commit ea12dfe6d29fea026e3a87e075edc4c7d5aa4147 Author: Alexandre Dulaunoy Date: Sat Jan 31 10:13:33 2015 +0100 ssldump_0.9b3.orig.tar.gz Import diff --git a/COPYRIGHT b/COPYRIGHT new file mode 100644 index 0000000..eb03be5 --- /dev/null +++ b/COPYRIGHT @@ -0,0 +1,60 @@ +SSLDUMP LICENSE +Copyright (C) 1999-2001 RTFM, Inc. +All Rights Reserved + +This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + +4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE ERIC RESCORLA AND RTFM ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +TCPDUMP LICENSE +The manual page for this software is partially excerpted from +the tcpdump manual page, which is subject to the following license: +Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997 + The Regents of the University of California. All rights reserved. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that: (1) source code distributions +retain the above copyright notice and this paragraph in its entirety, (2) +distributions including binary code include the above copyright notice and +this paragraph in its entirety in the documentation or other materials +provided with the distribution, and (3) all advertising materials mentioning +features or use of this software display the following acknowledgement: +``This product includes software developed by the University of California, +Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +the University nor the names of its contributors may be used to endorse +or promote products derived from this software without specific prior +written permission. +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + diff --git a/CREDITS b/CREDITS new file mode 100644 index 0000000..bb42edc --- /dev/null +++ b/CREDITS @@ -0,0 +1,20 @@ +ssldump was written by Eric Rescorla + +The Windows port of ssldump was provided by Greg Stark. + +The following people have provided bug fixes, bug reports, or suggestions. +Adam Cain +Pavel Curtis +Chris Jepeway +Alexander Fetke +Jeffrey Hafey +Lutz Jaenicke +Dave Jagoda +Norbert Klasen +Richard Levitte +Hugh Mandeville +Eric Murray +Henrik Nordstrom + +If you think you should be on this list, send me mail at . + diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..16a2dbd --- /dev/null +++ b/ChangeLog @@ -0,0 +1,158 @@ +Wed Aug 21 10:48:45 2002 EKR + * Installed Greg Stark's new Win32 patches. + + * Added updated VLAN support (Jeffrey Hafey) + +Fri Aug 16 16:56:23 2002 EKR + * Cleaned up 56-bit ciphersuites in ciphersuites.c + + * Fixed memory errors in packet copying. + + * Fixed bugs in processing of bogus SSLv2 messages. + + * Fixed bugs in TCP packet reassembly code. + +Tue Aug 13 13:03:41 2002 EKR + * Fixed EXPORT1024 DES cipher suites + +Mon Aug 12 16:49:51 2002 EKR + * Added support for VLAN networks (Jeffrey Hafey) + + * Fixed printing of data with embedded tabs (Pavel Curtis) + + * Added support for non-promiscuous mode (-P flag) + (Bruce M Simpson) + + * Fixed potential small overrun in RSA decryption. + +Fri Sep 28 15:54:47 2001 EKR + * Fixed install so that we install in /usr/local/sbin + with mode 755. Bug report ssldump/22. + (Dave Jagoda) + + * Fixed compilation warning about create_null_analyzer + Bug report ssldump/23. + +Wed Sep 26 14:49:06 2001 EKR + * Fixed SYN & SYN/ACK detection to that it works with ECN. + (Henrik Nordstrom) + + * Added /usr/include/pcap to the PCAP search path + (Henrik Nordstrom) + +Sat Sep 15 13:41:10 2001 EKR + * Fix to ssldecode.c to remove error with empty + struct when compiling with VC++ and no OpenSSL + (Greg Stark) + + * Change to vcwin32.mak to print out that you're not + using OpenSSL (Greg Stark) + + * Automatic version changing courtesy of version-change.pl + +Fri Sep 14 15:22:29 2001 EKR + * Fixed bug 4. Delete the MS after decrypting a PMS + to force new MS generation in the key generation phase. + This makes decryption of renegotiated connections work + correctly. This got broken when session resumption + was added. + +2001-09-14 Eric Rescorla + + * Imported Greg Stark's Win32 port + +Sun Sep 2 15:53:06 2001 EKR + * Fixed the reassembler so it doesn't crash when + FIN/RST segments have data. + + * closure/connection freeing now works, thus meaning less + memory leakage and less crashing. + + * A bunch of trivial makefile/configure fixes. + +Fri Jul 20 16:40:51 2001 EKR + * Removed loading of certificate file. This served + no real purpose. Fix for bug 5. + +Fri Jul 20 11:02:09 2001 EKR + * Fixed initialization so that the key file is loaded + only once. + + Removed default keyfile and password. You now must + specify them. You also get an error if you specify + a bad password or keyfile. + +Fri Jul 20 10:17:36 2001 EKR + * Added support for session resumption. + +Fri Jul 20 10:17:16 2001 EKR + * Fixed SEQ_LT problems on Linux and other compilation + problems. + +Tue Mar 6 2001 EKR + * Removed statically allocated conn array. We can now + have an arbitrary number of + +Thu Nov 9 12:14:15 2000 EKR + * Cleanups to the man page and cleaned up some cases + where printing didn't work quite right. + +Mon Nov 6 10:22:25 2000 EKR + * Added the -X flag to force hex-only printing when + binary data is displayed as hex dumps. + +Fri Nov 3 09:23:35 2000 EKR + * cleaned up the case where multiple handshake messages + are in the same SSL record. + +Fri Nov 3 09:14:39 2000 EKR + * Modified printing so that when we're printing hex dumps + of application data traffic we also print the printable + sections of the data itself in a column on the side. + +Thu Nov 2 14:14:21 2000 EKR + * Modified cipher suite printing so that the names have + SSL_ if we're doing SSLv3 and TLS_ if we're doing TLS. + Suggestion by Eric Murray. + +Thu Nov 2 13:07:09 2000 EKR + * Fixed an ABW in ssldecode.c that caused crashes + on Solaris. Also, fixed a bunch of memory leaks + using Purify. + +Thu Nov 2 08:45:42 2000 EKR + * Various Portability fixes + CC=gcc -> CC=@CC@ in Makefile + Removed FLAGS in Makefile (it was a noop) + in base/tcpconn.c, changed {} to {0} to appease HPUX's compiler + made create_null_analyzer.c static as it should be. + Removed the final (bogus) entry in null_vtbl. + made sslx__print_serial() static to match its prototype + Rearranged library order for better linkage + Thanks to Lutze Jainecke for these fixes. + +Thu Nov 2 08:41:10 2000 EKR + * Added -r as a synonym for -f. -f will eventually + be removed and reused for some other option. + This was done for option compatibility with tcpdump + and on the theory that someday I might add a -w. + + * Renamed -h to -H and added it to the documentation. + -h now triggers usage info. + +Thu Nov 2 08:38:06 2000 EKR + * Removed blank lines in the man page. This confuses some + man page formatters. (Thanks to Hugh Mandeville for pointing + this one out) + +Thu Nov 2 08:37:59 2000 EKR + * Wired up -N (it was unwired) + +Thu Nov 2 08:37:47 2000 EKR + * Added -D_BSD_SOURCE=1 when you're compiling on Linux. + (Allowing it to compile) + + + + + diff --git a/FILES b/FILES new file mode 100644 index 0000000..a072604 --- /dev/null +++ b/FILES @@ -0,0 +1,9 @@ +record-fmt.txt +record_analyze.c +record_analyze.h +targets.mk + +CVS: +Entries +Repository +Root diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..572d0e9 --- /dev/null +++ b/INSTALL @@ -0,0 +1,46 @@ +$Id: INSTALL,v 1.5 2001/09/14 22:29:13 ekr Exp $ + +If you don't have libpcap, you'll need to get it and install it. You +can obtain it from: + http://www.tcpdump.org/ + +If you want to be able to decrypt SSL traffic or view certificates, +get OpenSSL if you don't have it: + http://www.openssl.org/ + +Once you've built and installed libpcap and OpenSSL, you're ready to +build ssldump. + +ssldump uses a GNU autoconf-based configuration to automatically +configure the build. + +In the simplest form you can simply do: + ./configure + +If the configure script can't find libpcap, it will abort. If you've +installed it in unobvious place, you may need to give configure a hint +using the '--with-pcap' or '--with-pcap-{lib,inc}' switches. + +If the configure script can't find OpenSSL, it will continue without +it. If your OpenSSL is in a nonstandard location, you may need to give +configure a hint with the '--with-openssl' or +'--with-openssl-{lib,include}' switches. + +Once you've done the configure, you can simply run 'make'. Note that +on some platforms (HP/UX) you will have to use GNU make (gmake). + +If the make succeeds, run a 'make install' (you will probably need to +be root to do this.) + +TESTED PLATFORMS +FreeBSD 2.2.8, 3.4 +HP/UX 10.20 +Linux (Red Hat, Debian) +Solaris 2.x + +If you get ssldump to work on a platform not listed above, please send mail +to ssldump@rtfm.com with the platform and any fixes you had to make. + +INSTALLING ON WINDOWS +Read the file INSTALL.W32 in this directory for instructions on +installing on Windows. diff --git a/INSTALL.W32 b/INSTALL.W32 new file mode 100644 index 0000000..0ce28df --- /dev/null +++ b/INSTALL.W32 @@ -0,0 +1,114 @@ + Notes + + +First, make sure you've read the README file. + +Build Environment +----------------- + +The build environment is assumed to be Microsoft Visual C++ 6.0 SP4 +(VC6), although earlier or later versions may work. In particular, the +make-like utility used to build this port of ssldump is NMAKE version +6.00.x from Microsoft. + +The basis for this port is ssldump version 0.9b3. The win32 directory +contains the win32-specific stuff, including the NMAKE makefile +vcwin32.mak. + +You need to have your environment variables and PATH correctly setup +to properly use the command-line VC6 tools. In the VC6\bin directory +is a batch file, VCVARS32.bat, which should set things up +correctly. You should run this batch file prior to attempting a build. + + + +What you need (besides the ssldump source) +------------------------------------------ + +You must have downloaded and installed the following from the +WinPcap/Windump project: + +1. The Winpcap developer's pack, version 2.3, from +http://winpcap.polito.it/install/bin/WPdpack_2_3.zip contains the +pcap.h and net/bpf.h files, and the pcap import library. Place these +in the win32 directory. + +2. The Winpcap source code distribution, version 2.3, from +http://winpcap.polito.it/install/bin/WPcapSrc_2_3.zip. It contains +some .h files commonly found on UNIX systems that ssldump +expects. Place these in the win32 directory. + +3. The Winpcap auto-installer, version 2.3, from +http://winpcap.polito.it/install/bin/WinPcap_2_3_nogui.exe. This is +only needed to run ssldump, not needed to build it. It is needed on +*any* windows system on which ssldump is run. It installs a device +driver and the pcap library DLL. + +4. Possibly the Windump utility from +http://windump.polito.it/install/bin/WinDump.exe. This is essentially +a Windows port of tcpdump, with an extra -D option. This option +enumerates the interface names so that you at least have a clue to +what to supply the -i option (see below). + +The win32 directory should look like the following after these files +are downloaded and extracted: + +winpcap +WPdpack +Ssldump.html +vcwin32.mak + + + +OpenSSL Support +--------------- + +By default, the OpenSSL libraries are not linked into ssldump. If you +want to link in the OpenSSL libraries, you'll need to customize the +makefile. First, look for the macro OPENSSL and change its value to +"yes". Next, look for the macro OPENSSL_DIR and make sure it points to +the openssl distribution on your machine. You must build a version(s) +of SSL that links to the static C run-time library; these are +distinguished by the use of the compiler flag /MT for release +versions, and /MTd for debug versions. Then you must set the +OPENSSL_RELEASE and OPENSSL_DEBUG macros to point to the directories +that contain the libraries for these versions. If you only intend to +build one of either the debug or release versions, you only need to +define the corresponding OPENSSL_ macro. + + + +Building ssldump +---------------- + +To build, run (from the ssldump root directory): + +nmake /f win32\vcwin32.mak all + +this creates a directory, out32, which contains the object files and +the ssldump.exe executable. The build produces a simple command-line +ssldump.exe which must be run from a console window (i.e. a DOS +box). It builds the release version by default. Set the macro +CFG="debug" to build a debug version, e.g. nmake /f vcwin32.mak all +CFG="debug". + +win32\ssldump.html contains an HTML version of the ssldump.1 +manpage. You should read this to learn the options. + + + +What are the names of the Interfaces? +------------------------------------- + +One tricky aspect is choosing the correct interface name for the -i +option of ssldump. AFAIK, there is no standard windows utility that +will give you the correct names for the interfaces. For example, on my +system they are named PPPMAC (for the PPP adapter) and CBEN5 (for my +Ethernet Adapter). I did find these names in the registry under +HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\nnnn\NDIS\LogDriverName, +but this may be different on other Windows OSes. The Windump utility +from the WinPcap folks has an option, -D, to enumerate these interface +names. Use the Windump utility or hunt through the registry to find +the names of your interfaces. If you don't specify the interface +explicitly with the -i option, ssldump will select the 'first' +interface and this may be exactly what you want. diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..2dd20a5 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,111 @@ +# Copyright (C) 1999-2000 RTFM, Inc. +# All Rights Reserved + +# This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +# and licensed by RTFM, Inc. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# +# This product includes software developed by Eric Rescorla for +# RTFM, Inc. + +# 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +# used to endorse or promote products derived from this +# software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +PLATFORM=freebsd31 +CC=@CC@ + +all: ssldump + +OBJSUFFIX=o +LIBSUFFIX=a +INSTALL=@INSTALL@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +BINDIR=@sbindir@ +MANDIR=@mandir@ +RM=rm -f + +ROOT=./ +ANALYZE_SRCDIR=$(ROOT)base/ +COMMONDIR=common/ +COMMON_LIB_SRCDIR=$(COMMONDIR)lib/ +ANALYZE_NULL_SRCDIR=$(ROOT)null/ +ANALYZE_SSL_SRCDIR=$(ROOT)ssl/ +ANALYZE_RECORD_SRCDIR=$(ROOT)@RECORD_MOD@/ +include rules.mk + +include $(COMMON_LIB_SRCDIR)/targets.mk +include $(ANALYZE_SRCDIR)targets.mk +include $(ANALYZE_NULL_SRCDIR)targets.mk +include $(ANALYZE_SSL_SRCDIR)targets.mk +include $(ANALYZE_RECORD_SRCDIR)targets.mk + +INCLUDES += -I$(COMMONDIR)include/ -I$(ANALYZE_NULL_SRCDIR) -I$(ANALYZE_SSL_SRCDIR) + + +DEFINES += @DEFINES@ +INCLUDES += @INCLUDES@ +LIBS += @LDFLAGS@ @LIBS@ + +CFLAGS += @CFLAGS@ @DEFS@ + + +ssldump: $(OBJECTS) + $(CC) $(OBJECTS) -o $@ $(LIBS) + +clean: + rm -f $(OBJECTS) ssldump + +install: + [ -d $(BINDIR) ] || mkdir -p $(BINDIR) + $(INSTALL) -m 755 ssldump $(BINDIR)/ssldump + [ -d $(MANDIR) ] || mkdir -p $(MANDIR)/man1 + $(INSTALL) -m 444 ssldump.1 $(MANDIR)/man1/ssldump.1 + +dist: + perl "./version-check.pl" + - name=ssldump-`cat VERSION`; \ + rm -rf /dist/ship/$$name; \ + mkdir /dist/ship/$$name; \ + cp -pR * /dist/ship/$$name; \ + cd /dist/ship/$$name; \ + make -f Makefile.in clean; \ + rm Makefile; \ + find . -name '*~' -exec rm {} \; -print;\ + find . -name '*.o' -exec rm {} \; -print;\ + find . -name '#*#' -exec rm {} \; -print;\ + find . -name 'CVS' -exec rm -rf {} \; -print;\ + find . -name '*bak' -exec rm -rf {} \; -print;\ + find . -name '*.core' -exec rm -rf {} \; -print;\ + find . -name '*.tr' -exec rm -rf {} \; -print;\ + find . -name '*.pl' -exec rm -rf {} \; -print;\ + find . -name '*.pem' -exec rm -rf {} \; -print;\ + find . -name '*orig' -exec rm -rf {} \; -print;\ + find . -name '*.rej' -exec rm -rf {} \; -print;\ + rm -f TODO TAGS; \ + rm -f config.status config.log config.cache config.h; \ + rm -f ssl/a.out all; \ + cd /dist/ship; tar cf - $$name | gzip > $$name.tar.gz + + diff --git a/README b/README new file mode 100644 index 0000000..a6d1b51 --- /dev/null +++ b/README @@ -0,0 +1,85 @@ +$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $ + +SSLDUMP 0.9b3 + +ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP +connections on the chosen network interface and attempts to interpret +them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it +decodes the records and displays them in a textual form to stdout. If +provided with the appropriate keying material, it will also decrypt +the connections and display the application data traffic. + +ssldump depends on the libpcap packet capture library. Some systems +(e.g. FreeBSD) now have libpcap as part of their standard install. On +other systems, you will need to install it. You can obtain the +distribution from: + http://www.tcpdump.org/ + +If linked with OpenSSL, ssldump can display certificates in decoded +form and decrypt traffic (provided that it has the appropriate keying +material). Again, OpenSSL may be installed on your system. Otherwise +you can obtain it from: + http://www.openssl.org/ + +See the file INSTALL for instructions on building and installing +ssldump. + +STABILITY +This is a beta release of ssldump. The UNIX portions have received +extensive testing and are believed to be quite solid. The Windows +port is substantially less stable. + +CHANGES SINCE 0.9b2 + Security fix: some potential over and underflows + Added support for VLANs. + Added -P flag to disable promiscuous mode. + Fixed bugs in the TCP reassembly code. + A lot of bug fixes. + +See the ChangeLog for a more complete list of changes. + +MAILING LIST +For support questions and general discussion on ssldump, please +subscribe to the ssldump-users mailing list. Subscription is by +majordomo. To subscribe, send a message with no subject and a body +consisting of the single line: + +subscribe ssldump-users + +to majordomo@rtfm.com. Note, you cannot send messages to the list +unless you are subscribed. + +BUG REPORTS +Please send bug reports either to the ssldump-users mailing list +or to ssldump@rtfm.com. + +INTEROPERABILITY NOTE +Previous versions of ssldump automatically looked for the keyfile +in 'server.pem' and used the password 'password'. This version +removes those defaults. For decryption to work you MUST specify +the keyfile (and password if the keyfile is encrypted.) + +NEW VERSIONS +Newer versions of ssldump can be found at: + http://www.rtfm.com/ssldump/ + + +SSL REFERENCES +The SSLv3 specification can be found at: + http://home.netscape.com/eng/ssl3/draft302.txt + +The TLS specification is in RFC 2246 and can be found at: + http://www.ietf.org/rfc/rfc2246.txt + +SHAMELESS PLUG +Extremely detailed coverage of SSL/TLS can be found in + + _SSL_and_TLS:_Designing_and_Building_Secure_Systems_ + Eric Rescorla + Addison-Wesley, 2001 + ISBN 0-201-61598-3 + +_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life +SSL behavior. If you like ssldump and want to learn about SSL, you +might consider buying my book. + diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..c46d0fa --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.9b3 diff --git a/base/common.c b/base/common.c new file mode 100644 index 0000000..2f29bf0 --- /dev/null +++ b/base/common.c @@ -0,0 +1,66 @@ +/** + common.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 09:59:39 1998 + */ + + +static char *RCSSTRING="$Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $"; + +#include + +int xdump(label,data,len) + char *label; + UCHAR *data; + int len; + { + int i; + + printf("%s[%d]",label,len); + for(i=0;i8) && !(i%20)) printf("\n"); + printf("%.2x ",data[i]&255); + } + + printf("\n"); + return(0); + } diff --git a/base/data b/base/data new file mode 100644 index 0000000..3377d9a --- /dev/null +++ b/base/data @@ -0,0 +1,60 @@ +network.c:126: off=ntohs(p.ip->ip_off); +network.c:134: hlen=p.ip->ip_hl * 4; +network.c:136: p.len =ntohs(p.ip->ip_len)-hlen; +network.c:139: switch(p.ip->ip_p){ +network.c:159: memcpy(&p->ts,&in->ts,sizeof(struct timeval)); +network.c:160: if(!(p->base=(UCHAR *)malloc(in->_len))) +network.c:162: memcpy(p->base,in->base,p->_len=in->_len); +network.c:164: p->data=p->base + (in->data -> in->base); +network.c:165: p->len=in->len; +network.c:167: p->ip=(struct ip *)(p->base + ((UCHAR *)in->ip - in->base)); +network.c:168: p->tcp=(struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base)); +network.c:186: FREE(p->base); +pcap-snoop.c:2: pcap-snoop.c +pcap-snoop.c:40: $Id: pcap-snoop.c,v 1.12 2002/01/21 17:36:51 ekr Exp $ +pcap-snoop.c:47:static char *RCSSTRING="$Id: pcap-snoop.c,v 1.12 2002/01/21 17:36:51 ekr Exp $"; +tcppack.c:84: p->tcp=(struct tcphdr *)p->data; +tcppack.c:88: if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, +tcppack.c:89: ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){ +tcppack.c:96: if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){ +tcppack.c:104: conn->i2r.seq=ntohl(p->tcp->th_seq)+1; +tcppack.c:114: if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=(TH_SYN|TH_ACK)) +tcppack.c:116: conn->r2i.seq=ntohl(p->tcp->th_seq)+1; +tcppack.c:117: conn->r2i.ack=ntohl(p->tcp->th_ack)+1; +tcppack.c:127: conn->i2r.ack=ntohl(p->tcp->th_ack)+1; +tcppack.c:148: if(p->tcp->th_flags & TH_SYN) +tcppack.c:150: length=p->len - (p->tcp->th_off * 4); +tcppack.c:178: if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), +tcppack.c:179: &p->ip->ip_dst,ntohs(p->tcp->th_dport))) +tcppack.c:183: memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); +tcppack.c:184: if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)) +tcppack.c:197: off=(s)->p->tcp->th_off*4; \ +tcppack.c:198: if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA);\ +tcppack.c:199: (s)->data=(s)->p->data + off + (l) ; \ +tcppack.c:200: (s)->len=(s)->p->len - off + (l); \ +tcppack.c:227: l=p->len - p->tcp->th_off * 4; +tcppack.c:238: seq=ntohl(p->tcp->th_seq); +tcppack.c:241: if(p->tcp->th_flags & TH_ACK){ +tcppack.c:245: acknum=ntohl(p->tcp->th_ack); +tcppack.c:250: if(r=timestamp_diff(&p->ts,&conn->start_time,&dt)) +tcppack.c:268: if(!(p->tcp->th_flags & (TH_RST)) && SEQ_LT(seq,stream->seq)) +tcppack.c:310: if(_seg.p->tcp->th_flags & (TH_RST)){ +tcppack.c:311: stream->close=_seg.p->tcp->th_flags & (TH_RST); +tcppack.c:319: if(_seg.p->tcp->th_flags & (TH_FIN)){ +tcppack.c:320: stream->close=_seg.p->tcp->th_flags & (TH_FIN); +tcppack.c:325: if(seg->p->tcp->th_flags & (TH_FIN)){ +tcppack.c:326: stream->close=_seg.p->tcp->th_flags & (TH_FIN); +tcppack.c:338: if(seg->p->tcp->th_flags & (TH_FIN) ){ +tcppack.c:374: lookuphostname(&p->ip->ip_src,&src); +tcppack.c:375: lookuphostname(&p->ip->ip_dst,&dst); +tcppack.c:379: ntohs(p->tcp->th_sport), +tcppack.c:381: ntohs(p->tcp->th_dport)); +tcppack.c:384: ntohl(p->tcp->th_seq), +tcppack.c:385: p->len - p->tcp->th_off *4); +tcppack.c:387: if(p->tcp->th_flags & TH_ACK) +tcppack.c:388: printf("ACK %ld ",ntohl(p->tcp->th_ack)); +tcppack.c:390: if(p->tcp->th_flags & TH_FIN) +tcppack.c:392: if(p->tcp->th_flags & TH_SYN) +tcppack.c:394: if(p->tcp->th_flags & TH_RST) +tcppack.c:396: if(p->tcp->th_flags & TH_PUSH) +tcppack.c:398: if(p->tcp->th_flags & TH_URG) diff --git a/base/debug.c b/base/debug.c new file mode 100644 index 0000000..a0ff54b --- /dev/null +++ b/base/debug.c @@ -0,0 +1,68 @@ +/** + debug.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:08:58 1999 + */ + + +static char *RCSSTRING="$Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $"; + +#ifdef DEBUG + +#include +#include + +int debug(int class,char *format,...) + { + va_list ap; + + va_start(ap,format); + vfprintf(stderr,format,ap); + fprintf(stderr,"\n"); + return(0); + } + +#endif + + + + diff --git a/base/debug.h b/base/debug.h new file mode 100644 index 0000000..b5d45de --- /dev/null +++ b/base/debug.h @@ -0,0 +1,58 @@ +/** + debug.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.h,v 1.2 2000/10/17 16:09:57 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:13:00 1999 + */ + + +#ifndef _debug_h +#define _debug_h + +#ifdef DEBUG +#define DBG(a) debug a +int debug(int class,char *format,...); +#else +#define DBG(a) +#endif + +#endif + diff --git a/base/network.c b/base/network.c new file mode 100644 index 0000000..e95623c --- /dev/null +++ b/base/network.c @@ -0,0 +1,241 @@ +/** + network.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 09:52:54 1998 + */ + + +static char *RCSSTRING="$Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $"; + +#include +#include +#include "network.h" +#ifndef _WIN32 +#include +#include +#include +#include +#endif + +#include "tcppack.h" + +#ifdef STDC_HEADERS +#include +#endif + +UINT4 NET_print_flags; + +struct network_handler_ { + proto_mod *mod; + proto_ctx *ctx; +}; + +int network_handler_create(mod,handlerp) + proto_mod *mod; + n_handler **handlerp; + { + int r,_status; + n_handler *handler=0; + + if(!(handler=(n_handler *)malloc(sizeof(n_handler)))) + ABORT(R_NO_MEMORY); + if(mod->vtbl->create_ctx){ + if(r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)) + ABORT(r); + } + handler->mod=mod; + *handlerp=handler; + _status=0; + abort: + if(_status){ + network_handler_destroy(&handler); + } + return(_status); + } + +int network_handler_destroy(handlerp) + n_handler **handlerp; + { + if(!handlerp || !*handlerp) + return(0); + + free(*handlerp); + *handlerp=0; + return(0); + } + +int network_process_packet(handler,timestamp,data,length) + n_handler *handler; + struct timeval *timestamp; + UCHAR *data; + int length; + { + int r; + int hlen; + packet p; + u_short off; + + /*We can pretty much ignore all the options*/ + memcpy(&p.ts,timestamp,sizeof(struct timeval)); + p.base=data; + p._len=length; + p.data=data; + p.len=length; + p.ip=(struct ip *)data; + + /*Handle, or rather mishandle, fragmentation*/ + off=ntohs(p.ip->ip_off); + + if((off & 0x1fff) || /*Later fragment*/ + (off & 0x2000)){ /*More fragments*/ +/* fprintf(stderr,"Fragmented packet! rejecting\n"); */ + return(0); + } + + hlen=p.ip->ip_hl * 4; + p.data += hlen; + p.len =ntohs(p.ip->ip_len)-hlen; + + + switch(p.ip->ip_p){ + case IPPROTO_TCP: + if(r=process_tcp_packet(handler->mod,handler->ctx,&p)) + ERETURN(r); + break; + } + return(0); + } + +int packet_copy(in,out) + packet *in; + packet **out; + { + int _status; + + packet *p=0; + + if(!(p=(packet *)calloc(sizeof(packet),1))) + ABORT(R_NO_MEMORY); + + memcpy(&p->ts,&in->ts,sizeof(struct timeval)); + if(!(p->base=(UCHAR *)malloc(in->_len))) + ABORT(R_NO_MEMORY); + memcpy(p->base,in->base,p->_len=in->_len); + + p->data=p->base + (in->data - in->base); + p->len=in->len; + + p->ip=(struct ip *)(p->base + ((UCHAR *)in->ip - in->base)); + p->tcp=(struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base)); + + *out=p; + + _status=0; + abort: + if(_status){ + packet_destroy(p); + } + return(_status); + } + +int packet_destroy(p) + packet *p; + { + if(!p) + return(0); + + FREE(p->base); + return(0); + } + +int timestamp_diff(t1,t0,diff) + struct timeval *t1; + struct timeval *t0; + struct timeval *diff; + { + long d; + + if(t0->tv_sec > t1->tv_sec) + ERETURN(R_BAD_ARGS); + + /*Easy case*/ + if(t0->tv_usec <= t1->tv_usec){ + diff->tv_sec=t1->tv_sec - t0->tv_sec; + diff->tv_usec=t1->tv_usec - t0->tv_usec; + return(0); + } + + /*Hard case*/ + d=t0->tv_usec - t1->tv_usec; + if(t1->tv_sec < (t0->tv_sec + 1)) + ERETURN(R_BAD_ARGS); + diff->tv_sec=t1->tv_sec - (t0->tv_sec + 1); + diff->tv_usec=1000000 - d; + + return(0); + } + + + +int lookuphostname(addr,namep) + struct in_addr *addr; + char **namep; + { + struct hostent *ne=0; + + if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)){ + ne=gethostbyaddr((char *)addr,4,AF_INET); + } + + if(!ne){ + *namep=strdup((char *)inet_ntoa(*addr)); + } + else{ + *namep=strdup(ne->h_name); + } + + return(0); + } + + + + diff --git a/base/network.h b/base/network.h new file mode 100644 index 0000000..09cd545 --- /dev/null +++ b/base/network.h @@ -0,0 +1,106 @@ +/** + network.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: network.h,v 1.3 2001/09/14 22:29:14 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 09:53:50 1998 + */ + + +#ifndef _network_h +#define _network_h + +#include +#include + +#include +#include +#ifndef _WIN32 +#include +#include +#else +#include +#endif +#include +#include +#include +#include +#include + +typedef struct network_handler_ n_handler; +typedef struct proto_mod_ proto_mod; +typedef struct proto_handler_ proto_handler; +typedef struct packet_ packet; + +int network_handler_create PROTO_LIST((proto_mod *mod, + n_handler **handlerp)); +int network_handler_destroy PROTO_LIST((n_handler **handlerp)); +int network_process_packet PROTO_LIST((n_handler *handler, + struct timeval *timestamp,UCHAR *data,int length)); +int packet_copy PROTO_LIST((packet *in,packet **out)); +int packet_destroy PROTO_LIST((packet *p)); +int timestamp_diff PROTO_LIST(( struct timeval *t1,struct timeval *t0, + struct timeval *diff)); +int lookuphostname PROTO_LIST((struct in_addr *addr,char **name)); + +struct packet_ { + struct timeval ts; + UCHAR *base; /*The base of the packet*/ + int _len; + UCHAR *data; /*The data ptr appropriate to this layer*/ + int len; /*The length of the data segment*/ + + /*These just save us the effort of doing casts to the data + segments*/ + struct ip *ip; /*The IP header*/ + struct tcphdr *tcp; /*The TCP header*/ +}; + +#include "tcpconn.h" +#include "proto_mod.h" + +extern UINT4 NET_print_flags; + +#define NET_PRINT_TCP_HDR 1 +#define NET_PRINT_TYPESET 2 +#define NET_PRINT_ACKS 4 +#define NET_PRINT_NO_RESOLVE 8 +#endif + diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c new file mode 100644 index 0000000..7dba440 --- /dev/null +++ b/base/pcap-snoop.c @@ -0,0 +1,365 @@ +/** + pcap-snoop.c + + + Copyright (C) 1999-2001 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 10:17:41 1998 + */ + + +static char *RCSSTRING="$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $"; + + +#include +#include +#include +#ifndef _WIN32 +#include +#endif +#include +#ifndef _WIN32 +#include +#include +#else +#include +#include +#endif +#include + +#include +#include +#include "network.h" +#include +#include +#include "null_analyze.h" +#include "ssl_analyze.h" +#ifdef ENABLE_RECORD +#include "record_analyze.h" +#endif + +#ifndef ETHERTYPE_8021Q +# define ETHERTYPE_8021Q 0x8100 +#endif + +char *collapse_args PROTO_LIST((int argc,char **argv)); +static int pcap_if_type=DLT_NULL; +int err_exit PROTO_LIST((char *str,int num)); +int usage PROTO_LIST((void)); +int print_version PROTO_LIST((void)); +RETSIGTYPE sig_handler PROTO_LIST((void)); +void pcap_cb PROTO_LIST((u_char *ptr,struct pcap_pkthdr *hdr,u_char *data)); +int main PROTO_LIST((int argc,char **argv)); + +int err_exit(str,num) + char *str; + int num; + { + fprintf(stderr,"ERROR: %s\n",str); + exit(num); + } + +int usage() + { + fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] \n"); + fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n"); + fprintf(stderr," [filter]\n"); + exit(0); + } + +int print_version() + { + printf("ssldump 0.9b3\n"); + printf("Copyright (C) 1998-2001 RTFM, Inc.\n"); + printf("All rights reserved.\n"); +#ifdef OPENSSL + printf("Compiled with OpenSSL: decryption enabled\n"); +#endif + exit(0); + } + +RETSIGTYPE sig_handler() + { + fflush(stdout); + exit(0); + } + +void pcap_cb(ptr,hdr,data) + u_char *ptr; + struct pcap_pkthdr *hdr; + u_char *data; + { + n_handler *n; + int len; + struct ether_header *e_hdr=(struct ether_header *)data; + int type; + + n=(n_handler *)ptr; + if(hdr->caplen!=hdr->len) err_exit("Length mismatch",-1); + + len=hdr->len; + + switch(pcap_if_type){ + case DLT_NULL: + data+=4; + len-=4; + break; + case DLT_EN10MB: + type=ntohs(e_hdr->ether_type); + + data+=sizeof(struct ether_header); + len-=sizeof(struct ether_header); + + /* if vlans, push past VLAN header (4 bytes) */ + if(type==ETHERTYPE_8021Q) { + type=ntohs(*(u_int16_t *)(data + 2)); + + data+=4; + len+=4; + } + + if(type!=ETHERTYPE_IP) + return; + + break; + } + network_process_packet(n,&hdr->ts,data,len); + } + +typedef struct module_def_ { + char *name; + proto_mod *mod; +} module_def; + +static module_def modules[]={ + {"SSL",&ssl_mod}, + {"NULL",&null_mod}, +#ifdef ENABLE_RECORD + {"RECORD",&record_mod}, +#endif + {0,0} +}; + + +int parse_ssl_flag PROTO_LIST((int c)); + +int main(argc,argv) + int argc; + char **argv; + { + pcap_t *p; + int r; + n_handler *n; +#ifdef _WIN32 + __declspec(dllimport) char *optarg; + __declspec(dllimport) int optind; +#else + extern char *optarg; + extern int optind; +#endif + char *interface_name=0; + char *file=0; + char *filter=0; + proto_mod *mod=&ssl_mod; + bpf_u_int32 localnet,netmask; + int c; + module_def *m=0; + int no_promiscuous=0; + + char errbuf[PCAP_ERRBUF_SIZE]; + + signal(SIGINT,sig_handler); + + while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){ + switch(c){ + case 'v': + print_version(); + break; + case 'f': + fprintf(stderr,"-f option replaced by -r. Use that in the future\n"); + case 'r': + file=strdup(optarg); + break; + case 'S': + ssl_mod.vtbl->parse_flags(optarg); + break; + case 'y': + NET_print_flags|=NET_PRINT_TYPESET; + /*Kludge*/ + SSL_print_flags |= SSL_PRINT_NROFF; + break; + case 'a': + NET_print_flags |= NET_PRINT_ACKS; + break; + case 'T': + NET_print_flags |= NET_PRINT_TCP_HDR; + break; + case 'i': + interface_name=strdup(optarg); + break; + case 'k': + SSL_keyfile=strdup(optarg); + break; + case 'p': + SSL_password=strdup(optarg); + break; + case 'P': + ++no_promiscuous; + break; + case 'n': + NET_print_flags |= NET_PRINT_NO_RESOLVE; + break; + case 'm': + for(m=modules;m->name!=0;m++){ + if(!strcmp(m->name,optarg)){ + mod=m->mod; + break; + } + } + if(!m->name){ + fprintf(stderr,"Request analysis module %s not found\n", + optarg); + exit(1); + } + break; + case 'h': + usage(); + printf("Do 'man ssldump' for documentation\n"); + exit(1); + + case '?': + usage(); + exit(1); + + /* must be an SSL flag. This is kind of a gross + special case */ + default: + parse_ssl_flag(c); + break; + } + } + + argv+=optind; + argc-=optind; + + if(!file){ + if(!interface_name){ + interface_name=pcap_lookupdev(errbuf); + if(!interface_name){ + fprintf(stderr,"PCAP: %s\n",errbuf); + err_exit("Aborting",-1); + } + } + if(!(p=pcap_open_live(interface_name,5000,!no_promiscuous,1000,errbuf))){ + fprintf(stderr,"PCAP: %s\n",errbuf); + err_exit("Aborting",-1); + } + + if (pcap_lookupnet(interface_name, &localnet, &netmask, errbuf) < 0) + verr_exit("PCAP: %s\n",errbuf); + + } + else{ + if(!(p=pcap_open_offline(file,errbuf))){ + fprintf(stderr,"PCAP: %s\n",errbuf); + err_exit("Aborting",-1); + } + + netmask=0; + localnet=0; + } + + if(argc!=0) + filter=collapse_args(argc,argv); + + if(filter){ + struct bpf_program fp; + + if(pcap_compile(p,&fp,filter,0,netmask)<0) + verr_exit("PCAP: %s\n",pcap_geterr(p)); + + if(pcap_setfilter(p,&fp)<0) + verr_exit("PCAP: %s\n",pcap_geterr(p)); + } + + pcap_if_type=pcap_datalink(p); + + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\n.nf\n.ps -2\n"); + + if(r=network_handler_create(mod,&n)) + err_exit("Couldn't create network handler",r); + + pcap_loop(p,-1,pcap_cb,(u_char *)n); + + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\n.ps\n.fi\n"); + + exit(0); + } + + +char *collapse_args(argc,argv) + int argc; + char **argv; + { + int i,len=0; + char *ret; + + if(!argc) + return(0); + + for(i=0;i and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: print_utils.c,v 1.2 2000/10/17 16:09:58 ekr Exp $ + + + ekr@rtfm.com Mon Feb 15 17:23:36 1999 + */ + + +static char *RCSSTRING="$Id: print_utils.c,v 1.2 2000/10/17 16:09:58 ekr Exp $"; +int explain(char *format,...) + { + va_list ap; + + va_start(ap,format); + + INDENT; + + vprintf(format,ap); + va_end(ap); + return(0); + } + +int exdump(name,data) + char *name; + Data *data; + { + int i,j; + char prefix[100]; + + INDENT; + + if(name){ + sprintf(prefix,"%s[%d]=\n",name,data->len); + printf("%s",prefix); + INDENT_INCR; + } + for(i=0;ilen;i++){ + if(!i && (data->len>8)) INDENT; + if((data->len>8) && i && !(i%12)){ + printf("\n"); INDENT; + } + printf("%.2x ",data->data[i]&255); + } + if(name) INDENT_POP; + if(data->len>8 && i%12) + printf("\n"); + return(0); + } + + diff --git a/base/print_utils.h b/base/print_utils.h new file mode 100644 index 0000000..4f7d14d --- /dev/null +++ b/base/print_utils.h @@ -0,0 +1,56 @@ +/** + print_utils.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: print_utils.h,v 1.2 2000/10/17 16:09:58 ekr Exp $ + + + ekr@rtfm.com Mon Feb 15 17:23:56 1999 + */ + + +#ifndef _print_utils_h +#define _print_utils_h + +int explain PROTO_LIST((char *format,...)); +int exdump PROTO_LIST((char *name, + Data *data)); + + +#endif + diff --git a/base/proto_mod.c b/base/proto_mod.c new file mode 100644 index 0000000..de60272 --- /dev/null +++ b/base/proto_mod.c @@ -0,0 +1,88 @@ +/** + proto_mod.