Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)

2018-05-03 Thread Keith Mendoza 
Dave,

On Thu, May 3, 2018, at 2:02 PM, Dave C wrote:
> Thanks, you solved my problem but with the path as /usr/local where I had
> installed openssl to.

Glad I could help. Since you said you were running Raspbian I assumed that you 
used the OpenSSL Debian packages which usually installs in /usr.

> 
> 
> I'll probably have to stick with  5.7.3 for production for now (on Pi
> Compute Module) but seeing as you did me a favour I thought I would give
> 5.8 pre3 a spin for you. Perhaps I'm the first as I just got the release
> notice this morning.
> 
> All worked fine no issues to report, basic tests of my AgentX daemon (still
> compiled against 5.7.3) works.

Appreciate the feedback. I know the dev team would like it to be tested on as 
many hardware/OS platforms as possible.

> 
> 
> ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl
> > --disable-perl-cc-checks --without-perl-modules --with-openssl=/usr/local
> 
> 
> 
> -
> > Net-SNMP configuration summary:
> > -
> >   SNMP Versions Supported:1 2c 3
> >   Building for:   linux
> >   Net-SNMP Version:   5.8.pre3
> >   Network transport support:  Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6
> > IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
> >   SNMPv3 Security Modules: usm
> >   Agent MIB code:default_modules =>  snmpv3mibs mibII ucd_snmp
> > notification notification-log-mib target agent_mibs agentx disman/event
> > disman/schedule utilities host
> >   MYSQL Trap Logging: unavailable
> >   Embedded Perl support:  disabled
> >   SNMP Perl modules:  disabled
> >   SNMP Python modules:disabled
> >   Crypto support from:crypto
> >   Authentication support: MD5 SHA1 SHA512 SHA384 SHA256 SHA192
> >   Encryption support: DES AES
> >   Local DNSSEC validation:disabled
> > -
> 
> 
> 
> root@raspberrypi:~# snmpd --version
> > NET-SNMP version:  5.8.pre3
> > Web:   http://www.net-snmp.org/
> > Email: net-snmp-coders@lists.sourceforge.net
> > root@raspberrypi:~# Hello from Pi-land
> 
> 
> 
> 
> 
> On Fri, May 4, 2018 at 1:17 AM, Keith Mendoza  wrote:
> 
> > Dave,
> > Try adding --with-openssl=/usr in the call to configure on your raspberry
> > pi. If you're brave you can also try 5.8pre3  from
> > https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/
> >
> > --
> > Thanks,
> > Keith (pantherse)
> >
> > On Wed, May 2, 2018, at 7:04 PM, Dave C wrote:
> > > I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4
> > > stretch.
> > >
> > > The default packages are OpenSSL 1.1.0f  25 May 2017, libssl-dev
> > > 1.1.0f-3+deb9u2.
> > >
> > > I configure net-snmp like so,
> > >
> > > ./configure --with-defaults --with-ldflags=-Bstatic
> > --disable-embedded-perl
> > > --disable-perl-cc-checks --without-perl-modules
> > >
> > > And get this config output..
> > >
> > > > -
> > > > Net-SNMP configuration summary:
> > > > -
> > > >   SNMP Versions Supported:1 2c 3
> > > >   Building for:   linux
> > > >   Net-SNMP Version:   5.7.3
> > > >   Network transport support:  Callback Unix Alias TCP UDP IPv4Base
> > > > SocketBase TCPBase UDPIPv4Base UDPBase
> > > >   SNMPv3 Security Modules: usm
> > > >   Agent MIB code:default_modules =>  snmpv3mibs mibII
> > ucd_snmp
> > > > notification notification-log-mib target agent_mibs agentx disman/event
> > > > disman/schedule utilities host
> > > >   MYSQL Trap Logging: unavailable
> > > >   Embedded Perl support:  disabled
> > > >   SNMP Perl modules:  disabled
> > > >   SNMP Python modules:disabled
> > > >   Crypto support from:crypto/ internal ??
> > > >   Authentication support: MD5 SHA1
> > > >   Encryption support: DES AES
> > > >   Local DNSSEC validation:disabled
> > >
> > >
> > > However make dies at this point.
> > >
> > > /bin/bash ../libtool  --mode=compile gcc -I../include -I.
> > > >  -I../snmplib  -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux  -c -o
> > > > keytools.lo keytools.c
> > > > libtool: compile:  gcc -I../include -I. -I../snmplib
> > -fno-strict-aliasing
> > > > -g -O2 -Ulinux -Dlinux=linux -c keytools.c  -fPIC -DPIC -o
> > .libs/keytools.o
> > > > keytools.c: In function 'generate_Ku':
> > > > keytools.c:155:25: error: dereferencing pointer to incomplete type
> > > > 'EVP_MD_CTX {aka struct evp_md_ctx_st}'
> > > >  ctx = malloc(sizeof(*ctx));
> > > >  ^~~~
> > > > keytools.c:265:9: warning: implicit declaration of function
> > > > 'EVP_MD_CTX_cleanup'

Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)

2018-05-03 Thread Dave C 
Thanks, you solved my problem but with the path as /usr/local where I had
installed openssl to.


I'll probably have to stick with  5.7.3 for production for now (on Pi
Compute Module) but seeing as you did me a favour I thought I would give
5.8 pre3 a spin for you. Perhaps I'm the first as I just got the release
notice this morning.

All worked fine no issues to report, basic tests of my AgentX daemon (still
compiled against 5.7.3) works.


./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl
> --disable-perl-cc-checks --without-perl-modules --with-openssl=/usr/local



-
> Net-SNMP configuration summary:
> -
>   SNMP Versions Supported:1 2c 3
>   Building for:   linux
>   Net-SNMP Version:   5.8.pre3
>   Network transport support:  Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6
> IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
>   SNMPv3 Security Modules: usm
>   Agent MIB code:default_modules =>  snmpv3mibs mibII ucd_snmp
> notification notification-log-mib target agent_mibs agentx disman/event
> disman/schedule utilities host
>   MYSQL Trap Logging: unavailable
>   Embedded Perl support:  disabled
>   SNMP Perl modules:  disabled
>   SNMP Python modules:disabled
>   Crypto support from:crypto
>   Authentication support: MD5 SHA1 SHA512 SHA384 SHA256 SHA192
>   Encryption support: DES AES
>   Local DNSSEC validation:disabled
> -



root@raspberrypi:~# snmpd --version
> NET-SNMP version:  5.8.pre3
> Web:   http://www.net-snmp.org/
> Email: net-snmp-coders@lists.sourceforge.net
> root@raspberrypi:~# Hello from Pi-land





On Fri, May 4, 2018 at 1:17 AM, Keith Mendoza  wrote:

