Bug 883425

Summary:	net-analyzer/net-snmp-5.9.3-r1: Cannot access SNMPv3 agents that use AES-192 or AES-256 encryption
Product:	Gentoo Linux	Reporter:	Michael Englehorn <michael>
Component:	Current packages	Assignee:	Gentoo Netmon project <netmon>
Status:	UNCONFIRMED ---
Severity:	enhancement	Keywords:	PATCH
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Ebuild patch to add the proposed package specific use flag. Metadata patch to add the proposed package specific use flag.

Description Michael Englehorn 2022-11-28 13:28:14 UTC

Upstream has a configure option, "--enable-blumenthal-aes", which enables the AES-192 and AES-256 algorithms. I believe this should be configurable via a package specific USE flag, since it is a draft feature.

From the upstream `./configure --help`: --enable-blumenthal-aes         Enable AES-192/AES-256 (Blumenthal draft)

Reproducible: Always

Steps to Reproduce:
1. Run `snmpwalk -v3` against an SNMP agent with AES-192 or AES-256 encryption

Actual Results:  
"Timeout: No Response from (ip address)"
or
"Invalid privacy protocol specified after -3x flag: AES-256-C" if you run snmpwalk with `-x AES-256-C` set, which does work when `--enable-blumenthal-aes` is added to `configure` at build time.

Expected Results:  
Normal output from snmpwalk.

`AES-256-C` specifies the Cisco implementation of AES-256, but it is enabled by upstream when enabling the Blumenthal draft implementation as well.

Comment 1 Michael Englehorn 2022-11-28 13:30:06 UTC

Created attachment 837967 [details, diff]
Ebuild patch to add the proposed package specific use flag.

Comment 2 Michael Englehorn 2022-11-28 13:33:33 UTC

Created attachment 837969 [details, diff]
Metadata patch to add the proposed package specific use flag.