diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c index 03711f9fea7..966ba93974f 100644 --- a/crypto/cipher_extra/cipher_extra.c +++ b/crypto/cipher_extra/cipher_extra.c @@ -97,25 +97,26 @@ static const struct { {NID_rc4, "rc4", EVP_rc4}, }; -const EVP_CIPHER *EVP_get_cipherbynid(int nid) { - for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kCiphers); i++) { - if (kCiphers[i].nid == nid) { - return kCiphers[i].func(); - } - } - return NULL; -} +#define TCPDUMP_ALIASES_SIZE (3) +static const char * const TCPDUMP_ALIASES[TCPDUMP_ALIASES_SIZE][2] = { + {"3des", "des-ede3-cbc"}, + {"aes256", "aes-256-cbc"}, + {"aes128", "aes-128-cbc"} +}; const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { if (name == NULL) { return NULL; } - // This is not a name used by OpenSSL, but tcpdump registers it with + // These are not names used by OpenSSL, but tcpdump registers it with // |EVP_add_cipher_alias|. Our |EVP_add_cipher_alias| is a no-op, so we // support the name here. - if (OPENSSL_strcasecmp(name, "3des") == 0) { - name = "des-ede3-cbc"; + for(size_t i = 0; i < TCPDUMP_ALIASES_SIZE; i++) { + if (OPENSSL_strcasecmp(name, TCPDUMP_ALIASES[i][0]) == 0) { + name = TCPDUMP_ALIASES[i][1]; + break; + } } for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kCiphers); i++) { diff --git a/tests/ci/integration/run_tcpdump_integration.sh b/tests/ci/integration/run_tcpdump_integration.sh index 04b8c22fcbc..302213b4a73 100755 --- a/tests/ci/integration/run_tcpdump_integration.sh +++ b/tests/ci/integration/run_tcpdump_integration.sh @@ -3,6 +3,7 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 OR ISC # +set -ex source tests/ci/common_posix_setup.sh @@ -20,6 +21,7 @@ source tests/ci/common_posix_setup.sh # - AWS_LC_INSTALL_FOLDER # Assumes script is executed from the root of aws-lc directory +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" SCRATCH_FOLDER=${SYS_ROOT}/"TCPDUMP_SCRATCH" TCPDUMP_SRC_FOLDER="${SCRATCH_FOLDER}/tcpdump" TCPDUMP_INSTALL_FOLDER="${SCRATCH_FOLDER}/tcpdump-install" @@ -32,9 +34,12 @@ rm -rf "${SCRATCH_FOLDER:?}"/* pushd "${SCRATCH_FOLDER}" function tcpdump_build() { + git apply "${SCRIPT_DIR}/tcpdump_patch/aws-lc-tcpdump.patch" autoreconf -fi - ./configure --prefix="${TCPDUMP_INSTALL_FOLDER}" --with-openssl="${AWS_LC_INSTALL_FOLDER}" + ./configure --prefix="${TCPDUMP_INSTALL_FOLDER}" --with-crypto="${AWS_LC_INSTALL_FOLDER}" make -j "${NUM_CPU_THREADS}" + make install + ldd "${TCPDUMP_INSTALL_FOLDER}/bin/tcpdump" | grep "${AWS_LC_INSTALL_FOLDER}/lib/libcrypto.so" || exit 1 } function tcpdump_run_tests() { @@ -47,7 +52,8 @@ git clone https://github.com/the-tcpdump-group/tcpdump.git "${TCPDUMP_SRC_FOLDER mkdir -p "${AWS_LC_BUILD_FOLDER}" "${AWS_LC_INSTALL_FOLDER}" "${TCPDUMP_INSTALL_FOLDER}" ls -aws_lc_build "${SRC_ROOT}" "${AWS_LC_BUILD_FOLDER}" "${AWS_LC_INSTALL_FOLDER}" +aws_lc_build "${SRC_ROOT}" "${AWS_LC_BUILD_FOLDER}" "${AWS_LC_INSTALL_FOLDER}" -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=1 +export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:-}:${AWS_LC_INSTALL_FOLDER}/lib/" pushd "${TCPDUMP_SRC_FOLDER}" tcpdump_build @@ -55,3 +61,5 @@ tcpdump_run_tests popd popd + + diff --git a/tests/ci/integration/tcpdump_patch/aws-lc-tcpdump.patch b/tests/ci/integration/tcpdump_patch/aws-lc-tcpdump.patch new file mode 100644 index 00000000000..cb63f1c26ab --- /dev/null +++ b/tests/ci/integration/tcpdump_patch/aws-lc-tcpdump.patch @@ -0,0 +1,27 @@ +From b4cb0cb3e12575240a1cb6a081e9ec4376d64f42 Mon Sep 17 00:00:00 2001 +From: Justin W Smith <103147162+justsmth@users.noreply.github.com> +Date: Fri, 8 Dec 2023 09:42:38 -0500 +Subject: [PATCH] Configure check for AES_cbc_encrypt + +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 4e0dc2de..b215daf3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -868,8 +868,8 @@ if test "$want_libcrypto" != "no"; then + # + AC_CHECK_HEADER(openssl/crypto.h, + [ +- AC_CHECK_LIB(crypto, DES_cbc_encrypt) +- if test "$ac_cv_lib_crypto_DES_cbc_encrypt" = "yes"; then ++ AC_CHECK_LIB(crypto, AES_cbc_encrypt) ++ if test "$ac_cv_lib_crypto_AES_cbc_encrypt" = "yes"; then + AC_CHECK_HEADERS(openssl/evp.h) + # + # OK, then: +-- +2.39.2 (Apple Git-143) +