#1398 Can't enable AES-256 option when build code on linux system

[Bang Hoang]

Hi all,
I have downloaded code net-snmp v5.8 on url http://www.net-snmp.org/download.html.
But I can't enable option AES when building for linux.
I added --enable-blumenthal-aes on command configure. But the Net-SNMP configuration summary shows that there are no AES-256 options enabled.
You can refer to my screenshot on attach file.
In addition, I tried get code on link : https://git.code.sf.net/p/net-snmp/code net-snmp-code
But it still has the same issue.

This's my full config:
./configure \
--prefix="/vobs/vs/thdparty/net-snmp-5.7.3/linux" \
--exec-prefix="/vobs/vs/thdparty/net-snmp-5.7.3/linux" \
--disable-agent \
--disable-debugging \
--disable-manuals \
--enable-shared \
--enable-ipv6 \
--without-rpm \
--enable-blumenthal-aes \
--with-cc=cc \
--with-linkcc=cc \
--with-cflags="-m32" \
--with-ldflags="-m32" \
--with-openssl="/vobs/vs/thdparty/Apache/openssl" \
--with-default-snmp-version="3" \
--with-security-modules="usm" \
--with-sys-contact="lvo@ndc.lucent.com" \
--with-sys-location="Unknown" \
--with-logfile="/var/log/snmpd.log" \
--with-persistent-directory="/var/net-snmp" \
2>&1 | tee conflog

Please tell me if you have any ideas on this issue !
Thanks !

[Bart Van Assche]

Please check the output of the configure script and also the config.log file, in particular the following:

checking openssl/aes.h usability... yes
checking openssl/aes.h presence... yes
checking for openssl/aes.h... yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes

AES-256 can only be enabled if the aes.h and evp.h header files are available.

[Bang Hoang]

Hi Bart Van Assche,
I checked and found that all as yes.
I checked the code in the configure file and found the flag is not available for AES-256
It's only for "DES AES"

[Bart Van Assche]

Checking the configure file is not sufficient. Please check the snmpwalk -h output. As one can see on my setup AES-256 is enabled:

$ ./apps/snmpwalk -h 2>&1 | grep privacy
  -x PROTOCOL           set privacy protocol (DES|AES|AES-192|AES-256)
  -X PASSPHRASE         set privacy protocol pass phrase

[Bang Hoang]

yes, i was able to use it.
I have more a question :)
I used these 2 oids:
*** / OIDs from http://www.snmp.com/eso/esoConsortiumMIB.txt /
oid usmAES192PrivProtocol[9] = { 1,3,6,1,4,1,14832,1,3 };
oid usmAES256PrivProtocol[9] = { 1,3,6,1,4,1,14832,1,4 };
and successfully checked on the MIMIC tool.
But when using these 2 oids, it is not successful:
*** / OIDs from CISCO MIB /
oid usmAES192CiscoPrivProtocol[11] = { 1,3,6,1,4,1,9,12,6,1,1 };
oid usmAES256CiscoPrivProtocol[11] = { 1,3,6,1,4,1,9,12,6,1,2 };
Please give me more advice!
Thanks !

[Bang Hoang]

anyway, Do you know which oid the mimic tool used for AES256 ?