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: proto_mod.c,v 1.3 2001/07/20 23:33:14 ekr Exp $ + + + ekr@rtfm.com Thu Jan 7 22:35:23 1999 + */ + + +static char *RCSSTRING="$Id: proto_mod.c,v 1.3 2001/07/20 23:33:14 ekr Exp $"; + +#include "network.h" + +int create_proto_handler(mod,ctx,handlerp,conn,first_packet) + proto_mod *mod; + proto_ctx *ctx; + proto_handler **handlerp; + tcp_conn *conn; + struct timeval *first_packet; + { + int r,_status; + proto_handler *handler=0; + + if(!(handler=(proto_handler *)calloc(sizeof(proto_handler),1))) + ABORT(R_NO_MEMORY); + handler->vtbl=mod->vtbl; + if(r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj, + &conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet)) + ABORT(r); + + *handlerp=handler; + + _status=0; + abort: + if(_status){ + destroy_proto_handler(&handler); + } + return(_status); + } + +int destroy_proto_handler(handlerp) + proto_handler **handlerp; + { + if(!handlerp || !*handlerp) + return(0); + + (*handlerp)->vtbl->destroy(&(*handlerp)->obj); + free(*handlerp); + *handlerp=0; + return(0); + } diff --git a/base/proto_mod.h b/base/proto_mod.h new file mode 100644 index 0000000..2ee27a1 --- /dev/null +++ b/base/proto_mod.h @@ -0,0 +1,86 @@ +/** + proto_mod.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: proto_mod.h,v 1.4 2001/11/26 22:28:16 ekr Exp $ + + + ekr@rtfm.com Thu Dec 24 21:10:05 1998 + */ + + +#ifndef _proto_mod_h +#define _proto_mod_h + +typedef struct proto_obj_ proto_obj; +typedef struct proto_ctx_ proto_ctx; + +#define DIR_I2R 1 +#define DIR_R2I 2 + +struct proto_mod_vtbl_ { + int (*parse_flags) PROTO_LIST((char *str)); + int (*parse_flag) PROTO_LIST((int flag)); + int (*create_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp)); + int (*create) PROTO_LIST((void *handle,proto_ctx *ctx, + tcp_conn *conn, + proto_obj **objp, + struct in_addr *i_addr,u_short i_port, + struct in_addr *r_addr,u_short r_port,struct timeval *time_base)); + int (*destroy) PROTO_LIST((proto_obj **objp)); + int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction)); + int (*close) PROTO_LIST((proto_obj *obj,packet *p,int direction)); +}; + +struct proto_mod_ { + void *handle; + struct proto_mod_vtbl_ *vtbl; +}; + +struct proto_handler_ { + proto_obj *obj; + struct proto_mod_vtbl_ *vtbl; +}; + +int create_proto_handler PROTO_LIST((proto_mod *mod,proto_ctx *ctx, + proto_handler **handlerp, + tcp_conn *conn,struct timeval *first_packet)); +int destroy_proto_handler PROTO_LIST((proto_handler **handlerp)); + +#endif + diff --git a/base/targets.mk b/base/targets.mk new file mode 100644 index 0000000..f14b45e --- /dev/null +++ b/base/targets.mk @@ -0,0 +1,275 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/base/targets.mk,v $ +# $Revision: 1.3 $ +# $Date: 2002/08/17 01:33:16 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 2001, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# ANALYZE_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# ANALYZE_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# ANALYZE_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# ANALYZE_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# ANALYZE_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# ANALYZE_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# ANALYZE_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# ANALYZE_MAKEFILES: +# the makefiles +# +# ANALYZE_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# ANALYZE_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# ANALYZE_PROGRAMS: +# programs to build +# +# ANALYZE_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# ANALYZE_SOURCES: +# the source files to compile to object +# +ANALYZE_DEFINES = +ANALYZE_INCLUDES = -I$(ANALYZE_SRCDIR) +ANALYZE_INTERNAL = +ANALYZE_LIBNAME = +ANALYZE_LIBPATHS = +ANALYZE_LIBRARIES = +ANALYZE_LOCALFLAGS = +ANALYZE_MAKEFILES = targets.mk +ANALYZE_PREFIX = ANALYZE +ANALYZE_PRIVATE = network.h proto_mod.h tcpconn.h tcppack.h +ANALYZE_PROGRAMS = +ANALYZE_PUBLIC = +ANALYZE_SOURCES = network.c pcap-snoop.c proto_mod.c tcpconn.c \ + tcppack.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# ANALYZE_OBJECTS: +# object files to build +# +# ANALYZE_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# ANALYZE_USED: +# all files in the module directory that are used +# during the build process +# +ANALYZE_OBJECTS = network.$(OBJSUFFIX) pcap-snoop.$(OBJSUFFIX) \ + proto_mod.$(OBJSUFFIX) tcpconn.$(OBJSUFFIX) \ + tcppack.$(OBJSUFFIX) +ANALYZE_UNUSED = common.c debug.c debug.h print_utils.c \ + print_utils.h +ANALYZE_USED = $(ANALYZE_INTERNAL:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_MAKEFILES:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_PRIVATE:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_PUBLIC:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_SOURCES:%=$(ANALYZE_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# ANALYZE_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(ANALYZE_DEFINES) +INCLUDES += $(ANALYZE_INCLUDES) +LIBPATHS += $(ANALYZE_LIBPATHS) +LIBRARIES += $(ANALYZE_LIBRARIES) +OBJECTS += $(ANALYZE_OBJECTS) +PUBLIC += $(ANALYZE_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(ANALYZE_LIBNAME) +default: $(ANALYZE_PROGRAMS) + +all: $(ANALYZE_PUBLIC) +all: $(ANALYZE_OBJECTS) +all: $(ANALYZE_LIBNAME) +all: $(ANALYZE_PROGRAMS) +build: $(ANALYZE_PUBLIC) +build: $(ANALYZE_OBJECTS) +ci: analyze_ci +clean: analyze_clean +clean_public: analyze_clean_public +objects: $(ANALYZE_OBJECTS) +private: $(ANALYZE_PRIVATE) +public: $(ANALYZE_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +analyze_ci: + $(CI) $(CIFLAGS) $(ANALYZE_USED) + +analyze_clean: + $(RM) $(RMFLAGS) $(ANALYZE_OBJECTS) $(ANALYZE_LIBNAME) $(ANALYZE_PROGRAMS) + +analyze_clean_public: + $(RM) $(RMFLAGS) $(ANALYZE_PUBLIC) + +analyze_objects: $(ANALYZE_OBJECTS) + +analyze_programs: $(ANALYZE_PROGRAMS) + +analyze_public: $(ANALYZE_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(ANALYZE_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(ANALYZE_OBJECTS): + $(COMPILE.c) $(ANALYZE_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(ANALYZE_LOCALFLAGS) + +$(ANALYZE_PUBLIC): + $(CP) $(CPFLAGS) $(ANALYZE_SRCDIR)$@ $@ + +$(ANALYZE_PROGRAMS): + $(LINK.c) -o $@ $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +network.$(OBJSUFFIX): $(ANALYZE_SRCDIR)network.h +network.$(OBJSUFFIX): $(ANALYZE_SRCDIR)network.c + +pcap-snoop.$(OBJSUFFIX): $(ANALYZE_SRCDIR)pcap-snoop.c + +proto_mod.$(OBJSUFFIX): $(ANALYZE_SRCDIR)proto_mod.h +proto_mod.$(OBJSUFFIX): $(ANALYZE_SRCDIR)proto_mod.c + +tcpconn.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcpconn.h +tcpconn.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcpconn.c + +tcppack.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcppack.h +tcppack.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcppack.c + +$(ANALYZE_LIBNAME): $(ANALYZE_OBJECTS) diff --git a/base/tcpconn.c b/base/tcpconn.c new file mode 100644 index 0000000..cd37753 --- /dev/null +++ b/base/tcpconn.c @@ -0,0 +1,203 @@ +/** + tcpconn.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcpconn.c,v 1.7 2002/08/17 01:33:16 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 15:13:03 1998 + */ + +static char *RCSSTRING="$Id: tcpconn.c,v 1.7 2002/08/17 01:33:16 ekr Exp $"; + +#include "network.h" +#include "tcpconn.h" + + +typedef struct conn_struct_ { + tcp_conn conn; + struct conn_struct_ *next; + struct conn_struct_ *prev; +} conn_struct; + +int conn_number=1; + +static conn_struct *first_conn=0; + +static int zero_conn PROTO_LIST((tcp_conn *conn)); + +static int zero_conn(conn) + tcp_conn *conn; + { + memset(conn,0,sizeof(tcp_conn)); + return(0); + } + +int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport) + tcp_conn **connp; + int *directionp; + struct in_addr *saddr; + u_short sport; + struct in_addr *daddr; + u_short dport; + { + conn_struct *conn; + + for(conn=first_conn;conn;conn=conn->next){ + + if(sport == conn->conn.i_port && dport==conn->conn.r_port){ + if(!memcmp(saddr,&conn->conn.i_addr,sizeof(struct in_addr)) + && !memcmp(daddr,&conn->conn.r_addr,sizeof(struct in_addr))) + { + *directionp=DIR_I2R; + *connp=&(conn->conn); + return(0); + } + } + + if(dport == conn->conn.i_port && sport==conn->conn.r_port){ + if(!memcmp(saddr,&conn->conn.r_addr,sizeof(struct in_addr)) + && !memcmp(daddr,&conn->conn.i_addr,sizeof(struct in_addr))) + { + *directionp=DIR_R2I; + *connp=&(conn->conn); + return(0); + } + } + } + + return(R_NOT_FOUND); + } + +int tcp_create_conn(connp,i_addr,i_port,r_addr,r_port) + tcp_conn **connp; + struct in_addr *i_addr; + u_short i_port; + struct in_addr *r_addr; + u_short r_port; + { + conn_struct *conn=0; + + if(!(conn=(conn_struct *)malloc(sizeof(conn_struct)))) + return(R_NO_MEMORY); + + conn->prev=0; + + zero_conn(&conn->conn); + conn->conn.backptr=conn; + conn->conn.conn_number=conn_number++; + + memcpy(&conn->conn.i_addr,i_addr,sizeof(struct in_addr)); + conn->conn.i_port=i_port; + memcpy(&conn->conn.r_addr,r_addr,sizeof(struct in_addr)); + conn->conn.r_port=r_port; + *connp=&(conn->conn); + + /* Insert at the head of the list */ + conn->next=first_conn; + if(first_conn) + first_conn->prev=conn; + first_conn=conn; + + + return(0); + } + +int tcp_destroy_conn(conn) + tcp_conn *conn; + { + conn_struct *c=conn->backptr; + + /* Detach from the list */ + if(c->next){ + c->next->prev=c->prev; + } + if(c->prev){ + c->prev->next=c->next; + } + else { + first_conn=c->next; + } + + destroy_proto_handler(&conn->analyzer); + free_tcp_segment_queue(conn->i2r.oo_queue); + free_tcp_segment_queue(conn->r2i.oo_queue); + zero_conn(conn); + + return(0); + } + +int free_tcp_segment_queue(seg) + segment *seg; + { + segment *tmp; + + while(seg){ + tmp=seg->next; + packet_destroy(seg->p); + free(seg); + seg=tmp; + } + + return(0); + } + +int copy_tcp_segment_queue(out,in) + segment **out; + segment *in; + { + int r,_status; + segment *base=0; + + for(;in;in=in->next){ + if(!(*out=(segment *)calloc(sizeof(segment),1))) + ABORT(R_NO_MEMORY); + if(!base) base=*out; + + if(r=packet_copy(in->p,&(*out)->p)) + ABORT(r); + out=&(*out)->next; /* Move the pointer we're assigning to */ + } + + _status=0; + abort: + if(_status){ + free_tcp_segment_queue(base); + } + return(_status); + } diff --git a/base/tcpconn.h b/base/tcpconn.h new file mode 100644 index 0000000..d081b01 --- /dev/null +++ b/base/tcpconn.h @@ -0,0 +1,104 @@ +/** + tcpconn.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcpconn.h,v 1.4 2001/07/20 23:33:15 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 13:00:52 1998 + */ + + +#ifndef _tcpconn_h +#define _tcpconn_h + +typedef struct segment_ { + u_char *data; + u_int len; + tcp_seq s_seq; + packet *p; + struct segment_ *next; +} segment; + +typedef struct stream_data_ { + tcp_seq seq; + tcp_seq ack; + short close; + segment *oo_queue; +} stream_data; + +typedef struct tcp_conn_ { + int conn_number; + int state; +#define TCP_STATE_SYN1 1 +#define TCP_STATE_SYN2 2 +#define TCP_STATE_ACK 3 +#define TCP_STATE_ESTABLISHED 4 +#define TCP_STATE_FIN1 5 +#define TCP_STATE_CLOSED 6 + /*The address which sent the first SYN*/ + struct in_addr i_addr; + u_short i_port; + + /*The address which sent the second SYN*/ + struct in_addr r_addr; + u_short r_port; + + stream_data i2r; /*The stream from initiator to responder*/ + stream_data r2i; /*The stream from responder to initiator*/ + + struct timeval start_time; + proto_handler *analyzer; /*The analyzer to call with new data*/ + struct conn_struct_ *backptr; +} tcp_conn; + +int tcp_find_conn PROTO_LIST((tcp_conn **connp, + int *directionp, + struct in_addr *src_addr, u_short src_port, + struct in_addr *dst_addr, u_short dst_port)); + +int tcp_create_conn PROTO_LIST((tcp_conn **connp, + struct in_addr *initiator_addr, u_short initiator_port, + struct in_addr *responder_addr, u_short responder_port)); + +int tcp_destroy_conn PROTO_LIST((tcp_conn *conn)); +int free_tcp_segment_queue PROTO_LIST((segment *seg)); +int copy_tcp_segment_queue PROTO_LIST((segment **out,segment *in)); + +#endif + diff --git a/base/tcppack.c b/base/tcppack.c new file mode 100644 index 0000000..4304800 --- /dev/null +++ b/base/tcppack.c @@ -0,0 +1,446 @@ +/** + tcppack.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcppack.c,v 1.11 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 12:43:39 1998 + */ + + +static char *RCSSTRING="$Id: tcppack.c,v 1.11 2002/09/09 21:02:58 ekr Exp $"; + +#include "network.h" +#ifndef _WIN32 +# include +# include +# ifndef LINUX +# include +# else +# define SEQ_LT(x,y) ((int)((x)-(y))<0) +# endif +#else +# include +# define SEQ_LT(x,y) ((int)((x)-(y))<0) +#endif +#include +#include "debug.h" +#include "tcpconn.h" +#include "tcppack.h" + + +static int process_data_segment PROTO_LIST((tcp_conn *conn, + proto_mod *handler,packet *p,stream_data *stream,int direction)); +static int new_connection PROTO_LIST((proto_mod *handler,proto_ctx *ctx, + packet *p,tcp_conn **connp)); +static int print_tcp_packet PROTO_LIST((packet *p)); +int STRIM PROTO_LIST((UINT4 _seq,segment *s)); + +int process_tcp_packet(handler,ctx,p) + proto_mod *handler; + proto_ctx *ctx; + packet *p; + { + int r,_status; + int direction; + stream_data *stream; + tcp_conn *conn; + + p->tcp=(struct tcphdr *)p->data; + + print_tcp_packet(p); + + if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, + ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){ + if(r!=R_NOT_FOUND) + ABORT(r); + + /*Note that we MUST receive the 3-way handshake in the + proper order. This shouldn't be a problem, though, + except for simultaneous connects*/ + if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){ + DBG((0,"TCP: rejecting packet from unknown connection\n")); + return(0); + } + + DBG((0,"SYN1\n")); + if(r=new_connection(handler,ctx,p,&conn)) + ABORT(r); + conn->i2r.seq=ntohl(p->tcp->th_seq)+1; + return(0); + } + + stream=direction==DIR_R2I?&conn->r2i:&conn->i2r; + + switch(conn->state){ + case TCP_STATE_SYN1: + if(direction != DIR_R2I) + break; + if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=(TH_SYN|TH_ACK)) + break; + conn->r2i.seq=ntohl(p->tcp->th_seq)+1; + conn->r2i.ack=ntohl(p->tcp->th_ack)+1; + conn->state=TCP_STATE_SYN2; + DBG((0,"SYN2\n")); + break; + case TCP_STATE_SYN2: + { + char *sn=0,*dn=0; + if(direction != DIR_I2R) + break; + DBG((0,"ACK\n")); + conn->i2r.ack=ntohl(p->tcp->th_ack)+1; + lookuphostname(&conn->i_addr,&sn); + lookuphostname(&conn->r_addr,&dn); + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\\fC"); + printf("New TCP connection #%d: %s(%d) <-> %s(%d)\n", + conn->conn_number, + sn,conn->i_port, + dn,conn->r_port); + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\\fR"); + + conn->state=TCP_STATE_ESTABLISHED; + free(sn); + free(dn); + } + case TCP_STATE_ESTABLISHED: + case TCP_STATE_FIN1: + { + UINT4 length; + + if(p->tcp->th_flags & TH_SYN) + break; + length=p->len - (p->tcp->th_off * 4); + if(r=process_data_segment(conn,handler,p,stream,direction)) + ABORT(r); + } + break; + default: + break; + } + + if(conn->state==TCP_STATE_CLOSED) + tcp_destroy_conn(conn); + + + _status=0; + abort: + + return(_status); + } + +static int new_connection(handler,ctx,p,connp) + proto_mod *handler; + proto_ctx *ctx; + packet *p; + tcp_conn **connp; + { + int r,_status; + tcp_conn *conn=0; + + if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), + &p->ip->ip_dst,ntohs(p->tcp->th_dport))) + ABORT(r); + + conn->state=TCP_STATE_SYN1; + memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); + if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)) + ABORT(r); + + *connp=conn; + _status=0; + abort: + return(_status); + } + +/*#define STRIM(_seq,s) { \ + int l;\ + int off;\ + l=(s)->s_seq - _seq; \ + off=(s)->p->tcp->th_off*4; \ + if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA);\ + (s)->data=(s)->p->data + off + (l) ; \ + (s)->len=(s)->p->len - off + (l); \ + (s)->s_seq += (l); \ + if((s)->next) { \ + if((s)->s_seq >= (s)->next->s_seq) {\ + l=(s)->next->s_seq - (s)->s_seq; \ + if((s)->len){\ + (s)->len-=(l+1); \ + (s)->s_seq-=(l+1);\ + }\ + }\ + }\ + } +*/ + +static int process_data_segment(conn,handler,p,stream,direction) + tcp_conn *conn; + proto_mod *handler; + packet *p; + stream_data *stream; + int direction; + { + int r,_status; + tcp_seq seq,right_edge; + segment _seg; + segment *seg,*nseg=0; + long l; + + l=p->len - p->tcp->th_off * 4; + + if(stream->close){ + DBG((0,"Rejecting packet received after FIN")); + return(0); + } + + /*The idea here is to pass all available segments + to the analyzer at once. Since we want to preserve + the segment packet data, we pass the data as a linked list of + segments*/ + seq=ntohl(p->tcp->th_seq); + + /*Add ACK processing logic here */ + if(p->tcp->th_flags & TH_ACK){ + long acknum,acked; + + + acknum=ntohl(p->tcp->th_ack); + acked=acknum-stream->ack; + + if(acked && !l){ + /* + if(r=timestamp_diff(&p->ts,&conn->start_time,&dt)) + ERETURN(r); + printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); + if(direction == DIR_R2I) + printf("S>C "); + else + printf("C>S "); + + printf("ACK (%d)\n",acked); */ + } + + stream->ack=acknum; + } + + + DBG((0,"Stream Seq %u ",stream->seq)); + + /* Check to see if this packet has been processed already */ + right_edge=seq + (p->len - (p->tcp->th_off)*4); + if(!(p->tcp->th_flags & (TH_RST)) && SEQ_LT(right_edge,stream->seq)) + return(0); + + if(SEQ_LT(stream->seq,seq)){ + /* Out of order segment */ + tcp_seq left_edge; + + for(seg=0;seg;seg=seg?seg->next:stream->oo_queue){ + if(seg->next->s_seq > seq) + break; + } + + if(!(nseg=(segment *)calloc(sizeof(segment),1))) + ABORT(R_NO_MEMORY); + if(r=packet_copy(p,&nseg->p)) + ABORT(r); + nseg->s_seq=seq; + + /*Insert this segment into the reassembly queue*/ + if(seg){ + nseg->next=seg->next; + seg->next=nseg; + } + else{ + nseg->next=stream->oo_queue; + stream->oo_queue=nseg; + } + + left_edge=seg?seg->s_seq:stream->seq; + STRIM(left_edge,nseg); + } + else{ + /*First segment -- just thread the unallocated data on the + list so we can pass to the analyzer*/ + _seg.next=0; + _seg.p=p; + _seg.s_seq=seq; + + /*Now split the queue. Assemble as many packets as possible + and pass them to the analyzer. But process anything with a + RST in it immediately and ignore any data that might be in it + */ + if(_seg.p->tcp->th_flags & (TH_RST)){ + stream->close=_seg.p->tcp->th_flags & (TH_RST); + seg=&_seg; + + conn->state=TCP_STATE_CLOSED; + } + else{ + STRIM(stream->seq,&_seg); + + if(_seg.p->tcp->th_flags & (TH_FIN)){ + stream->close=_seg.p->tcp->th_flags & (TH_FIN); + seg=&_seg; + } + else { + for(seg=&_seg;seg->next;seg=seg->next){ + if(seg->p->tcp->th_flags & (TH_FIN)){ + stream->close=_seg.p->tcp->th_flags & (TH_FIN); + break; + } + if(seg->len + seg->s_seq != seg->next->s_seq) + break; + } + } + + /*Note that this logic is broken because it doesn't + do the CLOSE_WAIT/FIN_WAIT stuff, but it's probably + close enough, since this is a higher level protocol analyzer, + not a TCP analyzer*/ + if(seg->p->tcp->th_flags & (TH_FIN) ){ + if(conn->state == TCP_STATE_ESTABLISHED) + conn->state=TCP_STATE_FIN1; + else + conn->state=TCP_STATE_CLOSED; + } + + stream->oo_queue=seg->next; + seg->next=0; + stream->seq=seg->s_seq + seg->len; + + if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) + ABORT(r); + } + + if(stream->close){ + if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) + ABORT(r); + } + + free_tcp_segment_queue(_seg.next); + } + + _status=0; + abort: + return(_status); + } + +static int print_tcp_packet(p) + packet *p; + { + char *src=0,*dst=0; + + if(!(NET_print_flags & NET_PRINT_TCP_HDR)) + return(0); + + lookuphostname(&p->ip->ip_src,&src); + lookuphostname(&p->ip->ip_dst,&dst); + + printf("TCP: %s(%d) -> %s(%d) ", + src, + ntohs(p->tcp->th_sport), + dst, + ntohs(p->tcp->th_dport)); + + printf("Seq %u.(%d) ", + ntohl(p->tcp->th_seq), + p->len - p->tcp->th_off *4); + + if(p->tcp->th_flags & TH_ACK) + printf("ACK %u ",ntohl(p->tcp->th_ack)); + + if(p->tcp->th_flags & TH_FIN) + printf("FIN "); + if(p->tcp->th_flags & TH_SYN) + printf("SYN "); + if(p->tcp->th_flags & TH_RST) + printf("RST "); + if(p->tcp->th_flags & TH_PUSH) + printf("PUSH "); + if(p->tcp->th_flags & TH_URG) + printf("URG "); + + printf("\n"); + + free(src); + free(dst); + return(0); + } + +int STRIM(_seq,s) + UINT4 _seq; + segment *s; + { + int l; + int off; + + /* Test: this shouldn't damage things at all + s->p->data-=4; + s->p->len+=4; + s->s_seq-=4; + */ + + l=_seq - (s)->s_seq; /* number of bytes to trim + from the left of s */ + off=(s)->p->tcp->th_off*4; + if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA); + + /* Now remove the leading l bytes */ + (s)->data=(s)->p->data + off + (l) ; + (s)->len=(s)->p->len - (off + l); + (s)->s_seq += (l); + + /* Now trim to the right if necessary */ + if((s)->next) { + if((s)->s_seq >= (s)->next->s_seq) { + l=(s)->s_seq - (s)->next->s_seq; + + if((s)->len){ + (s)->len-=(l+1); + } + } + } + + return(0); + } + diff --git a/base/tcppack.h b/base/tcppack.h new file mode 100644 index 0000000..b9ed111 --- /dev/null +++ b/base/tcppack.h @@ -0,0 +1,54 @@ +/** + tcppack.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcppack.h,v 1.3 2001/07/20 23:33:15 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 15:08:30 1999 + */ + + +#ifndef _tcppack_h +#define _tcppack_h + +int process_tcp_packet PROTO_LIST((proto_mod *mod,proto_ctx *ctx, + packet *p)); + +#endif + diff --git a/common/Makefile.in b/common/Makefile.in new file mode 100644 index 0000000..9506951 --- /dev/null +++ b/common/Makefile.in @@ -0,0 +1,5 @@ +OBJECTS=r_assoc.o r_data.o r_errors.o r_list.c r_time.o +INCLUDES += ../includes +OBJECTS: + $(CC) $(CFLAGS) $(@:%.c + diff --git a/common/configure.scan b/common/configure.scan new file mode 100644 index 0000000..4d9218c --- /dev/null +++ b/common/configure.scan @@ -0,0 +1,20 @@ +dnl Process this file with autoconf to produce a configure script. +AC_INIT(include/r_assoc.h) + +dnl Checks for programs. +AC_PROG_CC + +dnl Checks for libraries. + +dnl Checks for header files. +AC_HEADER_STDC +AC_CHECK_HEADERS(sys/time.h) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_HEADER_TIME + +dnl Checks for library functions. +AC_FUNC_MEMCMP +AC_FUNC_VPRINTF + +AC_OUTPUT(make/freebsd31/Makefile make/freebsd22/Makefile make/sunos413/Makefile) diff --git a/common/include/.#r_macros.h.1.2 b/common/include/.#r_macros.h.1.2 new file mode 100644 index 0000000..20c9b1d --- /dev/null +++ b/common/include/.#r_macros.h.1.2 @@ -0,0 +1,106 @@ +/** + r_macros.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_macros.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:37:32 1998 + */ + + +#ifndef _r_macros_h +#define _r_macros_h + +#if (R_USE_PROTOTYPES==1) +#define PROTO_LIST(a) a +#else +#define PROTO_LIST(a) () +#endif + +#ifndef __GNUC__ +#define __FUNCTION__ "unknown" +#endif + +#ifdef R_TRACE_ERRORS +#define REPORT_ERROR_(caller,a) fprintf(stderr,"%s: error %d at %s:%d (function %s)\n", \ + caller,a,__FILE__,__LINE__,__FUNCTION__) +#else +#define REPORT_ERROR_(caller,a) +#endif + +#ifndef ERETURN +#define ERETURN(a) do {int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ERETURN",_r); return(_r);} while(0) +#endif + +#ifndef ABORT +#define ABORT(a) do { int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ABORT",_r); _status=_r; goto abort;} while(0) +#endif + +#ifndef FREE +#define FREE(a) if(a) free(a) +#endif +#ifndef MIN +#define MIN(a,b) ((a)>(b))?(b):(a) +#endif + +#ifndef MAX +#define MAX(a,b) ((b)>(a))?(b):(a) +#endif + +#ifdef DEBUG +#define DBG(a) debug a +int debug(int class,char *format,...); +#else +#define DBG(a) +#endif + +#ifndef RMALLOC +#define RMALLOC(a) malloc(A) +#endif + +#ifndef RCALLOC +#define RCALLOC(a) calloc(1,a) +#endif + +#ifndef RFREE +#define RFREE(a) if(a) free(a) +#endif + +#endif + diff --git a/common/include/r_assoc.h b/common/include/r_assoc.h new file mode 100644 index 0000000..699f287 --- /dev/null +++ b/common/include/r_assoc.h @@ -0,0 +1,83 @@ +/** + r_assoc.h + + Associative array code. This code has the advantage that different + elements can have different create and destroy operators. Unfortunately, + this can waste space. + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_assoc.h,v 1.3 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 17:57:18 1999 + */ + + +#ifndef _r_assoc_h +#define _r_assoc_h + +typedef struct r_assoc_ r_assoc; + +int r_assoc_create PROTO_LIST((r_assoc **assocp)); +int r_assoc_insert PROTO_LIST((r_assoc *assoc,char *key,int len, + void *value,int (*copy)(void **new,void *old), + int (*destroy)(void *ptr),int how)); +#define R_ASSOC_REPLACE 0x1 +#define R_ASSOC_NEW 0x2 + +int r_assoc_fetch PROTO_LIST((r_assoc *assoc,char *key, int len, + void **value)); +int r_assoc_copy PROTO_LIST((r_assoc **new,r_assoc *old)); +int r_assoc_destroy PROTO_LIST((r_assoc **assocp)); + +/*We need iterators, but I haven't written them yet*/ +typedef struct r_assoc_iterator_ { + r_assoc *assoc; + int prev_chain; + struct r_assoc_el_ *prev; + int next_chain; + struct r_assoc_el_ *next; +} r_assoc_iterator; + +int r_assoc_init_iter PROTO_LIST((r_assoc *assoc,r_assoc_iterator *)); +int r_assoc_iter PROTO_LIST((r_assoc_iterator *iter,void **key,int *keyl, + void **val)); +int r_assoc_iter_delete PROTO_LIST((r_assoc_iterator *)); + +#endif + diff --git a/common/include/r_bitfield.h b/common/include/r_bitfield.h new file mode 100644 index 0000000..a5b89b0 --- /dev/null +++ b/common/include/r_bitfield.h @@ -0,0 +1,26 @@ +/** + r_bitfield.h + + Copyright (C) 2001 RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Wed Oct 3 10:43:50 2001 + */ + + +#ifndef _r_bitfield_h +#define _r_bitfield_h + +typedef struct r_bitfield_ { + UINT4 *data; + UINT4 len; + UINT4 base; +} r_bitfield; + +int r_bitfield_set PROTO_LIST((r_bitfield *,int bit)); +int r_bitfield_isset PROTO_LIST((r_bitfield *,int bit)); +int r_bitfield_create PROTO_LIST((r_bitfield **setp,UINT4 size)); +int r_bitfield_destroy PROTO_LIST((r_bitfield **setp)); + +#endif + diff --git a/common/include/r_common.h b/common/include/r_common.h new file mode 100644 index 0000000..787addd --- /dev/null +++ b/common/include/r_common.h @@ -0,0 +1,66 @@ +/** + r_common.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_common.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:40:07 1998 + */ + + +#ifndef _r_common_h +#define _r_common_h + +#include "r_defaults.h" +#include "r_includes.h" +#include "r_types.h" +#include "r_macros.h" +#include "r_errors.h" +#include "r_data.h" + +/*AAH*/ +int xdump PROTO_LIST((char *label,UCHAR *data,int len)); + +/* defines for possibly replaced functions */ +#ifndef HAVE_STRDUP +char *strdup PROTO_LIST((char *in)); +#endif + +#endif + diff --git a/common/include/r_data.h b/common/include/r_data.h new file mode 100644 index 0000000..8ec136a --- /dev/null +++ b/common/include/r_data.h @@ -0,0 +1,68 @@ +/** + r_data.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_data.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Wed Feb 10 14:18:19 1999 + */ + + +#ifndef _r_data_h +#define _r_data_h + +typedef struct Data_ { + UCHAR *data; + int len; +} Data; + +int r_data_create PROTO_LIST((Data **dp,UCHAR *d,int l)); +int r_data_alloc PROTO_LIST((Data **dp, int l)); +int r_data_make PROTO_LIST((Data *dp, UCHAR *d,int l)); +int r_data_destroy PROTO_LIST((Data **dp)); +int r_data_copy PROTO_LIST((Data *dst,Data *src)); +int r_data_zfree PROTO_LIST((Data *d)); +int r_data_compare PROTO_LIST((Data *d1,Data *d2)); + +#define INIT_DATA(a,b,c) (a).data=b; (a).len=c +#define ATTACH_DATA(a,b) (a).data=b; (a).len=sizeof(b) +#define ZERO_DATA(a) (a).data=0; (a).len=0 + +#endif + diff --git a/common/include/r_defaults.h b/common/include/r_defaults.h new file mode 100644 index 0000000..180ab0d --- /dev/null +++ b/common/include/r_defaults.h @@ -0,0 +1,59 @@ +/** + r_defaults.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_defaults.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:39:14 1998 + */ + + +#ifndef _r_defaults_h +#define _r_defaults_h + +#ifndef R_USE_PROTOTYPES +#define R_USE_PROTOTYPES 1 +#endif + + +/*The needs defines don't belong here*/ +#define R_NEEDS_STDLIB_H + +#endif + diff --git a/common/include/r_errors.h b/common/include/r_errors.h new file mode 100644 index 0000000..d3d93c0 --- /dev/null +++ b/common/include/r_errors.h @@ -0,0 +1,62 @@ +/** + r_errors.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_errors.h,v 1.3 2002/01/21 17:36:51 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:59:49 1998 + */ + + +#ifndef _r_errors_h +#define _r_errors_h + +#define R_NO_MEMORY 1 /*out of memory*/ +#define R_NOT_FOUND 2 /*Item not found*/ +#define R_INTERNAL 3 /*Unspecified internal error*/ +#define R_ALREADY 4 /*Action already done*/ +#define R_EOD 5 /*end of data*/ +#define R_BAD_ARGS 6 /*Bad arguments*/ +#define R_BAD_DATA 7 /*Bad data*/ +#define R_WOULDBLOCK 8 /*Operation would block */ + +int verr_exit PROTO_LIST((char *fmt,...)); + +#endif + diff --git a/common/include/r_includes.h b/common/include/r_includes.h new file mode 100644 index 0000000..cc9d6b5 --- /dev/null +++ b/common/include/r_includes.h @@ -0,0 +1,61 @@ +/** + r_includes.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_includes.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 11:38:50 1998 + */ + + +#ifndef _r_includes_h +#define _r_includes_h + +#ifdef R_NEEDS_STDLIB_H +#include +#endif + +#ifdef R_NEEDS_MEMORY_H +#include +#endif + +#include + +#endif + diff --git a/common/include/r_list.h b/common/include/r_list.h new file mode 100644 index 0000000..6addb7c --- /dev/null +++ b/common/include/r_list.h @@ -0,0 +1,69 @@ +/** + r_list.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_list.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Jan 19 08:36:48 1999 + */ + + +#ifndef _r_list_h +#define _r_list_h + +typedef struct r_list_ r_list; + +typedef struct r_list_iterator_ { + r_list *list; + struct r_list_el_ *ptr; +} r_list_iterator; + +int r_list_create PROTO_LIST((r_list **listp)); +int r_list_destroy PROTO_LIST((r_list **listp)); +int r_list_copy PROTO_LIST((r_list **out,r_list *in)); +int r_list_insert PROTO_LIST((r_list *list,void *value, + int (*copy)(void **new,void *old), + int (*destroy)(void **ptr))); +int r_list_append PROTO_LIST((r_list *list,void *value, + int (*copy)(void **new,void *old), + int (*destroy)(void **ptr))); +int r_list_init_iter PROTO_LIST((r_list *list,r_list_iterator *iter)); +int r_list_iter PROTO_LIST((r_list_iterator *iter,void **val)); + +#endif diff --git a/common/include/r_macros.h b/common/include/r_macros.h new file mode 100644 index 0000000..fa1b318 --- /dev/null +++ b/common/include/r_macros.h @@ -0,0 +1,112 @@ +/** + r_macros.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_macros.h,v 1.4 2001/11/20 17:45:18 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:37:32 1998 + */ + + +#ifndef _r_macros_h +#define _r_macros_h + +#if (R_USE_PROTOTYPES==1) +#define PROTO_LIST(a) a +#else +#define PROTO_LIST(a) () +#endif + +#ifndef __GNUC__ +#define __FUNCTION__ "unknown" +#endif + +#ifdef R_TRACE_ERRORS +#define REPORT_ERROR_(caller,a) fprintf(stderr,"%s: error %d at %s:%d (function %s)\n", \ + caller,a,__FILE__,__LINE__,__FUNCTION__) +#else +#define REPORT_ERROR_(caller,a) +#endif + +#ifndef ERETURN +#define ERETURN(a) do {int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ERETURN",_r); return(_r);} while(0) +#endif + +#ifndef ABORT +#define ABORT(a) do { int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ABORT",_r); _status=_r; goto abort;} while(0) +#endif + +#ifndef FREE +#define FREE(a) if(a) free(a) +#endif +#ifndef MIN +#define MIN(a,b) ((a)>(b))?(b):(a) +#endif + +#ifndef MAX +#define MAX(a,b) ((b)>(a))?(b):(a) +#endif + +#ifdef DEBUG +#define DBG(a) debug a +int debug(int class,char *format,...); +#else +#define DBG(a) +#endif + +#ifndef RMALLOC +#define RMALLOC(a) malloc(a) +#endif + +#ifndef RCALLOC +#define RCALLOC(a) calloc(1,a) +#endif + +#ifndef RFREE +#define RFREE(a) if(a) free(a) +#endif + +#ifndef RREALLOC +#define RREALLOC(a,b) realloc(a,b) +#endif + +#define UNIMPLEMENTED do { fprintf(stderr,"Function %s unimplemented\n",__FUNCTION__); abort(); } while(0) + + +#endif diff --git a/common/include/r_thread.h b/common/include/r_thread.h new file mode 100644 index 0000000..9c72825 --- /dev/null +++ b/common/include/r_thread.h @@ -0,0 +1,69 @@ +/** + r_thread.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_thread.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Feb 23 14:58:36 1999 + */ + + +#ifndef _r_thread_h +#define _r_thread_h + +typedef void *r_thread; +typedef void *r_rwlock; + +int r_thread_fork PROTO_LIST((void (*func)(void *),void *arg, + r_thread *tid)); +int r_thread_destroy PROTO_LIST((r_thread tid)); +int r_thread_yield PROTO_LIST((void)); +int r_thread_exit PROTO_LIST((void)); +int r_thread_wait_last PROTO_LIST((void)); + +int r_rwlock_create PROTO_LIST((r_rwlock **lockp)); +int r_rwlock_destroy PROTO_LIST((r_rwlock **lock)); +int r_rwlock_lock PROTO_LIST((r_rwlock *lock,int action)); + +#define R_RWLOCK_UNLOCK 0 +#define R_RWLOCK_RLOCK 1 +#define R_RWLOCK_WLOCK 2 + +#endif + diff --git a/common/include/r_time.h b/common/include/r_time.h new file mode 100644 index 0000000..4510cfe --- /dev/null +++ b/common/include/r_time.h @@ -0,0 +1,75 @@ +/** + r_time.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_time.h,v 1.4 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Thu Mar 4 08:45:41 1999 + */ + + +#ifndef _r_time_h +#define _r_time_h + +#ifdef _WIN32 +# include +#else +/* Cribbed from the autoconf doc */ +# if TIME_WITH_SYS_TIME +# include +# include +# else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +# endif +#endif + +int r_timeval_diff PROTO_LIST((struct timeval *t1,struct timeval *t0, + struct timeval *diff)); +int r_timeval_add PROTO_LIST((struct timeval *t1,struct timeval *t2, + struct timeval *sum)); + +UINT8 r_timeval2int PROTO_LIST((struct timeval *tv)); +UINT8 r_gettimeint PROTO_LIST((void)); + +#endif + diff --git a/common/include/r_types.h b/common/include/r_types.h new file mode 100644 index 0000000..53dcdf4 --- /dev/null +++ b/common/include/r_types.h @@ -0,0 +1,91 @@ +/** + r_types.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_types.h,v 1.3 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:36:02 1998 + */ + + +#ifndef _r_types_h +#define _r_types_h + +#ifndef R_DEFINED_UINT4 +#ifndef SIZEOF_UNSIGNED_INT +typedef unsigned int UINT4; +#else +# if (SIZEOF_UNSIGNED_INT==4) +typedef unsigned int UINT4; +# elif (SIZEOF_UNSIGNED_SHORT==4) +typedef unsigned short UINT4; +# elif (SIZEOF_UNSIGNED_LONG==4) +typedef unsigned long UINT4; +# else +# error no type for UINT4 +# endif +#endif +#endif + +#ifndef R_DEFINED_UINT8 +#ifndef SIZEOF_UNSIGNED_LONG +typedef unsigned long UINT8; +#else +# if (SIZEOF_UNSIGNED_INT==8) +typedef unsigned int UINT8; +# elif (SIZEOF_UNSIGNED_SHORT==8) +typedef unsigned short UINT8; +# elif (SIZEOF_UNSIGNED_LONG==8) +typedef unsigned long UINT8; +# elif (SIZEOF_UNSIGNED_LONG_LONG==8) +typedef unsigned long long UINT8; +# elif defined (_WIN32) && defined (_MSC_VER) +typedef unsigned __int64 UINT8; +# else +# error no type for UINT8 +# endif +#endif +#endif + +#ifndef R_DEFINED_UCHAR +typedef unsigned char UCHAR; +#endif + +#endif + diff --git a/common/lib/assoc.h b/common/lib/assoc.h new file mode 100644 index 0000000..5fbd0d5 --- /dev/null +++ b/common/lib/assoc.h @@ -0,0 +1,53 @@ +/** + assoc.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: assoc.h,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 17:56:35 1999 + */ + + +#ifndef _assoc_h +#define _assoc_h + +typedef struct assoc_ assoc; + +#endif + diff --git a/common/lib/debug.c b/common/lib/debug.c new file mode 100644 index 0000000..e275f83 --- /dev/null +++ b/common/lib/debug.c @@ -0,0 +1,91 @@ +/** + debug.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.c,v 1.3 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:08:58 1999 + */ + + +static char *RCSSTRING="$Id: debug.c,v 1.3 2001/12/24 06:06:26 ekr Exp $"; + + +#include +#include +#include "r_common.h" +#include "debug.h" + +int debug(int class,char *format,...) + { + va_list ap; + + va_start(ap,format); + vfprintf(stderr,format,ap); + fprintf(stderr,"\n"); + return(0); + } + +int xdump(name,data,len) + char *name; + UCHAR *data; + int len; + { + int i; + + if(name){ + printf("%s[%d]=\n",name,len); + } + for(i=0;i8) && i && !(i%12)){ + printf("\n"); + } + printf("%.2x ",data[i]&255); + } + if(i%12) + printf("\n"); + return(0); + } + + + + + + diff --git a/common/lib/debug.h b/common/lib/debug.h new file mode 100644 index 0000000..9fb10f4 --- /dev/null +++ b/common/lib/debug.h @@ -0,0 +1,61 @@ +/** + debug.