Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing functionality + Adding Nmap to our CI #1915

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Missing functionality + Adding Nmap to our CI #1915

wants to merge 8 commits into from
+105 −0

Conversation

smittals2
Copy link
Contributor

Issues:

CryptoAlg-2552

Description of changes:

This PR adds Nmap tip of main to our CI. It includes:

  1. A patch to Nmap
  2. Adding an include for <errno.h> to <err.h>, OpenSSL does this but we previously did not
  3. Adding BIO_destroy_bio_pair (the functionality was already implemented, we are simply exposing that through a new func)
  4. Creating a new alias for "DES" in the EVP_CIPHER API. The "default" mode used in OpenSSL 1.1.1 and 3.1 with DES is CBC (link).

Testing:

Locally built and ran nmap tests with AWS-LC and verified they pass. Conducted a dry run with the extra included file to ensure it doesn't break any consumers in live (refer to CryptoAlg-2552 for the dryrun link).

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@smittals2 smittals2 requested a review from a team as a code owner October 11, 2024 01:02
@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.

Project coverage is 78.51%. Comparing base (c64ec41) to head (5708bc9).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
crypto/bio/pair.c 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1915   +/-   ##
=======================================
  Coverage   78.50%   78.51%           
=======================================
  Files         585      585           
  Lines       99682    99685    +3     
  Branches    14262    14271    +9     
=======================================
+ Hits        78260    78265    +5     
+ Misses      20786    20783    -3     
- Partials      636      637    +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

WillChilds-Klein
WillChilds-Klein reviewed Oct 14, 2024
View reviewed changes
tests/ci/integration/run_nmap_integration.sh
--exec-prefix="$NMAP_BUILD_EPREFIX" \
--with-openssl="$AWS_LC_INSTALL_FOLDER"

make -j install
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we add a ldd check to assert that nmap is linked against AWS-LC?

.github/workflows/integrations.yml
- name: Install OS Dependencies
run: |
sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
sudo apt-get -y --no-install-recommends install cmake gcc ninja-build golang make cairo libcario2 libcairo2-dev gir1.2-gtk-3.0 python3-gi gobject-introspection libgirepository1.0-dev
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we shouldn't need any of the graphics-related libraries here (cairo, gtk). some also don't appear to be available on ubuntu-latest. it looks like there's a --without-zenmap build configuration option to disable GUI stuff.

This option prevents the Zenmap graphical frontend from being installed. Normally the build system checks your system for requirements such as the Python scripting language and then installs Zenmap if they are all available.

you might be able to rip out the python dependency as well.

andrewhop
andrewhop reviewed Oct 14, 2024
View reviewed changes
crypto/bio/pair.c
Comment on lines +470 to +473
int BIO_destroy_bio_pair(BIO *b) {
bio_destroy_pair(b);
return 1;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not handling a null BIO.

crypto/cipher_extra/cipher_extra.c
@@ -106,6 +106,7 @@ static const struct {
const char* name;
} kCipherAliases[] = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What uses these aliases? Does adding DES here enable it to be used silently by default anywhere?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WillChilds-Klein WillChilds-Klein WillChilds-Klein left review comments

@andrewhop andrewhop andrewhop left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@smittals2 @codecov-commenter @WillChilds-Klein @andrewhop