[Pkg-net-snmp-devel] Bug#441948: net-snmp command line apps not built with AES support.
Brendan Simon
Brendan at BrendanSimon.com
Wed Sep 12 04:30:57 UTC 2007
Package: snmp
Version: 5.2.3-7
Severity: important
The net-snmp command line apps (eg. snmpget, etc) do not have support for AES compiled in.
This can easily be tested by running the following command.
$ snmpget -h 2>&1 | grep "\-x"
It reports:
-x PROTOCOL set privacy protocol (DES)
With AES support it should report:
-x PROTOCOL set privacy protocol (DES|AES)
I think I have tracked this down to the following line:
#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_AES_H) && defined(HAVE_AES_CFB128_ENCRYPT)
which appears in:
./win32/net-snmp/net-snmp-config.h
./debian/tmp/usr/include/net-snmp/net-snmp-config.h
./debian/libsnmp-dev/usr/include/net-snmp/net-snmp-config.h
./include/net-snmp/net-snmp-config.h
./acconfig.h
The problem is that HAVE_AES_CFB128_ENCRYPT is not defined.
I believe this is that configure is doing a run time test for AES_cfb128_encrypt but it is failing.
Symbols in libcrypto are as follows:
$ nm /usr/lib/libcrypto.a | grep -i aes_cfb
nm: ebcdic.o: no symbols
aes_cfb.o:
0000000000000420 T AES_cfb128_encrypt
0000000000000350 T AES_cfb1_encrypt
00000000000002f0 T AES_cfb8_encrypt
0000000000000000 T AES_cfbr_encrypt_block
nm: rand_win.o: no symbols
nm: rand_os2.o: no symbols
nm: rand_nw.o: no symbols
nm: e_idea.o: no symbols
nm: e_camellia.o: no symbols
nm: e_rc5.o: no symbols
nm: m_mdc2.o: no symbols
U AES_cfb128_encrypt
U AES_cfb1_encrypt
U AES_cfb8_encrypt
nm: v3_asid.o: no symbols
nm: v3_addr.o: no symbols
nm: e_gmp.o: no symbols
Is this a net-snmp or openssl configure or build problem ???
All security is going AES so this stuff really does matter.
I have compiled from Debian sources but have not been able to fix this yet. I am new to building Debian sources and can't workout how to compile without extracting the source code and patches over the top of my manual changes :-/
Cheers, Brendan.
NOTE: I have been using Lenny, as well as Etch, with the same results.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=UTF-8) (ignored: LC_ALL set to en_AU)
Versions of packages snmp depends on:
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii libsnmp9 5.2.3-7 NET SNMP (Simple Network Managemen
Versions of packages snmp recommends:
ii perl-modules 5.8.8-7 Core Perl modules
-- no debconf information
More information about the Pkg-net-snmp-devel
mailing list