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.h,v 1.3 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:13:00 1999 + */ + + +#ifndef _debug_h +#define _debug_h + +#ifdef DEBUG +#define DBG(a) debug a +#else +#define DBG(a) +#endif + +int debug(int class,char *format,...); +int xdump PROTO_LIST((char *name,UCHAR *data, + int len)); + +#endif + diff --git a/common/lib/local.mk b/common/lib/local.mk new file mode 100644 index 0000000..3c03c16 --- /dev/null +++ b/common/lib/local.mk @@ -0,0 +1,279 @@ +# +# local.mk +# +# $Source: /usr/local/CVS/ssldump/common/lib/local.mk,v $ +# $Revision: 1.2 $ +# $Date: 2001/10/04 17:19:47 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 2001, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# COMMON_LIB_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# COMMON_LIB_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# COMMON_LIB_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# COMMON_LIB_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# COMMON_LIB_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# COMMON_LIB_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# COMMON_LIB_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# COMMON_LIB_MAKEFILES: +# the makefiles +# +# COMMON_LIB_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# COMMON_LIB_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# COMMON_LIB_PROGRAMS: +# programs to build +# +# COMMON_LIB_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# COMMON_LIB_SOURCES: +# the source files to compile to object +# +COMMON_LIB_DEFINES = +COMMON_LIB_INCLUDES = +COMMON_LIB_INTERNAL = +COMMON_LIB_LIBNAME = +COMMON_LIB_LIBPATHS = +COMMON_LIB_LIBRARIES = +COMMON_LIB_LOCALFLAGS = +COMMON_LIB_MAKEFILES = targets.mk +COMMON_LIB_PREFIX = COMMON_LIB +COMMON_LIB_PRIVATE = +COMMON_LIB_PROGRAMS = +COMMON_LIB_PUBLIC = +COMMON_LIB_SOURCES = debug.c r_assoc.c r_bitfield.c r_data.c \ + r_errors.c r_list.c r_replace.c r_time.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# COMMON_LIB_OBJECTS: +# object files to build +# +# COMMON_LIB_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# COMMON_LIB_USED: +# all files in the module directory that are used +# during the build process +# +COMMON_LIB_OBJECTS = debug.$(OBJSUFFIX) r_assoc.$(OBJSUFFIX) \ + r_bitfield.$(OBJSUFFIX) r_data.$(OBJSUFFIX) \ + r_errors.$(OBJSUFFIX) r_list.$(OBJSUFFIX) \ + r_replace.$(OBJSUFFIX) r_time.$(OBJSUFFIX) +COMMON_LIB_UNUSED = assoc.h debug.h local.mk r_assoc_test.c r_data.h +COMMON_LIB_USED = $(COMMON_LIB_INTERNAL:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_MAKEFILES:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PRIVATE:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PUBLIC:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_SOURCES:%=$(COMMON_LIB_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# COMMON_LIB_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(COMMON_LIB_DEFINES) +INCLUDES += $(COMMON_LIB_INCLUDES) +LIBPATHS += $(COMMON_LIB_LIBPATHS) +LIBRARIES += $(COMMON_LIB_LIBRARIES) +OBJECTS += $(COMMON_LIB_OBJECTS) +PUBLIC += $(COMMON_LIB_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(COMMON_LIB_LIBNAME) +default: $(COMMON_LIB_PROGRAMS) + +all: $(COMMON_LIB_PUBLIC) +all: $(COMMON_LIB_OBJECTS) +all: $(COMMON_LIB_LIBNAME) +all: $(COMMON_LIB_PROGRAMS) +build: $(COMMON_LIB_PUBLIC) +build: $(COMMON_LIB_OBJECTS) +ci: common_lib_ci +clean: common_lib_clean +clean_public: common_lib_clean_public +objects: $(COMMON_LIB_OBJECTS) +private: $(COMMON_LIB_PRIVATE) +public: $(COMMON_LIB_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +common_lib_ci: + $(CI) $(CIFLAGS) $(COMMON_LIB_USED) + +common_lib_clean: + $(RM) $(RMFLAGS) $(COMMON_LIB_OBJECTS) $(COMMON_LIB_LIBNAME) $(COMMON_LIB_PROGRAMS) + +common_lib_clean_public: + $(RM) $(RMFLAGS) $(COMMON_LIB_PUBLIC) + +common_lib_objects: $(COMMON_LIB_OBJECTS) + +common_lib_programs: $(COMMON_LIB_PROGRAMS) + +common_lib_public: $(COMMON_LIB_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(COMMON_LIB_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(COMMON_LIB_OBJECTS): + $(COMPILE.c) $(COMMON_LIB_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(COMMON_LIB_LOCALFLAGS) + +$(COMMON_LIB_PUBLIC): + $(CP) $(CPFLAGS) $(COMMON_LIB_SRCDIR)$@ $@ + +$(COMMON_LIB_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.h +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.c + +r_assoc.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_assoc.c + +r_bitfield.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_bitfield.c + +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.h +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.c + +r_errors.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_errors.c + +r_list.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_list.c + +r_replace.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_replace.c + +r_time.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_time.c + +$(COMMON_LIB_LIBNAME): $(COMMON_LIB_OBJECTS) diff --git a/common/lib/r_assoc.c b/common/lib/r_assoc.c new file mode 100644 index 0000000..1328350 --- /dev/null +++ b/common/lib/r_assoc.c @@ -0,0 +1,425 @@ +/** + r_assoc.c + + This is an associative array implementation, using an open-chained + hash bucket technique. + + Note that this implementation permits each data entry to have + separate copy constructors and destructors. This currently wastes + space, but could be implemented while saving space by using + the high order bit of the length value or somesuch. + + The major problem with this code is it's not resizable, though it + could be made so. + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_assoc.c,v 1.4 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 17:57:15 1999 + */ + +static char *RCSSTRING="$Id: r_assoc.c,v 1.4 2001/12/24 06:06:26 ekr Exp $"; + +#include +#include "r_assoc.h" + +typedef struct r_assoc_el_ { + char *key; + int key_len; + void *data; + struct r_assoc_el_ *prev; + struct r_assoc_el_ *next; + int (*copy) PROTO_LIST((void **new,void *old)); + int (*destroy) PROTO_LIST((void *ptr)); +} r_assoc_el; + +struct r_assoc_ { + int size; + int bits; + r_assoc_el **chains; +}; + +#define DEFAULT_TABLE_BITS 5 + +static int destroy_assoc_chain PROTO_LIST((r_assoc_el *chain)); +static int r_assoc_fetch_bucket PROTO_LIST((r_assoc *assoc, + char *key,int len,r_assoc_el **bucketp)); +UINT4 hash_compute PROTO_LIST((char *key,int len,int size)); +static int copy_assoc_chain PROTO_LIST((r_assoc_el **newp, + r_assoc_el *old)); + +int r_assoc_create(assocp) + r_assoc **assocp; + { + r_assoc *assoc=0; + int _status; + + if(!(assoc=(r_assoc *)calloc(sizeof(r_assoc),1))) + ABORT(R_NO_MEMORY); + assoc->size=(1<bits=DEFAULT_TABLE_BITS; + + if(!(assoc->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el *), + assoc->size))) + ABORT(R_NO_MEMORY); + + *assocp=assoc; + + _status=0; + abort: + if(_status){ + r_assoc_destroy(&assoc); + } + return(_status); + } + +int r_assoc_destroy(assocp) + r_assoc **assocp; + { + r_assoc *assoc; + int i; + + if(!assocp || !*assocp) + return(0); + + assoc=*assocp; + for(i=0;isize;i++) + destroy_assoc_chain(assoc->chains[i]); + + return(0); + } + +static int destroy_assoc_chain(chain) + r_assoc_el *chain; + { + r_assoc_el *nxt; + + while(chain){ + nxt=chain->next; + + if(chain->destroy) + chain->destroy(chain->data); + + free(chain->key); + + free(chain); + chain=nxt; + } + + return(0); + } + +static int copy_assoc_chain(newp,old) + r_assoc_el **newp; + r_assoc_el *old; + { + r_assoc_el *new=0,*ptr,*tmp; + int r,_status; + + if(!old) { + *newp=0; + return(0); + } + for(;old;old=old->next){ + if(!(tmp=(r_assoc_el *)calloc(sizeof(r_assoc_el),1))) + ABORT(R_NO_MEMORY); + + if(!new){ + new=tmp; + ptr=new; + } + else{ + ptr->next=tmp; + tmp->prev=ptr; + ptr=tmp; + } + + ptr->destroy=old->destroy; + ptr->copy=old->copy; + + if(old->copy){ + if(r=old->copy(&ptr->data,old->data)) + ABORT(r); + } + else + ptr->data=old->data; + + if(!(ptr->key=(char *)malloc(old->key_len))) + ABORT(R_NO_MEMORY); + memcpy(ptr->key,old->key,ptr->key_len=old->key_len); + } + + *newp=new; + + _status=0; + abort: + if(_status){ + destroy_assoc_chain(new); + } + return(_status); + } + +static int r_assoc_fetch_bucket(assoc,key,len,bucketp) + r_assoc *assoc; + char *key; + int len; + r_assoc_el **bucketp; + { + UINT4 hash_value; + r_assoc_el *bucket; + + hash_value=hash_compute(key,len,assoc->bits); + + for(bucket=assoc->chains[hash_value];bucket;bucket=bucket->next){ + if(bucket->key_len == len && !memcmp(bucket->key,key,len)){ + *bucketp=bucket; + return(0); + } + } + + return(R_NOT_FOUND); + } + +int r_assoc_fetch(assoc,key,len,datap) + r_assoc *assoc; + char *key; + int len; + void **datap; + { + r_assoc_el *bucket; + int r; + + if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ + if(r!=R_NOT_FOUND) + ERETURN(r); + return(r); + } + + *datap=bucket->data; + return(0); + } + +int r_assoc_insert(assoc,key,len,data,copy,destroy,how) + r_assoc *assoc; + char *key; + int len; + void *data; + int (*copy) PROTO_LIST((void **new,void *old)); + int (*destroy) PROTO_LIST((void *ptr)); + int how; + { + r_assoc_el *bucket,*new_bucket=0; + int r,_status; + + if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ + /*Note that we compute the hash value twice*/ + UINT4 hash_value; + + if(r!=R_NOT_FOUND) + ABORT(r); + hash_value=hash_compute(key,len,assoc->bits); + + if(!(new_bucket=(r_assoc_el *)calloc(sizeof(r_assoc_el),1))) + ABORT(R_NO_MEMORY); + if(!(new_bucket->key=(char *)malloc(len))) + ABORT(R_NO_MEMORY); + memcpy(new_bucket->key,key,len); + new_bucket->key_len=len; + + /*Insert at the list head. Is FIFO a good algorithm?*/ + if(assoc->chains[hash_value]) + assoc->chains[hash_value]->prev=new_bucket; + new_bucket->next=assoc->chains[hash_value]; + assoc->chains[hash_value]=new_bucket; + bucket=new_bucket; + } + else{ + if(!(how&R_ASSOC_REPLACE)) + ABORT(R_ALREADY); + + if(bucket->destroy) + bucket->destroy(bucket->data); + } + + bucket->data=data; + bucket->copy=copy; + bucket->destroy=destroy; + + _status=0; + abort: + if(_status && new_bucket){ + free(new_bucket->key); + free(new_bucket); + } + return(_status); + } + +int r_assoc_copy(newp,old) + r_assoc **newp; + r_assoc *old; + { + int r,_status,i; + r_assoc *new; + + if(!(new=(r_assoc *)calloc(sizeof(r_assoc),1))) + ABORT(r); + new->size=old->size; + new->bits=old->bits; + + if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size))) + ABORT(R_NO_MEMORY); + for(i=0;isize;i++){ + if(r=copy_assoc_chain(new->chains+i,old->chains[i])) + ABORT(r); + } + *newp=new; + + _status=0; + abort: + if(_status){ + r_assoc_destroy(&new); + } + return(_status); + } + +int r_assoc_init_iter(assoc,iter) + r_assoc *assoc; + r_assoc_iterator *iter; + { + int i; + + iter->assoc=assoc; + iter->prev_chain=-1; + iter->prev=0; + + iter->next_chain=assoc->size; + iter->next=0; + + for(i=0;isize;i++){ + if(assoc->chains[i]!=0){ + iter->next_chain=i; + iter->next=assoc->chains[i]; + break; + } + } + + return(0); + } + +int r_assoc_iter(iter,key,keyl,val) + r_assoc_iterator *iter; + void **key; + int *keyl; + void **val; + { + int i; + r_assoc_el *ret; + + if(!iter->next) + return(R_EOD); + ret=iter->next; + + *key=ret->key; + *keyl=ret->key_len; + *val=ret->data; + + /* Now increment */ + iter->prev_chain=iter->next_chain; + iter->prev=iter->next; + + /* More on this chain */ + if(iter->next->next){ + iter->next=iter->next->next; + } + else{ + iter->next=0; + + /* FInd the next occupied chain*/ + for(i=iter->next_chain;iassoc->size;i++){ + if(iter->assoc->chains[i]){ + iter->next_chain=i; + iter->next=iter->assoc->chains[i]; + break; + } + } + } + + return(0); + } + +/* Delete the last returned value*/ +int r_assoc_iter_delete(iter) + r_assoc_iterator *iter; + { + /* First unhook it from the list*/ + if(!iter->prev->prev){ + /* First element*/ + iter->assoc->chains[iter->prev_chain]=iter->prev->next; + } + else{ + iter->prev->prev->next=iter->prev->next; + } + + if(iter->prev->next){ + iter->prev->next->prev=iter->prev->prev; + } + + iter->prev->destroy(iter->prev->data); + free(iter->prev->data); + free(iter->prev); + return(0); + } + + +/*This is a hack from AMS. Supposedly, it's pretty good for strings, even + though it doesn't take into account all the data*/ +UINT4 hash_compute(key,len,bits) + char *key; + int len; + int bits; + { + UINT4 h=0; + + h=key[0] +(key[len-1] * len); + + h &= (1< and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_assoc_test.c,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 21:09:22 1999 + */ + + +static char *RCSSTRING="$Id: r_assoc_test.c,v 1.2 2000/10/17 16:10:00 ekr Exp $"; + +#include +#include + +int main() + { + char test_vector[1024],*v; + int rnd,ct,r; + r_assoc *assoc,*new_assoc; + + if(r=r_assoc_create(&assoc)){ + fprintf(stderr,"Couldn't create\n"); + exit(1); + } + + srand(getpid()); + + v=test_vector; + for(ct=0;ct<256;ct++){ + v[0]=ct & 255; + v[1]=(ct>>8) & 255; + v[2]=(ct>>16) & 255; + v[3]=(ct>>24) & 255; + + + if(r=r_assoc_insert(assoc,v,4,v,0,0,R_ASSOC_REPLACE)){ + fprintf(stderr,"Couldn't insert %d\n",ct); + exit(1); + } + + v+=4; + } + + fetch_test(assoc); + + if(r=r_assoc_copy(&new_assoc,assoc)){ + fprintf(stderr,"Couldn't copy\n"); + exit(1); + } + + r_assoc_destroy(&assoc); + + fetch_test(new_assoc); + + r_assoc_destroy(&new_assoc); + + printf("Tests pass\n"); + exit(0); + } + +int fetch_test(assoc) + r_assoc *assoc; + { + int ct; + char vec[4],*v; + int r,_status,rnd; + + for(ct=0;ct<65537;ct++){ + rnd=rand(); + + rnd &= 0x3ff; + + vec[0]=rnd & 255; + vec[1]=(rnd>>8) & 255; + vec[2]=(rnd>>16) & 255; + vec[3]=(rnd>>24) & 255; + + if(r=r_assoc_fetch(assoc,vec,4,(void **)&v)){ + + if(rnd<256){ + fprintf(stderr,"Couldn't fetch\n"); + exit(1); + } + else + continue; + } + else{ + if(rnd>255){ + fprintf(stderr,"Spurious fetch\n"); + exit(1); + } + } + + if(memcmp(vec,v,4)){ + fprintf(stderr,"Fetch error\n"); + exit(1); + } + } + return(0); + } diff --git a/common/lib/r_bitfield.c b/common/lib/r_bitfield.c new file mode 100644 index 0000000..cfdbba5 --- /dev/null +++ b/common/lib/r_bitfield.c @@ -0,0 +1,113 @@ +/** + r_bitfield.c + + Copyright (C) 2001 RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Wed Oct 3 11:15:23 2001 + */ + + +static char *RCSSTRING="$Id: r_bitfield.c,v 1.3 2001/12/24 06:06:26 ekr Exp $"; + +#include +#include "r_bitfield.h" + +int r_bitfield_create(setp,size) + r_bitfield **setp; + UINT4 size; + { + r_bitfield *set=0; + int _status; + int num_words=size/32+!!(size%32); + + if(!(set=(r_bitfield *)RMALLOC(sizeof(r_bitfield)))) + ABORT(R_NO_MEMORY); + + if(!(set->data=(UINT4 *)RMALLOC(num_words*4))) + ABORT(R_NO_MEMORY); + memset(set->data,0,4*num_words); + + set->base=0; + set->len=num_words; + + *setp=set; + + _status=0; + abort: + if(_status){ + r_bitfield_destroy(&set); + } + return(_status); + } + +int r_bitfield_destroy(setp) + r_bitfield **setp; + { + r_bitfield *set; + + if(!setp || !*setp) + return(0); + + set=*setp; + + RFREE(set->data); + RFREE(set); + + *setp=0; + return(0); + } + +int r_bitfield_set(set,bit) + r_bitfield *set; + int bit; + { + int word=(bit-set->base)/32; + int bbit=(bit-set->base)%32; + int _status; + + /* Resize? */ + if(word>set->len){ + UINT4 newlen=set->len; + UINT4 *tmp; + + while(newlendata,set->len*4); + memset(tmp+set->len*4,0,(newlen-set->len)*4); + + RFREE(set->data); + set->data=tmp; + } + + set->data[word]|=1<base)/32; + int bbit=(bit-set->base)%32; + int _status; + + if(bitbase) + return(0); + + /* Resize? */ + if(word>set->len) + return(0); + + return(set->data[word]&(1< and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_data.c,v 1.3 2001/07/20 23:33:15 ekr Exp $ + + + ekr@rtfm.com Tue Aug 17 15:39:50 1999 + */ + + +static char *RCSSTRING="$Id: r_data.c,v 1.3 2001/07/20 23:33:15 ekr Exp $"; + +#include +#include + +int r_data_create(dp,d,l) + Data **dp; + UCHAR *d; + int l; + { + Data *d_=0; + int _status; + + if(!(d_=(Data *)calloc(sizeof(Data),1))) + ABORT(R_NO_MEMORY); + if(!(d_->data=(UCHAR *)malloc(l))) + ABORT(R_NO_MEMORY); + + memcpy(d_->data,d,l); + d_->len=l; + + *dp=d_; + + _status=0; + abort: + if(_status) + r_data_destroy(&d_); + + return(_status); + } + +int r_data_alloc(dp,l) + Data **dp; + int l; + { + Data *d_=0; + int _status; + + if(!(d_=(Data *)calloc(sizeof(Data),1))) + ABORT(R_NO_MEMORY); + if(!(d_->data=(UCHAR *)calloc(l,1))) + ABORT(R_NO_MEMORY); + + d_->len=l; + + *dp=d_; + _status=0; + abort: + if(_status) + r_data_destroy(&d_); + + return(_status); + } + +int r_data_make(dp,d,l) + Data *dp; + UCHAR *d; + int l; + { + if(!(dp->data=(UCHAR *)malloc(l))) + ERETURN(R_NO_MEMORY); + + memcpy(dp->data,d,l); + dp->len=l; + + return(0); + } + +int r_data_destroy(dp) + Data **dp; + { + if(!dp || !*dp) + return(0); + + if((*dp)->data) + free((*dp)->data); + + free(*dp); + *dp=0; + + return(0); + } + +int r_data_copy(dst,src) + Data *dst; + Data *src; + { + if(!(dst->data=(UCHAR *)malloc(src->len))) + ERETURN(R_NO_MEMORY); + memcpy(dst->data,src->data,dst->len=src->len); + return(0); + } + +int r_data_zfree(d) + Data *d; + { + if(!d) + return(0); + if(!d->data) + return(0); + memset(d->data,0,d->len); + free(d->data); + return(0); + } + +int r_data_compare(d1,d2) + Data *d1; + Data *d2; + { + if(d1->lenlen) + return(-1); + if(d2->lenlen) + return(-1); + return(memcmp(d1->data,d2->data,d1->len)); + } + diff --git a/common/lib/r_data.h b/common/lib/r_data.h new file mode 100644 index 0000000..bc3507b --- /dev/null +++ b/common/lib/r_data.h @@ -0,0 +1,52 @@ +/** + r_data.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_data.h,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Fri Feb 4 08:58:48 2000 + */ + + +#ifndef _r_data_h +#define _r_data_h + + +#endif + diff --git a/common/lib/r_errors.c b/common/lib/r_errors.c new file mode 100644 index 0000000..a65f671 --- /dev/null +++ b/common/lib/r_errors.c @@ -0,0 +1,61 @@ +/** + r_errors.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_errors.c,v 1.3 2001/12/24 06:06:27 ekr Exp $ + + + ekr@rtfm.com Tue Feb 16 16:37:05 1999 + */ + + +static char *RCSSTRING="$Id: r_errors.c,v 1.3 2001/12/24 06:06:27 ekr Exp $"; + +#include +#include +#include "r_common.h" +#include "r_errors.h" + +int verr_exit(char *fmt,...) + { + va_list ap; + + va_start(ap,fmt); + vfprintf(stderr,fmt,ap); + exit(1); + } diff --git a/common/lib/r_list.c b/common/lib/r_list.c new file mode 100644 index 0000000..f2205df --- /dev/null +++ b/common/lib/r_list.c @@ -0,0 +1,234 @@ +/** + r_list.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_list.c,v 1.4 2001/12/24 06:06:27 ekr Exp $ + + + ekr@rtfm.com Tue Jan 19 08:36:39 1999 + */ + + +static char *RCSSTRING="$Id: r_list.c,v 1.4 2001/12/24 06:06:27 ekr Exp $"; + +#include +#include "r_list.h" + +typedef struct r_list_el_ { + void *data; + struct r_list_el_ *next; + struct r_list_el_ *prev; + int (*copy) PROTO_LIST((void **new,void *old)); + int (*destroy) PROTO_LIST((void **ptr)); +} r_list_el; + +struct r_list_ { + struct r_list_el_ *first; + struct r_list_el_ *last; +}; + +int r_list_create(listp) + r_list **listp; + { + r_list *list=0; + int _status; + + if(!(list=(r_list *)calloc(sizeof(r_list),1))) + ABORT(R_NO_MEMORY); + + list->first=0; + list->last=0; + *listp=list; + + _status=0; + abort: + return(_status); + } + +int r_list_destroy(listp) + r_list **listp; + { + r_list *list; + r_list_el *el; + + if(!listp || !*listp) + return(0); + list=*listp; + + el=list->first; + + while(el){ + r_list_el *el_t; + + if(el->destroy && el->data) + el->destroy(&el->data); + el_t=el; + el=el->next; + free(el_t); + } + + free(list); + *listp=0; + + return(0); + } + +int r_list_copy(outp,in) + r_list**outp; + r_list *in; + { + r_list *out=0; + r_list_el *el,*el2,*last=0; + int r, _status; + + if(r=r_list_create(&out)) + ABORT(r); + + for(el=in->first;in;el=el->next){ + if(!(el2=(r_list_el *)calloc(sizeof(r_list_el),1))) + ABORT(R_NO_MEMORY); + + if(el->copy && el->data){ + if(r=el->copy(&el2->data,el->data)) + ABORT(r); + } + + el2->copy=el->copy; + el2->destroy=el->destroy; + + if(!(out->first)) + out->first=el2; + + el2->prev=last; + last->next=el2; + last=el2; + } + + out->last=last; + + *outp=out; + + _status=0; + abort: + if(_status) + r_list_destroy(&out); + return(_status); + } + +int r_list_insert(list,value,copy,destroy) + r_list *list; + void *value; + int (*copy) PROTO_LIST((void **out, void *in)); + int (*destroy) PROTO_LIST((void **val)); + { + r_list_el *el=0; + int _status; + + if(!(el=(r_list_el *)calloc(sizeof(r_list_el),1))) + ABORT(R_NO_MEMORY); + el->data=value; + el->copy=copy; + el->destroy=destroy; + + el->prev=0; + el->next=list->first; + if(list->first){ + list->first->prev=el; + } + list->first=el; + + _status=0; + abort: + return(_status); + } + +int r_list_append(list,value,copy,destroy) + r_list *list; + void *value; + int (*copy) PROTO_LIST((void **out, void *in)); + int (*destroy) PROTO_LIST((void **val)); + { + r_list_el *el=0; + int _status; + + if(!(el=(r_list_el *)calloc(sizeof(r_list_el),1))) + ABORT(R_NO_MEMORY); + el->data=value; + el->copy=copy; + el->destroy=destroy; + + el->prev=list->last; + el->next=0; + + if(list->last) list->last->next=el; + else list->first=el; + + list->last=el; + + _status=0; + abort: + return(_status); + } + +int r_list_init_iter(list,iter) + r_list *list; + r_list_iterator *iter; + { + iter->list=list; + iter->ptr=list->first; + + return(0); + } + +int r_list_iter(iter,val) + r_list_iterator *iter; + void **val; + { + if(!iter->ptr) + return(R_EOD); + + *val=iter->ptr->data; + iter->ptr=iter->ptr->next; + + return(0); + } + + + + + diff --git a/common/lib/r_replace.c b/common/lib/r_replace.c new file mode 100644 index 0000000..ebe4786 --- /dev/null +++ b/common/lib/r_replace.c @@ -0,0 +1,67 @@ +/** + r_replace.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_replace.c,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Sun Oct 1 11:18:49 2000 + */ + + +static char *RCSSTRING="$Id: r_replace.c,v 1.2 2000/10/17 16:10:00 ekr Exp $"; + +#include "r_common.h" + +#ifndef HAVE_STRDUP + +char *strdup(str) + char *str; + { + int len=strlen(str); + char *n; + + if(!(n=(char *)malloc(len+1))) + return(0); + + memcpy(n,str,len+1); + + return(n); + } +#endif + diff --git a/common/lib/r_time.c b/common/lib/r_time.c new file mode 100644 index 0000000..c6357e8 --- /dev/null +++ b/common/lib/r_time.c @@ -0,0 +1,158 @@ +/** + r_time.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_time.c,v 1.6 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Thu Mar 4 08:43:46 1999 + */ + + +static char *RCSSTRING="$Id: r_time.c,v 1.6 2002/09/09 21:02:58 ekr Exp $"; + +#include +#include + +#ifdef _WIN32 + +#include + +int gettimeofday(struct timeval *tv, struct timezone *tzp) +{ + /* JAN1_1970_OFFSET is the number of 100-nanoseconds ticks + between midnight jan 1, 1970 and jan 1, 1601. + */ + + const ULARGE_INTEGER JAN1_1970_OFFSET = {0xd53e8000, 0x019db1de}; + ULARGE_INTEGER currentTimeSinceJan_1_1970; + FILETIME currentTime; + + GetSystemTimeAsFileTime( ¤tTime ); + currentTimeSinceJan_1_1970.LowPart = currentTime.dwLowDateTime; + currentTimeSinceJan_1_1970.HighPart = currentTime.dwHighDateTime; + currentTimeSinceJan_1_1970.QuadPart -= JAN1_1970_OFFSET.QuadPart; + + /* At this point, currentTimeSinceJan_1_1970 contains the + number of 100-nanosecond 'ticks' since midnight, Jan. 1, + 1970. This is equivalent to 10 * the number of microseconds + elapsed since this time. The BSD man pages for gettimeofday() + suggest that we should return the whole number of seconds in + the tv_sec field, and the fractional number of seconds in units + of microseconds in the tv_usec field. + + sec = time / 10000000, usec = (time % 10000000) / 10; + */ + + tv->tv_sec = currentTimeSinceJan_1_1970.QuadPart / 10000000; + tv->tv_usec = (currentTimeSinceJan_1_1970.QuadPart % 10000000) / 10; + return 0; +} +#endif +/*Note that t1 must be > t0 */ +int r_timeval_diff(t1,t0,diff) + struct timeval *t1; + struct timeval *t0; + struct timeval *diff; + { + long d; + + if(t0->tv_sec > t1->tv_sec) + ERETURN(R_BAD_ARGS); + + /*Easy case*/ + if(t0->tv_usec <= t1->tv_usec){ + diff->tv_sec=t1->tv_sec - t0->tv_sec; + diff->tv_usec=t1->tv_usec - t0->tv_usec; + return(0); + } + + /*Hard case*/ + d=t0->tv_usec - t1->tv_usec; + if(t1->tv_sec < (t0->tv_sec + 1)) + ERETURN(R_BAD_ARGS); + diff->tv_sec=t1->tv_sec - (t0->tv_sec + 1); + diff->tv_usec=1000000 - d; + + return(0); + } + +int r_timeval_add(t1,t2,sum) + struct timeval *t1; + struct timeval *t2; + struct timeval *sum; + { + long tv_sec,tv_usec,d; + + tv_sec=t1->tv_sec + t2->tv_sec; + + d=t1->tv_usec + t2->tv_usec; + if(d>1000000){ + tv_sec++; + tv_usec=d-1000000; + } + else{ + tv_usec=d; + } + + sum->tv_sec=tv_sec; + sum->tv_usec=tv_usec; + + return(0); + } + +UINT8 r_timeval2int(tv) + struct timeval *tv; + { + UINT8 r=0; + + r=(tv->tv_sec); + r*=1000000; + r+=tv->tv_usec; + + return r; + } + +UINT8 r_gettimeint() + { + struct timeval tv; + + gettimeofday(&tv,0); + + return r_timeval2int(&tv); + } diff --git a/common/lib/rb_local.mk b/common/lib/rb_local.mk new file mode 100644 index 0000000..a44df54 --- /dev/null +++ b/common/lib/rb_local.mk @@ -0,0 +1,280 @@ +# +# rb_local.mk +# +# $Source$ +# $Revision$ +# $Date$ +# $Name$ +# $Disclaimer$ +# +# Copyright (C) 2001, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# COMMON_LIB_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# COMMON_LIB_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# COMMON_LIB_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# COMMON_LIB_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# COMMON_LIB_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# COMMON_LIB_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# COMMON_LIB_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# COMMON_LIB_MAKEFILES: +# the makefiles +# +# COMMON_LIB_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# COMMON_LIB_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# COMMON_LIB_PROGRAMS: +# programs to build +# +# COMMON_LIB_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# COMMON_LIB_SOURCES: +# the source files to compile to object +# +COMMON_LIB_DEFINES = +COMMON_LIB_INCLUDES = +COMMON_LIB_INTERNAL = +COMMON_LIB_LIBNAME = libcommon.$(LIBSUFFIX) +COMMON_LIB_LIBPATHS = +COMMON_LIB_LIBRARIES = +COMMON_LIB_LOCALFLAGS = +COMMON_LIB_MAKEFILES = targets.mk +COMMON_LIB_PREFIX = COMMON_LIB +COMMON_LIB_PRIVATE = +COMMON_LIB_PROGRAMS = +COMMON_LIB_PUBLIC = +COMMON_LIB_SOURCES = debug.c r_assoc.c r_bitfield.c r_data.c \ + r_errors.c r_list.c r_replace.c r_time.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# COMMON_LIB_OBJECTS: +# object files to build +# +# COMMON_LIB_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# COMMON_LIB_USED: +# all files in the module directory that are used +# during the build process +# +COMMON_LIB_OBJECTS = debug.$(OBJSUFFIX) r_assoc.$(OBJSUFFIX) \ + r_bitfield.$(OBJSUFFIX) r_data.$(OBJSUFFIX) \ + r_errors.$(OBJSUFFIX) r_list.$(OBJSUFFIX) \ + r_replace.$(OBJSUFFIX) r_time.$(OBJSUFFIX) +COMMON_LIB_UNUSED = assoc.h debug.h local.mk r_assoc_test.c r_data.h \ + rb_local.mk +COMMON_LIB_USED = $(COMMON_LIB_INTERNAL:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_MAKEFILES:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PRIVATE:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PUBLIC:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_SOURCES:%=$(COMMON_LIB_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# COMMON_LIB_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(COMMON_LIB_DEFINES) +INCLUDES += $(COMMON_LIB_INCLUDES) +LIBPATHS += $(COMMON_LIB_LIBPATHS) +LIBRARIES += $(COMMON_LIB_LIBRARIES) +OBJECTS += $(COMMON_LIB_OBJECTS) +PUBLIC += $(COMMON_LIB_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(COMMON_LIB_LIBNAME) +default: $(COMMON_LIB_PROGRAMS) + +all: $(COMMON_LIB_PUBLIC) +all: $(COMMON_LIB_OBJECTS) +all: $(COMMON_LIB_LIBNAME) +all: $(COMMON_LIB_PROGRAMS) +build: $(COMMON_LIB_PUBLIC) +build: $(COMMON_LIB_OBJECTS) +ci: common_lib_ci +clean: common_lib_clean +clean_public: common_lib_clean_public +objects: $(COMMON_LIB_OBJECTS) +private: $(COMMON_LIB_PRIVATE) +public: $(COMMON_LIB_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +common_lib_ci: + $(CI) $(CIFLAGS) $(COMMON_LIB_USED) + +common_lib_clean: + $(RM) $(RMFLAGS) $(COMMON_LIB_OBJECTS) $(COMMON_LIB_LIBNAME) $(COMMON_LIB_PROGRAMS) + +common_lib_clean_public: + $(RM) $(RMFLAGS) $(COMMON_LIB_PUBLIC) + +common_lib_objects: $(COMMON_LIB_OBJECTS) + +common_lib_programs: $(COMMON_LIB_PROGRAMS) + +common_lib_public: $(COMMON_LIB_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(COMMON_LIB_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(COMMON_LIB_OBJECTS): + $(COMPILE.c) $(COMMON_LIB_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(COMMON_LIB_LOCALFLAGS) + +$(COMMON_LIB_PUBLIC): + $(CP) $(CPFLAGS) $(COMMON_LIB_SRCDIR)$@ $@ + +$(COMMON_LIB_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.h +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.c + +r_assoc.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_assoc.c + +r_bitfield.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_bitfield.c + +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.h +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.c + +r_errors.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_errors.c + +r_list.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_list.c + +r_replace.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_replace.c + +r_time.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_time.c + +$(COMMON_LIB_LIBNAME): $(COMMON_LIB_OBJECTS) diff --git a/common/lib/targets.mk b/common/lib/targets.mk new file mode 100644 index 0000000..6bc07d3 --- /dev/null +++ b/common/lib/targets.mk @@ -0,0 +1,2 @@ +include $(COMMON_LIB_SRCDIR)local.mk + diff --git a/common/lib/threads/null/targets.mk b/common/lib/threads/null/targets.mk new file mode 100644 index 0000000..e69de29 diff --git a/common/lib/threads/pthreads/pthread.c b/common/lib/threads/pthreads/pthread.c new file mode 100644 index 0000000..486bab1 --- /dev/null +++ b/common/lib/threads/pthreads/pthread.c @@ -0,0 +1,151 @@ +/** + pthread.c + + Copyright (C) 1999, RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Tue Feb 23 15:08:03 1999 + */ + + +static char *RCSSTRING="$Id: pthread.c,v 1.1.1.1 2000/10/09 00:45:39 ekr Exp $"; + +#include +#include +#include + +static int thread_count=0; + +typedef struct { + void (*func) PROTO_LIST((void *)); + void *arg; +} helper; + + +static void *r_thread_real_create PROTO_LIST((void *arg)); + +static void *r_thread_real_create(arg) + void *arg; + { + helper *h; + + h=(helper *)arg; + + thread_count++; + + h->func(h->arg); + + thread_count--; + free(h); + return(0); + } + +int r_thread_fork(func,arg,id) + void (*func) PROTO_LIST((void *)); + void *arg; + r_thread *id; + { + pthread_t thread; + helper *h; + int r,_status; + + h=(helper *)malloc(sizeof(helper)); + + h->func=func; + h->arg=arg; + + if(r=pthread_create(&thread,0,r_thread_real_create,(void *)h)) + ABORT(R_INTERNAL); + + _status=0; + abort: + return(_status); + } + +int r_thread_yield() + { + pthread_yield(); + } + +int r_thread_exit() + { + thread_count--; + pthread_exit(0); + return(0); + } + +int r_thread_wait_last() + { + do { + pthread_yield(); + usleep(10000); + DBG((0,"%d threads left",thread_count)); + } while (thread_count); + + return(0); + } + +int r_rwlock_create(lockp) + r_rwlock **lockp; + { + pthread_rwlock_t *lock; + int r; + + if(!(lock=(pthread_rwlock_t *)malloc(sizeof(pthread_rwlock_t)))) + ERETURN(R_NO_MEMORY); + + if(r=pthread_rwlock_init(lock,0)) + ERETURN(R_INTERNAL); + + *lockp=(void *)lock; + return(0); + } + +int r_rwlock_destroy(lock) + r_rwlock **lock; + { + pthread_rwlock_t *plock; + + if(!lock || !*lock) + return(0); + + plock=(pthread_rwlock_t *)(*lock); + + pthread_rwlock_destroy(plock); + + return(0); + } + +int r_rwlock_lock(lock,action) + r_rwlock *lock; + int action; + { + pthread_rwlock_t *plock; + int r,_status; + + plock=(pthread_rwlock_t *)lock; + + switch(action){ + case R_RWLOCK_UNLOCK: + if(r=pthread_rwlock_unlock(plock)) + ABORT(R_INTERNAL); + break; + case R_RWLOCK_RLOCK: + if(r=pthread_rwlock_rdlock(plock)) + ABORT(R_INTERNAL); + break; + case R_RWLOCK_WLOCK: + if(r=pthread_rwlock_wrlock(plock)) + ABORT(R_INTERNAL); + break; + default: + ABORT(R_BAD_ARGS); + } + + _status=0; + abort: + return(_status); + } + + + diff --git a/common/lib/threads/pthreads/targets.mk b/common/lib/threads/pthreads/targets.mk new file mode 100644 index 0000000..0ea5ac0 --- /dev/null +++ b/common/lib/threads/pthreads/targets.mk @@ -0,0 +1,259 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/common/lib/threads/pthreads/targets.mk,v $ +# $Revision: 1.1.1.1 $ +# $Date: 2000/10/09 00:45:39 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 1999, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# THREADS_PTHREADS_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# THREADS_PTHREADS_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# THREADS_PTHREADS_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# THREADS_PTHREADS_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# THREADS_PTHREADS_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# THREADS_PTHREADS_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# THREADS_PTHREADS_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# THREADS_PTHREADS_MAKEFILES: +# the makefiles +# +# THREADS_PTHREADS_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# THREADS_PTHREADS_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# THREADS_PTHREADS_PROGRAMS: +# programs to build +# +# THREADS_PTHREADS_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# THREADS_PTHREADS_SOURCES: +# the source files to compile to object +# +THREADS_PTHREADS_DEFINES = +THREADS_PTHREADS_INCLUDES = +THREADS_PTHREADS_INTERNAL = +THREADS_PTHREADS_LIBNAME = +THREADS_PTHREADS_LIBPATHS = +THREADS_PTHREADS_LIBRARIES = +THREADS_PTHREADS_LOCALFLAGS = +THREADS_PTHREADS_MAKEFILES = +THREADS_PTHREADS_PREFIX = THREADS_PTHREADS +THREADS_PTHREADS_PRIVATE = +THREADS_PTHREADS_PROGRAMS = +THREADS_PTHREADS_PUBLIC = +THREADS_PTHREADS_SOURCES = pthread.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# THREADS_PTHREADS_OBJECTS: +# object files to build +# +# THREADS_PTHREADS_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# THREADS_PTHREADS_USED: +# all files in the module directory that are used +# during the build process +# +THREADS_PTHREADS_OBJECTS = pthread.$(OBJSUFFIX) +THREADS_PTHREADS_UNUSED = targets.mk +THREADS_PTHREADS_USED = $(THREADS_PTHREADS_INTERNAL:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_MAKEFILES:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_PRIVATE:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_PUBLIC:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_SOURCES:%=$(THREADS_PTHREADS_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# THREADS_PTHREADS_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(THREADS_PTHREADS_DEFINES) +INCLUDES += $(THREADS_PTHREADS_INCLUDES) +LIBPATHS += $(THREADS_PTHREADS_LIBPATHS) +LIBRARIES += $(THREADS_PTHREADS_LIBRARIES) +OBJECTS += $(THREADS_PTHREADS_OBJECTS) +PUBLIC += $(THREADS_PTHREADS_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(THREADS_PTHREADS_LIBNAME) +default: $(THREADS_PTHREADS_PROGRAMS) + +all: $(THREADS_PTHREADS_PUBLIC) +all: $(THREADS_PTHREADS_OBJECTS) +all: $(THREADS_PTHREADS_LIBNAME) +all: $(THREADS_PTHREADS_PROGRAMS) +build: $(THREADS_PTHREADS_PUBLIC) +build: $(THREADS_PTHREADS_OBJECTS) +ci: threads_pthreads_ci +clean: threads_pthreads_clean +clean_public: threads_pthreads_clean_public +objects: $(THREADS_PTHREADS_OBJECTS) +private: $(THREADS_PTHREADS_PRIVATE) +public: $(THREADS_PTHREADS_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +threads_pthreads_ci: + $(CI) $(CIFLAGS) $(THREADS_PTHREADS_USED) + +threads_pthreads_clean: + $(RM) $(RMFLAGS) $(THREADS_PTHREADS_OBJECTS) $(THREADS_PTHREADS_LIBNAME) $(THREADS_PTHREADS_PROGRAMS) + +threads_pthreads_clean_public: + $(RM) $(RMFLAGS) $(THREADS_PTHREADS_PUBLIC) + +threads_pthreads_objects: $(THREADS_PTHREADS_OBJECTS) + +threads_pthreads_programs: $(THREADS_PTHREADS_PROGRAMS) + +threads_pthreads_public: $(THREADS_PTHREADS_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(THREADS_PTHREADS_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(THREADS_PTHREADS_OBJECTS): + $(COMPILE.c) $(THREADS_PTHREADS_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(THREADS_PTHREADS_LOCALFLAGS) + +$(THREADS_PTHREADS_PUBLIC): + $(CP) $(CPFLAGS) $(THREADS_PTHREADS_SRCDIR)$@ $@ + +$(THREADS_PTHREADS_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +pthread.$(OBJSUFFIX): $(THREADS_PTHREADS_SRCDIR)pthread.c + +$(THREADS_PTHREADS_LIBNAME): $(THREADS_PTHREADS_OBJECTS) diff --git a/common/lib/threads/targets.mk b/common/lib/threads/targets.mk new file mode 100644 index 0000000..17cf9ab --- /dev/null +++ b/common/lib/threads/targets.mk @@ -0,0 +1,4 @@ +THREADS_SRCDIR=$(COMMON_LIB_SRCDIR)threads/ +THREADS_PTHREADS_SRCDIR=$(THREADS_SRCDIR)pthreads/ + +include $(THREADS_SRCDIR)$(THREADS_TYPE)/targets.mk diff --git a/config.guess b/config.guess new file mode 100755 index 0000000..e9e4455 --- /dev/null +++ b/config.guess @@ -0,0 +1,693 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Written by Per Bothner . +# The master version of this file is at the FSF in /home/gd/gnu/lib. