtype, HMACMD5Auth))
271 HMAC(EVP_md5(), key, keylen, message, msglen, buf, &buf_len);
272 else if (ISTRANSFORM(authtype, HMACSHA1Auth))
273 HMAC(EVP_sha1(), key, keylen, message, msglen, buf, &buf_len);
275 QUITFUN(SNMPERR_GENERR, sc_generate_keyed_hash_quit);
277 if (buf_len != properlength) {
278 QUITFUN(rval, sc_generate_keyed_hash_quit);
280 if (*maclen > buf_len)
282 memcpy(MAC, buf, *maclen);
284 if ((int) *maclen > properlength)
285 *maclen = properlength;
286 if (MDsign(message, msglen, MAC, *maclen, key, keylen)) {
287 rval = SNMPERR_GENERR;
288 goto sc_generate_keyed_hash_quit;
290 #endif /* USE_OPENSSL */
292 #ifdef SNMP_TESTING_CODE
295 int len = binary_to_hex(MAC, *maclen, &s);
297 DEBUGMSGTL(("scapi", "Full v3 message hash: %s\n", s));
303 sc_generate_keyed_hash_quit:
304 SNMP_ZERO(buf, SNMP_MAXBUF_SMALL);
306 } /* end sc_generate_keyed_hash() */
309 _SCAPI_NOT_CONFIGURED
312 * sc_hash(): a generic wrapper around whatever hashing package we are using.
315 * hashtype - oid pointer to a hash type
316 * hashtypelen - length of oid pointer
317 * buf - u_char buffer to be hashed
318 * buf_len - integer length of buf data
319 * MAC_len - length of the passed MAC buffer size.
322 * MAC - pre-malloced space to store hash output.
323 * MAC_len - length of MAC output to the MAC buffer.
326 * SNMPERR_SUCCESS Success.
327 * SNMP_SC_GENERAL_FAILURE Any error.
330 sc_hash(const oid * hashtype, size_t hashtypelen, u_char * buf,
331 size_t buf_len, u_char * MAC, size_t * MAC_len)
332 #if defined(USE_INTERNAL_MD5) || defined(USE_OPENSSL)
335 int rval = SNMPERR_SUCCESS;
336 const EVP_MD *hashfn;
337 EVP_MD_CTX ctx, *cptr;
342 if (hashtype == NULL || hashtypelen < 0 || buf == NULL ||
343 buf_len < 0 || MAC == NULL || MAC_len == NULL ||
344 (int) (*MAC_len) < sc_get_properlength(hashtype, hashtypelen))
345 return (SNMPERR_GENERR);
349 * Determine transform type.
351 if (ISTRANSFORM(hashtype, HMACMD5Auth)) {
352 hashfn = (const EVP_MD *) EVP_md5();
353 } else if (ISTRANSFORM(hashtype, HMACSHA1Auth)) {
354 hashfn = (const EVP_MD *) EVP_sha1();
356 return (SNMPERR_GENERR);
359 /** initialize the pointer */
360 memset(&ctx, 0, sizeof(ctx));
363 EVP_DigestInit(cptr, hashfn);
365 /* this is needed if the runtime library is different than the compiled
366 library since the openssl versions are very different. */
367 if (SSLeay() < 0x907000) {
368 /* the old version of the struct was bigger and thus more
369 memory is needed. should be 152, but we use 256 for safety. */
371 EVP_DigestInit(cptr, hashfn);
373 EVP_MD_CTX_init(cptr);
374 EVP_DigestInit(cptr, hashfn);
379 EVP_DigestUpdate(cptr, buf, buf_len);
381 /** do the final pass */
383 EVP_DigestFinal(cptr, MAC, MAC_len);
385 if (SSLeay() < 0x907000) {
386 EVP_DigestFinal(cptr, MAC, MAC_len);
389 EVP_DigestFinal_ex(cptr, MAC, MAC_len);
390 EVP_MD_CTX_cleanup(cptr);
394 #else /* USE_INTERNAL_MD5 */
396 if (MDchecksum(buf, buf_len, MAC, *MAC_len)) {
397 return SNMPERR_GENERR;
401 return SNMPERR_SUCCESS;
403 #endif /* USE_OPENSSL */
405 #else /* !defined(USE_OPENSSL) && !defined(USE_INTERNAL_MD5) */
406 _SCAPI_NOT_CONFIGURED
407 #endif /* !defined(USE_OPENSSL) && !defined(USE_INTERNAL_MD5) */
408 /*******************************************************************-o-******
409 * sc_check_keyed_hash
412 * authtype Transform type of authentication hash.