> Dave,
> Try adding --with-openssl=/usr in the call to configure on your raspberry
> pi. If you're brave you can also try 5.8pre3  from
> https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/
>
> --
> Thanks,
> Keith (pantherse)
>
> On Wed, May 2, 2018, at 7:04 PM, Dave C wrote:
> > I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4
> > stretch.
> >
> > The default packages are OpenSSL 1.1.0f  25 May 2017, libssl-dev
> > 1.1.0f-3+deb9u2.
> >
> > I configure net-snmp like so,
> >
> > ./configure --with-defaults --with-ldflags=-Bstatic
> --disable-embedded-perl
> > --disable-perl-cc-checks --without-perl-modules
> >
> > And get this config output..
> >
> > > -
> > > Net-SNMP configuration summary:
> > > -
> > >   SNMP Versions Supported:1 2c 3
> > >   Building for:   linux
> > >   Net-SNMP Version:   5.7.3
> > >   Network transport support:  Callback Unix Alias TCP UDP IPv4Base
> > > SocketBase TCPBase UDPIPv4Base UDPBase
> > >   SNMPv3 Security Modules: usm
> > >   Agent MIB code:default_modules =>  snmpv3mibs mibII
> ucd_snmp
> > > notification notification-log-mib target agent_mibs agentx disman/event
> > > disman/schedule utilities host
> > >   MYSQL Trap Logging: unavailable
> > >   Embedded Perl support:  disabled
> > >   SNMP Perl modules:  disabled
> > >   SNMP Python modules:disabled
> > >   Crypto support from:crypto/ internal ??
> > >   Authentication support: MD5 SHA1
> > >   Encryption support: DES AES
> > >   Local DNSSEC validation:disabled
> >
> >
> > However make dies at this point.
> >
> > /bin/bash ../libtool  --mode=compile gcc -I../include -I.
> > >  -I../snmplib  -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux  -c -o
> > > keytools.lo keytools.c
> > > libtool: compile:  gcc -I../include -I. -I../snmplib
> -fno-strict-aliasing
> > > -g -O2 -Ulinux -Dlinux=linux -c keytools.c  -fPIC -DPIC -o
> .libs/keytools.o
> > > keytools.c: In function 'generate_Ku':
> > > keytools.c:155:25: error: dereferencing pointer to incomplete type
> > > 'EVP_MD_CTX {aka struct evp_md_ctx_st}'
> > >  ctx = malloc(sizeof(*ctx));
> > >  ^~~~
> > > keytools.c:265:9: warning: implicit declaration of function
> > > 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration]
> > >  EVP_MD_CTX_cleanup(ctx);
> > >  ^~
> > > Makefile:98: recipe for target 'keytools.lo' failed
> > > make[1]: *** [keytools.lo] Error 1
> > > make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib'
> > > Makefile:656: recipe for target 'subdirs' failed
> > > make: *** [subdirs] Error 1
> >
> >
> > So the first question is what's wrong with the above ?
> >
> >
> > I have an Ubuntu box where I build net-snmp fine with crypo, it runs
> > OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o
> >
> > apt-get

Re: Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)

2018-05-03 Thread Keith Mendoza 
Dave,
Try adding --with-openssl=/usr in the call to configure on your raspberry pi. 
If you're brave you can also try 5.8pre3  from 
https://sourceforge.net/projects/net-snmp/files/net-snmp/5.8-pre-releases/

-- 
Thanks,
Keith (pantherse)