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit system type (host/target name). +# +# Only a few systems have been added to this list; please add others +# (but try to keep the structure clean). +# + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 8/24/94.) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + alpha:OSF1:*:*) + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-cbm-sysv4 + exit 0;; + amiga:NetBSD:*:*) + echo m68k-cbm-netbsd${UNAME_RELEASE} + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-cbm-openbsd${UNAME_RELEASE} + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + atari*:NetBSD:*:*) + echo m68k-atari-netbsd${UNAME_RELEASE} + exit 0 ;; + atari*:OpenBSD:*:*) + echo m68k-atari-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:NetBSD:*:*) + echo m68k-sun-netbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:OpenBSD:*:*) + echo m68k-sun-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:NetBSD:*:*) + echo m68k-apple-netbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-apple-openbsd${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + sed 's/^ //' << EOF >dummy.c + int main (argc, argv) int argc; char **argv; { + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + ${CC-cc} dummy.c -o dummy \ + && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ + -o ${TARGET_BINARY_INTERFACE}x = x ] ; then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i?86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + sed 's/^ //' << EOF >dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:4) + if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=4.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[3478]??:HP-UX:*:*) + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; + 9000/8?? ) HP_ARCH=hppa1.0 ;; + esac + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + sed 's/^ //' << EOF >dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i?86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*X-MP:*:*:*) + echo xmp-cray-unicos + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY-2:*:*:*) + echo cray2-cray-unicos + exit 0 ;; + F300:UNIX_System_V:*:*) + FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + F301:UNIX_System_V:*:*) + echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` + exit 0 ;; + hp3[0-9][05]:NetBSD:*:*) + echo m68k-hp-netbsd${UNAME_RELEASE} + exit 0 ;; + hp3[0-9][05]:OpenBSD:*:*) + echo m68k-hp-openbsd${UNAME_RELEASE} + exit 0 ;; + i?86:BSD/386:*:* | *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + *:NetBSD:*:*) + echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + i*:CYGWIN*:*) + echo i386-pc-cygwin32 + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin32 + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + *:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. + ld_help_string=`ld --help 2>&1` + if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then + echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then + echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then + echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then + echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then + echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then + echo "powerpc-unknown-linux-gnu" ; exit 0 + elif test "${UNAME_MACHINE}" = "alpha" ; then + echo alpha-unknown-linux-gnu ; exit 0 + elif test "${UNAME_MACHINE}" = "sparc" ; then + echo sparc-unknown-linux-gnu ; exit 0 + else + # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us + # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. + test ! -d /usr/lib/ldscripts/. \ + && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 + # Determine whether the default compiler is a.out or elf + cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + fi ;; +# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions +# are messed up and put the nodename in both sysname and nodename. + i?86:DYNIX/ptx:4*:*) + echo i386-sequent-sysv4 + exit 0 ;; + i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} + fi + exit 0 ;; + i?86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` + (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i?86:LynxOS:2.*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +cat >dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +#if !defined (ultrix) + printf ("vax-dec-bsd\n"); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 +rm -f dummy.c dummy + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +#echo '(Unable to guess system type)' 1>&2 + +exit 1 diff --git a/config.sub b/config.sub new file mode 100755 index 0000000..0432524 --- /dev/null +++ b/config.sub @@ -0,0 +1,927 @@ +#! /bin/sh +# Configuration validation subroutine script, version 1.1. +# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +if [ x$1 = x ] +then + echo Configuration name missing. 1>&2 + echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 + echo "or $0 ALIAS" 1>&2 + echo where ALIAS is a recognized configuration type. 1>&2 + exit 1 +fi + +# First pass through any local machine types. +case $1 in + *local*) + echo $1 + exit 0 + ;; + *) + ;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + linux-gnu*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple) + os= + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ + | arme[lb] | pyramid \ + | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ + | alpha | we32k | ns16k | clipper | i370 | sh \ + | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ + | pdp11 | mips64el | mips64orion | mips64orionel \ + | sparc | sparclet | sparclite | sparc64) + basic_machine=$basic_machine-unknown + ;; + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i[3456]86) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ + | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ + | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ + | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ + | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ + | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-cbm + ;; + amigados) + basic_machine=m68k-cbm + os=-amigados + ;; + amigaunix | amix) + basic_machine=m68k-cbm + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | ymp) + basic_machine=ymp-cray + os=-unicos + ;; + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [ctj]90-cray) + basic_machine=c90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + os=-mvs + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i[3456]86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i[3456]86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i[3456]86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i[3456]86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + miniframe) + basic_machine=m68000-convergent + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + np1) + basic_machine=np1-gould + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5) + basic_machine=i586-intel + ;; + pentiumpro | p6) + basic_machine=i686-intel + ;; + pentium-* | p5-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + k5) + # We don't have specific support for AMD's K5 yet, so just call it a Pentium + basic_machine=i586-amd + ;; + nexen) + # We don't have specific support for Nexgen yet, so just call it a Pentium + basic_machine=i586-nexgen + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=rs6000-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + xmp) + basic_machine=xmp-cray + os=-unicos + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + mips) + basic_machine=mips-mips + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sparc) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -unixware* | svr4*) + os=-sysv4 + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -linux-gnu* | -uxpv*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -ctix* | -uts*) + os=-sysv + ;; + -ns2 ) + os=-nextstep2 + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -xenix) + os=-xenix + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-semi) + os=-aout + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-ibm) + os=-aix + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigados + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f301-fujitsu) + os=-uxpv + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -hpux*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os diff --git a/configure b/configure new file mode 100755 index 0000000..7d03516 --- /dev/null +++ b/configure @@ -0,0 +1,2360 @@ +#! /bin/sh + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.13 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: +ac_help="$ac_help +--with-pcap root location for pcap library" +ac_help="$ac_help +--with-pcap-inc PCAP include files" +ac_help="$ac_help +--with-pcap-lib PCAP library files" +ac_help="$ac_help +--with-openssl root location for OpenSSL" +ac_help="$ac_help +--with-openssl-inc OpenSSL include files" +ac_help="$ac_help +--with-openssl-lib OpenSSL library files" +ac_help="$ac_help +--with-record Compile with record module (RTFM Internal Use Only)" + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.13" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=base/pcap-snoop.c + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +ac_exeext= +ac_objext=o +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } +fi +ac_config_guess=$ac_aux_dir/config.guess +ac_config_sub=$ac_aux_dir/config.sub +ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. + + +# Do some error checking and defaulting for the host and target type. +# The inputs are: +# configure --host=HOST --target=TARGET --build=BUILD NONOPT +# +# The rules are: +# 1. You are not allowed to specify --host, --target, and nonopt at the +# same time. +# 2. Host defaults to nonopt. +# 3. If nonopt is not specified, then host defaults to the current host, +# as determined by config.guess. +# 4. Target and build default to nonopt. +# 5. If nonopt is not specified, then target and build default to host. + +# The aliases save the names the user supplied, while $host etc. +# will get canonicalized. +case $host---$target---$nonopt in +NONE---*---* | *---NONE---* | *---*---NONE) ;; +*) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;; +esac + + +# Make sure we can run config.sub. +if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : +else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } +fi + +echo $ac_n "checking host system type""... $ac_c" 1>&6 +echo "configure:586: checking host system type" >&5 + +host_alias=$host +case "$host_alias" in +NONE) + case $nonopt in + NONE) + if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : + else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } + fi ;; + *) host_alias=$nonopt ;; + esac ;; +esac + +host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` +host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$host" 1>&6 + +echo $ac_n "checking target system type""... $ac_c" 1>&6 +echo "configure:607: checking target system type" >&5 + +target_alias=$target +case "$target_alias" in +NONE) + case $nonopt in + NONE) target_alias=$host_alias ;; + *) target_alias=$nonopt ;; + esac ;; +esac + +target=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $target_alias` +target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$target" 1>&6 + +echo $ac_n "checking build system type""... $ac_c" 1>&6 +echo "configure:625: checking build system type" >&5 + +build_alias=$build +case "$build_alias" in +NONE) + case $nonopt in + NONE) build_alias=$host_alias ;; + *) build_alias=$nonopt ;; + esac ;; +esac + +build=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $build_alias` +build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$build" 1>&6 + +test "$host_alias" != "$target_alias" && + test "$program_prefix$program_suffix$program_transform_name" = \ + NONENONEs,x,x, && + program_prefix=${target_alias}- + + +# Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:651: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="gcc" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:681: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_prog_rejected=no + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + break + fi + done + IFS="$ac_save_ifs" +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# -gt 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + set dummy "$ac_dir/$ac_word" "$@" + shift + ac_cv_prog_CC="$@" + fi +fi +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + if test -z "$CC"; then + case "`uname -s`" in + *win32* | *WIN32*) + # Extract the first word of "cl", so it can be a program name with args. +set dummy cl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:732: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="cl" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + ;; + esac + fi + test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +fi + +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +echo "configure:764: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +cat > conftest.$ac_ext << EOF + +#line 775 "configure" +#include "confdefs.h" + +main(){return(0);} +EOF +if { (eval echo configure:780: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then + ac_cv_prog_cc_cross=no + else + ac_cv_prog_cc_cross=yes + fi +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_prog_cc_works=no +fi +rm -fr conftest* +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 +if test $ac_cv_prog_cc_works = no; then + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } +fi +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +echo "configure:806: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 +cross_compiling=$ac_cv_prog_cc_cross + +echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +echo "configure:811: checking whether we are using GNU C" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes +else + ac_cv_prog_gcc=no +fi +fi + +echo "$ac_t""$ac_cv_prog_gcc" 1>&6 + +if test $ac_cv_prog_gcc = yes; then + GCC=yes +else + GCC= +fi + +ac_test_CFLAGS="${CFLAGS+set}" +ac_save_CFLAGS="$CFLAGS" +CFLAGS= +echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +echo "configure:839: checking whether ${CC-cc} accepts -g" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + ac_cv_prog_cc_g=yes +else + ac_cv_prog_cc_g=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS="$ac_save_CFLAGS" +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi + +echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6 +echo "configure:871: checking whether ${MAKE-make} sets \${MAKE}" >&5 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftestmake <<\EOF +all: + @echo 'ac_maketemp="${MAKE}"' +EOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftestmake +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$ac_t""yes" 1>&6 + SET_MAKE= +else + echo "$ac_t""no" 1>&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + +# Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:900: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_RANLIB="ranlib" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":" +fi +fi +RANLIB="$ac_cv_prog_RANLIB" +if test -n "$RANLIB"; then + echo "$ac_t""$RANLIB" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +echo "configure:939: checking for a BSD compatible install" >&5 +if test -z "$INSTALL"; then +if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + IFS="$ac_save_IFS" + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL="$ac_cv_path_install" + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL="$ac_install_sh" + fi +fi +echo "$ac_t""$INSTALL" 1>&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + + +echo "$ac_t""configuring for $target_os" 1>&6 + +echo $ac_n "checking for pow in -lm""... $ac_c" 1>&6 +echo "configure:995: checking for pow in -lm" >&5 +ac_lib_var=`echo m'_'pow | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lm $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo m | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + +case "$target_os" in +linux*) + DEFINES="$DEFINES -D_BSD_SOURCE=1 -DLINUX" + ;; +solaris*) + LIBS="$LIBS -lsocket -lnsl" + ;; +esac + +RECORD_MOD="dummy" + +ac_pcap_inc_dir="/usr/include /usr/include/pcap /usr/local/include" +ac_pcap_lib_dir="/usr/lib /usr/local/lib" + +# Check whether --with-pcap or --without-pcap was given. +if test "${with_pcap+set}" = set; then + withval="$with_pcap" + if test "$withval" = "no"; then + { echo "configure: error: PCAP required for ssldump" 1>&2; exit 1; } + else + ac_pcap_inc_dir=$withval/include + ac_pcap_lib_dir=$withval/lib + fi + +fi + + +# Check whether --with-pcap-inc or --without-pcap-inc was given. +if test "${with_pcap_inc+set}" = set; then + withval="$with_pcap_inc" + ac_pcap_inc_dir=$withval + +fi + +# Check whether --with-pcap-lib or --without-pcap-lib was given. +if test "${with_pcap_lib+set}" = set; then + withval="$with_pcap_lib" + ac_pcap_lib_dir=$withval + +fi + + +echo $ac_n "checking for PCAP include files""... $ac_c" 1>&6 +echo "configure:1085: checking for PCAP include files" >&5 +ac_found_pcap_inc_dir="no" +for dir in $ac_pcap_inc_dir; do + if test -f $dir/pcap.h; then + if test "$dir" != "/usr/include"; then + INCLUDES="-I$dir $INCLUDES" + fi + ac_found_pcap_inc_dir=$dir + echo "found in $dir" + break; + fi +done + +if test "$ac_found_pcap_inc_dir" = "no"; then + echo + { echo "configure: error: Couldn't find PCAP includes: needed for ssldump" 1>&2; exit 1; } +fi + +echo $ac_n "checking for PCAP library""... $ac_c" 1>&6 +echo "configure:1104: checking for PCAP library" >&5 +ac_found_pcap_lib_dir="no" +for dir in $ac_pcap_lib_dir; do + if test -f $dir/libpcap.a; then + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lpcap $LIBS" + if test "$dir" != "/usr/lib"; then + LDFLAGS="-L$dir $LDFLAGS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_linked_libpcap="true" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_linked_libpcap="false" +fi +rm -f conftest*; + if test "$ac_linked_libpcap" != "false"; then + ac_found_pcap_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi +done + +if test "$ac_found_pcap_lib_dir" = "no"; then + echo + { echo "configure: error: Couldn't find PCAP library: needed for ssldump" 1>&2; exit 1; } +else + echo "found in $ac_found_pcap_lib_dir" +fi + +ac_use_openssl="true" +ac_openssl_lib_dir="/usr/lib /usr/local /usr/local/ssl /usr/local/ssl/lib /usr/pkg" +ac_openssl_inc_dir="/usr/include /usr/local /usr/local/ssl /usr/pkg /usr/local/ssl/include" + +# Check whether --with-openssl or --without-openssl was given. +if test "${with_openssl+set}" = set; then + withval="$with_openssl" + if test "$withval" = "no"; then + ac_use_openssl="false" + else + ac_openssl_lib_dir="$withval/lib $withval" + ac_openssl_inc_dir=$withval/include + fi + +fi + + +# Check whether --with-openssl-inc or --without-openssl-inc was given. +if test "${with_openssl_inc+set}" = set; then + withval="$with_openssl_inc" + ac_openssl_inc_dir=$withval + +fi + +# Check whether --with-openssl-lib or --without-openssl-lib was given. +if test "${with_openssl_lib+set}" = set; then + withval="$with_openssl_lib" + ac_openssl_lib_dir=$withval + +fi + + +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_inc_dir="no" + echo $ac_n "checking for OpenSSL include files""... $ac_c" 1>&6 +echo "configure:1187: checking for OpenSSL include files" >&5 + for dir in $ac_openssl_inc_dir; do + if test -f $dir/openssl/ssl.h; then + ac_found_openssl_inc_dir=$dir + break + fi + done + if test "$ac_found_openssl_inc_dir" != "no"; then + echo "found in $ac_found_openssl_inc_dir" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_lib_dir="no" + echo $ac_n "checking for OpenSSL libraries""... $ac_c" 1>&6 +echo "configure:1205: checking for OpenSSL libraries" >&5 + for dir in $ac_openssl_lib_dir; do + found_ssl="false" + if test -f $dir/libssl.a -a -f $dir/libcrypto.a; then + found_ssl="true" + fi + if test -f $dir/libssl.so -a -f $dir/libcrypto.so; then + found_ssl="true" + fi + if $found_ssl != "false"; then + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lssl -lcrypto $LIBS" + LDFLAGS="-L$dir $LDFLAGS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_linked_libssl="true" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_linked_libssl="false" +fi +rm -f conftest*; + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_linked_libcrypto="true" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_linked_libcrypto="false" +fi +rm -f conftest*; + if test "$ac_linked_libssl" != "false" -a \ + "$ac_linked_libcrypto" != "false"; then + ac_found_openssl_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi + done + if test "$ac_found_openssl_lib_dir" != "no"; then + echo "found in $ac_found_openssl_lib_dir" + INCLUDES="-I$ac_found_openssl_inc_dir $INCLUDES" + DEFINES="-DOPENSSL $DEFINES" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" = "false"; then + echo "configure: warning: compiling without OpenSSL" 1>&2 +fi + +# Check whether --with-record or --without-record was given. +if test "${with_record+set}" = set; then + withval="$with_record" + DEFINES="-DENABLE_RECORD $DEFINES" + RECORD_MOD="record" + +fi + + +echo $ac_n "checking for pcap_open in -lpcap""... $ac_c" 1>&6 +echo "configure:1296: checking for pcap_open in -lpcap" >&5 +ac_lib_var=`echo pcap'_'pcap_open | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lpcap $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo pcap | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + + +echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +echo "configure:1345: checking how to run the C preprocessor" >&5 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then +if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # This must be in double quotes, not single quotes, because CPP may get + # substituted into the Makefile and "${CC-cc}" will confuse make. + CPP="${CC-cc} -E" + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1366: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1383: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1400: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP=/lib/cpp +fi +rm -f conftest* +fi +rm -f conftest* +fi +rm -f conftest* + ac_cv_prog_CPP="$CPP" +fi + CPP="$ac_cv_prog_CPP" +else + ac_cv_prog_CPP="$CPP" +fi +echo "$ac_t""$CPP" 1>&6 + +for ac_hdr in sys/time.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:1428: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1438: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +echo "configure:1465: checking for ANSI C header files" >&5 +if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +#include +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1478: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "memchr" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "free" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int main () { int i; for (i = 0; i < 256; i++) +if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); +exit (0); } + +EOF +if { (eval echo configure:1545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_header_stdc=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_header_stdc" 1>&6 +if test $ac_cv_header_stdc = yes; then + cat >> confdefs.h <<\EOF +#define STDC_HEADERS 1 +EOF + +fi + + +echo $ac_n "checking for working const""... $ac_c" 1>&6 +echo "configure:1570: checking for working const" >&5 +if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <j = 5; +} +{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; +} + +; return 0; } +EOF +if { (eval echo configure:1624: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_const=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_c_const" 1>&6 +if test $ac_cv_c_const = no; then + cat >> confdefs.h <<\EOF +#define const +EOF + +fi + +echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +echo "configure:1645: checking whether time.h and sys/time.h may both be included" >&5 +if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +int main() { +struct tm *tp; +; return 0; } +EOF +if { (eval echo configure:1659: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_time=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_time" 1>&6 +if test $ac_cv_header_time = yes; then + cat >> confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 +EOF + +fi + + +echo $ac_n "checking size of unsigned short""... $ac_c" 1>&6 +echo "configure:1681: checking size of unsigned short" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_short'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned short)); + exit(0); +} +EOF +if { (eval echo configure:1700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_short=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_short=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_short" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1720: checking size of unsigned int" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned int)); + exit(0); +} +EOF +if { (eval echo configure:1739: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_int=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_int=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_int" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1759: checking size of unsigned long" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned long)); + exit(0); +} +EOF +if { (eval echo configure:1778: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_long=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_long=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_long" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1798: checking size of unsigned long long" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_long_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned long long)); + exit(0); +} +EOF +if { (eval echo configure:1817: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_long_long=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_long_long=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_long_long" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1838: checking for 8-bit clean memcmp" >&5 +if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_memcmp_clean=no +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_func_memcmp_clean=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_memcmp_clean=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_memcmp_clean" 1>&6 +test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" + +echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 +echo "configure:1874: checking return type of signal handlers" >&5 +if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#ifdef signal +#undef signal +#endif +#ifdef __cplusplus +extern "C" void (*signal (int, void (*)(int)))(int); +#else +void (*signal ()) (); +#endif + +int main() { +int i; +; return 0; } +EOF +if { (eval echo configure:1896: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_signal=int +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_signal" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1915: checking for vprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char vprintf(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_vprintf) || defined (__stub___vprintf) +choke me +#else +vprintf(); +#endif + +; return 0; } +EOF +if { (eval echo configure:1943: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_vprintf=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_vprintf=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'vprintf`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_VPRINTF 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +if test "$ac_cv_func_vprintf" != yes; then +echo $ac_n "checking for _doprnt""... $ac_c" 1>&6 +echo "configure:1967: checking for _doprnt" >&5 +if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char _doprnt(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub__doprnt) || defined (__stub____doprnt) +choke me +#else +_doprnt(); +#endif + +; return 0; } +EOF +if { (eval echo configure:1995: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func__doprnt=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func__doprnt=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'_doprnt`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_DOPRNT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +fi + +for ac_func in strdup +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:2022: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:2050: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + + + + + +trap '' 1 2 15 +cat > confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +cat > conftest.defs <<\EOF +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g +s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g +s%\[%\\&%g +s%\]%\\&%g +s%\$%$$%g +EOF +DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` +rm -f conftest.defs + + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS </dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.13" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir +ac_given_INSTALL="$INSTALL" + +trap 'rm -fr `echo "Makefile" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@SHELL@%$SHELL%g +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@host@%$host%g +s%@host_alias@%$host_alias%g +s%@host_cpu@%$host_cpu%g +s%@host_vendor@%$host_vendor%g +s%@host_os@%$host_os%g +s%@target@%$target%g +s%@target_alias@%$target_alias%g +s%@target_cpu@%$target_cpu%g +s%@target_vendor@%$target_vendor%g +s%@target_os@%$target_os%g +s%@build@%$build%g +s%@build_alias@%$build_alias%g +s%@build_cpu@%$build_cpu%g +s%@build_vendor@%$build_vendor%g +s%@build_os@%$build_os%g +s%@CC@%$CC%g +s%@SET_MAKE@%$SET_MAKE%g +s%@RANLIB@%$RANLIB%g +s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g +s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g +s%@INSTALL_DATA@%$INSTALL_DATA%g +s%@CPP@%$CPP%g +s%@LIBOBJS@%$LIBOBJS%g +s%@RECORD_MOD@%$RECORD_MOD%g +s%@INCLUDES@%$INCLUDES%g +s%@DEFINES@%$DEFINES%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + case "$ac_given_INSTALL" in + [/$]*) INSTALL="$ac_given_INSTALL" ;; + *) INSTALL="$ac_dots$ac_given_INSTALL" ;; + esac + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +s%@INSTALL@%$INSTALL%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +EOF +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + diff --git a/configure.in b/configure.in new file mode 100644 index 0000000..b4e0f2f --- /dev/null +++ b/configure.in @@ -0,0 +1,250 @@ +dnl Copyright (C) 1999-2000 RTFM, Inc. +dnl All Rights Reserved + +dnl This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +dnl and licensed by RTFM, Inc. + +dnl Redistribution and use in source and binary forms, with or without +dnl modification, are permitted provided that the following conditions +dnl are met: +dnl 1. Redistributions of source code must retain the above copyright +dnl notice, this list of conditions and the following disclaimer. +dnl 2. Redistributions in binary form must reproduce the above copyright +dnl notice, this list of conditions and the following disclaimer in the +dnl documentation and/or other materials provided with the distribution. +dnl 3. All advertising materials mentioning features or use of this software +dnl must display the following acknowledgement: +dnl +dnl This product includes software developed by Eric Rescorla for +dnl RTFM, Inc. +dnl +dnl 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +dnl used to endorse or promote products derived from this +dnl software without specific prior written permission. +dnl +dnl THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +dnl ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +dnl ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +dnl FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +dnl DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +dnl OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +dnl HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +dnl LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +dnl OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +dnl Process this file with autoconf to produce a configure script. +AC_INIT(base/pcap-snoop.c) +AC_CANONICAL_SYSTEM + +dnl Checks for programs. +AC_PROG_CC +AC_PROG_MAKE_SET +AC_PROG_RANLIB +AC_PROG_INSTALL + +AC_MSG_RESULT(configuring for $target_os) + +dnl Replace `main' with a function in -lm: +AC_CHECK_LIB(m, pow) + +dnl System-specific stuff +case "$target_os" in +linux*) + DEFINES="$DEFINES -D_BSD_SOURCE=1 -DLINUX" + ;; +solaris*) + LIBS="$LIBS -lsocket -lnsl" + ;; +esac + +RECORD_MOD="dummy" + +dnl Look for PCAP +dnl We absolutely need pcap +ac_pcap_inc_dir="/usr/include /usr/include/pcap /usr/local/include" +ac_pcap_lib_dir="/usr/lib /usr/local/lib" + +AC_ARG_WITH(pcap,[--with-pcap root location for pcap library], + if test "$withval" = "no"; then + AC_MSG_ERROR(PCAP required for ssldump) + else + ac_pcap_inc_dir=$withval/include + ac_pcap_lib_dir=$withval/lib + fi +) + +AC_ARG_WITH(pcap-inc,[--with-pcap-inc PCAP include files], + ac_pcap_inc_dir=$withval +) +AC_ARG_WITH(pcap-lib,[--with-pcap-lib PCAP library files], + ac_pcap_lib_dir=$withval +) + +dnl Now look for it +AC_MSG_CHECKING(for PCAP include files) +ac_found_pcap_inc_dir="no" +for dir in $ac_pcap_inc_dir; do + if test -f $dir/pcap.h; then + if test "$dir" != "/usr/include"; then + INCLUDES="-I$dir $INCLUDES" + fi + ac_found_pcap_inc_dir=$dir + echo "found in $dir" + break; + fi +done + +if test "$ac_found_pcap_inc_dir" = "no"; then + echo + AC_MSG_ERROR(Couldn't find PCAP includes: needed for ssldump) +fi + +AC_MSG_CHECKING(for PCAP library) +ac_found_pcap_lib_dir="no" +for dir in $ac_pcap_lib_dir; do + if test -f $dir/libpcap.a; then + dnl Ok, we think we've found them, but check that they + dnl actually ontain the right functions + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lpcap $LIBS" + if test "$dir" != "/usr/lib"; then + LDFLAGS="-L$dir $LDFLAGS" + fi + AC_TRY_LINK_FUNC(pcap_open_live,ac_linked_libpcap="true", + ac_linked_libpcap="false"); + if test "$ac_linked_libpcap" != "false"; then + ac_found_pcap_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi +done + +if test "$ac_found_pcap_lib_dir" = "no"; then + echo + AC_MSG_ERROR(Couldn't find PCAP library: needed for ssldump) +else + echo "found in $ac_found_pcap_lib_dir" +fi + +dnl See if we can find OpenSSL +dnl We can compile without OpenSSL if we have to +ac_use_openssl="true" +ac_openssl_lib_dir="/usr/lib /usr/local /usr/local/ssl /usr/local/ssl/lib /usr/pkg" +ac_openssl_inc_dir="/usr/include /usr/local /usr/local/ssl /usr/pkg /usr/local/ssl/include" + +AC_ARG_WITH(openssl,[--with-openssl root location for OpenSSL], + if test "$withval" = "no"; then + ac_use_openssl="false" + else + ac_openssl_lib_dir="$withval/lib $withval" + ac_openssl_inc_dir=$withval/include + fi +) + +AC_ARG_WITH(openssl-inc,[--with-openssl-inc OpenSSL include files], + ac_openssl_inc_dir=$withval +) +AC_ARG_WITH(openssl-lib,[--with-openssl-lib OpenSSL library files], + ac_openssl_lib_dir=$withval +) + +dnl Now look for OpenSSL +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_inc_dir="no" + AC_MSG_CHECKING(for OpenSSL include files) + for dir in $ac_openssl_inc_dir; do + if test -f $dir/openssl/ssl.h; then + ac_found_openssl_inc_dir=$dir + break + fi + done + if test "$ac_found_openssl_inc_dir" != "no"; then + echo "found in $ac_found_openssl_inc_dir" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_lib_dir="no" + AC_MSG_CHECKING(for OpenSSL libraries) + for dir in $ac_openssl_lib_dir; do + found_ssl="false" + if test -f $dir/libssl.a -a -f $dir/libcrypto.a; then + found_ssl="true" + fi + if test -f $dir/libssl.so -a -f $dir/libcrypto.so; then + found_ssl="true" + fi + if $found_ssl != "false"; then + dnl Ok, we think we've found them, but check that they + dnl actually ontain the right functions + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lssl -lcrypto $LIBS" + LDFLAGS="-L$dir $LDFLAGS" + AC_TRY_LINK_FUNC(SSL_load_error_strings,ac_linked_libssl="true", + ac_linked_libssl="false"); + AC_TRY_LINK_FUNC(RC4_set_key,ac_linked_libcrypto="true", + ac_linked_libcrypto="false"); + if test "$ac_linked_libssl" != "false" -a \ + "$ac_linked_libcrypto" != "false"; then + ac_found_openssl_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi + done + if test "$ac_found_openssl_lib_dir" != "no"; then + echo "found in $ac_found_openssl_lib_dir" + INCLUDES="-I$ac_found_openssl_inc_dir $INCLUDES" + DEFINES="-DOPENSSL $DEFINES" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" = "false"; then + AC_MSG_WARN(compiling without OpenSSL) +fi + +AC_ARG_WITH(record,[--with-record Compile with record module (EKR Use Only)], + DEFINES="-DENABLE_RECORD $DEFINES" + RECORD_MOD="record" +) + +dnl Replace `main' with a function in -lpcap: +AC_CHECK_LIB(pcap, pcap_open) + + +dnl Checks for header files. +AC_CHECK_HEADERS(sys/time.h) +AC_HEADER_STDC + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_HEADER_TIME + +dnl Find a 4-byte integer size +AC_CHECK_SIZEOF(unsigned short) +AC_CHECK_SIZEOF(unsigned int) +AC_CHECK_SIZEOF(unsigned long) +AC_CHECK_SIZEOF(unsigned long long) + +dnl Checks for library functions. +AC_FUNC_MEMCMP +AC_TYPE_SIGNAL +AC_FUNC_VPRINTF +AC_CHECK_FUNCS(strdup) + + +AC_SUBST(RECORD_MOD) +AC_SUBST(INCLUDES) +AC_SUBST(DEFINES) +AC_OUTPUT(Makefile) diff --git a/dummy/targets.mk b/dummy/targets.mk new file mode 100644 index 0000000..e69de29 diff --git a/install-sh b/install-sh new file mode 100755 index 0000000..e9de238 --- /dev/null +++ b/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/null/Makefile b/null/Makefile new file mode 100644 index 0000000..e69de29 diff --git a/null/null_analyze.c b/null/null_analyze.c new file mode 100644 index 0000000..c327a61 --- /dev/null +++ b/null/null_analyze.c @@ -0,0 +1,164 @@ +/** + null_analyze.