413 * *key Key bits in a string of bytes.
414 * keylen Length of key in bytes.
415 * *message Message for which to check the hash.
416 * msglen Length of message.
418 * maclen Length of given hash; indicates truncation if it is
419 * shorter than the normal size of output for
420 * given hash transform.
422 * SNMPERR_SUCCESS Success.
423 * SNMP_SC_GENERAL_FAILURE Any error
426 * Check the hash given in MAC against the hash of message. If the length
427 * of MAC is less than the length of the transform hash output, only maclen
428 * bytes are compared. The length of MAC cannot be greater than the
429 * length of the hash transform output.
432 sc_check_keyed_hash(const oid * authtype, size_t authtypelen,
433 u_char * key, u_int keylen,
434 u_char * message, u_int msglen,
435 u_char * MAC, u_int maclen)
436 #if defined(USE_INTERNAL_MD5) || defined(USE_OPENSSL)
438 int rval = SNMPERR_SUCCESS;
439 size_t buf_len = SNMP_MAXBUF_SMALL;
441 u_char buf[SNMP_MAXBUF_SMALL];
445 #ifdef SNMP_TESTING_CODE
448 DEBUGMSG(("scapi", "sc_check_keyed_hash(): key=0x"));
449 for (i = 0; i < keylen; i++)
450 DEBUGMSG(("scapi", "%02x", key[i] & 0xff));
451 DEBUGMSG(("scapi", " (%d)\n", keylen));
453 #endif /* SNMP_TESTING_CODE */
458 if (!authtype || !key || !message || !MAC
459 || (keylen <= 0) || (msglen <= 0) || (maclen <= 0)
460 || (authtypelen != USM_LENGTH_OID_TRANSFORM)) {
461 QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
466 * Generate a full hash of the message, then compare
467 * the result with the given MAC which may shorter than
468 * the full hash length.
470 rval = sc_generate_keyed_hash(authtype, authtypelen,
472 message, msglen, buf, &buf_len);
473 QUITFUN(rval, sc_check_keyed_hash_quit);
475 if (maclen > msglen) {
476 QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
478 } else if (memcmp(buf, MAC, maclen) != 0) {
479 QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
483 sc_check_keyed_hash_quit:
484 SNMP_ZERO(buf, SNMP_MAXBUF_SMALL);
488 } /* end sc_check_keyed_hash() */
491 _SCAPI_NOT_CONFIGURED
492 #endif /* USE_INTERNAL_MD5 */
493 /*******************************************************************-o-******
497 * privtype Type of privacy cryptographic transform.
498 * *key Key bits for crypting.
499 * keylen Length of key (buffer) in bytes.
500 * *iv IV bits for crypting.
501 * ivlen Length of iv (buffer) in bytes.
502 * *plaintext Plaintext to crypt.
503 * ptlen Length of plaintext.
504 * *ciphertext Ciphertext to crypt.
505 * *ctlen Length of ciphertext.
508 * SNMPERR_SUCCESS Success.
509 * SNMPERR_SC_NOT_CONFIGURED Encryption is not supported.
510 * SNMPERR_SC_GENERAL_FAILURE Any other error
513 * Encrypt plaintext into ciphertext using key and iv.
515 * ctlen contains actual number of crypted bytes in ciphertext upon
519 sc_encrypt(const oid * privtype, size_t privtypelen,
520 u_char * key, u_int keylen,
521 u_char * iv, u_int ivlen,
522 u_char * plaintext, u_int ptlen,
523 u_char * ciphertext, size_t * ctlen)
524 #if defined(USE_OPENSSL)
526 int rval = SNMPERR_SUCCESS;
527 u_int properlength, properlength_iv;
528 u_char pad_block[128]; /* bigger than anything I need */
529 u_char my_iv[128]; /* ditto */
530 int pad, plast, pad_size;
532 DES_key_schedule key_sch;
534 DES_key_schedule key_sched_store;
535 DES_key_schedule *key_sch = &key_sched_store;
537 DES_cblock key_struct;
548 #if !defined(SCAPI_AUTHPRIV)
549 //snmp_log(LOG_ERR, "Encryption support not enabled.\n");
550 return SNMPERR_SC_NOT_CONFIGURED;
553 if (!privtype || !key || !iv || !plaintext || !ciphertext || !ctlen
554 || (keylen <= 0) || (ivlen <= 0) || (ptlen <= 0) || (*ctlen <= 0)
555 || (privtypelen != USM_LENGTH_OID_TRANSFORM)) {
556 QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
557 } else if (ptlen > *ctlen) {
558 QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
560 #ifdef SNMP_TESTING_CODE
562 size_t buf_len = 128, out_len = 0;
563 u_char *buf = (u_char *) malloc(buf_len);
566 if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
568 DEBUGMSGTL(("scapi", "encrypt: IV: %s/", buf));
570 DEBUGMSGTL(("scapi", "encrypt: IV: %s [TRUNCATED]/", buf));
573 if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
575 DEBUGMSG(("scapi", "%s\n", buf));
577 DEBUGMSG(("scapi", "%s [TRUNCATED]\n", buf));
580 if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
582 DEBUGMSGTL(("scapi", "encrypt: string: %s\n", buf));
584 DEBUGMSGTL(("scapi", "encrypt: string: %s [TRUNCATED]\n",
590 "encrypt: malloc fail for debug output\n"));
593 #endif /* SNMP_TESTING_CODE */
597 * Determine privacy transform.