On Wed, May 2, 2018, at 7:04 PM, Dave C wrote:
> I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4
> stretch.
> 
> The default packages are OpenSSL 1.1.0f  25 May 2017, libssl-dev
> 1.1.0f-3+deb9u2.
> 
> I configure net-snmp like so,
> 
> ./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl
> --disable-perl-cc-checks --without-perl-modules
> 
> And get this config output..
> 
> > -
> > Net-SNMP configuration summary:
> > -
> >   SNMP Versions Supported:1 2c 3
> >   Building for:   linux
> >   Net-SNMP Version:   5.7.3
> >   Network transport support:  Callback Unix Alias TCP UDP IPv4Base
> > SocketBase TCPBase UDPIPv4Base UDPBase
> >   SNMPv3 Security Modules: usm
> >   Agent MIB code:default_modules =>  snmpv3mibs mibII ucd_snmp
> > notification notification-log-mib target agent_mibs agentx disman/event
> > disman/schedule utilities host
> >   MYSQL Trap Logging: unavailable
> >   Embedded Perl support:  disabled
> >   SNMP Perl modules:  disabled
> >   SNMP Python modules:disabled
> >   Crypto support from:crypto/ internal ??
> >   Authentication support: MD5 SHA1
> >   Encryption support: DES AES
> >   Local DNSSEC validation:disabled
> 
> 
> However make dies at this point.
> 
> /bin/bash ../libtool  --mode=compile gcc -I../include -I.
> >  -I../snmplib  -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux  -c -o
> > keytools.lo keytools.c
> > libtool: compile:  gcc -I../include -I. -I../snmplib -fno-strict-aliasing
> > -g -O2 -Ulinux -Dlinux=linux -c keytools.c  -fPIC -DPIC -o .libs/keytools.o
> > keytools.c: In function 'generate_Ku':
> > keytools.c:155:25: error: dereferencing pointer to incomplete type
> > 'EVP_MD_CTX {aka struct evp_md_ctx_st}'
> >  ctx = malloc(sizeof(*ctx));
> >  ^~~~
> > keytools.c:265:9: warning: implicit declaration of function
> > 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration]
> >  EVP_MD_CTX_cleanup(ctx);
> >  ^~
> > Makefile:98: recipe for target 'keytools.lo' failed
> > make[1]: *** [keytools.lo] Error 1
> > make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib'
> > Makefile:656: recipe for target 'subdirs' failed
> > make: *** [subdirs] Error 1
> 
> 
> So the first question is what's wrong with the above ?
> 
> 
> I have an Ubuntu box where I build net-snmp fine with crypo, it runs
> OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o
> 
> apt-get remove openssl
> > apt-get remove libssl-dev
> > cd ~
> > wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
> > cd openssl...
> > ./config --prefix=/usr/local --openssldir=/usr/local/openssl shared
> > make
> > make install
> > ldconfig
> > ldd $(which openssl)
> > linux-vdso.so.1 (0x7ee91000)
> > /usr/lib/arm-linux-gnueabihf/libarmmem.so (0x76f09000)
> > libssl.so.1.0.0 => /usr/local/lib/libssl.so.1.0.0 (0x76ea4000)
> > libcrypto.so.1.0.0 => /usr/local/lib/libcrypto.so.1.0.0
> > (0x76d17000)
> > libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0x76d04000)
> > libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0x76bc5000)
> > /lib/ld-linux-armhf.so.3 (0x76f1f000)
> >
> 
> Everything seems fine but now the configuration summary shows only "Crypto
> support from: Internal"
> 
> I looked at the configure script to see how it tests for OpenSSL support
> and replicated that
> 
> #include 
> > char EVP_md5 ();
> > int main(int argc, char *argv[]) {
> >   return EVP_md5 ();
> >   ;
> >   return 0;
> > }
> 
> 
> When I build that I get the following error showing that the EVP_md5 is
> accessible and the crypto library is installed.
> 
> # gcc t.c -lcrypto
> > t.c:3:6: error: conflicting types for ‘EVP_md5’
> >  char EVP_md5 ();
> >   ^~~
> > In file included from /usr/local/include/openssl/x509.h:73:0,
> >  from /usr/local/include/openssl/ssl.h:156,
> >  from t.c:1:
> > /usr/local/include/openssl/evp.h:716:15: note: previous declaration of
> > ‘EVP_md5’ was here
> >  const EVP_MD *EVP_md5(void);
> >^~~
> 
> 
> 
> I'm not sure if that's the exact test that the configure script is doing
> but it's just not detecting
> 
> I hacked the configure script to force CRYPTO="crypto" but then compilation
> fails elsewhere so I assume I actually have installed OpenSSL incorrectly.
> 
> But ether-way I would prefer to fix the first problem above and link
> to  libssl-dev
> 1.1.0f
> 
> Thanks
>

Problem with Crypto - OpenSSL 1.1.0f - Linux 9.4 (stretch)

2018-05-02 Thread Dave C 
I'm trying to build net-snmp-5.7.3 on a raspbery pi running Raspbian 9.4
stretch.

The default packages are OpenSSL 1.1.0f  25 May 2017, libssl-dev
1.1.0f-3+deb9u2.

I configure net-snmp like so,

./configure --with-defaults --with-ldflags=-Bstatic --disable-embedded-perl
--disable-perl-cc-checks --without-perl-modules

And get this config output..