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: null_analyze.c,v 1.6 2001/11/26 22:28:16 ekr Exp $ + + + ekr@rtfm.com Thu Jan 7 22:58:27 1999 + */ + + +static char *RCSSTRING="$Id: null_analyze.c,v 1.6 2001/11/26 22:28:16 ekr Exp $"; + +#include +#include "network.h" +#include "proto_mod.h" +#include "debug.h" + +typedef struct null_analyzer_ { + int num; +} null_analyzer; + +static int create_null_analyzer PROTO_LIST((void *handle, + proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, + struct in_addr *i_addr,u_short i_port, + struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); + +static int create_null_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port, + base_time) + void *handle; + proto_ctx *ctx; + tcp_conn *conn; + proto_obj **objp; + struct in_addr *i_addr; + u_short i_port; + struct in_addr *r_addr; + u_short r_port; + struct timeval *base_time; + { + null_analyzer *obj=0; + static int ctr; + + if(!(obj=(null_analyzer *)calloc(sizeof(null_analyzer),1))) + ERETURN(R_NO_MEMORY); + + obj->num=ctr++; + + DBG((0,"Creating analyzer for connection %d\n",obj->num)); + + *objp=(proto_obj *)obj; + return(0); + } + +int destroy_null_analyzer(objp) + proto_obj **objp; + { + null_analyzer *obj; + + if(!objp || !*objp) + return(0); + + obj=(null_analyzer *)*objp; + DBG((0,"Destroying analyzer for connection %d\n",obj->num)); + + free(*objp); + *objp=0; + + return(0); + } + +int data_null_analyzer(_obj,seg,direction) + proto_obj *_obj; + segment *seg; + int direction; + { +#ifdef DEBUG + null_analyzer *obj=(null_analyzer *)_obj; +#endif + DBG((0,"Processing data for connection %d dir %d\n",obj->num, + direction)); + + for(;seg;seg=seg->next){ + int i; + + for(i=0;ilen,20);i++){ + if(!isascii(seg->data[i])) + break; + } + if(i<20) + xdump("NSEGMENT",seg->data,seg->len); + else{ + printf("NSEGMENT: "); + fwrite(seg->data,1,seg->len,stdout); + } + printf("====\n"); + } + + return(0); + } + +int fin_null_analyzer(_obj,p,direction) + proto_obj *_obj; + packet *p; + int direction; + { +#ifdef DEBUG + null_analyzer *obj=(null_analyzer *)_obj; +#endif + DBG((0,"Received FIN on connection %d\n",obj->num)); + return(0); + } + + + + +static struct proto_mod_vtbl_ null_vtbl ={ + 0, + 0, + 0, + create_null_analyzer, + destroy_null_analyzer, + data_null_analyzer, + fin_null_analyzer, +}; + +struct proto_mod_ null_mod = { + 0, + &null_vtbl +}; diff --git a/null/null_analyze.h b/null/null_analyze.h new file mode 100644 index 0000000..3902c2a --- /dev/null +++ b/null/null_analyze.h @@ -0,0 +1,53 @@ +/** + null_analyze.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: null_analyze.h,v 1.2 2000/10/17 16:10:01 ekr Exp $ + + + ekr@rtfm.com Fri Jan 8 11:23:10 1999 + */ + + +#ifndef _null_analyze_h +#define _null_analyze_h + +extern proto_mod null_mod; + +#endif + diff --git a/null/targets.mk b/null/targets.mk new file mode 100644 index 0000000..fc8a5f1 --- /dev/null +++ b/null/targets.mk @@ -0,0 +1,260 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/null/targets.mk,v $ +# $Revision: 1.1.1.1 $ +# $Date: 2000/10/09 00:45:39 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 1999, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# ANALYZE_NULL_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# ANALYZE_NULL_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# ANALYZE_NULL_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# ANALYZE_NULL_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# ANALYZE_NULL_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# ANALYZE_NULL_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# ANALYZE_NULL_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# ANALYZE_NULL_MAKEFILES: +# the makefiles +# +# ANALYZE_NULL_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# ANALYZE_NULL_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# ANALYZE_NULL_PROGRAMS: +# programs to build +# +# ANALYZE_NULL_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# ANALYZE_NULL_SOURCES: +# the source files to compile to object +# +ANALYZE_NULL_DEFINES = +ANALYZE_NULL_INCLUDES = -I$(ANALYZE_NULL_SRCDIR) +ANALYZE_NULL_INTERNAL = +ANALYZE_NULL_LIBNAME = +ANALYZE_NULL_LIBPATHS = +ANALYZE_NULL_LIBRARIES = +ANALYZE_NULL_LOCALFLAGS = +ANALYZE_NULL_MAKEFILES = targets.mk +ANALYZE_NULL_PREFIX = ANALYZE_NULL +ANALYZE_NULL_PRIVATE = null_analyze.h +ANALYZE_NULL_PROGRAMS = +ANALYZE_NULL_PUBLIC = +ANALYZE_NULL_SOURCES = null_analyze.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# ANALYZE_NULL_OBJECTS: +# object files to build +# +# ANALYZE_NULL_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# ANALYZE_NULL_USED: +# all files in the module directory that are used +# during the build process +# +ANALYZE_NULL_OBJECTS = null_analyze.$(OBJSUFFIX) +ANALYZE_NULL_UNUSED = +ANALYZE_NULL_USED = $(ANALYZE_NULL_INTERNAL:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_MAKEFILES:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_PRIVATE:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_PUBLIC:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_SOURCES:%=$(ANALYZE_NULL_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# ANALYZE_NULL_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(ANALYZE_NULL_DEFINES) +INCLUDES += $(ANALYZE_NULL_INCLUDES) +LIBPATHS += $(ANALYZE_NULL_LIBPATHS) +LIBRARIES += $(ANALYZE_NULL_LIBRARIES) +OBJECTS += $(ANALYZE_NULL_OBJECTS) +PUBLIC += $(ANALYZE_NULL_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(ANALYZE_NULL_LIBNAME) +default: $(ANALYZE_NULL_PROGRAMS) + +all: $(ANALYZE_NULL_PUBLIC) +all: $(ANALYZE_NULL_OBJECTS) +all: $(ANALYZE_NULL_LIBNAME) +all: $(ANALYZE_NULL_PROGRAMS) +build: $(ANALYZE_NULL_PUBLIC) +build: $(ANALYZE_NULL_OBJECTS) +ci: analyze_null_ci +clean: analyze_null_clean +clean_public: analyze_null_clean_public +objects: $(ANALYZE_NULL_OBJECTS) +private: $(ANALYZE_NULL_PRIVATE) +public: $(ANALYZE_NULL_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +analyze_null_ci: + $(CI) $(CIFLAGS) $(ANALYZE_NULL_USED) + +analyze_null_clean: + $(RM) $(RMFLAGS) $(ANALYZE_NULL_OBJECTS) $(ANALYZE_NULL_LIBNAME) $(ANALYZE_NULL_PROGRAMS) + +analyze_null_clean_public: + $(RM) $(RMFLAGS) $(ANALYZE_NULL_PUBLIC) + +analyze_null_objects: $(ANALYZE_NULL_OBJECTS) + +analyze_null_programs: $(ANALYZE_NULL_PROGRAMS) + +analyze_null_public: $(ANALYZE_NULL_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(ANALYZE_NULL_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(ANALYZE_NULL_OBJECTS): + $(COMPILE.c) $(ANALYZE_NULL_SRCDIR)$(@:%.o=%.c) $(DEFINES) $(INCLUDES) $(ANALYZE_NULL_LOCALFLAGS) + +$(ANALYZE_NULL_PUBLIC): + $(CP) $(CPFLAGS) $(ANALYZE_NULL_SRCDIR)$@ $@ + +$(ANALYZE_NULL_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +null_analyze.$(OBJSUFFIX): $(ANALYZE_NULL_SRCDIR)null_analyze.h +null_analyze.$(OBJSUFFIX): $(ANALYZE_NULL_SRCDIR)null_analyze.c + +$(ANALYZE_NULL_LIBNAME): $(ANALYZE_NULL_OBJECTS) diff --git a/rules.mk b/rules.mk new file mode 100644 index 0000000..4a1ab59 --- /dev/null +++ b/rules.mk @@ -0,0 +1,10 @@ +OBJSUFFIX=o +LIBSUFFIX=a +RANLIB=ranlib + +COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ +LINK.c = $(CC) $(CFLAGS) $(LDFLAGS) -o $@ + +.c.$(OBJSUFFIX): + $(COMPILE.c) $(OUTPUT_OPTION) $< + diff --git a/ssl/Makefile b/ssl/Makefile new file mode 100644 index 0000000..dd76f59 --- /dev/null +++ b/ssl/Makefile @@ -0,0 +1,20 @@ +CC=gcc -g -I../../common/include -DYYDEBUG=1 +YACC=bison -d -y -v +LEX=flex +OBJS=lex.yy.o y.tab.o main.o + +default: all + +lex.yy.c: ssl.l + $(LEX) ssl.l + +y.tab.c: ssl.y + $(YACC) ssl.y + +grammar: y.tab.c lex.yy.c + $(LEX) ssl.l + $(YACC) ssl.y + +all: grammar $(OBJS) + $(CC) $(OBJS) -L../../common/make/freebsd31 -ly -lm + diff --git a/ssl/ciphersuites.c b/ssl/ciphersuites.c new file mode 100644 index 0000000..9df8459 --- /dev/null +++ b/ssl/ciphersuites.c @@ -0,0 +1,107 @@ +/** + ciphersuites.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ciphersuites.c,v 1.3 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Tue Mar 30 17:19:56 1999 + */ + + +static char *RCSSTRING="$Id: ciphersuites.c,v 1.3 2002/08/17 01:33:17 ekr Exp $"; + +#include + +#include "sslciphers.h" + +static SSL_CipherSuite CipherSuites[]={ + {1,KEX_RSA,SIG_RSA,ENC_NULL,0,0,0,DIG_MD5,16,0}, + {2,KEX_RSA,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA,20,0}, + {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5,16,1}, + {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5,16,0}, + {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0}, + {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_SHA,20,1}, + {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA,20,0}, + {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1}, + {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0}, + {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA,20,1}, + {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,0}, + {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1}, + {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0}, + {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA,20,1}, + {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,0}, + {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1}, + {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0}, + {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5,16,1}, + {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5,16,0}, + {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1}, + {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0}, + {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0}, + {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1}, + {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1}, + {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1}, + {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1}, + {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1}, + {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, + {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, + {-1} +}; + +int ssl_find_cipher(num,cs) + int num; + SSL_CipherSuite **cs; + { + SSL_CipherSuite *c; + + for(c=CipherSuites;c->number!=-1;c++){ + if(c->number==num){ + *cs=c; + return(0); + } + } + + ERETURN(R_NOT_FOUND); + } + + diff --git a/ssl/ciphersuites.h b/ssl/ciphersuites.h new file mode 100644 index 0000000..74fe097 --- /dev/null +++ b/ssl/ciphersuites.h @@ -0,0 +1,52 @@ +/** + ciphersuites.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ciphersuites.h,v 1.2 2000/10/17 16:10:01 ekr Exp $ + + + ekr@rtfm.com Sat Sep 23 18:01:27 2000 + */ + + +#ifndef _ciphersuites_h +#define _ciphersuites_h + +int ssl_find_cipher PROTO_LIST((int num,SSL_CipherSuite **cs)); +#endif + diff --git a/ssl/lex.yy.c b/ssl/lex.yy.c new file mode 100644 index 0000000..4ceaba7 --- /dev/null +++ b/ssl/lex.yy.c @@ -0,0 +1,1777 @@ +/* A lexical scanner generated by flex */ + +/* Scanner skeleton version: + * $Header: /usr/local/CVS/ssldump/ssl/lex.yy.c,v 1.2 2002/04/15 16:53:59 ekr Exp $ + * $FreeBSD: src/usr.bin/lex/flex.skl,v 1.4 1999/10/27 07:56:44 obrien Exp $ + */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 + +#include + + +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus +#endif +#endif + + +#ifdef __cplusplus + +#include +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +#if __STDC__ + +#define YY_USE_PROTOS +#define YY_USE_CONST + +#endif /* __STDC__ */ +#endif /* ! __cplusplus */ + +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN yy_start = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START ((yy_start - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart( yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#define YY_BUF_SIZE 16384 + +typedef struct yy_buffer_state *YY_BUFFER_STATE; + +extern int yyleng; +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + *yy_cp = yy_hold_char; \ + YY_RESTORE_YY_MORE_OFFSET \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, yytext_ptr ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + */ +typedef unsigned int yy_size_t; + + +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + }; + +static YY_BUFFER_STATE yy_current_buffer = 0; + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + */ +#define YY_CURRENT_BUFFER yy_current_buffer + + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; + +static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 1; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart YY_PROTO(( FILE *input_file )); + +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) + +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); + +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) + + +#define YY_USES_REJECT +typedef unsigned char YY_CHAR; +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; +typedef int yy_state_type; +extern int yylineno; +int yylineno = 1; +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + yy_c_buf_p = yy_cp; + +#define YY_NUM_RULES 32 +#define YY_END_OF_BUFFER 33 +static yyconst short int yy_acclist[153] = + { 0, + 33, 31, 32, 12, 31, 32, 12, 32, 18, 31, + 32, 19, 31, 32, 26, 31, 32, 29, 31, 32, + 27, 31, 32, 31, 32, 14, 31, 32, 14, 31, + 32, 25, 31, 32, 24, 31, 32, 22, 31, 32, + 30, 31, 32, 23, 31, 32, 31, 32, 20, 31, + 32, 21, 31, 32, 28, 31, 32, 31, 32, 31, + 32, 31, 32, 31, 32, 31, 32, 31, 32, 16, + 31, 32, 17, 31, 32, 12, 1, 14, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 15, 13, 13, + 13, 13, 13, 13, 13, 13, 10, 9, 13, 13, + + 13, 2, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 11, 13, 13, 4, 13, 13, 5, + 13, 3, 13, 13, 13, 13, 6, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 7, 13, 13, 13, 13, 13, + 8, 13 + } ; + +static yyconst short int yy_accept[110] = + { 0, + 1, 1, 1, 2, 4, 7, 9, 12, 15, 18, + 21, 24, 26, 29, 32, 35, 38, 41, 44, 47, + 49, 52, 55, 58, 60, 62, 64, 66, 68, 70, + 73, 76, 77, 78, 78, 79, 79, 80, 81, 82, + 83, 84, 85, 86, 87, 88, 88, 88, 88, 89, + 90, 91, 92, 93, 94, 95, 96, 97, 97, 98, + 100, 101, 102, 104, 105, 106, 107, 108, 108, 109, + 110, 111, 112, 113, 114, 115, 116, 117, 119, 120, + 122, 124, 125, 126, 127, 129, 130, 131, 132, 133, + 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + + 144, 145, 147, 148, 149, 150, 151, 153, 153 + } ; + +static yyconst int yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 2, 2, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 1, 1, 1, 1, 1, 1, 1, 4, + 5, 6, 1, 7, 8, 9, 10, 11, 12, 12, + 12, 12, 12, 12, 12, 12, 12, 13, 14, 15, + 16, 17, 1, 18, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, + 20, 1, 21, 22, 23, 1, 24, 25, 26, 27, + + 28, 19, 29, 19, 30, 19, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 19, 19, 42, + 43, 19, 44, 1, 45, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst int yy_meta[46] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 2, 2, 3, + 4, 4, 1, 1, 1, 1, 1, 5, 4, 1, + 1, 1, 2, 4, 4, 4, 4, 4, 4, 4, + 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, + 4, 4, 4, 1, 1 + } ; + +static yyconst short int yy_base[113] = + { 0, + 0, 0, 141, 142, 44, 46, 142, 142, 142, 142, + 131, 133, 39, 41, 142, 142, 142, 142, 142, 0, + 142, 142, 142, 30, 108, 103, 100, 94, 27, 116, + 142, 54, 142, 127, 47, 0, 0, 93, 97, 101, + 88, 104, 102, 94, 87, 0, 118, 54, 0, 95, + 83, 91, 87, 82, 86, 89, 75, 97, 142, 0, + 74, 73, 0, 71, 81, 84, 83, 63, 83, 82, + 77, 78, 63, 62, 142, 67, 68, 0, 91, 0, + 0, 58, 65, 65, 0, 52, 66, 79, 40, 41, + 71, 48, 49, 47, 41, 40, 47, 44, 33, 43, + + 26, 0, 32, 26, 35, 35, 0, 142, 80, 84, + 57, 89 + } ; + +static yyconst short int yy_def[113] = + { 0, + 108, 1, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 109, + 108, 108, 108, 109, 109, 109, 109, 109, 109, 108, + 108, 108, 108, 110, 108, 111, 109, 109, 109, 109, + 109, 109, 109, 109, 109, 112, 110, 110, 111, 109, + 109, 109, 109, 109, 109, 109, 109, 112, 108, 109, + 109, 109, 109, 109, 109, 109, 109, 108, 109, 109, + 109, 109, 109, 109, 108, 109, 109, 109, 109, 109, + 109, 109, 109, 109, 109, 109, 109, 109, 109, 109, + 109, 109, 109, 109, 109, 109, 109, 109, 109, 109, + + 109, 109, 109, 109, 109, 109, 109, 0, 108, 108, + 108, 108 + } ; + +static yyconst short int yy_nxt[188] = + { 0, + 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, + 13, 14, 15, 16, 17, 18, 19, 4, 20, 21, + 22, 23, 4, 20, 20, 24, 25, 26, 20, 20, + 20, 20, 20, 20, 27, 28, 20, 20, 29, 20, + 20, 20, 20, 30, 31, 32, 32, 32, 32, 35, + 35, 35, 35, 38, 44, 32, 32, 35, 35, 48, + 49, 107, 106, 59, 39, 105, 45, 104, 103, 102, + 101, 100, 99, 98, 97, 96, 95, 94, 93, 92, + 36, 37, 91, 37, 47, 47, 90, 47, 47, 58, + 58, 58, 58, 89, 88, 87, 86, 85, 84, 83, + + 82, 81, 80, 79, 78, 77, 76, 75, 74, 73, + 72, 71, 70, 69, 68, 67, 66, 65, 64, 63, + 62, 61, 60, 48, 57, 56, 55, 54, 53, 52, + 51, 50, 48, 46, 43, 42, 41, 40, 34, 33, + 108, 3, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108 + } ; + +static yyconst short int yy_chk[188] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 5, 5, 6, 6, 13, + 13, 14, 14, 24, 29, 32, 32, 35, 35, 48, + 111, 106, 105, 48, 24, 104, 29, 103, 101, 100, + 99, 98, 97, 96, 95, 94, 93, 92, 91, 90, + 13, 109, 89, 109, 110, 110, 88, 110, 110, 112, + 112, 112, 112, 87, 86, 84, 83, 82, 79, 77, + + 76, 74, 73, 72, 71, 70, 69, 68, 67, 66, + 65, 64, 62, 61, 58, 57, 56, 55, 54, 53, + 52, 51, 50, 47, 45, 44, 43, 42, 41, 40, + 39, 38, 34, 30, 28, 27, 26, 25, 12, 11, + 3, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108 + } ; + +static yy_state_type yy_state_buf[YY_BUF_SIZE + 2], *yy_state_ptr; +static char *yy_full_match; +static int yy_lp; +#define REJECT \ +{ \ +*yy_cp = yy_hold_char; /* undo effects of setting up yytext */ \ +yy_cp = yy_full_match; /* restore poss. backed-over text */ \ +++yy_lp; \ +goto find_rule; \ +} +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "ssl.l" +#define INITIAL 0 +#line 4 "ssl.l" +#include "y.tab.h" + +#if 0 +#define RETURN(x) printf("TOK:%s\n",#x); return(x) +#else +#define RETURN return +#endif + +long strtol(); +#line 479 "lex.yy.c" + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap YY_PROTO(( void )); +#else +extern int yywrap YY_PROTO(( void )); +#endif +#endif + +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + +#ifndef yytext_ptr +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen YY_PROTO(( yyconst char * )); +#endif + +#ifndef YY_NO_INPUT +#ifdef __cplusplus +static int yyinput YY_PROTO(( void )); +#else +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); +#endif + +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ + +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( yy_current_buffer->yy_is_interactive ) \ + { \ + int c = '*', n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL int yylex YY_PROTO(( void )) +#endif + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +YY_DECL + { + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 23 "ssl.l" + + +#line 633 "lex.yy.c" + + if ( yy_init ) + { + yy_init = 0; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! yy_start ) + yy_start = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_load_buffer_state(); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = yy_c_buf_p; + + /* Support of yytext. */ + *yy_cp = yy_hold_char; + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = yy_start; + yy_state_ptr = yy_state_buf; + *yy_state_ptr++ = yy_current_state; +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 109 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + *yy_state_ptr++ = yy_current_state; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 142 ); + +yy_find_action: + yy_current_state = *--yy_state_ptr; + yy_lp = yy_accept[yy_current_state]; +find_rule: /* we branch to this label when backing up */ + for ( ; ; ) /* until we find what rule we matched */ + { + if ( yy_lp && yy_lp < yy_accept[yy_current_state + 1] ) + { + yy_act = yy_acclist[yy_lp]; + { + yy_full_match = yy_cp; + break; + } + } + --yy_cp; + yy_current_state = *--yy_state_ptr; + yy_lp = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + + if ( yy_act != YY_END_OF_BUFFER ) + { + int yyl; + for ( yyl = 0; yyl < yyleng; ++yyl ) + if ( yytext[yyl] == '\n' ) + ++yylineno; + } + +do_action: /* This label is used only to access EOF actions. */ + + + switch ( yy_act ) + { /* beginning of action switch */ +case 1: +YY_RULE_SETUP +#line 25 "ssl.l" +{RETURN(DOT_DOT_);} + YY_BREAK +case 2: +YY_RULE_SETUP +#line 26 "ssl.l" +{RETURN(ENUM_);} + YY_BREAK +case 3: +YY_RULE_SETUP +#line 27 "ssl.l" +{RETURN(STRUCT_);} + YY_BREAK +case 4: +YY_RULE_SETUP +#line 28 "ssl.l" +{mkname();RETURN(OPAQUE_);} + YY_BREAK +case 5: +YY_RULE_SETUP +#line 29 "ssl.l" +{RETURN(SELECT_);} + YY_BREAK +case 6: +YY_RULE_SETUP +#line 30 "ssl.l" +{RETURN(CONSTANT_);} + YY_BREAK +case 7: +YY_RULE_SETUP +#line 31 "ssl.l" +{/* Do nothing*/} + YY_BREAK +case 8: +YY_RULE_SETUP +#line 32 "ssl.l" +{/* Do nothing*/} + YY_BREAK +case 9: +YY_RULE_SETUP +#line 33 "ssl.l" +{RETURN(CASE_);} + YY_BREAK +case 10: +YY_RULE_SETUP +#line 34 "ssl.l" +{ /*Do nothing*/} + YY_BREAK +case 11: +YY_RULE_SETUP +#line 35 "ssl.l" +{ strcpy(yylval.str,yytext); RETURN(CODE_);} + YY_BREAK +case 12: +YY_RULE_SETUP +#line 37 "ssl.l" +{/*do nothing*/} + YY_BREAK +case 13: +YY_RULE_SETUP +#line 38 "ssl.l" +{mkname();RETURN(NAME_);} + YY_BREAK +case 14: +YY_RULE_SETUP +#line 39 "ssl.l" +{yylval.val=atoi(yytext); RETURN(NUM_);} + YY_BREAK +case 15: +YY_RULE_SETUP +#line 40 "ssl.l" +{yylval.val=strtol(yytext,0,16); RETURN(NUM_);} + YY_BREAK +case 16: +YY_RULE_SETUP +#line 41 "ssl.l" +{ RETURN('{'); } + YY_BREAK +case 17: +YY_RULE_SETUP +#line 42 "ssl.l" +{ RETURN('}'); } + YY_BREAK +case 18: +YY_RULE_SETUP +#line 43 "ssl.l" +{ RETURN('('); } + YY_BREAK +case 19: +YY_RULE_SETUP +#line 44 "ssl.l" +{ RETURN(')'); } + YY_BREAK +case 20: +YY_RULE_SETUP +#line 45 "ssl.l" +{ RETURN('['); } + YY_BREAK +case 21: +YY_RULE_SETUP +#line 46 "ssl.l" +{ RETURN(']'); } + YY_BREAK +case 22: +YY_RULE_SETUP +#line 47 "ssl.l" +{ RETURN('<'); } + YY_BREAK +case 23: +YY_RULE_SETUP +#line 48 "ssl.l" +{ RETURN('>'); } + YY_BREAK +case 24: +YY_RULE_SETUP +#line 49 "ssl.l" +{ RETURN(';'); } + YY_BREAK +case 25: +YY_RULE_SETUP +#line 50 "ssl.l" +{ RETURN(':'); } + YY_BREAK +case 26: +YY_RULE_SETUP +#line 51 "ssl.l" +{ RETURN(','); } + YY_BREAK +case 27: +YY_RULE_SETUP +#line 52 "ssl.l" +{ RETURN('.'); } + YY_BREAK +case 28: +YY_RULE_SETUP +#line 53 "ssl.l" +{ RETURN('^'); } + YY_BREAK +case 29: +YY_RULE_SETUP +#line 54 "ssl.l" +{ RETURN('-'); } + YY_BREAK +case 30: +YY_RULE_SETUP +#line 55 "ssl.l" +{ RETURN('='); } + YY_BREAK +case 31: +YY_RULE_SETUP +#line 56 "ssl.l" +{ fprintf(stderr,"Invalid input token: %s at %d!!!\n",yytext,yylineno); + exit(1); + } + YY_BREAK +case 32: +YY_RULE_SETUP +#line 60 "ssl.l" +ECHO; + YY_BREAK +#line 886 "lex.yy.c" + case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = yy_hold_char; + YY_RESTORE_YY_MORE_OFFSET + + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between yy_current_buffer and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state(); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = yytext_ptr + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++yy_c_buf_p; + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = yy_c_buf_p; + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer() ) + { + case EOB_ACT_END_OF_FILE: + { + yy_did_buffer_switch_on_eof = 0; + + if ( yywrap() ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! yy_did_buffer_switch_on_eof ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state(); + + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; + + yy_current_state = yy_get_previous_state(); + + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ + } /* end of yylex */ + + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; + register int number_to_move, i; + int ret_val; + + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( yy_current_buffer->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + yy_current_buffer->yy_n_chars = yy_n_chars = 0; + + else + { + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = yy_current_buffer; + + int yy_c_buf_p_offset = + (int) (yy_c_buf_p - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = yy_current_buffer->yy_buf_size - + number_to_move - 1; +#endif + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); + + yy_current_buffer->yy_n_chars = yy_n_chars; + } + + if ( yy_n_chars == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart( yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + yy_current_buffer->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + + return ret_val; + } + + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + +static yy_state_type yy_get_previous_state() + { + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = yy_start; + yy_state_ptr = yy_state_buf; + *yy_state_ptr++ = yy_current_state; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 109 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + *yy_state_ptr++ = yy_current_state; + } + + return yy_current_state; + } + + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { + register int yy_is_jam; + + register YY_CHAR yy_c = 1; + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 109 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 108); + if ( ! yy_is_jam ) + *yy_state_ptr++ = yy_current_state; + + return yy_is_jam ? 0 : yy_current_state; + } + + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; + + /* undo effects of setting up yytext */ + *yy_cp = yy_hold_char; + + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; + register char *source = + &yy_current_buffer->yy_ch_buf[number_to_move]; + + while ( source > yy_current_buffer->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; + + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + if ( c == '\n' ) + --yylineno; + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + + +#ifdef __cplusplus +static int yyinput() +#else +static int input() +#endif + { + int c; + + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + /* This was really a NUL. */ + *yy_c_buf_p = '\0'; + + else + { /* need more input */ + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; + + switch ( yy_get_next_buffer() ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart( yyin ); + + /* fall through */ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap() ) + return EOF; + + if ( ! yy_did_buffer_switch_on_eof ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + yy_c_buf_p = yytext_ptr + offset; + break; + } + } + } + + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + + if ( c == '\n' ) + ++yylineno; + + return c; + } + + +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); + } + + +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) + return; + + if ( yy_current_buffer ) + { + /* Flush out information for old buffer. */ + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; + } + + yy_current_buffer = new_buffer; + yy_load_buffer_state(); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + yy_did_buffer_switch_on_eof = 1; + } + + +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer( b, file ); + + return b; + } + + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { + if ( ! b ) + return; + + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yy_flex_free( (void *) b->yy_ch_buf ); + + yy_flex_free( (void *) b ); + } + + +#ifndef YY_ALWAYS_INTERACTIVE +#ifndef YY_NEVER_INTERACTIVE +extern int isatty YY_PROTO(( int )); +#endif +#endif + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } + + +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == yy_current_buffer ) + yy_load_buffer_state(); + } + + +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer( b ); + + return b; + } +#endif + + +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = len + 2; + buf = (char *) yy_flex_alloc( n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; + + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer( buf, n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; + } +#endif + + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; +#endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; + + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); + + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); + + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); + + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } + + yy_start_stack[yy_start_stack_ptr++] = YY_START; + + BEGIN(new_state); + } +#endif + + +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); + + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif + + +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } + + + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) + + +/* Internal utility routines. */ + +#ifndef yytext_ptr +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; + } +#endif + +#ifdef YY_NEED_STRLEN +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; + } +#endif + + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { + return (void *) malloc( size ); + } + +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); + } + +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } + +#if YY_MAIN +int main() + { + yylex(); + return 0; + } +#endif +#line 60 "ssl.l" + +int mkname() +{ +#if 0 +printf("%s\n",yytext); +#endif +strcpy(yylval.str,yytext); +} diff --git a/ssl/main.c b/ssl/main.c new file mode 100644 index 0000000..8c36157 --- /dev/null +++ b/ssl/main.c @@ -0,0 +1,99 @@ +/** + main.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: main.c,v 1.2 2000/10/17 16:10:01 ekr Exp $ + + + ekr@rtfm.com Mon Jan 18 16:28:43 1999 + */ + + +static char *RCSSTRING="$Id: main.c,v 1.2 2000/10/17 16:10:01 ekr Exp $"; + +#include +#include + +extern int yydebug; + +FILE *doth,*dotc; + +int verr_exit(char *fmt,...) + { + va_list ap; + + va_start(ap,fmt); + vfprintf(stderr,fmt,ap); + exit(1); + } + + +int main(argc,argv) + int argc; + char **argv; + { + char name[100]; + FILE *in; + + if(!(in=freopen(argv[1],"r",stdin))) + verr_exit("Couldn't open input file %s\n",argv[1]); + + sprintf(name,"%s.c",argv[1]); + dotc=fopen(name,"w"); + sprintf(name,"%s.h",argv[1]); + doth=fopen(name,"w"); + + fprintf(dotc,"#include \"network.h\"\n#include \"ssl_h.h\"\n#include \"sslprint.h\"\n#include \"sslxprint.h\"\n#ifdef OPENSSL\n#include \n#endif\n"); + fprintf(dotc,"#include \"%s\"\n",name); + + yyparse(); + } + + +extern int yylineno; + +int yywrap() +{ +;} + +int yyerror(s) + char *s; + { + printf("Parse error %s at line %d\n",s,yylineno); + exit(1); + } diff --git a/ssl/ssl.enums b/ssl/ssl.enums new file mode 100644 index 0000000..dba21a1 --- /dev/null +++ b/ssl/ssl.enums @@ -0,0 +1,419 @@ + select { + ChangeCipherSpec(20) +{@ + ssl_process_change_cipher_spec(ssl,ssl->decoder,dir); + + if(dir==DIR_I2R){ + ssl->i_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + else{ + ssl->r_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + + printf("\n"); + return(0); +@} +, Alert(21) +{@ + int r; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + if(data->len!=2){ + fprintf(stderr,"Wrong length for alert message: %d\n", + data->len); + ERETURN(R_EOD); + } + + P_(P_HL){ + printf("\n"); + SSL_DECODE_ENUM(ssl,"level",1,AlertLevel_decoder,P_HL,data,0); + printf("\n"); + SSL_DECODE_ENUM(ssl,"value",1,AlertDescription_decoder,P_HL,data,0); + printf("\n"); + } + else { + SSL_DECODE_ENUM(ssl,0,1,AlertLevel_decoder,SSL_PRINT_ALL,data,0); + SSL_DECODE_ENUM(ssl,0,1,AlertDescription_decoder,SSL_PRINT_ALL,data,0); + printf("\n"); + } + return(0); + +@}, + Handshake(22) +{@ + extern decoder HandshakeType_decoder[]; + int r; + UINT4 t,l; + int rs=0; + Data d; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + while(data->len>0){ + SSL_DECODE_UINT8(ssl,0,0,data,&t); + SSL_DECODE_UINT24(ssl,0,0,data,&l); + + if(data->lenlen); + ERETURN(R_EOD); + } + + d.data=data->data; + d.len=l; + data->len-=l; + data->data+=l; + P_(P_HL){ + if(!rs){ + printf("\n"); + rs=1; + } + } + ssl_decode_switch(ssl,HandshakeType_decoder,t,dir,seg,&d); + } + return(0); +@}, + application_data(23) +{@ + int r; + Data d; + + SSL_DECODE_OPAQUE_ARRAY(ssl,"data",data->len,0,data,&d); + + P_(P_AD){ + print_data(ssl,&d); + } + else { + printf("\n"); + } + return(0); +@} +, (255) + } ContentType; + + select { + HelloRequest(0) +{@ + printf("\n"); +@}, +ClientHello(1) +{@ + UINT4 vj,vn,cs,cslen,complen,comp; + Data session_id,random; + int r; + + extern decoder cipher_suite_decoder[]; + extern decoder compression_method_decoder[]; + + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&random); + ssl_set_client_random(ssl->decoder,random.data,random.len); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,0,data,&session_id); + ssl_set_client_session_id(ssl->decoder,session_id.data,session_id.len); + + P_(P_HL){ + if(session_id.len) + exdump(ssl,"resume ",&session_id); + } + + P_(P_HL){ + SSL_DECODE_UINT16(ssl,"cipher Suites len",0,data,&cslen); + explain(ssl,"cipher suites\n"); + + for(;cslen;cslen-=2){ + ssl_decode_enum(ssl,0,2,cipher_suite_decoder, + 0,data,&cs); + ssl_print_cipher_suite(ssl,(vj<<8)|vn,P_HL,cs); + printf("\n"); + } + } + + SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen); + if(complen){ + explain(ssl,"compression methods\n"); + for(;complen;complen--){ + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,&comp); + printf("\n"); + } + } + return(0); +@}, + ServerHello(2) +{@ + int r; + Data rnd,session_id; + UINT4 vj,vn; + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + ssl->version=vj*256+vn; + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&rnd); + ssl_set_server_random(ssl->decoder,rnd.data,rnd.len); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,P_HL,data,&session_id); + SSL_DECODE_ENUM(ssl,"cipherSuite",2,cipher_suite_decoder, + 0,data,&ssl->cipher_suite); + P_(P_HL){ + explain(ssl,"cipherSuite "); + ssl_print_cipher_suite(ssl,ssl->version,P_HL,ssl->cipher_suite); + } + ssl_find_cipher(ssl->cipher_suite,&ssl->cs); + + ssl_process_server_session_id(ssl,ssl->decoder,session_id.data, + session_id.len); + + P_(P_HL) printf("\n"); + SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); + P_(P_HL) printf("\n"); + return(0); +@}, +Certificate(11) +{@ + UINT4 len; + Data cert; + int r; + + printf("\n"); + SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); + + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate",-((1<<23)-1), + 0,data,&cert); + sslx_print_certificate(ssl,&cert,P_ND); + len-=(cert.len + 3); + } + + return(0); +@}, +ServerKeyExchange (12) +{@ + int r; + + printf("\n"); + + if(ssl->cs){ + P_(P_ND){ + explain(ssl,"params\n"); + } + INDENT_INCR; + + switch(ssl->cs->kex){ + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_p",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_g",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_Ys",-((1<<15)-1),P_ND,data,0); + break; + case KEX_RSA: + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_modulus",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_exponent",-((1<<15)-1),P_ND,data,0); + break; + } + INDENT_POP; + SSL_DECODE_OPAQUE_ARRAY(ssl,"signature",-((1<<15)-1),P_ND,data,0); + } + + return(0); +@} +, +CertificateRequest(13) +{@ + UINT4 len; + Data ca; + int r; + + printf("\n"); + SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len); + for(;len;len--){ + SSL_DECODE_ENUM(ssl,"certificate_types",1, + client_certificate_type_decoder, P_HL,data,0); + P_(P_HL){ + printf("\n"); + } + }; + + SSL_DECODE_UINT16(ssl,"certificate_authorities len",0,data,&len); + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate_authorities", + -((1<<15)-1),0,data,&ca); + explain(ssl,"certificate_authority\n"); + INDENT_INCR; + sslx_print_dn(ssl,&ca,P_HL); + INDENT_POP; + len-=(ca.len + 2); + } + return(0); +@} +, ServerHelloDone(14) +{@ + printf("\n"); +@}, +CertificateVerify(15) +{@ + int r; + printf("\n"); + SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); + return(0); +@} +, +ClientKeyExchange(16) +{@ + int r; + Data pms; + + printf("\n"); + if(ssl->cs){ + switch(ssl->cs->kex){ + + case KEX_RSA: + if(ssl->version > 768) { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1), + P_ND,data,&pms); + + } + else { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",data->len,P_ND,data,&pms); + } + ssl_process_client_key_exchange(ssl, + ssl->decoder,pms.data,pms.len); + + break; + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DiffieHellmanClientPublicValue", + -(1<<15-1),P_HL,data,0); + } + } + return(0); +@} +, + Finished(20) +{@ + int r; + + printf("\n"); + switch(ssl->version){ + case 0x300: + SSL_DECODE_OPAQUE_ARRAY(ssl,"md5_hash",16,P_ND,data,0); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"sha_hash",20,P_ND,data,0); + break; + case 0x301: + SSL_DECODE_OPAQUE_ARRAY(ssl,"verify_data",12,P_ND,data,0); + P_(P_ND) + printf("\n"); + break; + } + + return (0); +@} +, (255) + } HandshakeType; + + constant { + CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 }; + CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 }; + CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 }; + CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 }; + CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 }; + CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 }; + CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; + CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 }; + CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 }; + CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A }; + CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B }; + CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C }; + CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D }; + CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E }; + CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F }; + CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 }; + CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 }; + CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 }; + CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 }; + CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 }; + CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 }; + CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; + CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 }; + CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 }; + CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; + CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; + CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; + CipherSuite TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x63 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = { 0x00,0x64 }; + CipherSuite TLS_DHE_DSS_WITH_RC2_56_CBC_SHA = { 0x00,0x65 }; + CipherSuite TLS_DHE_DSS_WITH_RC4_128_SHA = { 0x00,0x66 }; + CipherSuite TLS_DHE_DSS_WITH_NULL_SHA = { 0x00,0x67 }; + CipherSuite SSL2_CK_RC4 = { 0x01,0x00,0x80}; + CipherSuite SSL2_CK_RC4_EXPORT40 = { 0x02,0x00,0x80}; + CipherSuite SSL2_CK_RC2 = { 0x03,0x00,0x80}; + CipherSuite SSL2_CK_RC2_EXPORT40 = { 0x04,0x00,0x80}; + CipherSuite SSL2_CK_IDEA = { 0x05,0x00,0x80}; + CipherSuite SSL2_CK_DES = { 0x06,0x00,0x40}; + CipherSuite SSL2_CK_RC464 = { 0x08,0x00,0x80}; + CipherSuite SSL2_CK_3DES = { 0x07,0x00,0xc0}; + CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = {0x00,0x4a}; + CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = {0x00,0x48}; + CipherSuite SSL_RSA_WITH_RC2_CBC_MD5 = {0xff,0x80}; + CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = {0x00,0x49}; + CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA={0xff,0x85}; + CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA={0xff,0x84}; + } cipher_suite; + + + select { warning(1), fatal(2), (255) } AlertLevel; + select { + close_notify(0), + unexpected_message(10), + bad_record_mac(20), + decryption_failed(21), + record_overflow(22), + decompression_failure(30), + handshake_failure(40), + bad_certificate(42), + unsupported_certificate(43), + certificate_revoked(44), + certificate_expired(45), + certificate_unknown(46), + illegal_parameter(47), + unknown_ca(48), + access_denied(49), + decode_error(50), + decrypt_error(51), + export_restriction(60), + protocol_version(70), + insufficient_security(71), + internal_error(80), + user_canceled(90), + no_renegotiation(100), + (255) + } AlertDescription; + + constant { + CompressionMethod NULL={0}; + } compression_method; + + select { + rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), + (255) + } client_certificate_type; diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c new file mode 100644 index 0000000..1d4a9bd --- /dev/null +++ b/ssl/ssl.enums.c @@ -0,0 +1,1100 @@ +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "sslxprint.h" +#ifdef OPENSSL +#include +#endif +#include "ssl.enums.h" +static int decode_ContentType_ChangeCipherSpec(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + ssl_process_change_cipher_spec(ssl,ssl->decoder,dir); + + if(dir==DIR_I2R){ + ssl->i_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + else{ + ssl->r_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + + printf("\n"); + return(0); + + } +static int decode_ContentType_Alert(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + if(data->len!