599 if (ISTRANSFORM(privtype, DESPriv)) {
600 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES);
601 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV);
602 pad_size = properlength;
604 } else if (ISTRANSFORM(privtype, AES128Priv)) {
605 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_AES128);
606 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_AES128_IV);
607 } else if (ISTRANSFORM(privtype, AES192Priv)) {
608 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_AES192);
609 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_AES192_IV);
610 } else if (ISTRANSFORM(privtype, AES256Priv)) {
611 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_AES256);
612 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_AES256_IV);
615 QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
618 if ((keylen < properlength) || (ivlen < properlength_iv)) {
619 QUITFUN(SNMPERR_GENERR, sc_encrypt_quit);
622 memset(my_iv, 0, sizeof(my_iv));
624 if (ISTRANSFORM(privtype, DESPriv)) {
627 * now calculate the padding needed
629 pad = pad_size - (ptlen % pad_size);
630 plast = (int) ptlen - (pad_size - pad);
633 if (ptlen + pad > *ctlen) {
634 QUITFUN(SNMPERR_GENERR, sc_encrypt_quit); /* not enough space */
636 if (pad > 0) { /* copy data into pad block if needed */
637 memcpy(pad_block, plaintext + plast, pad_size - pad);
638 memset(&pad_block[pad_size - pad], pad, pad); /* filling in padblock */
641 memcpy(key_struct, key, sizeof(key_struct));
642 (void) DES_key_sched(&key_struct, key_sch);
644 memcpy(my_iv, iv, ivlen);
648 DES_ncbc_encrypt(plaintext, ciphertext, plast, key_sch,
649 (DES_cblock *) my_iv, DES_ENCRYPT);
652 * then encrypt the pad block
654 DES_ncbc_encrypt(pad_block, ciphertext + plast, pad_size,
655 key_sch, (DES_cblock *) my_iv, DES_ENCRYPT);
656 *ctlen = plast + pad_size;
662 else if (ISTRANSFORM(privtype, AES128Priv) ||
663 ISTRANSFORM(privtype, AES192Priv) ||
664 ISTRANSFORM(privtype, AES256Priv)) {
665 (void) AES_set_encrypt_key(key, properlength*8, &aes_key);
667 memcpy(my_iv, iv, ivlen);
671 AES_cfb128_encrypt(plaintext, ciphertext, ptlen,
672 &aes_key, my_iv, &new_ivlen, AES_ENCRYPT);
678 * clear memory just in case
680 memset(my_iv, 0, sizeof(my_iv));
681 memset(pad_block, 0, sizeof(pad_block));
682 memset(key_struct, 0, sizeof(key_struct));
684 memset(&key_sch, 0, sizeof(key_sch));
686 memset(&key_sched_store, 0, sizeof(key_sched_store));
689 memset(&aes_key,0,sizeof(aes_key));
693 } /* end sc_encrypt() */
697 # if USE_INTERNAL_MD5
699 //snmp_log(LOG_ERR, "Encryption support not enabled.\n");
700 DEBUGMSGTL(("scapi", "Encrypt function not defined.\n"));
701 return SNMPERR_SC_GENERAL_FAILURE;
705 _SCAPI_NOT_CONFIGURED
706 # endif /* USE_INTERNAL_MD5 */
712 /*******************************************************************-o-******
727 * SNMPERR_SUCCESS Success.
728 * SNMPERR_SC_NOT_CONFIGURED Encryption is not supported.
729 * SNMPERR_SC_GENERAL_FAILURE Any other error
732 * Decrypt ciphertext into plaintext using key and iv.
