Improve support for tcpdump; integ test

crypto/cipher_extra/cipher_extra.c

@@ -97,25 +97,26 @@ static const struct {
     {NID_rc4, "rc4", EVP_rc4},
 };
 
-const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
-  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kCiphers); i++) {
-    if (kCiphers[i].nid == nid) {
-      return kCiphers[i].func();
-    }
-  }
-  return NULL;
-}
+#define TCPDUMP_ALIASES_SIZE (3)
+static const char * const TCPDUMP_ALIASES[TCPDUMP_ALIASES_SIZE][2] = {
+    {"3des", "des-ede3-cbc"},
+    {"aes256", "aes-256-cbc"},
+    {"aes128", "aes-128-cbc"}
+};
 
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
   if (name == NULL) {
     return NULL;
   }
 
-  // This is not a name used by OpenSSL, but tcpdump registers it with
+  // These are not names used by OpenSSL, but tcpdump registers it with
   // |EVP_add_cipher_alias|. Our |EVP_add_cipher_alias| is a no-op, so we
   // support the name here.
-  if (OPENSSL_strcasecmp(name, "3des") == 0) {
-    name = "des-ede3-cbc";
+  for(size_t i = 0; i < TCPDUMP_ALIASES_SIZE; i++) {
+    if (OPENSSL_strcasecmp(name, TCPDUMP_ALIASES[i][0]) == 0) {
+      name = TCPDUMP_ALIASES[i][1];
+      break;
+    }
   }
 
   for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kCiphers); i++) {

tests/ci/integration/run_tcpdump_integration.sh

@@ -3,6 +3,7 @@
 # Copyright Amazon.com Inc. or its affiliates.  All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0 OR ISC
 #
+set -ex
 
 source tests/ci/common_posix_setup.sh
 
@@ -20,6 +21,7 @@ source tests/ci/common_posix_setup.sh
 #    - AWS_LC_INSTALL_FOLDER
 
 # Assumes script is executed from the root of aws-lc directory
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 SCRATCH_FOLDER=${SYS_ROOT}/"TCPDUMP_SCRATCH"
 TCPDUMP_SRC_FOLDER="${SCRATCH_FOLDER}/tcpdump"
 TCPDUMP_INSTALL_FOLDER="${SCRATCH_FOLDER}/tcpdump-install"
@@ -32,9 +34,12 @@ rm -rf "${SCRATCH_FOLDER:?}"/*
 pushd "${SCRATCH_FOLDER}"
 
 function tcpdump_build() {
+  git apply "${SCRIPT_DIR}/tcpdump_patch/aws-lc-tcpdump.patch"
   autoreconf -fi
-  ./configure --prefix="${TCPDUMP_INSTALL_FOLDER}" --with-openssl="${AWS_LC_INSTALL_FOLDER}"
+  ./configure --prefix="${TCPDUMP_INSTALL_FOLDER}" --with-crypto="${AWS_LC_INSTALL_FOLDER}"
   make -j "${NUM_CPU_THREADS}"
+  make install
+  ldd "${TCPDUMP_INSTALL_FOLDER}/bin/tcpdump" | grep "${AWS_LC_INSTALL_FOLDER}/lib/libcrypto.so" || exit 1
 }
 
 function tcpdump_run_tests() {
@@ -47,11 +52,14 @@ git clone https://github.com/the-tcpdump-group/tcpdump.git "${TCPDUMP_SRC_FOLDER
 mkdir -p "${AWS_LC_BUILD_FOLDER}" "${AWS_LC_INSTALL_FOLDER}" "${TCPDUMP_INSTALL_FOLDER}"
 ls
 
-aws_lc_build "${SRC_ROOT}" "${AWS_LC_BUILD_FOLDER}" "${AWS_LC_INSTALL_FOLDER}"
+aws_lc_build "${SRC_ROOT}" "${AWS_LC_BUILD_FOLDER}" "${AWS_LC_INSTALL_FOLDER}" -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=1
+export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:-}:${AWS_LC_INSTALL_FOLDER}/lib/"
 
 pushd "${TCPDUMP_SRC_FOLDER}"
 tcpdump_build
 tcpdump_run_tests
 popd
 
 popd
+
+

tests/ci/integration/tcpdump_patch/aws-lc-tcpdump.patch

@@ -0,0 +1,27 @@
+From b4cb0cb3e12575240a1cb6a081e9ec4376d64f42 Mon Sep 17 00:00:00 2001
+From: Justin W Smith <[email protected]>
+Date: Fri, 8 Dec 2023 09:42:38 -0500
+Subject: [PATCH] Configure check for AES_cbc_encrypt
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 4e0dc2de..b215daf3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -868,8 +868,8 @@ if test "$want_libcrypto" != "no"; then
+ 	#
+ 	AC_CHECK_HEADER(openssl/crypto.h,
+ 	[
+-		AC_CHECK_LIB(crypto, DES_cbc_encrypt)
+-		if test "$ac_cv_lib_crypto_DES_cbc_encrypt" = "yes"; then
++		AC_CHECK_LIB(crypto, AES_cbc_encrypt)
++		if test "$ac_cv_lib_crypto_AES_cbc_encrypt" = "yes"; then
+ 			AC_CHECK_HEADERS(openssl/evp.h)
+ 			#
+ 			# OK, then:
+-- 
+2.39.2 (Apple Git-143)
+