Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure check for MD5_Init instead of DES_cbc_encrypt #1111

Closed
wants to merge 2 commits into from
Closed

Configure check for MD5_Init instead of DES_cbc_encrypt #1111

wants to merge 2 commits into from

Conversation

justsmth
Copy link

@justsmth justsmth commented Dec 8, 2023
edited
Loading

With this configure-script patch, tcpdump successfully builds and (with a few other small changes) tests pass using AWS-LC as the libcrypto.

  • Related PR for AWS-LC is here: #1351
  • AWS-LC doesn't have a DES_cbc_encrypt function, but it supports the ciphers required for ESP in the tests.
  • MD5_Init appears to be supported by other libcrypto implementations (e.g., OpenSSL and LibreSSL).

@infrastation
Copy link
Member

Thank you for bringing this up. The CMake leg of the build process tests for EVP_CIPHER_CTX_new() and EVP_DecryptInit_ex(), which are what print-esp.c uses. Perhaps it would make more sense to test for the same in the Autoconf leg.

Have you tried whether CMake tcpdump build works correctly with AWS-LC? (The simplest way to test for that should be running CMAKE=yes CRYPTO=yes ./build.sh and checking for Found CRYPTO in the output.)

@justsmth
Copy link
Author

Thank you for bringing this up. The CMake leg of the build process tests for EVP_CIPHER_CTX_new() and EVP_DecryptInit_ex(), which are what print-esp.c uses. Perhaps it would make more sense to test for the same in the Autoconf leg.

On line 894 (right after this) it does a check for EVP_CIPHER_CTX_new and EVP_DecryptInit_ex. So I think the DES_cbc_encrypt (or AES_cbc_encrypt) check can be removed. I'll update this PR.

Have you tried whether CMake tcpdump build works correctly with AWS-LC? (The simplest way to test for that should be running CMAKE=yes CRYPTO=yes ./build.sh and checking for Found CRYPTO in the output.)

Yeah, I was able to build/test tcpdump against AWS-LC with CMake. I first built/installed AWS-LC into a directory. Then set CMAKE_PREFIX_PATH to that directory when setting up the tcpdump build:

cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_PREFIX_PATH=/home/justsmth/tcpdump-testing/aws-lc-install/ -S /home/justsmth/tcpdump-testing/tcpdump -B /home/justsmth/tcpdump-testing/tcpdump-build

@justsmth justsmth changed the title Configure check for AES_cbc_encrypt instead of DES_cbc_encrypt Configure check for MD5_Init instead of DES_cbc_encrypt Dec 11, 2023
@justsmth
Copy link
Author

I checked in the code where HAVE_LIBCRYPTO is used and found that signature.c requires MD5_Init when HAVE_LIBCRYPTO is defined, this is also the case in print-tcp.c. So I switched this to checking for MD5_init.

@infrastation infrastation mentioned this pull request Apr 10, 2024
Draft
@justsmth
Copy link
Author

Resolving this in favor of a more recent/better proposal in #1174

@justsmth justsmth closed this Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
compiling
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@justsmth @infrastation