Re: Verify AES support when Blumenthal draft is enabled
On Fri, 27 Apr 2018 23:00:57 -0700 Keith wrote: KM> > BVA> > https://sourceforge.net/p/net-snmp/code/merge-requests/14/. KM> > BVA> > [...] KM> Let me give this another go. I think the best solution is when KM> --with-openssl is processed that a variable like KM> "blumenthalcapable" be set based on whether the AES-related KM> functions and headers are available. This will also open it up KM> to other configuration checks that may need the same things. reviewed and merged. Thanks! -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Verify AES support when Blumenthal draft is enabled
On Fri, Apr 27, 2018, at 11:00 PM, Keith Mendoza wrote: > > > > Regardless, configure should be doing the right thing based on what > > is currently installed. > > > > BVA> Regarding your pull request: > > BVA> I'd like to avoid adding AC_CHECK_HEADERS() calls in > > BVA> config_project_with_enable because whether or not these > > BVA> succeed depend on the compiler flags (-I) and some compiler > > BVA> flags are only set at a later phase. > > > > I agree that header checks inside a feature check is undesirable. > > Keith, do you think you could come up with a patch that re-arranges > > configure checks that that the desired effect is achieved? > > Let me give this another go. I think the best solution is when --with- > openssl is processed that a variable like "blumenthalcapable" be set > based on whether the AES-related functions and headers are available. > This will also open it up to other configuration checks that may need > the same things. https://sourceforge.net/p/net-snmp/code/merge-requests/14/ has my proposed changes. > > > > > Robert > > > -- > Thanks, > Keith (pantherse) -- Thanks, Keith (pantherse) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Verify AES support when Blumenthal draft is enabled
On Fri, Apr 27, 2018, at 2:40 PM, Robert Story wrote: > On Wed, 25 Apr 2018 10:28:59 -0600 Bart wrote: > BVA> On 04/25/18 10:04, Keith Mendoza wrote: > BVA> > I have submitted a merge request to verify that when the > BVA> > --enable-blumenthal-aes is used in configure that it checks > BVA> > that OpenSSL's aes.h and evp.h are available. Merge request > BVA> > is at > BVA> > https://sourceforge.net/p/net-snmp/code/merge-requests/14/. > BVA> > [...] > BVA> > BVA> Hello Keith, > BVA> > BVA> Are you aware that running something like "brew upgrade > BVA> openssl" brings in a version of openssl on OS/X that is recent > BVA> enough for all Net-SNMP features? > > Regardless, configure should be doing the right thing based on what > is currently installed. > > BVA> Regarding your pull request: > BVA> I'd like to avoid adding AC_CHECK_HEADERS() calls in > BVA> config_project_with_enable because whether or not these > BVA> succeed depend on the compiler flags (-I) and some compiler > BVA> flags are only set at a later phase. > > I agree that header checks inside a feature check is undesirable. > Keith, do you think you could come up with a patch that re-arranges > configure checks that that the desired effect is achieved? Let me give this another go. I think the best solution is when --with-openssl is processed that a variable like "blumenthalcapable" be set based on whether the AES-related functions and headers are available. This will also open it up to other configuration checks that may need the same things. > > Robert -- Thanks, Keith (pantherse) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Verify AES support when Blumenthal draft is enabled
On Wed, 25 Apr 2018 10:53:35 -0700 Keith wrote: KM> I feel the best solution would be to remove the typecasts going KM> on inside sc_get_openssl_hashfn(). It seems to me that having KM> these typecasts there is triggering the implicit declaration of KM> EVP_sha512() that lead to the crash we both encountered. KM> However, I don't want testing the "best" solution to block 5.8 KM> release. The crash was caused by the darwin header defining things it shouldn't have. The configure fix is the way to go.. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Verify AES support when Blumenthal draft is enabled
On Wed, 25 Apr 2018 10:28:59 -0600 Bart wrote: BVA> On 04/25/18 10:04, Keith Mendoza wrote: BVA> > I have submitted a merge request to verify that when the BVA> > --enable-blumenthal-aes is used in configure that it checks BVA> > that OpenSSL's aes.h and evp.h are available. Merge request BVA> > is at BVA> > https://sourceforge.net/p/net-snmp/code/merge-requests/14/. BVA> > [...] BVA> BVA> Hello Keith, BVA> BVA> Are you aware that running something like "brew upgrade BVA> openssl" brings in a version of openssl on OS/X that is recent BVA> enough for all Net-SNMP features? Regardless, configure should be doing the right thing based on what is currently installed. BVA> Regarding your pull request: BVA> I'd like to avoid adding AC_CHECK_HEADERS() calls in BVA> config_project_with_enable because whether or not these BVA> succeed depend on the compiler flags (-I) and some compiler BVA> flags are only set at a later phase. I agree that header checks inside a feature check is undesirable. Keith, do you think you could come up with a patch that re-arranges configure checks that that the desired effect is achieved? Robert -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Verify AES support when Blumenthal draft is enabled
Bart, On Wed, Apr 25, 2018, at 9:28 AM, Bart Van Assche wrote: > On 04/25/18 10:04, Keith Mendoza wrote: > > Net-SNMP dev team, > > I have submitted a merge request to verify that when the > > --enable-blumenthal-aes is used in configure that it checks that OpenSSL's > > aes.h and evp.h are available. Merge request is at > > https://sourceforge.net/p/net-snmp/code/merge-requests/14/. This should > > fully resolve the following bugs: > > > > * #2859 Test case "T023snmpv3getMD5DES_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2859/) > > > > * #2855 Test case "T026snmpv3getSHAAES_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2855/) > > > > * #2854 Test case "T025snmpv3getSHADES_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2854/) > > > > * #2852 Test case "T024snmpv3getSHA1_simple" fails > > (https://sourceforge.net/p/net-snmp/bugs/2852/) > > > > This fix provides a partial fix for #2853 Test case > > "T024snmpv3getSHA512_simple" fails (#2853 Test case > > "T024snmpv3getSHA512_simple" fails). The rest of the fix is Bart's commit > > 3c104a. > > Hello Keith, > > Are you aware that running something like "brew upgrade openssl" brings > in a version of openssl on OS/X that is recent enough for all Net-SNMP > features? >From what I know OpenSSL is available through Homebrew or Macports--among >others. Apple doesn't seem to provide OpenSSL by themselves. So doing that >should upgrade openssl provided the package info for the package manager has >been done too. > Regarding your pull request: I'd like to avoid adding > AC_CHECK_HEADERS() calls in config_project_with_enable because whether > or not these succeed depend on the compiler flags (-I) and some compiler > flags are only set at a later phase. I agree that placing the AC_CHECK_HEADERS() where it is _not_ the best place for it as it assumes that --with-ssl always occurs before --enable-blumenthal-aes. I suspect that if the --with-ssl code is moved after that the AC_CHECK_HEADERS will always fail. I felt that placing it there would be a good starting point; and I figured someone with more experience with the codebase will tell me where it should go as a rule-of-thumb for the project. I feel the best solution would be to remove the typecasts going on inside sc_get_openssl_hashfn(). It seems to me that having these typecasts there is triggering the implicit declaration of EVP_sha512() that lead to the crash we both encountered. However, I don't want testing the "best" solution to block 5.8 release. > > Thanks, > > Bart. -- Thanks, Keith (pantherse) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Re: Verify AES support when Blumenthal draft is enabled
On 04/25/18 10:04, Keith Mendoza wrote: Net-SNMP dev team, I have submitted a merge request to verify that when the --enable-blumenthal-aes is used in configure that it checks that OpenSSL's aes.h and evp.h are available. Merge request is at https://sourceforge.net/p/net-snmp/code/merge-requests/14/. This should fully resolve the following bugs: * #2859 Test case "T023snmpv3getMD5DES_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2859/) * #2855 Test case "T026snmpv3getSHAAES_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2855/) * #2854 Test case "T025snmpv3getSHADES_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2854/) * #2852 Test case "T024snmpv3getSHA1_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2852/) This fix provides a partial fix for #2853 Test case "T024snmpv3getSHA512_simple" fails (#2853 Test case "T024snmpv3getSHA512_simple" fails). The rest of the fix is Bart's commit 3c104a. Hello Keith, Are you aware that running something like "brew upgrade openssl" brings in a version of openssl on OS/X that is recent enough for all Net-SNMP features? Regarding your pull request: I'd like to avoid adding AC_CHECK_HEADERS() calls in config_project_with_enable because whether or not these succeed depend on the compiler flags (-I) and some compiler flags are only set at a later phase. Thanks, Bart. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
Verify AES support when Blumenthal draft is enabled
Net-SNMP dev team, I have submitted a merge request to verify that when the --enable-blumenthal-aes is used in configure that it checks that OpenSSL's aes.h and evp.h are available. Merge request is at https://sourceforge.net/p/net-snmp/code/merge-requests/14/. This should fully resolve the following bugs: * #2859 Test case "T023snmpv3getMD5DES_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2859/) * #2855 Test case "T026snmpv3getSHAAES_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2855/) * #2854 Test case "T025snmpv3getSHADES_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2854/) * #2852 Test case "T024snmpv3getSHA1_simple" fails (https://sourceforge.net/p/net-snmp/bugs/2852/) This fix provides a partial fix for #2853 Test case "T024snmpv3getSHA512_simple" fails (#2853 Test case "T024snmpv3getSHA512_simple" fails). The rest of the fix is Bart's commit 3c104a. -- Thanks, Keith (pantherse) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
