diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c index d116339dd1f40..0cf3fa4150f9a 100644 --- a/ext/snmp/snmp.c +++ b/ext/snmp/snmp.c @@ -1071,13 +1071,47 @@ static ZEND_ATTRIBUTE_NONNULL bool snmp_session_set_sec_protocol(struct snmp_ses s->securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN; return true; } + +# ifdef NETSNMP_DRAFT_BLUMENTHAL_AES_04 + if (zend_string_equals_literal_ci(prot, "AES192")) { + s->securityPrivProto = usmAES192PrivProtocol; + s->securityPrivProtoLen = OID_LENGTH(usmAES192PrivProtocol); + return true; + } + + if (zend_string_equals_literal_ci(prot, "AES256")) { + s->securityPrivProto = usmAES256PrivProtocol; + s->securityPrivProtoLen = OID_LENGTH(usmAES256PrivProtocol); + return true; + } + + if (zend_string_equals_literal_ci(prot, "AES192C")) { + s->securityPrivProto = usmAES192CiscoPrivProtocol; + s->securityPrivProtoLen = OID_LENGTH(usmAES192CiscoPrivProtocol); + return true; + } + + if (zend_string_equals_literal_ci(prot, "AES256C")) { + s->securityPrivProto = usmAES256CiscoPrivProtocol; + s->securityPrivProtoLen = OID_LENGTH(usmAES256CiscoPrivProtocol); + return true; + } +# endif #endif #ifdef HAVE_AES -# ifndef NETSNMP_DISABLE_DES - zend_value_error("Security protocol must be one of \"DES\", \"AES128\", or \"AES\""); +# ifdef NETSNMP_DRAFT_BLUMENTHAL_AES_04 +# ifndef NETSNMP_DISABLE_DES + zend_value_error("Security protocol must be one of \"AES256\", \"AES256C\", \"AES192\", \"AES192C\", \"AES128\", \"AES\", or \"DES\""); +# else + zend_value_error("Security protocol must be one of \"AES256\", \"AES256C\", \"AES192\", \"AES192C\", \"AES128\", or \"AES\""); +# endif # else +# ifndef NETSNMP_DISABLE_DES + zend_value_error("Security protocol must be one of \"AES128\", \"AES\", or \"DES\""); +# else zend_value_error("Security protocol must be one of \"AES128\", or \"AES\""); +# endif # endif #else # ifndef NETSNMP_DISABLE_DES diff --git a/ext/snmp/tests/snmp-object-setSecurity_error.phpt b/ext/snmp/tests/snmp-object-setSecurity_error.phpt index cf4f928837773..566c0fb4192ab 100644 --- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt +++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt @@ -68,8 +68,8 @@ bool(false) Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase 'te': Generic error (The supplied password length is too short.) in %s on line %d bool(false) -Security protocol must be one of "DES", "AES128", or "AES" -Security protocol must be one of "DES", "AES128", or "AES" +Security protocol must be one of %s +Security protocol must be one of %s Warning: SNMP::setSecurity(): Error generating a key for privacy pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d bool(false) diff --git a/ext/snmp/tests/snmp3-error.phpt b/ext/snmp/tests/snmp3-error.phpt index 27cba5b484168..fbe7f500455d0 100644 --- a/ext/snmp/tests/snmp3-error.phpt +++ b/ext/snmp/tests/snmp3-error.phpt @@ -68,7 +68,7 @@ bool(false) Warning: snmp3_get(): Error generating a key for authentication pass phrase 'te': Generic error (The supplied password length is too short.) in %s on line %d bool(false) -Security protocol must be one of "DES", "AES128", or "AES" +Security protocol must be one of %s Warning: snmp3_get(): Error generating a key for privacy pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d bool(false)