=2){ + fprintf(stderr,"Wrong length for alert message: %d\n", + data->len); + ERETURN(R_EOD); + } + + P_(P_HL){ + printf("\n"); + SSL_DECODE_ENUM(ssl,"level",1,AlertLevel_decoder,P_HL,data,0); + printf("\n"); + SSL_DECODE_ENUM(ssl,"value",1,AlertDescription_decoder,P_HL,data,0); + printf("\n"); + } + else { + SSL_DECODE_ENUM(ssl,0,1,AlertLevel_decoder,SSL_PRINT_ALL,data,0); + SSL_DECODE_ENUM(ssl,0,1,AlertDescription_decoder,SSL_PRINT_ALL,data,0); + printf("\n"); + } + return(0); + + + } +static int decode_ContentType_Handshake(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + extern decoder HandshakeType_decoder[]; + int r; + UINT4 t,l; + int rs=0; + Data d; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + while(data->len>0){ + SSL_DECODE_UINT8(ssl,0,0,data,&t); + SSL_DECODE_UINT24(ssl,0,0,data,&l); + + if(data->lenlen); + ERETURN(R_EOD); + } + + d.data=data->data; + d.len=l; + data->len-=l; + data->data+=l; + P_(P_HL){ + if(!rs){ + printf("\n"); + rs=1; + } + } + ssl_decode_switch(ssl,HandshakeType_decoder,t,dir,seg,&d); + } + return(0); + + } +static int decode_ContentType_application_data(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + Data d; + + SSL_DECODE_OPAQUE_ARRAY(ssl,"data",data->len,0,data,&d); + + P_(P_AD){ + print_data(ssl,&d); + } + else { + printf("\n"); + } + return(0); + + } +decoder ContentType_decoder[]={ + { + 20, + "ChangeCipherSpec", + decode_ContentType_ChangeCipherSpec + }, + { + 21, + "Alert", + decode_ContentType_Alert + }, + { + 22, + "Handshake", + decode_ContentType_Handshake + }, + { + 23, + "application_data", + decode_ContentType_application_data + }, +{0} +}; + +static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + printf("\n"); + + } +static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 vj,vn,cs,cslen,complen,comp; + Data session_id,random; + int r; + + extern decoder cipher_suite_decoder[]; + extern decoder compression_method_decoder[]; + + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&random); + ssl_set_client_random(ssl->decoder,random.data,random.len); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,0,data,&session_id); + ssl_set_client_session_id(ssl->decoder,session_id.data,session_id.len); + + P_(P_HL){ + if(session_id.len) + exdump(ssl,"resume ",&session_id); + } + + P_(P_HL){ + SSL_DECODE_UINT16(ssl,"cipher Suites len",0,data,&cslen); + explain(ssl,"cipher suites\n"); + + for(;cslen;cslen-=2){ + ssl_decode_enum(ssl,0,2,cipher_suite_decoder, + 0,data,&cs); + ssl_print_cipher_suite(ssl,(vj<<8)|vn,P_HL,cs); + printf("\n"); + } + } + + SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen); + if(complen){ + explain(ssl,"compression methods\n"); + for(;complen;complen--){ + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,&comp); + printf("\n"); + } + } + return(0); + + } +static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + Data rnd,session_id; + UINT4 vj,vn; + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + ssl->version=vj*256+vn; + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&rnd); + ssl_set_server_random(ssl->decoder,rnd.data,rnd.len); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,P_HL,data,&session_id); + SSL_DECODE_ENUM(ssl,"cipherSuite",2,cipher_suite_decoder, + 0,data,&ssl->cipher_suite); + P_(P_HL){ + explain(ssl,"cipherSuite "); + ssl_print_cipher_suite(ssl,ssl->version,P_HL,ssl->cipher_suite); + } + ssl_find_cipher(ssl->cipher_suite,&ssl->cs); + + ssl_process_server_session_id(ssl,ssl->decoder,session_id.data, + session_id.len); + + P_(P_HL) printf("\n"); + SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); + P_(P_HL) printf("\n"); + return(0); + + } +static int decode_HandshakeType_Certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 len; + Data cert; + int r; + + printf("\n"); + SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); + + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate",-((1<<23)-1), + 0,data,&cert); + sslx_print_certificate(ssl,&cert,P_ND); + len-=(cert.len + 3); + } + + return(0); + + } +static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + printf("\n"); + + if(ssl->cs){ + P_(P_ND){ + explain(ssl,"params\n"); + } + INDENT_INCR; + + switch(ssl->cs->kex){ + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_p",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_g",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_Ys",-((1<<15)-1),P_ND,data,0); + break; + case KEX_RSA: + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_modulus",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_exponent",-((1<<15)-1),P_ND,data,0); + break; + } + INDENT_POP; + SSL_DECODE_OPAQUE_ARRAY(ssl,"signature",-((1<<15)-1),P_ND,data,0); + } + + return(0); + + } +static int decode_HandshakeType_CertificateRequest(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 len; + Data ca; + int r; + + printf("\n"); + SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len); + for(;len;len--){ + SSL_DECODE_ENUM(ssl,"certificate_types",1, + client_certificate_type_decoder, P_HL,data,0); + P_(P_HL){ + printf("\n"); + } + }; + + SSL_DECODE_UINT16(ssl,"certificate_authorities len",0,data,&len); + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate_authorities", + -((1<<15)-1),0,data,&ca); + explain(ssl,"certificate_authority\n"); + INDENT_INCR; + sslx_print_dn(ssl,&ca,P_HL); + INDENT_POP; + len-=(ca.len + 2); + } + return(0); + + } +static int decode_HandshakeType_ServerHelloDone(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + printf("\n"); + + } +static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + printf("\n"); + SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); + return(0); + + } +static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + Data pms; + + printf("\n"); + if(ssl->cs){ + switch(ssl->cs->kex){ + + case KEX_RSA: + if(ssl->version > 768) { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1), + P_ND,data,&pms); + + } + else { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",data->len,P_ND,data,&pms); + } + ssl_process_client_key_exchange(ssl, + ssl->decoder,pms.data,pms.len); + + break; + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DiffieHellmanClientPublicValue", + -(1<<15-1),P_HL,data,0); + } + } + return(0); + + } +static int decode_HandshakeType_Finished(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + printf("\n"); + switch(ssl->version){ + case 0x300: + SSL_DECODE_OPAQUE_ARRAY(ssl,"md5_hash",16,P_ND,data,0); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"sha_hash",20,P_ND,data,0); + break; + case 0x301: + SSL_DECODE_OPAQUE_ARRAY(ssl,"verify_data",12,P_ND,data,0); + P_(P_ND) + printf("\n"); + break; + } + + return (0); + + } +decoder HandshakeType_decoder[]={ + { + 0, + "HelloRequest", + decode_HandshakeType_HelloRequest + }, + { + 1, + "ClientHello", + decode_HandshakeType_ClientHello + }, + { + 2, + "ServerHello", + decode_HandshakeType_ServerHello + }, + { + 11, + "Certificate", + decode_HandshakeType_Certificate + }, + { + 12, + "ServerKeyExchange", + decode_HandshakeType_ServerKeyExchange + }, + { + 13, + "CertificateRequest", + decode_HandshakeType_CertificateRequest + }, + { + 14, + "ServerHelloDone", + decode_HandshakeType_ServerHelloDone + }, + { + 15, + "CertificateVerify", + decode_HandshakeType_CertificateVerify + }, + { + 16, + "ClientKeyExchange", + decode_HandshakeType_ClientKeyExchange + }, + { + 20, + "Finished", + decode_HandshakeType_Finished + }, +{0} +}; + +decoder cipher_suite_decoder[]={ + { + 1, + "TLS_RSA_WITH_NULL_MD5", + 0 }, + { + 2, + "TLS_RSA_WITH_NULL_SHA", + 0 }, + { + 3, + "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 4, + "TLS_RSA_WITH_RC4_128_MD5", + 0 }, + { + 5, + "TLS_RSA_WITH_RC4_128_SHA", + 0 }, + { + 6, + "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + 0 }, + { + 7, + "TLS_RSA_WITH_IDEA_CBC_SHA", + 0 }, + { + 8, + "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 9, + "TLS_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 10, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 11, + "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 12, + "TLS_DH_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 13, + "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 14, + "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 15, + "TLS_DH_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 16, + "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 17, + "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 18, + "TLS_DHE_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 19, + "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 20, + "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 21, + "TLS_DHE_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 22, + "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 23, + "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 24, + "TLS_DH_anon_WITH_RC4_128_MD5", + 0 }, + { + 25, + "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 26, + "TLS_DH_anon_WITH_DES_CBC_SHA", + 0 }, + { + 27, + "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 96, + "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", + 0 }, + { + 97, + "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", + 0 }, + { + 98, + "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", + 0 }, + { + 99, + "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", + 0 }, + { + 100, + "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", + 0 }, + { + 101, + "TLS_DHE_DSS_WITH_RC2_56_CBC_SHA", + 0 }, + { + 102, + "TLS_DHE_DSS_WITH_RC4_128_SHA", + 0 }, + { + 103, + "TLS_DHE_DSS_WITH_NULL_SHA", + 0 }, + { + 65664, + "SSL2_CK_RC4", + 0 }, + { + 131200, + "SSL2_CK_RC4_EXPORT40", + 0 }, + { + 196736, + "SSL2_CK_RC2", + 0 }, + { + 262272, + "SSL2_CK_RC2_EXPORT40", + 0 }, + { + 327808, + "SSL2_CK_IDEA", + 0 }, + { + 393280, + "SSL2_CK_DES", + 0 }, + { + 524416, + "SSL2_CK_RC464", + 0 }, + { + 458944, + "SSL2_CK_3DES", + 0 }, + { + 74, + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 72, + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + 0 }, + { + 65408, + "SSL_RSA_WITH_RC2_CBC_MD5", + 0 }, + { + 73, + "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA", + 0 }, + { + 65413, + "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA", + 0 }, + { + 65412, + "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA", + 0 }, +{-1} +}; + +static int decode_AlertLevel_warning(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertLevel_fatal(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder AlertLevel_decoder[]={ + { + 1, + "warning", + decode_AlertLevel_warning + }, + { + 2, + "fatal", + decode_AlertLevel_fatal + }, +{0} +}; + +static int decode_AlertDescription_close_notify(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_unexpected_message(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_bad_record_mac(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decryption_failed(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_record_overflow(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decompression_failure(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_handshake_failure(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_bad_certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_unsupported_certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_certificate_revoked(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_certificate_expired(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_certificate_unknown(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_illegal_parameter(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_unknown_ca(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_access_denied(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decode_error(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decrypt_error(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_export_restriction(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_protocol_version(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_insufficient_security(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_internal_error(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_user_canceled(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_no_renegotiation(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder AlertDescription_decoder[]={ + { + 0, + "close_notify", + decode_AlertDescription_close_notify + }, + { + 10, + "unexpected_message", + decode_AlertDescription_unexpected_message + }, + { + 20, + "bad_record_mac", + decode_AlertDescription_bad_record_mac + }, + { + 21, + "decryption_failed", + decode_AlertDescription_decryption_failed + }, + { + 22, + "record_overflow", + decode_AlertDescription_record_overflow + }, + { + 30, + "decompression_failure", + decode_AlertDescription_decompression_failure + }, + { + 40, + "handshake_failure", + decode_AlertDescription_handshake_failure + }, + { + 42, + "bad_certificate", + decode_AlertDescription_bad_certificate + }, + { + 43, + "unsupported_certificate", + decode_AlertDescription_unsupported_certificate + }, + { + 44, + "certificate_revoked", + decode_AlertDescription_certificate_revoked + }, + { + 45, + "certificate_expired", + decode_AlertDescription_certificate_expired + }, + { + 46, + "certificate_unknown", + decode_AlertDescription_certificate_unknown + }, + { + 47, + "illegal_parameter", + decode_AlertDescription_illegal_parameter + }, + { + 48, + "unknown_ca", + decode_AlertDescription_unknown_ca + }, + { + 49, + "access_denied", + decode_AlertDescription_access_denied + }, + { + 50, + "decode_error", + decode_AlertDescription_decode_error + }, + { + 51, + "decrypt_error", + decode_AlertDescription_decrypt_error + }, + { + 60, + "export_restriction", + decode_AlertDescription_export_restriction + }, + { + 70, + "protocol_version", + decode_AlertDescription_protocol_version + }, + { + 71, + "insufficient_security", + decode_AlertDescription_insufficient_security + }, + { + 80, + "internal_error", + decode_AlertDescription_internal_error + }, + { + 90, + "user_canceled", + decode_AlertDescription_user_canceled + }, + { + 100, + "no_renegotiation", + decode_AlertDescription_no_renegotiation + }, +{0} +}; + +decoder compression_method_decoder[]={ + { + 0, + "NULL", + 0 }, +{-1} +}; + +static int decode_client_certificate_type_rsa_sign(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_client_certificate_type_dss_sign(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_client_certificate_type_rsa_fixed_dh(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_client_certificate_type_dss_fixed_dh(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder client_certificate_type_decoder[]={ + { + 1, + "rsa_sign", + decode_client_certificate_type_rsa_sign + }, + { + 2, + "dss_sign", + decode_client_certificate_type_dss_sign + }, + { + 3, + "rsa_fixed_dh", + decode_client_certificate_type_rsa_fixed_dh + }, + { + 4, + "dss_fixed_dh", + decode_client_certificate_type_dss_fixed_dh + }, +{0} +}; + diff --git a/ssl/ssl.enums.h b/ssl/ssl.enums.h new file mode 100644 index 0000000..88cbfd8 --- /dev/null +++ b/ssl/ssl.enums.h @@ -0,0 +1,7 @@ +extern decoder ContentType_decoder[]; +extern decoder HandshakeType_decoder[]; +extern decoder cipher_suite_decoder[]; +extern decoder AlertLevel_decoder[]; +extern decoder AlertDescription_decoder[]; +extern decoder compression_method_decoder[]; +extern decoder client_certificate_type_decoder[]; diff --git a/ssl/ssl.l b/ssl/ssl.l new file mode 100644 index 0000000..a9f9960 --- /dev/null +++ b/ssl/ssl.l @@ -0,0 +1,67 @@ +%option yylineno + +%{ +#include "y.tab.h" + +#if 0 +#define RETURN(x) printf("TOK:%s\n",#x); return(x) +#else +#define RETURN return +#endif + +long strtol(); +%} + +IDCHAR [a-zA-Z0-9_\-\.] +NUMCHAR [0-9] +S [ \t\n\r\f]+ +NAME [a-zA-Z]{IDCHAR}+ +NUM {NUMCHAR}+ +HEXNUM "0x"[0-9A-Za-z]+ +COMMENT "/*"("*"?[^/]+)*("*/") +CODE "{@"[^@]+"@}" +%% + +".." {RETURN(DOT_DOT_);} +"enum" {RETURN(ENUM_);} +"struct" {RETURN(STRUCT_);} +"opaque" {mkname();RETURN(OPAQUE_);} +"select" {RETURN(SELECT_);} +"constant" {RETURN(CONSTANT_);} +"digitally-signed" {/* Do nothing*/} +"public-key-encrypted" {/* Do nothing*/} +"case" {RETURN(CASE_);} +{COMMENT} { /*Do nothing*/} +{CODE} { strcpy(yylval.str,yytext); RETURN(CODE_);} + +{S} {/*do nothing*/} +{NAME} {mkname();RETURN(NAME_);} +{NUM} {yylval.val=atoi(yytext); RETURN(NUM_);} +{HEXNUM} {yylval.val=strtol(yytext,0,16); RETURN(NUM_);} +"{" { RETURN('{'); } +"}" { RETURN('}'); } +"(" { RETURN('('); } +")" { RETURN(')'); } +"[" { RETURN('['); } +"]" { RETURN(']'); } +"<" { RETURN('<'); } +">" { RETURN('>'); } +";" { RETURN(';'); } +":" { RETURN(':'); } +"," { RETURN(','); } +"." { RETURN('.'); } +"^" { RETURN('^'); } +"-" { RETURN('-'); } +"=" { RETURN('='); } +. { fprintf(stderr,"Invalid input token: %s at %d!!!\n",yytext,yylineno); + exit(1); + } + +%% +int mkname() +{ +#if 0 +printf("%s\n",yytext); +#endif +strcpy(yylval.str,yytext); +} diff --git a/ssl/ssl.y b/ssl/ssl.y new file mode 100644 index 0000000..5e90588 --- /dev/null +++ b/ssl/ssl.y @@ -0,0 +1,241 @@ +/** + ssl.y + + Copyright (C) 1998, RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Fri Dec 25 20:33:47 1998 + */ + + +%{ + +typedef struct select_st_ { + char *name; + char *code; + int val; + struct select_st_ *next; +} select_st; + + +select_st *select_base; +select_st *select_ptr; + +select_st *constant_base; +select_st *constant_ptr; + +#include + +extern FILE *dotc; +extern FILE *doth; + +%} +%union { + int val; + unsigned char str[8192]; +} + + +/*These tokens have attributes*/ +%token NAME_ +%token NUM_ + +/*Tokens*/ +%token DOT_DOT_ +%token STRUCT_ +%token SELECT_ +%token OPAQUE_ +%token SELECT_ +%token ENUM_ +%token DIGITALLY_SIGNED_ +%token COMMENT_START_ +%token CODE_ +%token COMMENT_END_ +%token CASE_ +%token CONSTANT_ +/*Types for nonterminals*/ +%type module +%type typelist +%type definition +%type selecttype +%type constant_type +%type selecterateds +%type selectmax +%type constval +/*%type selecterated*/ +%% +module: typelist + +typelist: {$$=1}; + | definition typelist + { + $$=1; + } +; + +definition: selecttype + | constant_type +; + +selecttype: SELECT_ '{' selecterateds ',' selectmax '}' NAME_ ';' + { + select_st *en; + char filename[100]; + + for(en=select_base;en;en=en->next){ + fprintf(dotc,"static int decode_%s_%s(ssl,dir,seg,data)\n", + $7,en->name); + fprintf(dotc," ssl_obj *ssl;\n"); + fprintf(dotc," int dir;\n"); + fprintf(dotc," segment *seg;\n"); + fprintf(dotc," Data *data;\n"); + fprintf(dotc," {\n"); + if(en->code){ + en->code+=2; + en->code[strlen(en->code)-2]=0; + fprintf(dotc,"\n%s\n",en->code); + } + else{ +/* fprintf(dotc," fprintf(dotc,\"Decoding %s...%cn\");\n",en->name,'\\');*/ + fprintf(dotc," return(0);\n"); + } + fprintf(dotc," }\n"); + } + + fprintf(dotc,"decoder %s_decoder[]={\n",$7); + fprintf(doth,"extern decoder %s_decoder[];\n",$7); + for(en=select_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," decode_%s_%s\n",$7,en->name); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + + + + select_base=0; + } +; + +selecterateds: selecterateds ',' selecterated + | selecterated +{; +} +; + +selectmax: '(' NUM_ ')' +{$$=1;}; + +selecterated: selecterated_no_code + | selecterated_code +; + + +selecterated_code: NAME_ '(' NUM_ ')' CODE_ +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=$3; + en->name=strdup($1); + en->code=strdup($5); + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +}; + + +selecterated_no_code: NAME_ '(' NUM_ ')' +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=$3; + en->name=strdup($1); + en->code=0; + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +}; + +constant_type: CONSTANT_ '{' constants '}' NAME_ ';' + { + select_st *en; + + fprintf(dotc,"decoder %s_decoder[]={\n",$5); + fprintf(doth,"extern decoder %s_decoder[];\n",$5); + + for(en=constant_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," 0"); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + constant_ptr=0; + constant_base=0; + } + +constants: constants constant + | constant +{; +} +; + +constant: NAME_ NAME_ '=' '{' constval '}' ';' +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=$5; + en->name=strdup($2); + + if(!constant_base){ + constant_base=en; + constant_ptr=en; + } + else{ + constant_ptr->next=en; + constant_ptr=en; + } +}; + +constval: NUM_ ',' NUM_ ',' NUM_ + { + $$=($1 << 16) | ($3 << 8) | $5; + } + | NUM_ ',' NUM_ + { + $$=($1 << 8) | $3; + } + | NUM_ + { + $$=$1; + } +; + diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c new file mode 100644 index 0000000..8f07e4c --- /dev/null +++ b/ssl/ssl_analyze.c @@ -0,0 +1,624 @@ +/** + ssl_analyze.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_analyze.c,v 1.8 2002/01/21 18:46:13 ekr Exp $ + + + ekr@rtfm.com Fri Jan 8 14:07:05 1999 + */ + + +static char *RCSSTRING="$Id: ssl_analyze.c,v 1.8 2002/01/21 18:46:13 ekr Exp $"; + +#include "network.h" +#include "debug.h" +#include "sslprint.h" +#include "ssl_h.h" +#include "ssl_analyze.h" + +/*UINT4 SSL_print_flags=P_HL| P_ND;*/ +UINT4 SSL_print_flags = 1 | P_HT | P_HL; + +static int parse_ssl_flags PROTO_LIST((char *str)); +static int create_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp)); +static int create_ssl_analyzer PROTO_LIST((void *handle, + proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, + struct in_addr *i_addr,u_short i_port, + struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); +static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp)); +static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg, + int offset,segment **lastp,int *offsetp)); +static int read_data PROTO_LIST((r_queue *q,segment *seg,int offset, + segment **lastp,int *offsetp)); +static int data_ssl_analyzer PROTO_LIST((proto_obj *_obj,segment *seg, + int direction)); +int close_ssl_analyzer PROTO_LIST((proto_obj *_obj,packet *p,int direction)); + +static int create_r_queue PROTO_LIST((r_queue **qp)); + +static int free_r_queue PROTO_LIST((r_queue *q)); +static int print_ssl_record PROTO_LIST((ssl_obj *obj,int direction, + segment *q,UCHAR *data,int len)); +char *SSL_keyfile=0; +char *SSL_password=0; + +#define NEGATE 0x800000 + +typedef struct { + int ch; + char *name; + UINT4 flag; +} flag_struct; + +flag_struct flags[]={ + { + 't', + "ts", + SSL_PRINT_TIMESTAMP, + }, + { + 'e', + "tsa", + SSL_PRINT_TIMESTAMP|SSL_PRINT_TIMESTAMP_ABSOLUTE + }, + { + 'x', + "x", + SSL_PRINT_HEXDUMP + }, + { + 'X', + "X", + SSL_PRINT_HEX_ONLY + }, + { + 'r', + "rh", + SSL_PRINT_RECORD_HEADER + }, + { + 0, + "ht", + SSL_PRINT_HANDSHAKE_TYPE + }, + { + 0, + "H", + SSL_PRINT_HIGHLIGHTS + }, + { + 'A', + "all", + SSL_PRINT_ALL_FIELDS + }, + { + 0, + "d", + SSL_PRINT_DECODE + }, + { + 0, + "nroff", + SSL_PRINT_NROFF + }, + { + 'N', + "asn", + SSL_PRINT_DECODE_ASN1 + }, + { + 0, + "crypto", + SSL_PRINT_CRYPTO + }, + { + 'd', + "appdata", + SSL_PRINT_APP_DATA + }, + { 'q', + "quiet", + P_HL | NEGATE + }, + {0} +}; + +int parse_ssl_flag(flag) + int flag; + { + flag_struct *fl; + + for(fl=flags;fl->name;fl++){ + if(fl->ch==flag){ + if(fl->flag & NEGATE){ + SSL_print_flags &= ~(fl->flag); + } + else + SSL_print_flags |= fl->flag; + break; + } + } + + return(0); + } + +static int parse_ssl_flags(str) + char *str; + { + char *x,*y; + flag_struct *fl; + int bang; + + y=str; + + while(x=strtok(y,",")){ + y=0; + + if(*x=='!'){ + bang=1; + x++; + } + else + bang=0; + for(fl=flags;fl->name;fl++){ + if(!strcmp(x,fl->name)){ + if(!bang) SSL_print_flags |= fl->flag; + else SSL_print_flags &= ~fl->flag; + break; + } + } + if(!fl->name){ + fprintf(stderr,"SSL: Bad flag %s\n",x); + } + } + + return(0); + } + +static int create_ssl_ctx(handle,ctxp) + void *handle; + proto_ctx **ctxp; + { + ssl_decode_ctx *ctx=0; + int r,_status; + + if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password)) + ABORT(r); + + *ctxp=(proto_ctx *)ctx; + _status=0; + abort: + return(_status); + } + +static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,base_time) + void *handle; + proto_ctx *ctx; + tcp_conn *conn; + proto_obj **objp; + struct in_addr *i_addr; + u_short i_port; + struct in_addr *r_addr; + u_short r_port; + struct timeval *base_time; + { + int r,_status; + ssl_obj *obj=0; + + if(!(obj=(ssl_obj *)calloc(sizeof(ssl_obj),1))) + ABORT(R_NO_MEMORY); + + obj->ssl_ctx=(ssl_decode_ctx *)ctx; + obj->conn=conn; + + if(r=create_r_queue(&obj->r2i_queue)) + ABORT(r); + if(r=create_r_queue(&obj->i2r_queue)) + ABORT(r); + + lookuphostname(i_addr,&obj->client_name); + obj->client_port=i_port; + lookuphostname(r_addr,&obj->server_name); + obj->server_port=r_port; + + obj->i_state=SSL_ST_SENT_NOTHING; + obj->r_state=SSL_ST_HANDSHAKE; + + memcpy(&obj->time_start,base_time,sizeof(struct timeval)); + memcpy(&obj->time_last,base_time,sizeof(struct timeval)); + + if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)) + ABORT(r); + + *objp=(proto_obj *)obj; + + _status=0; + abort: + if(_status){ + destroy_ssl_analyzer((proto_obj **)&obj); + } + return(_status); + } + +static int destroy_ssl_analyzer(objp) + proto_obj **objp; + { + ssl_obj *obj; + + if(!objp || !*objp) + return(0); + + obj=(ssl_obj *)*objp; + DBG((0,"Destroying SSL analyzer")); + + free_r_queue(obj->i2r_queue); + free_r_queue(obj->r2i_queue); + ssl_decoder_destroy(&obj->decoder); + free(obj->client_name); + free(obj->server_name); + free(*objp); + *objp=0; + + return(0); + } + + +static int free_r_queue(q) + r_queue *q; + { + FREE(q->data); + if(q->q) free_tcp_segment_queue(q->q); + free(q); + return(0); + } + +static int create_r_queue(qp) + r_queue **qp; + { + r_queue *q=0; + int _status; + + if(!(q=(r_queue *)calloc(sizeof(r_queue),1))) + ABORT(R_NO_MEMORY); + + if(!(q->data=(UCHAR *)malloc(SSL_HEADER_SIZE))) + ABORT(R_NO_MEMORY); + q->ptr=q->data; + q->_allocated=SSL_HEADER_SIZE; + q->len=0; + + q->state=SSL_READ_NONE; + *qp=q; + _status=0; + abort: + if(_status){ + free_r_queue(q); + } + return(_status); + } + +static int read_ssl_record(obj,q,seg,offset,lastp,offsetp) + ssl_obj *obj; + r_queue *q; + segment *seg; + int offset; + segment **lastp; + int *offsetp; + + { + segment *last=seg; + int rec_len,r,_status; + + switch(q->state){ + case SSL_READ_NONE: + q->read_left=SSL_HEADER_SIZE; + if(r=read_data(q,seg,offset,&last,&offset)) + ABORT(r); + + q->state=SSL_READ_HEADER; + switch(q->data[0]){ + case 20: + case 21: + case 22: + case 23: + break; + default: + printf("Unknown SSL content type %d\n",q->data[0] & 255); + ABORT(R_INTERNAL); + } + + rec_len=COMBINE(q->data[3],q->data[4]); + + /*Expand the buffer*/ + if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){ + if(!(q->data=realloc(q->data,rec_len+5))) + ABORT(R_NO_MEMORY); + q->_allocated=rec_len+SSL_HEADER_SIZE; + }; + + q->ptr=q->data+SSL_HEADER_SIZE; + q->read_left=rec_len; + + case SSL_READ_HEADER: + if(r=read_data(q,last,offset,&last,&offset)) + ABORT(r); + break; + default: + ABORT(R_INTERNAL); + } + + q->state=SSL_READ_NONE; + /*Whew. If we get here, we've managed to read a whole record*/ + *lastp=last; + *offsetp=offset; + + _status=0; + abort: + return(_status); + } + + +static int read_data(q,seg,offset,lastp,offsetp) + r_queue *q; + segment *seg; + int offset; + segment **lastp; + int *offsetp; + { + int tocpy=0,r,_status; +#ifdef DEBUG + int bread=0; +#endif + + DBG((0,"read_data %d bytes requested",q->read_left)); + + for(;seg;seg=seg->next,offset=0){ + int left; + + left=seg->len-offset; + + tocpy=MIN(q->read_left,left); + memcpy(q->ptr,seg->data+offset,tocpy); + q->read_left-=tocpy; + q->ptr+=tocpy; + q->len+=tocpy; +#ifdef DEBUG + bread+=tocpy; +#endif + if(!q->read_left) + break; + }; + + if(q->read_left){ + if(r=copy_tcp_segment_queue(&q->q,seg)) + ABORT(r); + return(SSL_NO_DATA); + } + + if(seg && tocpy==(seg->len - offset)){ + *lastp=0; + *offsetp=0; + } + else{ + *lastp=seg; + if(seg) *offsetp=tocpy+offset; + } + + if(q->read_left<0) abort(); + + DBG((0,"read_data %d bytes read",bread)); + + _status=0; + abort: + return(_status); + } + +static int data_ssl_analyzer(_obj,seg,direction) + proto_obj *_obj; + segment *seg; + int direction; + { + int _status,r; + r_queue *q; + segment *last,*q_next,*assembled; + ssl_obj *ssl=(ssl_obj *)_obj; + int offset=0; + + q=direction==DIR_R2I?ssl->r2i_queue:ssl->i2r_queue; + + /* Handle SSLv2 backwards compat client hello + This is sloppy because we'll assume that it's + all in one TCP segment -- an assumption we make + nowhere else in the code + */ + if(direction==DIR_I2R && ssl->i_state==SSL_ST_SENT_NOTHING){ + r=process_v2_hello(ssl,seg); + + if(r==SSL_NO_DATA) + return(0); + + if(r==0) + return(0); + } + + if(ssl->i_state==SSL_ST_SENT_NOTHING){ + + r=process_beginning_plaintext(ssl,seg,direction); + if(r==SSL_NO_DATA) + return(0); + + if(r==0) + return(0); + } + + while(!(r=read_ssl_record(ssl,q,seg,offset,&last,&offset))){ + if(ssl->i_state==SSL_ST_SENT_NOTHING) + ssl->i_state=SSL_ST_HANDSHAKE; + if(last){ + q_next=last->next; + last->next=0; + } + if(q->q_last){ + q->q_last->next=seg; + assembled=q->q; + } + else + assembled=seg; + + ssl->direction=direction; + + if(r=print_ssl_record(ssl,direction,assembled,q->data,q->len)) + ABORT(r); + + /*Now reset things, so we can read another record*/ + if(q){ + if(q->q_last) q->q_last->next=0; + if(last) + last->next=q_next; + free_tcp_segment_queue(q->q); + q->q=0;q->q_last=0;q->offset=0;q->len=0;q->ptr=q->data; + q->state=SSL_READ_NONE; + } + + seg=last; + } + + if(r!=SSL_NO_DATA) + ABORT(r); + + _status=0; + abort: + return(_status); + } + +static int print_ssl_header(obj,direction,q,data,len) + ssl_obj *obj; + int direction; + segment *q; + UCHAR *data; + int len; + { + int ct=0; + int r; + segment *s; + struct timeval dt; + + ssl_print_record_num(obj); + + if(SSL_print_flags & SSL_PRINT_TIMESTAMP){ + for(s=q;s;s=s->next) ct++; + + for(s=q;s;s=s->next){ + ssl_print_timestamp(obj,&s->p->ts); + + if(s->next) + printf(", "); + } + } + + ssl_print_direction_indicator(obj,direction); + + return(0); + } + +static int print_ssl_record(obj,direction,q,data,len) + ssl_obj *obj; + int direction; + segment *q; + UCHAR *data; + int len; + { + int r; + + if(r=print_ssl_header(obj,direction,q,data,len)) + ERETURN(r); + + ssl_expand_record(obj,q,direction,data,len); + if(SSL_print_flags & SSL_PRINT_HEXDUMP){ + Data d; + + INIT_DATA(d,data,len); + exdump(obj,"Packet data",&d); + printf("\n\n"); + } + + return(0); + } + +int close_ssl_analyzer(_obj,p,dir) + proto_obj *_obj; + packet *p; + int dir; + { + ssl_obj *ssl=(ssl_obj *)_obj; + char *what; + + if(p->tcp->th_flags & TH_RST) + what="RST"; + else + what="FIN"; + + explain(ssl,"%d ",ssl->conn->conn_number); + ssl_print_timestamp(ssl,&p->ts); + ssl_print_direction_indicator(ssl,dir); + explain(ssl," TCP %s",what); + printf("\n"); + + return(0); + } + + +static struct proto_mod_vtbl_ ssl_vtbl ={ + parse_ssl_flags, + parse_ssl_flag, + create_ssl_ctx, + create_ssl_analyzer, + destroy_ssl_analyzer, + data_ssl_analyzer, + close_ssl_analyzer, +}; + +struct proto_mod_ ssl_mod = { + 0, + &ssl_vtbl +}; + + + + diff --git a/ssl/ssl_analyze.h b/ssl/ssl_analyze.h new file mode 100644 index 0000000..d985218 --- /dev/null +++ b/ssl/ssl_analyze.h @@ -0,0 +1,87 @@ +/** + ssl_analyze.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_analyze.h,v 1.3 2000/11/09 18:52:24 ekr Exp $ + + + ekr@rtfm.com Tue Jan 12 08:45:44 1999 + */ + + +#ifndef _ssl_analyze_h +#define _ssl_analyze_h + +extern proto_mod ssl_mod; + +/*The type of data this is*/ +#define P_RH (1<<3) +#define P_HT (1<<4) +#define P_HL (1<<5) +#define P_ND (1<<6) +#define P_DC (1<<7) +#define P_NR (1<<8) +#define P_ASN (1<<9) +#define P_CR (1<<10) +#define P_AD (1<<11) +#define P_TSA (1<<12) +#define P_QT (1<<13) +#define P_HO (1<<14) + +#define SSL_PRINT_TIMESTAMP (1) /*Timestamp records*/ +#define SSL_PRINT_HEXDUMP (1<<2) /*Print the whole record in hex*/ +#define SSL_PRINT_RECORD_HEADER P_RH /*Print the record header*/ +#define SSL_PRINT_HANDSHAKE_TYPE P_HT /*Print the handshake type*/ +#define SSL_PRINT_HIGHLIGHTS (P_HT | P_HL) +#define SSL_PRINT_ALL_FIELDS (P_RH | P_HT | P_HL | P_ND) +#define SSL_PRINT_DECODE (P_DC) /*Print fields as decoded*/ +#define SSL_PRINT_NROFF (P_NR) +#define SSL_PRINT_DECODE_ASN1 (P_ASN) +#define SSL_PRINT_CRYPTO (P_CR) +#define SSL_PRINT_APP_DATA (P_AD) +#define SSL_PRINT_TIMESTAMP_ABSOLUTE (P_TSA) +#define SSL_PRINT_QUIET (P_QT) +#define SSL_PRINT_HEX_ONLY (P_HO) +#define SSL_PRINT_ALL 0xfffffff + +extern UINT4 SSL_print_flags; +extern char *SSL_keyfile; +extern char *SSL_password; + +#endif + diff --git a/ssl/ssl_enum.c b/ssl/ssl_enum.c new file mode 100644 index 0000000..fde56c6 --- /dev/null +++ b/ssl/ssl_enum.c @@ -0,0 +1,385 @@ +#include "network.h" +#include "ssl.h" +#include "sslprint.h" +static int decode_ContentType_change_cipher_spec(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_ContentType_alert(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_ContentType_handshake(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + extern decoder HandshakeType_decoder[]; + int r; + UINT4 t,l; + + SSL_DECODE_UINT8(ssl,0,0,data,&t); + SSL_DECODE_UINT24(ssl,0,0,data,&l); + + if(data->len!