diff --git a/.github/workflows/clang.yml b/.github/workflows/clang.yml new file mode 100644 index 0000000..9ebe978 --- /dev/null +++ b/.github/workflows/clang.yml @@ -0,0 +1,24 @@ +name: Clang CI + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - name: Install dependencies + run: | + sudo apt install clang autoconf libpcap-dev libssl-dev + - name: autogen + run: ./autogen.sh + - name: configure + run: ./configure CC=/usr/bin/clang + - name: make + run: make diff --git a/.github/workflows/ccpp.yml b/.github/workflows/gcc.yml similarity index 87% rename from .github/workflows/ccpp.yml rename to .github/workflows/gcc.yml index eca5575..44a6f3a 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/gcc.yml @@ -1,4 +1,4 @@ -name: C/C++ CI +name: GCC CI on: push: @@ -19,6 +19,6 @@ jobs: - name: autogen run: ./autogen.sh - name: configure - run: ./configure + run: ./configure CC=/usr/bin/gcc - name: make run: make diff --git a/.gitignore b/.gitignore index f3a297a..1f30374 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,8 @@ common/lib/Makefile.in compile config.h config.h.in +config.guess +config.sub configure depcomp install-sh diff --git a/Makefile.am b/Makefile.am index 6271315..df72dfa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,25 +5,28 @@ ssldump_SOURCES = \ base/pcap-snoop.c\ base/network.c\ base/proto_mod.c\ - base/common.c\ ssl/ssl_analyze.c\ null/null_analyze.c\ + common/lib/r_data.c\ + common/lib/r_assoc.c\ common/lib/r_errors.c\ + common/lib/debug.c\ base/tcppack.c\ base/tcpconn.c\ ssl/ssldecode.c\ ssl/sslprint.c\ ssl/ssl.enums.c\ ssl/sslxprint.c\ - ssl/ciphersuites.c + ssl/ciphersuites.c\ + ssl/ssl_rec.c ssldump_CPPFLAGS = \ -I$(top_srcdir)\ -I$(top_srcdir)/common/include\ + -I$(top_srcdir)/common/lib\ -I$(top_srcdir)/null\ -I$(top_srcdir)/ssl\ -I$(top_srcdir)/base\ - -D_BSD_SOURCE=1\ -D_DEFAULT_SOURCE=1\ - -DLINUX - + -DLINUX\ + -DOPENSSL diff --git a/README.md b/README.md index 5496b95..901ab52 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,25 @@ make (optional) make install ``` +Optional configuration features (aka ./configure options): +``` + --disable-optimization disable compiler optimizations (change from -O2 to -O0) + --enable-debug enable debug info (add "-g -DDEBUG" to CFLAGS) + --enable-asan enable AddressSanitizer and other checks + add "-fsanitize=address,undefined,leak -Wformat -Werror=format-security + -Werror=array-bounds" to CFLAGS + use libasan with GCC and embedded ASAN with Clang +``` + +Configuration examples: +``` +- Use GCC with libasan, debug info and custom CFLAGS: + ./configure CC=/usr/bin/gcc --enable-asan --enable-debug CFLAGS="-Wall" + +- Use Clang with ASAN and no optimizations (-O0) + ./configure CC=/usr/bin/clang --enable-asan --disable-optimization +``` + ## Contributing The contributing policy is simple. If you have a patch to propose, make a pull-request diff --git a/base/common.c b/base/common.c deleted file mode 100644 index 2f29bf0..0000000 --- a/base/common.c +++ /dev/null @@ -1,66 +0,0 @@ -/** - common.c - - - Copyright (C) 1999-2000 RTFM, Inc. - All Rights Reserved - - This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla - and licensed by RTFM, Inc. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - - This product includes software developed by Eric Rescorla for - RTFM, Inc. - - 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be - used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. - - $Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $ - - - ekr@rtfm.com Tue Dec 29 09:59:39 1998 - */ - - -static char *RCSSTRING="$Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $"; - -#include - -int xdump(label,data,len) - char *label; - UCHAR *data; - int len; - { - int i; - - printf("%s[%d]",label,len); - for(i=0;i8) && !(i%20)) printf("\n"); - printf("%.2x ",data[i]&255); - } - - printf("\n"); - return(0); - } diff --git a/base/debug.c b/base/debug.c deleted file mode 100644 index a0ff54b..0000000 --- a/base/debug.c +++ /dev/null @@ -1,68 +0,0 @@ -/** - debug.c - - - Copyright (C) 1999-2000 RTFM, Inc. - All Rights Reserved - - This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla - and licensed by RTFM, Inc. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - - This product includes software developed by Eric Rescorla for - RTFM, Inc. - - 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be - used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. - - $Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $ - - - ekr@rtfm.com Wed Jan 6 17:08:58 1999 - */ - - -static char *RCSSTRING="$Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $"; - -#ifdef DEBUG - -#include -#include - -int debug(int class,char *format,...) - { - va_list ap; - - va_start(ap,format); - vfprintf(stderr,format,ap); - fprintf(stderr,"\n"); - return(0); - } - -#endif - - - - diff --git a/base/debug.h b/base/debug.h deleted file mode 100644 index b5d45de..0000000 --- a/base/debug.h +++ /dev/null @@ -1,58 +0,0 @@ -/** - debug.h - - - Copyright (C) 1999-2000 RTFM, Inc. - All Rights Reserved - - This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla - and licensed by RTFM, Inc. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - - This product includes software developed by Eric Rescorla for - RTFM, Inc. - - 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be - used to endorse or promote products derived from this - software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. - - $Id: debug.h,v 1.2 2000/10/17 16:09:57 ekr Exp $ - - - ekr@rtfm.com Wed Jan 6 17:13:00 1999 - */ - - -#ifndef _debug_h -#define _debug_h - -#ifdef DEBUG -#define DBG(a) debug a -int debug(int class,char *format,...); -#else -#define DBG(a) -#endif - -#endif - diff --git a/configure.ac b/configure.ac index 45e20fc..b1625a1 100644 --- a/configure.ac +++ b/configure.ac @@ -7,20 +7,29 @@ AM_INIT_AUTOMAKE([subdir-objects]) AC_CONFIG_SRCDIR([base/pcap-snoop.c]) AC_CONFIG_HEADERS([config.h]) +AC_CANONICAL_HOST + # Checks for programs. -AC_PROG_CC +: ${CFLAGS=""} +AC_PROG_CC([gcc clang]) AM_PROG_CC_C_O AC_PROG_MAKE_SET AC_PROG_INSTALL - # Checks for header files. -AC_FUNC_ALLOCA -AC_FUNC_MALLOC AC_CHECK_HEADERS([arpa/inet.h memory.h netdb.h netinet/in.h stdlib.h string.h sys/param.h sys/socket.h sys/time.h unistd.h],,[AC_MSG_ERROR([Missing header.])]) AC_HEADER_STDC AC_HEADER_TIME +# Checks for typedefs, structures, and compiler characteristics. +AC_CHECK_SIZEOF([unsigned short]) +AC_CHECK_SIZEOF([unsigned int]) +AC_CHECK_SIZEOF([unsigned long]) +AC_CHECK_SIZEOF([unsigned long long]) + +# Checks for library functions. +AC_CHECK_FUNCS([malloc realloc gethostbyaddr gettimeofday inet_ntoa isascii memmove memset strchr strdup strstr strtol]) + have_pcap=no AC_SEARCH_LIBS([pcap_create], [pcap], [have_pcap=yes]) @@ -42,10 +51,9 @@ files with ]) fi -AC_CHECK_LIB([pcap],[pcap_create]) - have_ssl=no AC_SEARCH_LIBS([OPENSSL_init_ssl], [ssl], [have_ssl=yes]) +AC_SEARCH_LIBS(CRYPTO_new_ex_data, [crypto], [have_crypto=yes]) if test "x${have_ssl}" = xyes; then AC_CHECK_HEADERS([openssl/ssl.h], [], [have_ssl=no]) @@ -65,18 +73,45 @@ files with ]) fi -AC_CHECK_LIB([ssl], [OPENSSL_init_ssl]) +AC_ARG_ENABLE([optimization], + [ --disable-optimization disable compiler optimizations], + [optimization=${enableval}], [optimization=yes]) -# Checks for typedefs, structures, and compiler characteristics. -AC_CHECK_SIZEOF([unsigned short]) -AC_CHECK_SIZEOF([unsigned int]) -AC_CHECK_SIZEOF([unsigned long]) -AC_CHECK_SIZEOF([unsigned long long]) +if test "x${optimization}" = xno; then + CFLAGS="$CFLAGS -O0" +else + CFLAGS="$CFLAGS -O2" +fi -# Checks for library functions. -AC_FUNC_MALLOC -AC_FUNC_REALLOC -AC_CHECK_FUNCS([gethostbyaddr gettimeofday inet_ntoa isascii memmove memset strchr strdup strstr strtol]) +AC_ARG_ENABLE([debug], + [ --enable-debug enable debug info], + [debug=${enableval}], [debug=no]) + +if test "x${debug}" = xyes; then + CFLAGS="$CFLAGS -g -DDEBUG" +fi + +AC_ARG_ENABLE([asan], + [ --enable-asan enable AddressSanitizer and other checks], + [asan=${enableval}], [asan=no]) + +if test "x${asan}" = xyes; then + AS_CASE([$CC], + [*gcc*], [AC_CHECK_LIB(asan, _init)], + [*clang*], [have_clang=yes], + [have_clang=no]) + + if (test "x${ac_cv_lib_asan__init}" = xyes || test "x$have_clang" = xyes); then + CFLAGS="$CFLAGS \ +-fsanitize=address,undefined,leak \ +-Wformat \ +-Werror=format-security \ +-Werror=array-bounds" + else + AC_MSG_WARN("AddressSanitizer not supported") + asan=no + fi +fi AC_CONFIG_FILES([Makefile common/Makefile @@ -84,4 +119,21 @@ AC_CONFIG_FILES([Makefile null/Makefile ssl/Makefile base/Makefile]) + AC_OUTPUT + +echo +echo "################################################" +echo "SSLDump build setup" +echo " Host system: $host_os" +echo " Host architecture: $host_cpu" +echo " Compiler: $CC" +echo " Installation prefix: $prefix" +echo " CFLAGS: $CFLAGS" +echo " LDFLAGS: $LDFLAGS" +echo " LIBS: $LIBS" +echo " Optimizations enabled: $optimization" +echo " Debug info enabled: $debug" +echo " ASAN enabled: $asan" +echo "################################################" +