734 * ptlen contains actual number of plaintext bytes in plaintext upon
738 sc_decrypt(const oid * privtype, size_t privtypelen,
739 u_char * key, u_int keylen,
740 u_char * iv, u_int ivlen,
741 u_char * ciphertext, u_int ctlen,
742 u_char * plaintext, size_t * ptlen)
746 int rval = SNMPERR_SUCCESS;
749 DES_key_schedule key_sch;
751 DES_key_schedule key_sched_store;
752 DES_key_schedule *key_sch = &key_sched_store;
754 DES_cblock key_struct;
755 u_int properlength, properlength_iv;
763 if (!privtype || !key || !iv || !plaintext || !ciphertext || !ptlen
764 || (ctlen <= 0) || (*ptlen <= 0) || (*ptlen < ctlen)
765 || (privtypelen != USM_LENGTH_OID_TRANSFORM)) {
766 QUITFUN(SNMPERR_GENERR, sc_decrypt_quit);
768 #ifdef SNMP_TESTING_CODE
770 size_t buf_len = 128, out_len = 0;
771 u_char *buf = (u_char *) malloc(buf_len);
774 if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
776 DEBUGMSGTL(("scapi", "decrypt: IV: %s/", buf));
778 DEBUGMSGTL(("scapi", "decrypt: IV: %s [TRUNCATED]/", buf));
781 if (sprint_realloc_hexstring(&buf, &buf_len, &out_len, 1,
783 DEBUGMSG(("scapi", "%s\n", buf));
785 DEBUGMSG(("scapi", "%s\n", buf));
790 "decrypt: malloc fail for debug output\n"));
793 #endif /* SNMP_TESTING_CODE */
796 * Determine privacy transform.
798 if (ISTRANSFORM(privtype, DESPriv)) {
799 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES);
800 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES_IV);
802 } else if (ISTRANSFORM(privtype, AES128Priv)) {
803 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_AES128);
804 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_AES128_IV);
805 } else if (ISTRANSFORM(privtype, AES192Priv)) {
806 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_AES192);
807 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_AES192_IV);
808 } else if (ISTRANSFORM(privtype, AES256Priv)) {
809 properlength = BYTESIZE(SNMP_TRANS_PRIVLEN_AES256);
810 properlength_iv = BYTESIZE(SNMP_TRANS_PRIVLEN_AES256_IV);
813 QUITFUN(SNMPERR_GENERR, sc_decrypt_quit);
816 if ((keylen < properlength) || (ivlen < properlength_iv)) {
817 QUITFUN(SNMPERR_GENERR, sc_decrypt_quit);
820 memset(my_iv, 0, sizeof(my_iv));
821 if (ISTRANSFORM(privtype, DESPriv)) {
822 memcpy(key_struct, key, sizeof(key_struct));
823 (void) DES_key_sched(&key_struct, key_sch);
825 memcpy(my_iv, iv, ivlen);
826 DES_cbc_encrypt(ciphertext, plaintext, ctlen, key_sch,
827 (DES_cblock *) my_iv, DES_DECRYPT);
831 else if (ISTRANSFORM(privtype, AES128Priv) ||
832 ISTRANSFORM(privtype, AES192Priv) ||
833 ISTRANSFORM(privtype, AES256Priv)) {
834 (void) AES_set_encrypt_key(key, properlength*8, &aes_key);
836 memcpy(my_iv, iv, ivlen);
840 AES_cfb128_encrypt(ciphertext, plaintext, ctlen,
841 &aes_key, my_iv, &new_ivlen, AES_DECRYPT);
851 memset(&key_sch, 0, sizeof(key_sch));
853 memset(&key_sched_store, 0, sizeof(key_sched_store));
855 memset(key_struct, 0, sizeof(key_struct));
856 memset(my_iv, 0, sizeof(my_iv));
859 #else /* USE OPEN_SSL */
861 #if !defined(SCAPI_AUTHPRIV)
862 //snmp_log(LOG_ERR, "Encryption support not enabled.\n");
863 return SNMPERR_SC_NOT_CONFIGURED;
865 # if USE_INTERNAL_MD5
867 DEBUGMSGTL(("scapi", "Decryption function not defined.\n"));
868 return SNMPERR_SC_GENERAL_FAILURE;
872 _SCAPI_NOT_CONFIGURED
873 # endif /* USE_INTERNAL_MD5 */
876 #endif /* USE_OPENSSL */
878 #endif /* BRCM_SNMP_MIB_SUPPORT (snmpv3) */