=l){ + fprintf(stderr,"Error: short handshake length: expected %d got %d\n", + l,data->len); + ERETURN(R_EOD); + } + + ssl_decode_switch(ssl,HandshakeType_decoder,t,dir,seg,data); + + } +static int decode_ContentType_application_data(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder ContentType_decoder[]={ + { + 20, + "change_cipher_spec", + decode_ContentType_change_cipher_spec + }, + { + 21, + "alert", + decode_ContentType_alert + }, + { + 22, + "handshake", + decode_ContentType_handshake + }, + { + 23, + "application_data", + decode_ContentType_application_data + }, +{0} +}; + +static int decode_HandshakeType_hello_request(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_client_hello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 vj,vn,cs,cslen,complen,comp; + Data session_id,random; + int r; + + extern decoder cipher_suite_decoder[]; + extern decoder compression_method_decoder[]; + + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_ND) {explain(ssl,"Client version %d.%d ",vj,vn);} + + printf("\n"); + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&random); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,0,data,&session_id); + + if(session_id.len) + exdump(ssl,"resume ",&session_id); + + SSL_DECODE_UINT16(ssl,"cipher Suites len",0,data,&cslen); + explain(ssl,"cipher suites\n"); + + for(;cslen;cslen-=2){ + SSL_DECODE_ENUM(ssl,0,2,cipher_suite_decoder, + P_HL,data,&cs); + printf("\n"); + } + + SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen); + if(complen){ + explain(ssl,"compression methods\n"); + for(;complen;complen--){ + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,&comp); + printf("\n"); + } + } + return(0); + + } +static int decode_HandshakeType_server_hello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + UINT4 vj,vn; + + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_ND) {explain(ssl,"SSL version %d.%d ",vj,vn);} + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",32,P_ND,data,0); + SSL_DECODE_ENUM(ssl,0,2,cipher_suite_decoder, + P_HL,data,0); + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,0); + + return(0); + + } +static int decode_HandshakeType_certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_server_key_exchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_certificate_request(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_server_hello_done(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_certificate_verify(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_client_key_exchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_finished(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder HandshakeType_decoder[]={ + { + 0, + "hello_request", + decode_HandshakeType_hello_request + }, + { + 1, + "client_hello", + decode_HandshakeType_client_hello + }, + { + 2, + "server_hello", + decode_HandshakeType_server_hello + }, + { + 11, + "certificate", + decode_HandshakeType_certificate + }, + { + 12, + "server_key_exchange", + decode_HandshakeType_server_key_exchange + }, + { + 13, + "certificate_request", + decode_HandshakeType_certificate_request + }, + { + 14, + "server_hello_done", + decode_HandshakeType_server_hello_done + }, + { + 15, + "certificate_verify", + decode_HandshakeType_certificate_verify + }, + { + 16, + "client_key_exchange", + decode_HandshakeType_client_key_exchange + }, + { + 20, + "finished", + decode_HandshakeType_finished + }, +{0} +}; + +decoder cipher_suite_decoder[]={ + { + 1, + "TLS_RSA_WITH_NULL_MD5", + 0 }, + { + 2, + "TLS_RSA_WITH_NULL_SHA", + 0 }, + { + 3, + "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 4, + "TLS_RSA_WITH_RC4_128_MD5", + 0 }, + { + 5, + "TLS_RSA_WITH_RC4_128_SHA", + 0 }, + { + 6, + "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + 0 }, + { + 7, + "TLS_RSA_WITH_IDEA_CBC_SHA", + 0 }, + { + 8, + "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 9, + "TLS_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 10, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 11, + "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 12, + "TLS_DH_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 13, + "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 14, + "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 15, + "TLS_DH_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 16, + "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 17, + "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 18, + "TLS_DHE_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 19, + "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 20, + "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 21, + "TLS_DHE_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 22, + "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 23, + "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 24, + "TLS_DH_anon_WITH_RC4_128_MD5", + 0 }, + { + 25, + "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 26, + "TLS_DH_anon_WITH_DES_CBC_SHA", + 0 }, + { + 27, + "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + 0 }, +{-1} +}; + +decoder compression_method_decoder[]={ + { + 7, + "NULL", + 0 }, +{-1} +}; + diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h new file mode 100644 index 0000000..2799c48 --- /dev/null +++ b/ssl/ssl_h.h @@ -0,0 +1,134 @@ +/** + ssl.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_h.h,v 1.6 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Fri Jan 8 14:09:37 1999 + */ + + +#ifndef _ssl_h +#define _ssl_h + +#include "sslciphers.h" + +typedef struct ssl_decode_ctx_ ssl_decode_ctx; +typedef struct ssl_decoder_ ssl_decoder; + + +typedef struct d_queue_ { + short state; /*What state we're in*/ +#define SSL_READ_NONE 1 +#define SSL_READ_HEADER 2 + int read_left; /*How many more bytes to read in this state*/ + int len; /*The length of the total record, including header*/ + UCHAR *data; /*The data for this record*/ + UCHAR *ptr; /*The data ptr*/ + int _allocated; /*The number of data bytes allocated for this record*/ + segment *q; /*The segments that match this record*/ + segment *q_last; /*The last segment*/ + int offset; /*How far into the first segment this record starts*/ +} r_queue; + +typedef struct ssl_obj_ { + tcp_conn *conn; + int r_state; + int i_state; + int version; + int cipher_suite; + + char *client_name; + int client_port; + char *server_name; + int server_port; + + struct SSL_CipherSuite_ *cs; + r_queue *i2r_queue; + r_queue *r2i_queue; + struct timeval time_start; + struct timeval time_last; + ssl_decode_ctx *ssl_ctx; + ssl_decoder *decoder; + + int process_ciphertext; + + /*Printing bookkeeping*/ + #define REC_PLAINTEXT 1 + #define REC_DECRYPTED_CIPHERTEXT 2 + #define REC_CIPHERTEXT 3 + int record_encryption; + + int direction; /* The direction we're currently working in*/ + int record_count; + int indent_depth; + int indent_name_len; +} ssl_obj; + +typedef struct decoder_ { + int type; + char *name; + int (*print) PROTO_LIST((ssl_obj *,int direction,segment *seg,Data *data)); +} decoder; + +#define SSL_NO_DATA 1 +#define SSL_BAD_CONTENT_TYPE 2 +#define SSL_BAD_PMS 3 +#define SSL_CANT_DO_CIPHER 4 +#define SSL_NO_DECRYPT 5 +#define SSL_BAD_MAC 6 +#define SSL_BAD_DATA 7 + +/*SSL defines*/ +#define COMBINE(a,b) ((a<<8) | b) +#define SSL_HEADER_SIZE 5 + +#define SSLV3_VERSION 0x300 +#define TLSV1_VERSION 0x301 + +/*State defines*/ +#define SSL_ST_SENT_NOTHING 0 +#define SSL_ST_HANDSHAKE 1 +#define SSL_ST_SENT_CHANGE_CIPHER_SPEC 2 + +#include "ssldecode.h" + + +#endif + diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c new file mode 100644 index 0000000..e0224e6 --- /dev/null +++ b/ssl/ssl_rec.c @@ -0,0 +1,312 @@ +/** + ssl_rec.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_rec.c,v 1.3 2000/11/03 06:38:06 ekr Exp $ + + + ekr@rtfm.com Wed Aug 18 15:46:57 1999 + */ + + +static char *RCSSTRING="$Id: ssl_rec.c,v 1.3 2000/11/03 06:38:06 ekr Exp $"; + +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#ifdef OPENSSL +#include +#include +#include +#endif +#include "ssldecode.h" +#include "ssl_rec.h" + +struct ssl_rec_decoder_ { + SSL_CipherSuite *cs; + Data *mac_key; +#ifdef OPENSSL + EVP_CIPHER_CTX *evp; +#endif + UINT4 seq; +}; + + +static char *digests[]={ + "MD5", + "SHA1" +}; + +static char *ciphers[]={ + "DES", + "DES3", + "RC4", + "RC2", + "IDEA" +}; + + +static int tls_check_mac PROTO_LIST((ssl_rec_decoder *d,int ct, + int ver,UCHAR *data,UINT4 datalen,UCHAR *mac)); +static int fmt_seq PROTO_LIST((UINT4 num,UCHAR *buf)); + +int ssl_create_rec_decoder(dp,cs,mk,sk,iv) + ssl_rec_decoder **dp; + SSL_CipherSuite *cs; + UCHAR *mk; + UCHAR *sk; + UCHAR *iv; + { + int r,_status; + ssl_rec_decoder *dec=0; +#ifdef OPENSSL + const EVP_CIPHER *ciph=0; + + /* Find the SSLeay cipher */ + if(cs->enc!=ENC_NULL){ + ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); + } + + if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1))) + ABORT(R_NO_MEMORY); + + dec->cs=cs; + if(r=r_data_create(&dec->mac_key,mk,cs->dig_len)) + ABORT(r); + if(!(dec->evp=(EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX)))) + ABORT(R_NO_MEMORY); + EVP_CIPHER_CTX_init(dec->evp); + EVP_CipherInit(dec->evp,ciph,sk,iv,0); +#endif + + *dp=dec; + _status=0; + abort: + if(_status){ + ssl_destroy_rec_decoder(&dec); + } + return(_status); + } + +int ssl_destroy_rec_decoder(dp) + ssl_rec_decoder **dp; + { + ssl_rec_decoder *d; + + if(!dp || !*dp) + return(0); + d=*dp; + + r_data_destroy(&d->mac_key); +#ifdef OPENSSL + if(d->evp){ + EVP_CIPHER_CTX_cleanup(d->evp); + free(d->evp); + } + free(*dp); +#endif + + *dp=0; + return(0); + } + +int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) + ssl_obj *ssl; + ssl_rec_decoder *d; + int ct; + int version; + UCHAR *in; + int inl; + UCHAR *out; + int *outl; + { +#ifdef OPENSSL + int pad; + int r; + UCHAR *mac; + + CRDUMP("Ciphertext",in,inl); + /* First decrypt*/ + EVP_Cipher(d->evp,out,in,inl); + + CRDUMP("Plaintext",out,inl); + *outl=inl; + + /* Now strip off the padding*/ + if(d->cs->block!=1){ + pad=out[inl-1]; + *outl-=(pad+1); + } + + /* And the MAC */ + *outl-=d->cs->dig_len; + mac=out+(*outl); + CRDUMP("Record data",out,*outl); + + /* Now check the MAC */ + if(ssl->version==0x300){ + if(r=ssl3_check_mac(d,ct,version,out,*outl,mac)) + ERETURN(r); + } + else{ + if(r=tls_check_mac(d,ct,version,out,*outl,mac)) + ERETURN(r); + } + +#endif + return(0); + } + + +#define MSB(a) ((a>>8)&0xff) +#define LSB(a) (a&0xff) +#ifdef OPENSSL + +/* This should go to 2^128, but we're never really going to see + more than 2^64, so we cheat*/ +static int fmt_seq(num,buf) + UINT4 num; + UCHAR *buf; + { + UINT4 netnum; + + memset(buf,0,8); + netnum=htonl(num); + memcpy(buf+4,&netnum,4); + + return(0); + } + +static int tls_check_mac(d,ct,ver,data,datalen,mac) + ssl_rec_decoder *d; + int ct; + int ver; + UCHAR *data; + UINT4 datalen; + UCHAR *mac; + { + HMAC_CTX hm; + const EVP_MD *md; + UINT4 l; + UCHAR buf[20]; + + md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); + HMAC_Init(&hm,d->mac_key->data,d->mac_key->len,md); + + fmt_seq(d->seq,buf); + d->seq++; + HMAC_Update(&hm,buf,8); + buf[0]=ct; + HMAC_Update(&hm,buf,1); + + buf[0]=MSB(ver); + buf[1]=LSB(ver); + HMAC_Update(&hm,buf,2); + + buf[0]=MSB(datalen); + buf[1]=LSB(datalen); + HMAC_Update(&hm,buf,2); + + HMAC_Update(&hm,data,datalen); + + HMAC_Final(&hm,buf,&l); + if(memcmp(mac,buf,l)) + ERETURN(SSL_BAD_MAC); + + HMAC_cleanup(&hm); + return(0); + } + +int ssl3_check_mac(d,ct,ver,data,datalen,mac) + ssl_rec_decoder *d; + int ct; + int ver; + UCHAR *data; + UINT4 datalen; + UCHAR *mac; + { + EVP_MD_CTX mc; + const EVP_MD *md; + UINT4 l; + UCHAR buf[64],dgst[20]; + int pad_ct; + + pad_ct=(d->cs->dig==DIG_SHA)?40:48; + + md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); + EVP_DigestInit(&mc,md); + + EVP_DigestUpdate(&mc,d->mac_key->data,d->mac_key->len); + + memset(buf,0x36,pad_ct); + EVP_DigestUpdate(&mc,buf,pad_ct); + + fmt_seq(d->seq,buf); + d->seq++; + EVP_DigestUpdate(&mc,buf,8); + + buf[0]=ct; + EVP_DigestUpdate(&mc,buf,1); + + buf[0]=MSB(datalen); + buf[1]=LSB(datalen); + EVP_DigestUpdate(&mc,buf,2); + + EVP_DigestUpdate(&mc,data,datalen); + + EVP_DigestFinal(&mc,dgst,&l); + + EVP_DigestInit(&mc,md); + + EVP_DigestUpdate(&mc,d->mac_key->data,d->mac_key->len); + + memset(buf,0x5c,pad_ct); + EVP_DigestUpdate(&mc,buf,pad_ct); + + EVP_DigestUpdate(&mc,dgst,l); + + EVP_DigestFinal(&mc,dgst,&l); + + if(memcmp(mac,dgst,l)) + ERETURN(SSL_BAD_MAC); + + return(0); + } + +#endif diff --git a/ssl/ssl_rec.h b/ssl/ssl_rec.h new file mode 100644 index 0000000..203f55f --- /dev/null +++ b/ssl/ssl_rec.h @@ -0,0 +1,59 @@ +/** + ssl_rec.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_rec.h,v 1.2 2000/10/17 16:10:02 ekr Exp $ + + + ekr@rtfm.com Wed Aug 18 16:16:23 1999 + */ + + +#ifndef _ssl_rec_h +#define _ssl_rec_h + +typedef struct ssl_rec_decoder_ ssl_rec_decoder; + +int ssl_destroy_rec_decoder PROTO_LIST((ssl_rec_decoder **dp)); +int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp, + SSL_CipherSuite *cs,UCHAR *mk,UCHAR *sk,UCHAR *iv)); +int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d, + int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); + +#endif + diff --git a/ssl/sslciphers.h b/ssl/sslciphers.h new file mode 100644 index 0000000..96256ca --- /dev/null +++ b/ssl/sslciphers.h @@ -0,0 +1,83 @@ +/** + sslciphers.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslciphers.h,v 1.3 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Tue Mar 30 18:11:55 1999 + */ + + +#ifndef _sslciphers_h +#define _sslciphers_h +typedef struct SSL_CipherSuite_ { + int number; + int kex; + int sig; + int enc; + int block; + int bits; + int eff_bits; + int dig; + int dig_len; + int export; +} SSL_CipherSuite; + +#define KEX_RSA 0x10 +#define KEX_DH 0x11 + +#define SIG_RSA 0x20 +#define SIG_DSS 0x21 +#define SIG_NONE 0x22 + +#define ENC_DES 0x30 +#define ENC_3DES 0x31 +#define ENC_RC4 0x32 +#define ENC_RC2 0x33 +#define ENC_IDEA 0x34 +#define ENC_NULL 0x35 + +#define DIG_MD5 0x40 +#define DIG_SHA 0x41 + +int ssl_find_cipher PROTO_LIST((int num,SSL_CipherSuite **cs)); + + +#endif + diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c new file mode 100644 index 0000000..ae608dd --- /dev/null +++ b/ssl/ssldecode.c @@ -0,0 +1,908 @@ +/** + ssldecode.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Thu Apr 1 09:54:53 1999 + */ + +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#ifdef OPENSSL +#include +#include +#include +#include +#endif +#include "ssldecode.h" +#include "ssl_rec.h" +#include "r_assoc.h" +static char *RCSSTRING="$Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $"; + +#define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \ + ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \ + tls_prf(ssl,secret,usage,rnd1,rnd2,out) + + +static char *ssl_password; + +extern UINT4 SSL_print_flags; + +struct ssl_decode_ctx_ { +#ifdef OPENSSL + SSL_CTX *ssl_ctx; + SSL *ssl; + r_assoc *session_cache; +#else + char dummy; /* Some compilers (Win32) don't like empty + structs */ +#endif +}; + +struct ssl_decoder_ { + ssl_decode_ctx *ctx; + Data *session_id; + SSL_CipherSuite *cs; + Data *client_random; + Data *server_random; + int ephemeral_rsa; + Data *PMS; + Data *MS; + ssl_rec_decoder *c_to_s; + ssl_rec_decoder *s_to_c; + ssl_rec_decoder *c_to_s_n; + ssl_rec_decoder *s_to_c_n; +}; + + +#ifdef OPENSSL +static int tls_P_hash PROTO_LIST((ssl_obj *ssl,Data *secret,Data *seed, + const EVP_MD *md,Data *out)); +static int tls_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, + Data *rnd1,Data *rnd2,Data *out)); +static int ssl3_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, + Data *rnd1,Data *rnd2,Data *out)); +static int ssl3_generate_export_iv PROTO_LIST((ssl_obj *ssl, + Data *rnd1,Data *rnd2,Data *out)); +static int ssl_generate_keying_material PROTO_LIST((ssl_obj *ssl, + ssl_decoder *d)); +#endif + +static int ssl_create_session_lookup_key PROTO_LIST((ssl_obj *ssl, + UCHAR *id,UINT4 idlen,UCHAR **keyp,UINT4 *keyl)); +int ssl_save_session PROTO_LIST((ssl_obj *ssl,ssl_decoder *d)); +int ssl_restore_session PROTO_LIST((ssl_obj *ssl,ssl_decoder *d)); + +/*The password code is not thread safe*/ +static int password_cb(char *buf,int num,int rwflag,void *userdata) + { + if(numssl_ctx=SSL_CTX_new(SSLv23_server_method()))) + ABORT(R_NO_MEMORY); + if(keyfile){ + if(pass){ + ssl_password=pass; + SSL_CTX_set_default_passwd_cb(d->ssl_ctx,password_cb); + } +#if 0 + if(SSL_CTX_use_certificate_file(d->ssl_ctx,keyfile,SSL_FILETYPE_PEM)!=1){ + fprintf(stderr,"Problem loading certificate file\n"); + ABORT(R_INTERNAL); + } +#endif + if(SSL_CTX_use_PrivateKey_file(d->ssl_ctx,keyfile,SSL_FILETYPE_PEM)!=1){ + fprintf(stderr,"Problem loading private key\n"); + ABORT(R_INTERNAL); + } + } + if(!(d->ssl=SSL_new(d->ssl_ctx))) + ABORT(R_NO_MEMORY); + + if(r_assoc_create(&d->session_cache)) + ABORT(R_NO_MEMORY); + + X509V3_add_standard_extensions(); + + *dp=d; + _status=0; + abort: + return(_status); +#else + return(0); +#endif + } + +int ssl_decoder_create(dp,ctx) + ssl_decoder **dp; + ssl_decode_ctx *ctx; + { + int _status; + + ssl_decoder *d=0; + +#ifdef OPENSSL + if(!(d=(ssl_decoder *)calloc(sizeof(ssl_decoder),1))) + ABORT(R_NO_MEMORY); + d->ctx=ctx; + + *dp=d; + _status=0; + abort: + if(_status) + ssl_decoder_destroy(&d); + return(_status); +#else + return 0; +#endif + } + +int ssl_decoder_destroy(dp) + ssl_decoder **dp; + { +#ifdef OPENSSL + ssl_decoder *d; + + if(!dp || !*dp) + return(0); + d=*dp; + r_data_destroy(&d->client_random); + r_data_destroy(&d->server_random); + r_data_destroy(&d->session_id); + r_data_destroy(&d->PMS); + r_data_destroy(&d->MS); + ssl_destroy_rec_decoder(&d->c_to_s); + ssl_destroy_rec_decoder(&d->c_to_s_n); + ssl_destroy_rec_decoder(&d->s_to_c); + ssl_destroy_rec_decoder(&d->s_to_c_n); + free(d); + *dp=0; +#endif + return(0); + } + +int ssl_set_client_random(d,msg,len) + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r; + + if(r=r_data_create(&d->client_random,msg,len)) + ERETURN(r); +#endif + return(0); + } + +int ssl_set_server_random(d,msg,len) + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r; + + if(r=r_data_create(&d->server_random,msg,len)) + ERETURN(r); +#endif + return(0); + } + +int ssl_set_client_session_id(d,msg,len) + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r; + + if(r=r_data_create(&d->session_id,msg,len)) + ERETURN(r); +#endif + return(0); + } + +int ssl_process_server_session_id(ssl,d,msg,len) + ssl_obj *ssl; + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r,_status; + Data idd; + int restored=0; + + INIT_DATA(idd,msg,len); + + /* First check to see if the client tried to restore */ + if(d->session_id){ + /* Now check to see if we restored */ + if(r_data_compare(&idd,d->session_id)) + goto abort; + + /* Now try to look up the session. We may not be able + to find it if, for instance, the original session + was initiated with something other than static RSA */ + if(r=ssl_restore_session(ssl,d)) + ABORT(r); + + restored=1; + } + + _status=0; + abort: + if(!restored){ + /* Copy over the session ID */ + r_data_zfree(d->session_id); + r_data_create(&d->session_id,msg,len); + } + return(_status); +#else + return(0); +#endif + } + +int ssl_process_change_cipher_spec(ssl,d,direction) + ssl_obj *ssl; + ssl_decoder *d; + int direction; + { +#ifdef OPENSSL + if(direction==DIR_I2R){ + d->c_to_s=d->c_to_s_n; + d->c_to_s_n=0; + if(d->c_to_s) ssl->process_ciphertext |= direction; + } + else{ + d->s_to_c=d->s_to_c_n; + d->s_to_c_n=0; + if(d->s_to_c) ssl->process_ciphertext |= direction; + } + +#endif + return(0); + } +int ssl_decode_record(ssl,dec,direction,ct,version,d) + ssl_obj *ssl; + ssl_decoder *dec; + int direction; + int ct; + int version; + Data *d; + { + ssl_rec_decoder *rd; + UCHAR *out; + int outl; + int r,_status; + UINT4 state; + + if(dec) + rd=(direction==DIR_I2R)?dec->c_to_s:dec->s_to_c; + else + rd=0; + state=(direction==DIR_I2R)?ssl->i_state:ssl->r_state; + + if(!rd){ + if(state & SSL_ST_SENT_CHANGE_CIPHER_SPEC){ + ssl->record_encryption=REC_CIPHERTEXT; + return(SSL_NO_DECRYPT); + } + else { + ssl->record_encryption=REC_PLAINTEXT; + return(0); + } + } + + ssl->record_encryption=REC_CIPHERTEXT; +#ifdef OPENSSL + if(!(out=(UCHAR *)malloc(d->len))) + ABORT(R_NO_MEMORY); + + if(r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl)){ + ABORT(r); + } + + memcpy(d->data,out,outl); + d->len=outl; + + ssl->record_encryption=REC_DECRYPTED_CIPHERTEXT; + + _status=0; + abort: + FREE(out); + return(_status); +#else + return(0); +#endif + } + + +static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl) + ssl_obj *ssl; + UCHAR *id; + UINT4 idlen; + UCHAR **keyp; + UINT4 *keyl; + { + UCHAR *key=0; + UINT4 l; + int r,_status; + + l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */ + + if(!(key=(UCHAR *)malloc(l))) + ABORT(R_NO_MEMORY); + *keyp=key; + + memcpy(key,id,idlen); + *keyl=idlen; + key+=idlen; + + sprintf(key,"%s:%d",ssl->server_name,ssl->server_port); + *keyl+=strlen(key); + + _status=0; + abort: + return(_status); + } + +/* Look up the session id in the session cache and generate + the appropriate keying material */ +int ssl_restore_session(ssl,d) + ssl_obj *ssl; + ssl_decoder *d; + { + UCHAR *lookup_key=0; + void *msv; + Data *msd; + int lookup_key_len; + int r,_status; +#ifdef OPENSSL + if(r=ssl_create_session_lookup_key(ssl, + d->session_id->data,d->session_id->len,&lookup_key, + &lookup_key_len)) + ABORT(r); + if(r=r_assoc_fetch(d->ctx->session_cache,lookup_key,lookup_key_len, + &msv)) + ABORT(r); + msd=(Data *)msv; + if(r=r_data_create(&d->MS,msd->data,msd->len)) + ABORT(r); + CRDUMPD("Restored MS",d->MS); + + switch(ssl->version){ + case SSLV3_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + case TLSV1_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + default: + ABORT(SSL_CANT_DO_CIPHER); + } + + _status=0; + abort: + FREE(lookup_key); + return(_status); +#else + return(0); +#endif + } + +/* Look up the session id in the session cache and generate + the appropriate keying material */ +int ssl_save_session(ssl,d) + ssl_obj *ssl; + ssl_decoder *d; + { +#ifdef OPENSSL + UCHAR *lookup_key=0; + void *msv; + Data *msd=0; + int lookup_key_len; + int r,_status; + + if(r=ssl_create_session_lookup_key(ssl,d->session_id->data, + d->session_id->len,&lookup_key, + &lookup_key_len)) + ABORT(r); + if(r=r_data_create(&msd,d->MS->data,d->MS->len)) + ABORT(r); + if(r=r_assoc_insert(d->ctx->session_cache,lookup_key,lookup_key_len, + (void *)msd,0,(int (*)(void *))r_data_zfree, + R_ASSOC_NEW | R_ASSOC_REPLACE)) + ABORT(r); + + _status=0; + abort: + if(_status){ + r_data_zfree(msd); + } + FREE(lookup_key); + return(_status); +#else + return(0); +#endif + } + +/* This only works with RSA because the other cipher suites + offer PFS. Yuck. */ +int ssl_process_client_key_exchange(ssl,d,msg,len) + ssl_obj *ssl; + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r,_status; + int i; + + EVP_PKEY *pk; + + if(ssl->cs->kex!=KEX_RSA) + return(-1); + + if(d->ephemeral_rsa) + return(-1); + + pk=SSL_get_privatekey(d->ctx->ssl); + if(!pk) + return(-1); + + if(pk->type!=EVP_PKEY_RSA) + return(-1); + + if(r=r_data_alloc(&d->PMS,BN_num_bytes(pk->pkey.rsa->n))) + ABORT(r); + + i=RSA_private_decrypt(len,msg,d->PMS->data, + pk->pkey.rsa,RSA_PKCS1_PADDING); + + if(i!=48) + ABORT(SSL_BAD_PMS); + + d->PMS->len=48; + + CRDUMPD("PMS",d->PMS); + + /* Remove the master secret if it was there + to force keying material regeneration in + case we're renegotiating */ + r_data_destroy(&d->MS); + + switch(ssl->version){ + case SSLV3_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + case TLSV1_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + default: + ABORT(SSL_CANT_DO_CIPHER); + } + + + /* Now store the data in the session cache */ + if(r=ssl_save_session(ssl,d)) + ABORT(r); + + _status=0; + abort: + return(_status); +#else + return 0; +#endif + + } + +#ifdef OPENSSL +static int tls_P_hash(ssl,secret,seed,md,out) + ssl_obj *ssl; + Data *secret; + Data *seed; + const EVP_MD *md; + Data *out; + { + UCHAR *ptr=out->data; + int left=out->len; + int tocpy; + UCHAR *A; + UCHAR _A[20],tmp[20]; + unsigned int A_l,tmp_l; + HMAC_CTX hm; + + CRDUMPD("P_hash secret",secret); + CRDUMPD("P_hash seed",seed); + + A=seed->data; + A_l=seed->len; + + while(left){ + HMAC_Init(&hm,secret->data,secret->len,md); + HMAC_Update(&hm,A,A_l); + HMAC_Final(&hm,_A,&A_l); + A=_A; + + HMAC_Init(&hm,secret->data,secret->len,md); + HMAC_Update(&hm,A,A_l); + HMAC_Update(&hm,seed->data,seed->len); + HMAC_Final(&hm,tmp,&tmp_l); + + tocpy=MIN(left,tmp_l); + memcpy(ptr,tmp,tocpy); + ptr+=tocpy; + left-=tocpy; + } + + HMAC_cleanup(&hm); + + CRDUMPD("P_hash out",out); + + return (0); + } + + +static int tls_prf(ssl,secret,usage,rnd1,rnd2,out) + ssl_obj *ssl; + Data *secret; + char *usage; + Data *rnd1; + Data *rnd2; + Data *out; + { + int r,_status; + Data *md5_out=0,*sha_out=0; + Data *seed; + UCHAR *ptr; + Data *S1=0,*S2=0; + int i,S_l; + + if(r=r_data_alloc(&md5_out,MAX(out->len,16))) + ABORT(r); + if(r=r_data_alloc(&sha_out,MAX(out->len,20))) + ABORT(r); + if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) + ABORT(r); + ptr=seed->data; + memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); + memcpy(ptr,rnd1->data,rnd1->len); ptr+=rnd1->len; + memcpy(ptr,rnd2->data,rnd2->len); ptr+=rnd2->len; + + S_l=secret->len/2 + secret->len%2; + + if(r=r_data_alloc(&S1,S_l)) + ABORT(r); + if(r=r_data_alloc(&S2,S_l)) + ABORT(r); + + memcpy(S1->data,secret->data,S_l); + memcpy(S2->data,secret->data + (secret->len - S_l),S_l); + + if(r=tls_P_hash + (ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out)) + ABORT(r); + if(r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out)) + ABORT(r); + + + for(i=0;ilen;i++) + out->data[i]=md5_out->data[i] ^ sha_out->data[i]; + + CRDUMPD("PRF out",out); + _status=0; + abort: + r_data_destroy(&md5_out); + r_data_destroy(&sha_out); + r_data_destroy(&seed); + r_data_destroy(&S1); + r_data_destroy(&S2); + return(_status); + + } + +static int ssl3_generate_export_iv(ssl,r1,r2,out) + ssl_obj *ssl; + Data *r1; + Data *r2; + Data *out; + { + MD5_CTX md5; + UCHAR tmp[16]; + + MD5_Init(&md5); + MD5_Update(&md5,r1->data,r1->len); + MD5_Update(&md5,r2->data,r2->len); + MD5_Final(tmp,&md5); + + memcpy(out->data,tmp,out->len); + + return(0); + } + +static int ssl3_prf(ssl,secret,usage,r1,r2,out) + ssl_obj *ssl; + Data *secret; + char *usage; + Data *r1; + Data *r2; + Data *out; + { + MD5_CTX md5; + SHA_CTX sha; + Data *rnd1,*rnd2; + int off; + int i=0,j; + UCHAR buf[20]; + + rnd1=r1; rnd2=r2; + + CRDUMPD("Secret",secret); + CRDUMPD("RND1",rnd1); + CRDUMPD("RND2",rnd2); + + MD5_Init(&md5); + memset(&sha,0,sizeof(sha)); + SHA1_Init(&sha); + + for(off=0;offlen;off+=16){ + char outbuf[16]; + int tocpy; + i++; + + /* A, BB, CCC, ... */ + for(j=0;jdata,secret->len); + CRDUMPD("secret",secret); + + if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){ + SHA1_Update(&sha,rnd2->data,rnd2->len); + CRDUMPD("rnd2",rnd2); + SHA1_Update(&sha,rnd1->data,rnd1->len); + CRDUMPD("rnd1",rnd1); + } + else{ + SHA1_Update(&sha,rnd1->data,rnd1->len); + CRDUMPD("rnd1",rnd1); + SHA1_Update(&sha,rnd2->data,rnd2->len); + CRDUMPD("rnd2",rnd2); + } + + SHA1_Final(buf,&sha); + CRDUMP("SHA out",buf,20); + + SHA1_Init(&sha); + + MD5_Update(&md5,secret->data,secret->len); + MD5_Update(&md5,buf,20); + MD5_Final(outbuf,&md5); + tocpy=MIN(out->len-off,16); + memcpy(out->data+off,outbuf,tocpy); + CRDUMP("MD5 out",outbuf,16); + + MD5_Init(&md5); + } + + return(0); + } + +static int ssl_generate_keying_material(ssl,d) + ssl_obj *ssl; + ssl_decoder *d; + { + Data *key_block=0; + UCHAR _iv_c[8],_iv_s[8]; + UCHAR _key_c[16],_key_s[16]; + int needed; + int r,_status; + UCHAR *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv,*s_iv; + + if(!d->MS){ + if(r=r_data_alloc(&d->MS,48)) + ABORT(r); + + if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, + d->MS)) + ABORT(r); + + CRDUMPD("MS",d->MS); + } + + /* Compute the key block. First figure out how much data + we need*/ + needed=ssl->cs->dig_len*2; + needed+=ssl->cs->bits / 4; + if(ssl->cs->block>1) needed+=ssl->cs->block*2; + + + if(r=r_data_alloc(&key_block,needed)) + ABORT(r); + if(r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random, + key_block)) + ABORT(r); + + ptr=key_block->data; + c_mk=ptr; ptr+=ssl->cs->dig_len; + s_mk=ptr; ptr+=ssl->cs->dig_len; + + c_wk=ptr; ptr+=ssl->cs->eff_bits/8; + s_wk=ptr; ptr+=ssl->cs->eff_bits/8; + + if(ssl->cs->block>1){ + c_iv=ptr; ptr+=ssl->cs->block; + s_iv=ptr; ptr+=ssl->cs->block; + } + + if(ssl->cs->export){ + Data iv_c,iv_s; + Data c_iv_d,s_iv_d; + Data key_c,key_s; + Data k; + + if(ssl->cs->block>1){ + ATTACH_DATA(iv_c,_iv_c); + ATTACH_DATA(iv_s,_iv_s); + + if(ssl->version==SSLV3_VERSION){ + if(r=ssl3_generate_export_iv(ssl,d->client_random, + d->server_random,&iv_c)) + ABORT(r); + if(r=ssl3_generate_export_iv(ssl,d->server_random, + d->client_random,&iv_s)) + ABORT(r); + } + else{ + UCHAR _iv_block[16]; + Data iv_block; + Data key_null; + UCHAR _key_null; + + INIT_DATA(key_null,&_key_null,0); + + /* We only have room for 8 bit IVs, but that's + all we should need. This is a sanity check */ + if(ssl->cs->block>8) + ABORT(R_INTERNAL); + + ATTACH_DATA(iv_block,_iv_block); + + if(r=PRF(ssl,&key_null,"IV block",d->client_random, + d->server_random,&iv_block)) + ABORT(r); + + memcpy(_iv_c,iv_block.data,8); + memcpy(_iv_s,iv_block.data+8,8); + } + + c_iv=_iv_c; + s_iv=_iv_s; + } + + if(ssl->version==SSLV3_VERSION){ + MD5_CTX md5; + + MD5_Init(&md5); + MD5_Update(&md5,c_wk,ssl->cs->eff_bits/8); + MD5_Update(&md5,d->client_random->data,d->client_random->len); + MD5_Update(&md5,d->server_random->data,d->server_random->len); + MD5_Final(_key_c,&md5); + c_wk=_key_c; + + MD5_Init(&md5); + MD5_Update(&md5,s_wk,ssl->cs->eff_bits/8); + MD5_Update(&md5,d->server_random->data,d->server_random->len); + MD5_Update(&md5,d->client_random->data,d->client_random->len); + MD5_Final(_key_s,&md5); + s_wk=_key_s; + } + else{ + ATTACH_DATA(key_c,_key_c); + ATTACH_DATA(key_s,_key_s); + INIT_DATA(k,c_wk,ssl->cs->eff_bits/8); + if(r=PRF(ssl,&k,"client write key",d->client_random,d->server_random, + &key_c)) + ABORT(r); + c_wk=_key_c; + INIT_DATA(k,s_wk,ssl->cs->eff_bits/8); + if(r=PRF(ssl,&k,"server write key",d->client_random,d->server_random, + &key_s)) + ABORT(r); + s_wk=_key_s; + } + } + + CRDUMP("Client MAC key",c_mk,ssl->cs->dig_len); + CRDUMP("Server MAC key",s_mk,ssl->cs->dig_len); + CRDUMP("Client Write key",c_wk,ssl->cs->bits/8); + CRDUMP("Server Write key",s_wk,ssl->cs->bits/8); + + if(ssl->cs->block>1){ + CRDUMP("Client Write IV",c_iv,ssl->cs->block); + CRDUMP("Server Write IV",s_iv,ssl->cs->block); + } + + if(r=ssl_create_rec_decoder(&d->c_to_s_n, + ssl->cs,c_mk,c_wk,c_iv)) + ABORT(r); + if(r=ssl_create_rec_decoder(&d->s_to_c_n, + ssl->cs,s_mk,s_wk,s_iv)) + ABORT(r); + + + _status=0; + abort: + if(key_block){ + r_data_zfree(key_block); + free(key_block); + } + return(_status); + } + +#endif diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h new file mode 100644 index 0000000..e47f836 --- /dev/null +++ b/ssl/ssldecode.h @@ -0,0 +1,75 @@ +/** + ssldecode.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssldecode.h,v 1.3 2001/07/20 23:33:16 ekr Exp $ + + + ekr@rtfm.com Thu Apr 1 15:02:02 1999 + */ + + +#ifndef _ssldecode_h +#define _ssldecode_h + +#define CRDUMP(a,b,c) P_(P_CR) {Data d; d.data=b; d.len=c; exdump(ssl,a,&d); printf("\n");} +#define CRDUMPD(a,b) P_(P_CR) {exdump(ssl,a,b);printf("\n");} + +int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx, + char *keyfile,char *password)); +int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp)); +int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx)); +int ssl_set_client_random PROTO_LIST((ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_set_server_random PROTO_LIST((ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_set_client_session_id PROTO_LIST((ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_process_server_session_id PROTO_LIST((ssl_obj *obj,ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_process_client_key_exchange PROTO_LIST((struct ssl_obj_ *, + ssl_decoder *d,UCHAR *msg,int len)); +int ssl_process_change_cipher_spec PROTO_LIST((ssl_obj *ssl, + ssl_decoder *d,int direction)); + +int ssl_decode_record PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int direction, + int ct,int version,Data *d)); + + +#endif + diff --git a/ssl/sslprint.c b/ssl/sslprint.c new file mode 100644 index 0000000..bf12986 --- /dev/null +++ b/ssl/sslprint.c @@ -0,0 +1,686 @@ +/** + sslprint.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslprint.c,v 1.8 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Tue Jan 12 18:06:39 1999 + */ + + +static char *RCSSTRING="$Id: sslprint.c,v 1.8 2002/08/17 01:33:17 ekr Exp $"; + +#include +#include +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#include "ssldecode.h" + +extern decoder ContentType_decoder[]; +extern decoder HandshakeType_decoder[]; + + +#define BYTES_NEEDED(x) (x<=255)?1:((x<=(1<<16))?2:(x<=(1<<24)?3:4)) + +int process_beginning_plaintext(ssl,seg,direction) + ssl_obj *ssl; + segment *seg; + int direction; + { + Data d; + int r; + struct timeval dt; + if(seg->len==0) + return(SSL_NO_DATA); + + d.data=seg->data; + d.len=seg->len; + + /* this looks like SSL data. Ignore it*/ + if(d.data[0]==0x16) + return(SSL_BAD_CONTENT_TYPE); + + P_(P_AD){ + ssl_print_timestamp(ssl,&seg->p->ts); + + ssl_print_direction_indicator(ssl,direction); + + print_data(ssl,&d); + printf("\n"); + } + + return(0); + } + +int process_v2_hello(ssl,seg) + ssl_obj *ssl; + segment *seg; + { + int r; + int rec_len; + int cs_len; + int sid_len; + int chall_len; + int ver; + Data d; + Data chall; + char random[32]; + struct timeval dt; + + if(seg->len==0) + return(SSL_NO_DATA); + + d.data=seg->data; + d.len=seg->len; + + /* First check the message length. */ + if(d.len<4) + return(SSL_BAD_CONTENT_TYPE); + rec_len=((d.data[0] & 0x7f)<<8) | (d.data[1]); + d.data+=2; d.len-=2; + + if(d.len!=rec_len) /* Whatever this is it isn't valid SSLv2*/ + return(SSL_BAD_CONTENT_TYPE); + + /* If msg_type==1 then we've got a v2 message (or trash)*/ + if(*d.data++!=1) + return(SSL_BAD_CONTENT_TYPE); + d.len--; + + SSL_DECODE_UINT16(ssl,"Version number",P_DC,&d,&ver); + /* We can't handle real v2 clients*/ + if(ver<=2){ + explain(ssl,"Version 2 Client.\n"); + return(SSL_BAD_DATA); + } + + ssl_print_record_num(ssl); + ssl_print_timestamp(ssl,&seg->p->ts); + ssl_print_direction_indicator(ssl,DIR_I2R); + explain(ssl," SSLv2 compatible client hello\n"); + + INDENT_INCR; + + P_(P_HL) { + explain(ssl,"Version %d.%d ",(ver>>8)&0xff, + ver&0xff); + printf("\n"); + } + SSL_DECODE_UINT16(ssl,"cipher_spec_length",P_DC,&d,&cs_len); + SSL_DECODE_UINT16(ssl,"session_id_length",P_DC,&d,&sid_len); + SSL_DECODE_UINT16(ssl,"challenge_length",P_DC,&d,&chall_len); + + if(cs_len%3){ + fprintf(stderr,"Bad cipher spec length %d\n",cs_len); + return(SSL_BAD_DATA); + } + P_(P_HL){ + explain(ssl,"cipher suites\n"); + } + + for(;cs_len;cs_len-=3){ + UINT4 val; + char *str; + + SSL_DECODE_UINT24(ssl,0,0,&d,&val); + ssl_print_cipher_suite(ssl,ver,P_HL,val); + P_(P_HL){ + explain(ssl,"\n"); + } + } + + if(sid_len!=0){ + fprintf(stderr,"Session ID field should be zero length\n"); + return(SSL_BAD_DATA); + } + + if(chall_len<16 || chall_len>32){ + fprintf(stderr,"Invalid challenge length %d\n",chall_len); + return(SSL_BAD_DATA); + } + + SSL_DECODE_OPAQUE_ARRAY(ssl,0,chall_len, + 0,&d,&chall); + P_(P_DC){ + exdump(ssl,"Challenge",&chall); + } + + memset(random,0,32); + memcpy(random+(32-chall_len),chall.data,chall_len); + + ssl_set_client_random(ssl->decoder,random,32); + ssl->i_state=SSL_ST_HANDSHAKE; + + P_(SSL_PRINT_HEXDUMP){ + Data d; + + INIT_DATA(d,seg->data,seg->len); + exdump(ssl,"Packet data",&d); + printf("\n\n"); + } + + INDENT_POP; + return(0); + } + +int ssl_decode_switch(ssl,dtable,value,dir,seg,data) + ssl_obj *ssl; + decoder *dtable; + int value; + int dir; + segment *seg; + Data *data; + { + while(dtable && dtable->type!