> -
> Net-SNMP configuration summary:
> -
>   SNMP Versions Supported:1 2c 3
>   Building for:   linux
>   Net-SNMP Version:   5.7.3
>   Network transport support:  Callback Unix Alias TCP UDP IPv4Base
> SocketBase TCPBase UDPIPv4Base UDPBase
>   SNMPv3 Security Modules: usm
>   Agent MIB code:default_modules =>  snmpv3mibs mibII ucd_snmp
> notification notification-log-mib target agent_mibs agentx disman/event
> disman/schedule utilities host
>   MYSQL Trap Logging: unavailable
>   Embedded Perl support:  disabled
>   SNMP Perl modules:  disabled
>   SNMP Python modules:disabled
>   Crypto support from:crypto/ internal ??
>   Authentication support: MD5 SHA1
>   Encryption support: DES AES
>   Local DNSSEC validation:disabled


However make dies at this point.

/bin/bash ../libtool  --mode=compile gcc -I../include -I.
>  -I../snmplib  -fno-strict-aliasing -g -O2 -Ulinux -Dlinux=linux  -c -o
> keytools.lo keytools.c
> libtool: compile:  gcc -I../include -I. -I../snmplib -fno-strict-aliasing
> -g -O2 -Ulinux -Dlinux=linux -c keytools.c  -fPIC -DPIC -o .libs/keytools.o
> keytools.c: In function 'generate_Ku':
> keytools.c:155:25: error: dereferencing pointer to incomplete type
> 'EVP_MD_CTX {aka struct evp_md_ctx_st}'
>  ctx = malloc(sizeof(*ctx));
>  ^~~~
> keytools.c:265:9: warning: implicit declaration of function
> 'EVP_MD_CTX_cleanup' [-Wimplicit-function-declaration]
>  EVP_MD_CTX_cleanup(ctx);
>  ^~
> Makefile:98: recipe for target 'keytools.lo' failed
> make[1]: *** [keytools.lo] Error 1
> make[1]: Leaving directory '/root/net-snmp-5.7.3/snmplib'
> Makefile:656: recipe for target 'subdirs' failed
> make: *** [subdirs] Error 1


So the first question is what's wrong with the above ?


I have an Ubuntu box where I build net-snmp fine with crypo, it runs
OpenSSL 1.0.2g so I downgraded the Raspbery PI to 1.0.2o

apt-get remove openssl
> apt-get remove libssl-dev
> cd ~
> wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
> cd openssl...
> ./config --prefix=/usr/local --openssldir=/usr/local/openssl shared
> make
> make install
> ldconfig
> ldd $(which openssl)
> linux-vdso.so.1 (0x7ee91000)
> /usr/lib/arm-linux-gnueabihf/libarmmem.so (0x76f09000)
> libssl.so.1.0.0 => /usr/local/lib/libssl.so.1.0.0 (0x76ea4000)
> libcrypto.so.1.0.0 => /usr/local/lib/libcrypto.so.1.0.0
> (0x76d17000)
> libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0x76d04000)
> libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0x76bc5000)
> /lib/ld-linux-armhf.so.3 (0x76f1f000)
>

Everything seems fine but now the configuration summary shows only "Crypto
support from: Internal"

I looked at the configure script to see how it tests for OpenSSL support
and replicated that

#include 
> char EVP_md5 ();
> int main(int argc, char *argv[]) {
>   return EVP_md5 ();
>   ;
>   return 0;
> }


When I build that I get the following error showing that the EVP_md5 is
accessible and the crypto library is installed.

# gcc t.c -lcrypto
> t.c:3:6: error: conflicting types for ‘EVP_md5’
>  char EVP_md5 ();
>   ^~~
> In file included from /usr/local/include/openssl/x509.h:73:0,
>  from /usr/local/include/openssl/ssl.h:156,
>  from t.c:1:
> /usr/local/include/openssl/evp.h:716:15: note: previous declaration of
> ‘EVP_md5’ was here
>  const EVP_MD *EVP_md5(void);
>^~~



I'm not sure if that's the exact test that the configure script is doing
but it's just not detecting

I hacked the configure script to force CRYPTO="crypto" but then compilation
fails elsewhere so I assume I actually have installed OpenSSL incorrectly.

But ether-way I would prefer to fix the first problem above and link
to  libssl-dev
1.1.0f

Thanks
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders