Nmap Development mailing list archives

Re: nping fails to build on Mac OS X <10.6 because openssl is too old.

From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Mon, 10 Jan 2011 09:55:29 +0100

Hi Daniel,

Thank you for reporting this. Nping requires SHA-256 for its "Echo Mode"
protocol but, as you may know, it is possible to disable cryptographic
support using:

./configure --with-openssl=no

Unfortunately there is no way to have crypto support without SHA-256, so
users with OpenSSL<=0.97 will have to upgrade (0.9.8 has been around for
almost 6 years so I expect systems with 0.9.7 or less to be a tiny
fraction)

Anyway, I've added a check for EVP_sha256() that aborts compilation in
case of failure. I attach a new version of configure.ac. Could you
please give a try and let me know if it works?

Thank you and best regards,

Luis MartinGarcia.



On 01/10/2011 12:44 AM, Daniel Johnson wrote:

I maintain the nmap package for fink and after updating to 5.36TEST3 I've gotten reports from 10.5 users that it 
won't build. This is the failure in nping/Crypto.cc:

Crypto.cc: In static member function 'static int
Crypto::hmac_sha256(u8*, size_t, u8*, u8*, size_t)':
Crypto.cc:127: error: 'EVP_sha256' was not declared in this scope
Crypto.cc: In static member function 'static u8*
Crypto::deriveKey(const u8*, size_t, size_t*)':
Crypto.cc:262: error: 'EVP_sha256' was not declared in this scope
Crypto.cc:266: error: 'EVP_sha256' was not declared in this scope

Sure enough, EVP_sha256 is only available starting with openssl 0.9.8 and 10.5 only has 0.9.7. At the very least, 
nping/configure.ac should probably check for EVP_sha256 rather than just blindly trusting that the user's openssl is 
new enough.

I'm going to use fink's openssl100 to satisfy the dependency, but I thought it was worth bringing to your attention.

Daniel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: configure.ac
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nping fails to build on Mac OS X <10.6 because openssl is too old. Daniel Johnson (Jan 09)
- Re: nping fails to build on Mac OS X <10.6 because openssl is too old. Luis MartinGarcia. (Jan 10)
  - Re: nping fails to build on Mac OS X <10.6 because openssl is too old. Daniel Johnson (Jan 11)