[Pkg-net-snmp-devel] Bug#441948: net-snmp command line apps not built with AES support.

Brendan Simon Brendan at BrendanSimon.com
Wed Sep 12 04:30:57 UTC 2007 

Package: snmp
Version: 5.2.3-7
Severity: important


The net-snmp command line apps (eg. snmpget, etc) do not have support for AES compiled in.

This can easily be tested by running the following command.
    $ snmpget -h 2>&1 | grep "\-x"

It reports:
      -x PROTOCOL           set privacy protocol (DES)

With AES support it should report:
      -x PROTOCOL           set privacy protocol (DES|AES)

I think I have tracked this down to the following line:
    #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_AES_H) && defined(HAVE_AES_CFB128_ENCRYPT)
which appears in:
    ./win32/net-snmp/net-snmp-config.h
    ./debian/tmp/usr/include/net-snmp/net-snmp-config.h
    ./debian/libsnmp-dev/usr/include/net-snmp/net-snmp-config.h
    ./include/net-snmp/net-snmp-config.h
    ./acconfig.h

The problem is that HAVE_AES_CFB128_ENCRYPT is not defined.
I believe this is that configure is doing a run time test for AES_cfb128_encrypt but it is failing.

Symbols in libcrypto are as follows:
    $ nm /usr/lib/libcrypto.a | grep -i aes_cfb
    nm: ebcdic.o: no symbols
    aes_cfb.o:
    0000000000000420 T AES_cfb128_encrypt
    0000000000000350 T AES_cfb1_encrypt
    00000000000002f0 T AES_cfb8_encrypt
    0000000000000000 T AES_cfbr_encrypt_block
    nm: rand_win.o: no symbols
    nm: rand_os2.o: no symbols
    nm: rand_nw.o: no symbols
    nm: e_idea.o: no symbols
    nm: e_camellia.o: no symbols
    nm: e_rc5.o: no symbols
    nm: m_mdc2.o: no symbols
                     U AES_cfb128_encrypt
                     U AES_cfb1_encrypt
                     U AES_cfb8_encrypt
    nm: v3_asid.o: no symbols
    nm: v3_addr.o: no symbols
    nm: e_gmp.o: no symbols

Is this a net-snmp or openssl configure or build problem ???

All security is going AES so this stuff really does matter.

I have compiled from Debian sources but have not been able to fix this yet.  I am new to building Debian sources and can't workout how to compile without extracting the source code and patches over the top of my manual changes :-/

Cheers, Brendan.

NOTE: I have been using Lenny, as well as Etch, with the same results.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=UTF-8) (ignored: LC_ALL set to en_AU)

Versions of packages snmp depends on:
ii  libc6                  2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii  libsnmp9               5.2.3-7           NET SNMP (Simple Network Managemen

Versions of packages snmp recommends:
ii  perl-modules                  5.8.8-7    Core Perl modules

-- no debconf information

More information about the Pkg-net-snmp-devel mailing list