=-1){ + if(dtable->type == value){ + INDENT_INCR; + explain(ssl,"%s",dtable->name); + if(dtable->print) { + INDENT_INCR; + dtable->print(ssl,dir,seg,data); + INDENT_POP; + } + INDENT_POP; + return(0); + } + dtable++; + } + + ERETURN(R_NOT_FOUND); + } + +int ssl_expand_record(ssl,q,direction,data,len) + ssl_obj *ssl; + segment *q; + int direction; + UCHAR *data; + int len; + { + int r; + Data d; + UINT4 ct,vermaj,vermin,length; + int version; + d.data=data; + d.len=len; + + /*This should be mapped to an enum*/ + SSL_DECODE_UINT8(ssl,0,0,&d,&ct); + SSL_DECODE_UINT8(ssl,0,0,&d,&vermaj); + SSL_DECODE_UINT8(ssl,0,0,&d,&vermin); + SSL_DECODE_UINT16(ssl,0,0,&d,&length); + + if(d.len!=length){ + explain(ssl,"Short record\n"); + return(0); + } + + P_(P_RH){ + explain(ssl,"V%d.%d(%d)",vermaj,vermin,length); + } + + + version=vermaj*256+vermin; + + r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d); + + if(r==SSL_BAD_MAC){ + explain(ssl," bad MAC\n"); + return(0); + } + + if(r){ + if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) + ERETURN(r); + printf("\n"); + } + else{ + if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, + &d)) + ERETURN(r); + } + + return(0); + } + +int ssl_decode_uintX(ssl,name,size,p,data,x) + ssl_obj *ssl; + char *name; + int size; + UINT4 p; + Data *data; + UINT4 *x; + { + UINT4 v=0; + UINT4 _x; + + if(!x) x=&_x; + + if(size>data->len){ + fprintf(stderr,"Short read: %d bytes available (expecting %d)\n", + data->len,size); + ERETURN(R_EOD); + } + + while(size--){ + v<<=8; + v|=*(data->data)++; + data->len--; + } + + P_(p){ + explain(ssl,"%s = %d\n",name,*x); + } + *x=v; + return(0); + } + +int ssl_decode_opaque_array(ssl,name,size,p,data,x) + ssl_obj *ssl; + char *name; + int size; + UINT4 p; + Data *data; + Data *x; + { + UINT4 len; + char n[1000]; + int r; + Data _x; + + if(!x) x=&_x; + + sprintf(n,"%s (length)",name?name:""); + if(size<0){ + size*=-1; + if(r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len)) + ERETURN(r); + } + else{ + len=size; + } + + if(len>data->len){ + fprintf(stderr,"Not enough data. Found %d bytes (expecting %d)\n", + data->len,size); + ERETURN(R_EOD); + } + + x->data=data->data; + x->len=len; + data->data+=len; + data->len-=len; + + P_(p){ + exdump(ssl,name,x); + } + + return(0); + } + +int ssl_lookup_enum(ssl,dtable,val,ptr) + ssl_obj *ssl; + decoder *dtable; + UINT4 val; + char **ptr; + { + while(dtable && dtable->type!=-1){ + if(dtable->type == val){ + *ptr=dtable->name; + return(0); + } + dtable++; + } + + return(-1); + } + +int ssl_decode_enum(ssl,name,size,dtable,p,data,x) + ssl_obj *ssl; + char *name; + int size; + decoder *dtable; + UINT4 p; + Data *data; + UINT4 *x; + { + int r; + UINT4 _x; + + if(!x) x=&_x; + + if(r=ssl_decode_uintX(ssl,name,size,0,data,x)) + ERETURN(r); + + P_(p){ + if(r=ssl_print_enum(ssl,name,dtable,*x)) + ERETURN(r); + } + + return(0); + } + +int ssl_print_enum(ssl,name,dtable,value) + ssl_obj *ssl; + char *name; + decoder *dtable; + UINT4 value; + { + if(name) explain(ssl,"%s ",name); + INDENT; + + while(dtable && dtable->type!=-1){ + if(dtable->type == value){ + INDENT_INCR; + explain(ssl,"%s",dtable->name); + INDENT_POP; + return(0); + } + dtable++; + } + + explain(ssl,"%s","unknown value"); + return(0); + } + +int explain(ssl_obj *ssl,char *format,...) + { + va_list ap; + + va_start(ap,format); + + P_(P_NR){ + if(ssl->record_encryption==REC_DECRYPTED_CIPHERTEXT) + printf("\\f(CI"); + else + printf("\\fC"); + } + INDENT; + + vprintf(format,ap); + va_end(ap); + return(0); + } + +int exdump(ssl,name,data) + ssl_obj *ssl; + char *name; + Data *data; + { + int i; + + if(name){ + explain(ssl,"%s[%d]=\n",name,data->len); + INDENT_INCR; + } + P_(P_NR){ + printf("\\f(CB"); + } + for(i=0;ilen;i++){ + + if(!i) INDENT; + + if((data->len>8) && i && !(i%16)){ + printf("\n"); INDENT; + } + printf("%.2x ",data->data[i]&255); + } + P_(P_NR){ + printf("\\fR"); + } + if(name) INDENT_POP; + printf("\n"); + return(0); + } + +int combodump(ssl,name,data) + ssl_obj *ssl; + char *name; + Data *data; + { + char *ptr=data->data; + int len=data->len; + + if(name){ + explain(ssl,"%s[%d]=\n",name,data->len); + INDENT_INCR; + } + while(len){ + int i; + int bytes=MIN(len,16); + + INDENT; + + P_(P_NR){ + if(ssl->record_encryption==REC_DECRYPTED_CIPHERTEXT) + printf("\\f[CBI]"); + else + printf("\\f(CB"); + } + + for(i=0;irecord_encryption==REC_DECRYPTED_CIPHERTEXT) + printf("\\f[CI]"); + else + printf("\\f(C"); + } + + for(i=0;ilen;i++){ + if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){ + bit8=1; + break; + } + } + + if(bit8){ + INDENT; + printf("---------------------------------------------------------------\n"); + P_(P_HO){ + exdump(ssl,0,d); + } + else{ + combodump(ssl,0,d); + } + INDENT; + printf("---------------------------------------------------------------\n"); + + } + else{ + int nl=1; + INDENT; + printf("---------------------------------------------------------------\n"); if(SSL_print_flags & SSL_PRINT_NROFF){ + if(ssl->process_ciphertext & ssl->direction) + printf("\\f[CI]"); + else + printf("\\f(C"); + } + + INDENT; + for(i=0;ilen;i++){ + /* Escape leading . */ + if(nl==1 && (SSL_print_flags & SSL_PRINT_NROFF) && (d->data[i]=='.')) + printf("\\&"); + nl=0; + + putchar(d->data[i]); + if(d->data[i]=='\n') {nl=1;INDENT;} + } + printf("---------------------------------------------------------------\n"); + if(SSL_print_flags & SSL_PRINT_NROFF){ + printf("\\f(R"); + } + } + + return(0); + } +int ssl_print_direction_indicator(ssl,dir) + ssl_obj *ssl; + int dir; + { +#if 0 + if(dir==DIR_I2R){ + explain(ssl,"%s(%d) > %s>%d", + ssl->client_name,ssl->client_port,ssl->server_name,ssl->server_port); + } + else{ + explain(ssl,"%s(%d) > %s>%d", + ssl->client_name,ssl->client_port,ssl->server_name,ssl->server_port); + } +#else + if(dir==DIR_I2R){ + explain(ssl,"C>S"); + } + else{ + explain(ssl,"S>C"); + } +#endif + + return(0); + } + +int ssl_print_timestamp(ssl,ts) + ssl_obj *ssl; + struct timeval *ts; + { + struct timeval dt; + int r; + + if(SSL_print_flags & SSL_PRINT_TIMESTAMP_ABSOLUTE) { + explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100); + } + else{ + if(r=timestamp_diff(ts,&ssl->time_start,&dt)) + ERETURN(r); + explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); + } + + if(r=timestamp_diff(ts,&ssl->time_last,&dt)){ + ERETURN(r); + } + explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100); + + memcpy(&ssl->time_last,ts,sizeof(struct timeval)); + + return(0); + } + + +int ssl_print_record_num(ssl) + ssl_obj *ssl; + { + ssl->record_count++; + if(SSL_print_flags & SSL_PRINT_NROFF){ + printf("\\fI%d %d\\fR %s", + ssl->conn->conn_number, + ssl->record_count,ssl->record_count<10?" ":""); + } + else{ + printf("%d %d %s",ssl->conn->conn_number, + ssl->record_count,ssl->record_count<10?" ":""); + } + + return(0); + } + +int ssl_print_cipher_suite(ssl,version,p,val) + ssl_obj *ssl; + int version; + int p; + UINT4 val; + { + char *str; + char *prefix=version<=0x300?"SSL_":"TLS_"; + int r; + + P_(p){ + if(r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str)){ + explain(ssl,"Unknown value 0x%x",val); + return(0); + } + + /* Now the tricky bit. If the cipher suite begins with TLS_ + and the version is SSLv3 then we replace it with SSL_*/ + if(!strncmp(str,"TLS_",4)){ + explain(ssl,"%s%s",prefix,str+4); + } + else{ + explain(ssl,"%s",str); + } + } + return(0); + } + + + + + + diff --git a/ssl/sslprint.h b/ssl/sslprint.h new file mode 100644 index 0000000..217dbb8 --- /dev/null +++ b/ssl/sslprint.h @@ -0,0 +1,99 @@ +/** + sslprint.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslprint.h,v 1.3 2000/11/03 06:38:06 ekr Exp $ + + + ekr@rtfm.com Wed Feb 10 15:34:14 1999 + */ + + +#ifndef _sslprint_h +#define _sslprint_h + +#include "ssl_analyze.h" +#include "ssl_h.h" + +int ssl_expand_record PROTO_LIST((ssl_obj *ssl, + segment *q,int direction,UCHAR *data,int len)); +int ssl_decode_switch PROTO_LIST((ssl_obj *ssl, + decoder *dtable,int value,int dir,segment *seg,Data *data)); +int ssl_decode_uintX PROTO_LIST((ssl_obj *ssl,char *name,int size, + UINT4 print,Data *data,UINT4 *x)); +int ssl_decode_opaque_array PROTO_LIST((ssl_obj *ssl,char *name,int size, + UINT4 print,Data *data,Data *x)); +int ssl_decode_enum PROTO_LIST((ssl_obj *ssl,char *name, + int size,decoder *decode,UINT4 p,Data *data, + UINT4 *x)); +int ssl_lookup_enum PROTO_LIST((ssl_obj *ssl,decoder *dtable, + UINT4 val,char **ptr)); +int ssl_print_enum PROTO_LIST((ssl_obj *obj,char *name, + decoder *decode,UINT4 value)); +int print_data PROTO_LIST((ssl_obj *ssl,Data *d)); +int process_v2_hello PROTO_LIST((ssl_obj *ssl,segment *seg)); +int process_beginning_plaintext PROTO_LIST((ssl_obj *ssl, + segment *seg,int direction)); +int ssl_print_direction_indicator PROTO_LIST((ssl_obj *ssl,int dir)); +int ssl_print_timestamp PROTO_LIST((ssl_obj *ssl,struct timeval *ts)); +int ssl_print_record_num PROTO_LIST((ssl_obj *ssl)); +int ssl_print_cipher_suite PROTO_LIST((ssl_obj *ssl,int version,int p, + UINT4 val)); + +int explain PROTO_LIST((ssl_obj *ssl,char *format,...)); +int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data)); + + +#define SSL_DECODE_UINT8(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,1,b,c,d)) ERETURN(r) +#define SSL_DECODE_UINT16(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,2,b,c,d)) ERETURN(r) +#define SSL_DECODE_UINT24(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,3,b,c,d)) ERETURN(r) +#define SSL_DECODE_UINT32(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,4,b,c,d)) ERETURN(r) +#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if(r=ssl_decode_opaque_array(a,n,b,c,d,e)) ERETURN(r) +#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if(r=ssl_decode_enum(a,b,c,d,e,f,g)) ERETURN(r) +#define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags)) + +#define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0) +#define INDENT_INCR ssl->indent_depth+=2 +#define INDENT_POP ssl->indent_depth-=2 +#define INDENT_NAME(x) ssl->indent_name_len += strlen(x) +#define INDENT_NAME_POP ssl->indent_name_len=0 +#define LINE_LEFT (80-(ssl->indent_name_len + ssl->indent_depth) +#define LF printf("\n") + +#endif + diff --git a/ssl/sslxprint.c b/ssl/sslxprint.c new file mode 100644 index 0000000..0ba9897 --- /dev/null +++ b/ssl/sslxprint.c @@ -0,0 +1,234 @@ +/** + sslxprint.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslxprint.c,v 1.3 2000/11/03 06:38:06 ekr Exp $ + + + ekr@rtfm.com Thu Mar 25 21:17:16 1999 + */ + + +static char *RCSSTRING="$Id: sslxprint.c,v 1.3 2000/11/03 06:38:06 ekr Exp $"; + +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#ifdef OPENSSL +#include +#include +#include +#endif + +#define BUFSIZE 1024 + +static int sslx__print_dn PROTO_LIST((ssl_obj *ssl,char *x)); +#ifdef OPENSSL +static int sslx__print_serial PROTO_LIST((ssl_obj *ssl,ASN1_INTEGER *a)); +#endif + +int sslx_print_certificate(ssl,data,pf) + ssl_obj *ssl; + Data *data; + int pf; + { +#ifdef OPENSSL + X509 *x=0; + ASN1_INTEGER *a; +#endif + UCHAR *d; + int _status; + +#ifdef OPENSSL + P_(P_ASN){ + char buf[BUFSIZE]; + int ext; + + d=data->data; + + if(!(x=d2i_X509(0,&d,data->len))){ + explain(ssl,"Bad certificate"); + ABORT(R_BAD_DATA); + } + X509_NAME_oneline(X509_get_subject_name(x),buf, + BUFSIZE); + explain(ssl,"Subject\n"); + INDENT_INCR; + sslx__print_dn(ssl,buf); + INDENT_POP; + X509_NAME_oneline(X509_get_issuer_name(x),buf, + BUFSIZE); + explain(ssl,"Issuer\n"); + INDENT_INCR; + sslx__print_dn(ssl,buf); + INDENT_POP; + a=X509_get_serialNumber(x); + explain(ssl,"Serial "); + sslx__print_serial(ssl,a); + + ext=X509_get_ext_count(x); + if(ext>0){ + int i,j; + UCHAR buf[1024]; + + explain(ssl,"Extensions\n"); + INDENT_INCR; + for(i=0;iprocess_ciphertext&ssl->direction) + printf("\\f(CI"); + else + printf("\\fC"); + + INDENT_INCR; + INDENT; + if(!X509V3_EXT_print_fp(stdout,ex,0,0)){ + printf("Hex value"); + } + INDENT_POP; + explain(ssl,"\n"); + } + } + INDENT_POP; + + } + else{ +#endif + P_(pf){ + exdump(ssl,"certificate",data); + } +#ifdef OPENSSL + } + } +#endif + + _status=0; + abort: +#ifdef OPENSSL + if(x) X509_free(x); +#endif + return(_status); + } + +int sslx_print_dn(ssl,data,pf) + ssl_obj *ssl; + Data *data; + int pf; + { + UCHAR buf[BUFSIZE]; + int _status; + UCHAR *d=data->data; +#ifdef OPENSSL + X509_NAME *n=0; +#endif + + P_(pf){ +#ifdef OPENSSL + P_(P_ASN){ + if(!(n=d2i_X509_NAME(0,&d,data->len))) + ABORT(R_BAD_DATA); + X509_NAME_oneline(n,buf,BUFSIZE); + sslx__print_dn(ssl,buf); + } + else{ +#endif + exdump(ssl,0,data); +#ifdef OPENSSL + } +#endif + } + + _status=0; + abort: +#ifdef OPENSSL + if(n) X509_NAME_free(n); +#endif + return(_status); + } + +static int sslx__print_dn(ssl,x) + ssl_obj *ssl; + char *x; + { + char *slash; + + if(*x=='/') x++; + + while (x){ + if(slash=strchr(x,'/')){ + *slash=0; + } + + explain(ssl,"%s\n",x); + + x=slash?slash+1:0; + }; + + return(0); + } + +#ifdef OPENSSL +static int sslx__print_serial(ssl,a) + ssl_obj *ssl; + ASN1_INTEGER *a; + { + Data d; + + if(a->length==0) + printf("0"); + + INIT_DATA(d,a->data,a->length); + exdump(ssl,0,&d); + + return(0); + } +#endif diff --git a/ssl/sslxprint.h b/ssl/sslxprint.h new file mode 100644 index 0000000..5d44876 --- /dev/null +++ b/ssl/sslxprint.h @@ -0,0 +1,54 @@ +/** + sslxprint.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslxprint.h,v 1.2 2000/10/17 16:10:02 ekr Exp $ + + + ekr@rtfm.com Thu Mar 25 21:23:34 1999 + */ + + +#ifndef _sslxprint_h +#define _sslxprint_h + +int sslx_print_certificate PROTO_LIST((ssl_obj *ssl,Data *data,int pf)); +int sslx_print_dn PROTO_LIST((ssl_obj *ssl,Data *data,int pf)); + +#endif + diff --git a/ssl/targets.mk b/ssl/targets.mk new file mode 100644 index 0000000..c903360 --- /dev/null +++ b/ssl/targets.mk @@ -0,0 +1,282 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/ssl/targets.mk,v $ +# $Revision: 1.2 $ +# $Date: 2001/12/08 14:57:51 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 1999, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# ANALYZE_SSL_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# ANALYZE_SSL_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# ANALYZE_SSL_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# ANALYZE_SSL_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# ANALYZE_SSL_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# ANALYZE_SSL_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# ANALYZE_SSL_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# ANALYZE_SSL_MAKEFILES: +# the makefiles +# +# ANALYZE_SSL_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# ANALYZE_SSL_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# ANALYZE_SSL_PROGRAMS: +# programs to build +# +# ANALYZE_SSL_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# ANALYZE_SSL_SOURCES: +# the source files to compile to object +# +ANALYZE_SSL_DEFINES = +ANALYZE_SSL_INCLUDES = -I$(ANALYZE_SSL_SRCDIR) +ANALYZE_SSL_INTERNAL = +ANALYZE_SSL_LIBNAME = +ANALYZE_SSL_LIBPATHS = +ANALYZE_SSL_LIBRARIES = +ANALYZE_SSL_LOCALFLAGS = +ANALYZE_SSL_MAKEFILES = +ANALYZE_SSL_PREFIX = ANALYZE_SSL +ANALYZE_SSL_PRIVATE = ssl_analyze.h +ANALYZE_SSL_PROGRAMS = +ANALYZE_SSL_PUBLIC = +ANALYZE_SSL_SOURCES = ciphersuites.c ssl.enums.c ssl_analyze.c \ + ssl_rec.c ssldecode.c sslprint.c sslxprint.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# ANALYZE_SSL_OBJECTS: +# object files to build +# +# ANALYZE_SSL_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# ANALYZE_SSL_USED: +# all files in the module directory that are used +# during the build process +# +ANALYZE_SSL_OBJECTS = ciphersuites.$(OBJSUFFIX) ssl.enums.$(OBJSUFFIX) \ + ssl_analyze.$(OBJSUFFIX) ssl_rec.$(OBJSUFFIX) \ + ssldecode.$(OBJSUFFIX) sslprint.$(OBJSUFFIX) \ + sslxprint.$(OBJSUFFIX) +ANALYZE_SSL_UNUSED = Makefile lex.yy.c main.c ssl.enums.h ssl_enum.c \ + ssl_h.h sslciphers.h ssldecode.h sslprint.h \ + sslxprint.h targets.mk y.tab.c y.tab.h +ANALYZE_SSL_USED = $(ANALYZE_SSL_INTERNAL:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_MAKEFILES:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_PRIVATE:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_PUBLIC:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_SOURCES:%=$(ANALYZE_SSL_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# ANALYZE_SSL_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(ANALYZE_SSL_DEFINES) +INCLUDES += $(ANALYZE_SSL_INCLUDES) +LIBPATHS += $(ANALYZE_SSL_LIBPATHS) +LIBRARIES += $(ANALYZE_SSL_LIBRARIES) +OBJECTS += $(ANALYZE_SSL_OBJECTS) +PUBLIC += $(ANALYZE_SSL_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(ANALYZE_SSL_LIBNAME) +default: $(ANALYZE_SSL_PROGRAMS) + +all: $(ANALYZE_SSL_PUBLIC) +all: $(ANALYZE_SSL_OBJECTS) +all: $(ANALYZE_SSL_LIBNAME) +all: $(ANALYZE_SSL_PROGRAMS) +build: $(ANALYZE_SSL_PUBLIC) +build: $(ANALYZE_SSL_OBJECTS) +ci: analyze_ssl_ci +clean: analyze_ssl_clean +clean_public: analyze_ssl_clean_public +objects: $(ANALYZE_SSL_OBJECTS) +private: $(ANALYZE_SSL_PRIVATE) +public: $(ANALYZE_SSL_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +analyze_ssl_ci: + $(CI) $(CIFLAGS) $(ANALYZE_SSL_USED) + +analyze_ssl_clean: + $(RM) $(RMFLAGS) $(ANALYZE_SSL_OBJECTS) $(ANALYZE_SSL_LIBNAME) $(ANALYZE_SSL_PROGRAMS) + +analyze_ssl_clean_public: + $(RM) $(RMFLAGS) $(ANALYZE_SSL_PUBLIC) + +analyze_ssl_objects: $(ANALYZE_SSL_OBJECTS) + +analyze_ssl_programs: $(ANALYZE_SSL_PROGRAMS) + +analyze_ssl_public: $(ANALYZE_SSL_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(ANALYZE_SSL_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(ANALYZE_SSL_OBJECTS): + $(COMPILE.c) $(ANALYZE_SSL_SRCDIR)$(@:%.o=%.c) $(DEFINES) $(INCLUDES) $(ANALYZE_SSL_LOCALFLAGS) + +$(ANALYZE_SSL_PUBLIC): + $(CP) $(CPFLAGS) $(ANALYZE_SSL_SRCDIR)$@ $@ + +$(ANALYZE_SSL_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +ciphersuites.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ciphersuites.c + +ssl.enums.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl.enums.h +ssl.enums.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl.enums.c + +ssl_analyze.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl_analyze.h +ssl_analyze.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl_analyze.c + +ssl_rec.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl_rec.c + +ssldecode.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssldecode.h +ssldecode.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssldecode.c + +sslprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslprint.h +sslprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslprint.c + +sslxprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslxprint.h +sslxprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslxprint.c + +$(ANALYZE_SSL_LIBNAME): $(ANALYZE_SSL_OBJECTS) diff --git a/ssl/y.output b/ssl/y.output new file mode 100644 index 0000000..1be3a37 --- /dev/null +++ b/ssl/y.output @@ -0,0 +1,526 @@ + + +Terminals which are not used: + + DOT_DOT_ + STRUCT_ + OPAQUE_ + ENUM_ + DIGITALLY_SIGNED_ + COMMENT_START_ + COMMENT_END_ + CASE_ + + + +Grammar +rule 1 module -> typelist +rule 2 typelist -> /* empty */ +rule 3 typelist -> definition typelist +rule 4 definition -> selecttype +rule 5 definition -> constant_type +rule 6 selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' NAME_ ';' +rule 7 selecterateds -> selecterateds ',' selecterated +rule 8 selecterateds -> selecterated +rule 9 selectmax -> '(' NUM_ ')' +rule 10 selecterated -> selecterated_no_code +rule 11 selecterated -> selecterated_code +rule 12 selecterated_code -> NAME_ '(' NUM_ ')' CODE_ +rule 13 selecterated_no_code -> NAME_ '(' NUM_ ')' +rule 14 constant_type -> CONSTANT_ '{' constants '}' NAME_ ';' +rule 15 constants -> constants constant +rule 16 constants -> constant +rule 17 constant -> NAME_ NAME_ '=' '{' constval '}' ';' +rule 18 constval -> NUM_ ',' NUM_ ',' NUM_ +rule 19 constval -> NUM_ ',' NUM_ +rule 20 constval -> NUM_ + +Terminals, with rules where they appear + +$ (-1) +'(' (40) 9 12 13 +')' (41) 9 12 13 +',' (44) 6 7 18 19 +';' (59) 6 14 17 +'=' (61) 17 +'{' (123) 6 14 17 +'}' (125) 6 14 17 +error (256) +NAME_ (257) 6 12 13 14 17 +NUM_ (258) 9 12 13 18 19 20 +DOT_DOT_ (259) +STRUCT_ (260) +SELECT_ (261) 6 +OPAQUE_ (262) +ENUM_ (263) +DIGITALLY_SIGNED_ (264) +COMMENT_START_ (265) +CODE_ (266) 12 +COMMENT_END_ (267) +CASE_ (268) +CONSTANT_ (269) 14 + +Nonterminals, with rules where they appear + +module (23) + on left: 1 +typelist (24) + on left: 2 3, on right: 1 3 +definition (25) + on left: 4 5, on right: 3 +selecttype (26) + on left: 6, on right: 4 +selecterateds (27) + on left: 7 8, on right: 6 7 +selectmax (28) + on left: 9, on right: 6 +selecterated (29) + on left: 10 11, on right: 7 8 +selecterated_code (30) + on left: 12, on right: 11 +selecterated_no_code (31) + on left: 13, on right: 10 +constant_type (32) + on left: 14, on right: 5 +constants (33) + on left: 15 16, on right: 14 15 +constant (34) + on left: 17, on right: 15 16 +constval (35) + on left: 18 19 20, on right: 17 + + +state 0 + + SELECT_ shift, and go to state 1 + CONSTANT_ shift, and go to state 2 + + $default reduce using rule 2 (typelist) + + module go to state 46 + typelist go to state 3 + definition go to state 4 + selecttype go to state 5 + constant_type go to state 6 + + + +state 1 + + selecttype -> SELECT_ . '{' selecterateds ',' selectmax '}' NAME_ ';' (rule 6) + + '{' shift, and go to state 7 + + + +state 2 + + constant_type -> CONSTANT_ . '{' constants '}' NAME_ ';' (rule 14) + + '{' shift, and go to state 8 + + + +state 3 + + module -> typelist . (rule 1) + + $default reduce using rule 1 (module) + + + +state 4 + + typelist -> definition . typelist (rule 3) + + SELECT_ shift, and go to state 1 + CONSTANT_ shift, and go to state 2 + + $default reduce using rule 2 (typelist) + + typelist go to state 9 + definition go to state 4 + selecttype go to state 5 + constant_type go to state 6 + + + +state 5 + + definition -> selecttype . (rule 4) + + $default reduce using rule 4 (definition) + + + +state 6 + + definition -> constant_type . (rule 5) + + $default reduce using rule 5 (definition) + + + +state 7 + + selecttype -> SELECT_ '{' . selecterateds ',' selectmax '}' NAME_ ';' (rule 6) + + NAME_ shift, and go to state 10 + + selecterateds go to state 11 + selecterated go to state 12 + selecterated_code go to state 13 + selecterated_no_code go to state 14 + + + +state 8 + + constant_type -> CONSTANT_ '{' . constants '}' NAME_ ';' (rule 14) + + NAME_ shift, and go to state 15 + + constants go to state 16 + constant go to state 17 + + + +state 9 + + typelist -> definition typelist . (rule 3) + + $default reduce using rule 3 (typelist) + + + +state 10 + + selecterated_code -> NAME_ . '(' NUM_ ')' CODE_ (rule 12) + selecterated_no_code -> NAME_ . '(' NUM_ ')' (rule 13) + + '(' shift, and go to state 18 + + + +state 11 + + selecttype -> SELECT_ '{' selecterateds . ',' selectmax '}' NAME_ ';' (rule 6) + selecterateds -> selecterateds . ',' selecterated (rule 7) + + ',' shift, and go to state 19 + + + +state 12 + + selecterateds -> selecterated . (rule 8) + + $default reduce using rule 8 (selecterateds) + + + +state 13 + + selecterated -> selecterated_code . (rule 11) + + $default reduce using rule 11 (selecterated) + + + +state 14 + + selecterated -> selecterated_no_code . (rule 10) + + $default reduce using rule 10 (selecterated) + + + +state 15 + + constant -> NAME_ . NAME_ '=' '{' constval '}' ';' (rule 17) + + NAME_ shift, and go to state 20 + + + +state 16 + + constant_type -> CONSTANT_ '{' constants . '}' NAME_ ';' (rule 14) + constants -> constants . constant (rule 15) + + NAME_ shift, and go to state 15 + '}' shift, and go to state 21 + + constant go to state 22 + + + +state 17 + + constants -> constant . (rule 16) + + $default reduce using rule 16 (constants) + + + +state 18 + + selecterated_code -> NAME_ '(' . NUM_ ')' CODE_ (rule 12) + selecterated_no_code -> NAME_ '(' . NUM_ ')' (rule 13) + + NUM_ shift, and go to state 23 + + + +state 19 + + selecttype -> SELECT_ '{' selecterateds ',' . selectmax '}' NAME_ ';' (rule 6) + selecterateds -> selecterateds ',' . selecterated (rule 7) + + NAME_ shift, and go to state 10 + '(' shift, and go to state 24 + + selectmax go to state 25 + selecterated go to state 26 + selecterated_code go to state 13 + selecterated_no_code go to state 14 + + + +state 20 + + constant -> NAME_ NAME_ . '=' '{' constval '}' ';' (rule 17) + + '=' shift, and go to state 27 + + + +state 21 + + constant_type -> CONSTANT_ '{' constants '}' . NAME_ ';' (rule 14) + + NAME_ shift, and go to state 28 + + + +state 22 + + constants -> constants constant . (rule 15) + + $default reduce using rule 15 (constants) + + + +state 23 + + selecterated_code -> NAME_ '(' NUM_ . ')' CODE_ (rule 12) + selecterated_no_code -> NAME_ '(' NUM_ . ')' (rule 13) + + ')' shift, and go to state 29 + + + +state 24 + + selectmax -> '(' . NUM_ ')' (rule 9) + + NUM_ shift, and go to state 30 + + + +state 25 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax . '}' NAME_ ';' (rule 6) + + '}' shift, and go to state 31 + + + +state 26 + + selecterateds -> selecterateds ',' selecterated . (rule 7) + + $default reduce using rule 7 (selecterateds) + + + +state 27 + + constant -> NAME_ NAME_ '=' . '{' constval '}' ';' (rule 17) + + '{' shift, and go to state 32 + + + +state 28 + + constant_type -> CONSTANT_ '{' constants '}' NAME_ . ';' (rule 14) + + ';' shift, and go to state 33 + + + +state 29 + + selecterated_code -> NAME_ '(' NUM_ ')' . CODE_ (rule 12) + selecterated_no_code -> NAME_ '(' NUM_ ')' . (rule 13) + + CODE_ shift, and go to state 34 + + $default reduce using rule 13 (selecterated_no_code) + + + +state 30 + + selectmax -> '(' NUM_ . ')' (rule 9) + + ')' shift, and go to state 35 + + + +state 31 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' . NAME_ ';' (rule 6) + + NAME_ shift, and go to state 36 + + + +state 32 + + constant -> NAME_ NAME_ '=' '{' . constval '}' ';' (rule 17) + + NUM_ shift, and go to state 37 + + constval go to state 38 + + + +state 33 + + constant_type -> CONSTANT_ '{' constants '}' NAME_ ';' . (rule 14) + + $default reduce using rule 14 (constant_type) + + + +state 34 + + selecterated_code -> NAME_ '(' NUM_ ')' CODE_ . (rule 12) + + $default reduce using rule 12 (selecterated_code) + + + +state 35 + + selectmax -> '(' NUM_ ')' . (rule 9) + + $default reduce using rule 9 (selectmax) + + + +state 36 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' NAME_ . ';' (rule 6) + + ';' shift, and go to state 39 + + + +state 37 + + constval -> NUM_ . ',' NUM_ ',' NUM_ (rule 18) + constval -> NUM_ . ',' NUM_ (rule 19) + constval -> NUM_ . (rule 20) + + ',' shift, and go to state 40 + + $default reduce using rule 20 (constval) + + + +state 38 + + constant -> NAME_ NAME_ '=' '{' constval . '}' ';' (rule 17) + + '}' shift, and go to state 41 + + + +state 39 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' NAME_ ';' . (rule 6) + + $default reduce using rule 6 (selecttype) + + + +state 40 + + constval -> NUM_ ',' . NUM_ ',' NUM_ (rule 18) + constval -> NUM_ ',' . NUM_ (rule 19) + + NUM_ shift, and go to state 42 + + + +state 41 + + constant -> NAME_ NAME_ '=' '{' constval '}' . ';' (rule 17) + + ';' shift, and go to state 43 + + + +state 42 + + constval -> NUM_ ',' NUM_ . ',' NUM_ (rule 18) + constval -> NUM_ ',' NUM_ . (rule 19) + + ',' shift, and go to state 44 + + $default reduce using rule 19 (constval) + + + +state 43 + + constant -> NAME_ NAME_ '=' '{' constval '}' ';' . (rule 17) + + $default reduce using rule 17 (constant) + + + +state 44 + + constval -> NUM_ ',' NUM_ ',' . NUM_ (rule 18) + + NUM_ shift, and go to state 45 + + + +state 45 + + constval -> NUM_ ',' NUM_ ',' NUM_ . (rule 18) + + $default reduce using rule 18 (constval) + + + +state 46 + + $ go to state 47 + + + +state 47 + + $ go to state 48 + + + +state 48 + + $default accept diff --git a/ssl/y.tab.c b/ssl/y.tab.c new file mode 100644 index 0000000..67ada3f --- /dev/null +++ b/ssl/y.tab.c @@ -0,0 +1,1124 @@ + +/* A Bison parser, made from ssl.y + by GNU Bison version 1.28 */ + +#define YYBISON 1 /* Identify Bison output. */ + +#define NAME_ 257 +#define NUM_ 258 +#define DOT_DOT_ 259 +#define STRUCT_ 260 +#define SELECT_ 261 +#define OPAQUE_ 262 +#define ENUM_ 263 +#define DIGITALLY_SIGNED_ 264 +#define COMMENT_START_ 265 +#define CODE_ 266 +#define COMMENT_END_ 267 +#define CASE_ 268 +#define CONSTANT_ 269 + +#line 11 "ssl.y" + + +typedef struct select_st_ { + char *name; + char *code; + int val; + struct select_st_ *next; +} select_st; + + +select_st *select_base; +select_st *select_ptr; + +select_st *constant_base; +select_st *constant_ptr; + +#include + +extern FILE *dotc; +extern FILE *doth; + + +#line 33 "ssl.y" +typedef union { + int val; + unsigned char str[8192]; +} YYSTYPE; +#include + +#ifndef __cplusplus +#ifndef __STDC__ +#define const +#endif +#endif + + + +#define YYFINAL 48 +#define YYFLAG -32768 +#define YYNTBASE 23 + +#define YYTRANSLATE(x) ((unsigned)(x) <= 269 ? yytranslate[x] : 36) + +static const char yytranslate[] = { 0, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 20, + 21, 2, 2, 17, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 19, 2, + 22, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 16, 2, 18, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 1, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15 +}; + +#if YYDEBUG != 0 +static const short yyprhs[] = { 0, + 0, 2, 3, 6, 8, 10, 19, 23, 25, 29, + 31, 33, 39, 44, 51, 54, 56, 64, 70, 74 +}; + +static const short yyrhs[] = { 24, + 0, 0, 25, 24, 0, 26, 0, 32, 0, 7, + 16, 27, 17, 28, 18, 3, 19, 0, 27, 17, + 29, 0, 29, 0, 20, 4, 21, 0, 31, 0, + 30, 0, 3, 20, 4, 21, 12, 0, 3, 20, + 4, 21, 0, 15, 16, 33, 18, 3, 19, 0, + 33, 34, 0, 34, 0, 3, 3, 22, 16, 35, + 18, 19, 0, 4, 17, 4, 17, 4, 0, 4, + 17, 4, 0, 4, 0 +}; + +#endif + +#if YYDEBUG != 0 +static const short yyrline[] = { 0, + 67, 69, 70, 76, 77, 80, 124, 125, 130, 133, + 134, 138, 160, 181, 202, 203, 208, 228, 232, 236 +}; +#endif + + +#if YYDEBUG != 0 || defined (YYERROR_VERBOSE) + +static const char * const yytname[] = { "$","error","$undefined.","NAME_", +"NUM_","DOT_DOT_","STRUCT_","SELECT_","OPAQUE_","ENUM_","DIGITALLY_SIGNED_", +"COMMENT_START_","CODE_","COMMENT_END_","CASE_","CONSTANT_","'{'","','","'}'", +"';'","'('","')'","'='","module","typelist","definition","selecttype","selecterateds", +"selectmax","selecterated","selecterated_code","selecterated_no_code","constant_type", +"constants","constant","constval", NULL +}; +#endif + +static const short yyr1[] = { 0, + 23, 24, 24, 25, 25, 26, 27, 27, 28, 29, + 29, 30, 31, 32, 33, 33, 34, 35, 35, 35 +}; + +static const short yyr2[] = { 0, + 1, 0, 2, 1, 1, 8, 3, 1, 3, 1, + 1, 5, 4, 6, 2, 1, 7, 5, 3, 1 +}; + +static const short yydefact[] = { 2, + 0, 0, 1, 2, 4, 5, 0, 0, 3, 0, + 0, 8, 11, 10, 0, 0, 16, 0, 0, 0, + 0, 15, 0, 0, 0, 7, 0, 0, 13, 0, + 0, 0, 14, 12, 9, 0, 20, 0, 6, 0, + 0, 19, 17, 0, 18, 0, 0, 0 +}; + +static const short yydefgoto[] = { 46, + 3, 4, 5, 11, 25, 12, 13, 14, 6, 16, + 17, 38 +}; + +static const short yypact[] = { -5, + -13, -12,-32768, -5,-32768,-32768, 2, 3,-32768, -11, + -10,-32768,-32768,-32768, 5, -2,-32768, 7, -3, -9, + 9,-32768, -7, 11, 0,-32768, 4, 6, 10, 8, + 16, 17,-32768,-32768,-32768, 12, 13, 14,-32768, 19, + 15, 18,-32768, 20,-32768, 26, 27,-32768 +}; + +static const short yypgoto[] = {-32768, + 24,-32768,-32768,-32768,-32768, 21,-32768,-32768,-32768,-32768, + 22,-32768 +}; + + +#define YYLAST 40 + + +static const short yytable[] = { 10, + 15, 1, 7, 8, 10, 15, 19, 20, 18, 2, + 23, 28, 27, 29, 30, 21, 24, 31, 36, 32, + 37, 34, 42, 45, 33, 47, 48, 9, 35, 40, + 39, 41, 0, 43, 44, 0, 0, 22, 0, 26 +}; + +static const short yycheck[] = { 3, + 3, 7, 16, 16, 3, 3, 17, 3, 20, 15, + 4, 3, 22, 21, 4, 18, 20, 18, 3, 16, + 4, 12, 4, 4, 19, 0, 0, 4, 21, 17, + 19, 18, -1, 19, 17, -1, -1, 16, -1, 19 +}; +/* -*-C-*- Note some compilers choke on comments on `#line' lines. */ +#line 3 "/usr/local/share/bison.simple" +/* This file comes from bison-1.28. */ + +/* Skeleton output parser for bison, + Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* This is the parser code that is written into each bison parser + when the %semantic_parser declaration is not specified in the grammar. + It was written by Richard Stallman by simplifying the hairy parser + used when %semantic_parser is specified. */ + +#ifndef YYSTACK_USE_ALLOCA +#ifdef alloca +#define YYSTACK_USE_ALLOCA +#else /* alloca not defined */ +#ifdef __GNUC__ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#else /* not GNU C. */ +#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi) || (defined (__sun) && defined (__i386)) +#define YYSTACK_USE_ALLOCA +#include +#else /* not sparc */ +/* We think this test detects Watcom and Microsoft C. */ +/* This used to test MSDOS, but that is a bad idea + since that symbol is in the user namespace. */ +#if (defined (_MSDOS) || defined (_MSDOS_)) && !defined (__TURBOC__) +#if 0 /* No need for malloc.h, which pollutes the namespace; + instead, just don't use alloca. */ +#include +#endif +#else /* not MSDOS, or __TURBOC__ */ +#if defined(_AIX) +/* I don't know what this was needed for, but it pollutes the namespace. + So I turned it off. rms, 2 May 1997. */ +/* #include */ + #pragma alloca +#define YYSTACK_USE_ALLOCA +#else /* not MSDOS, or __TURBOC__, or _AIX */ +#if 0 +#ifdef __hpux /* haible@ilog.fr says this works for HPUX 9.05 and up, + and on HPUX 10. Eventually we can turn this on. */ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#endif /* __hpux */ +#endif +#endif /* not _AIX */ +#endif /* not MSDOS, or __TURBOC__ */ +#endif /* not sparc */ +#endif /* not GNU C */ +#endif /* alloca not defined */ +#endif /* YYSTACK_USE_ALLOCA not defined */ + +#ifdef YYSTACK_USE_ALLOCA +#define YYSTACK_ALLOC alloca +#else +#define YYSTACK_ALLOC malloc +#endif + +/* Note: there must be only one dollar sign in this file. + It is replaced by the list of actions, each action + as one case of the switch. */ + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY -2 +#define YYEOF 0 +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrlab1 +/* Like YYERROR except do call yyerror. + This remains here temporarily to ease the + transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ +#define YYFAIL goto yyerrlab +#define YYRECOVERING() (!!yyerrstatus) +#define YYBACKUP(token, value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { yychar = (token), yylval = (value); \ + yychar1 = YYTRANSLATE (yychar); \ + YYPOPSTACK; \ + goto yybackup; \ + } \ + else \ + { yyerror ("syntax error: cannot back up"); YYERROR; } \ +while (0) + +#define YYTERROR 1 +#define YYERRCODE 256 + +#ifndef YYPURE +#define YYLEX yylex() +#endif + +#ifdef YYPURE +#ifdef YYLSP_NEEDED +#ifdef YYLEX_PARAM +#define YYLEX yylex(&yylval, &yylloc, YYLEX_PARAM) +#else +#define YYLEX yylex(&yylval, &yylloc) +#endif +#else /* not YYLSP_NEEDED */ +#ifdef YYLEX_PARAM +#define YYLEX yylex(&yylval, YYLEX_PARAM) +#else +#define YYLEX yylex(&yylval) +#endif +#endif /* not YYLSP_NEEDED */ +#endif + +/* If nonreentrant, generate the variables here */ + +#ifndef YYPURE + +int yychar; /* the lookahead symbol */ +YYSTYPE yylval; /* the semantic value of the */ + /* lookahead symbol */ + +#ifdef YYLSP_NEEDED +YYLTYPE yylloc; /* location data for the lookahead */ + /* symbol */ +#endif + +int yynerrs; /* number of parse errors so far */ +#endif /* not YYPURE */ + +#if YYDEBUG != 0 +int yydebug; /* nonzero means print parse trace */ +/* Since this is uninitialized, it does not stop multiple parsers + from coexisting. */ +#endif + +/* YYINITDEPTH indicates the initial size of the parser's stacks */ + +#ifndef YYINITDEPTH +#define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH is the maximum size the stacks can grow to + (effective only if the built-in stack extension method is used). */ + +#if YYMAXDEPTH == 0 +#undef YYMAXDEPTH +#endif + +#ifndef YYMAXDEPTH +#define YYMAXDEPTH 10000 +#endif + +/* Define __yy_memcpy. Note that the size argument + should be passed with type unsigned int, because that is what the non-GCC + definitions require. With GCC, __builtin_memcpy takes an arg + of type size_t, but it can handle unsigned int. */ + +#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */ +#define __yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) +#else /* not GNU C or C++ */ +#ifndef __cplusplus + +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ +static void +__yy_memcpy (to, from, count) + char *to; + char *from; + unsigned int count; +{ + register char *f = from; + register char *t = to; + register int i = count; + + while (i-- > 0) + *t++ = *f++; +} + +#else /* __cplusplus */ + +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ +static void +__yy_memcpy (char *to, char *from, unsigned int count) +{ + register char *t = to; + register char *f = from; + register int i = count; + + while (i-- > 0) + *t++ = *f++; +} + +#endif +#endif + +#line 217 "/usr/local/share/bison.simple" + +/* The user can define YYPARSE_PARAM as the name of an argument to be passed + into yyparse. The argument should have type void *. + It should actually point to an object. + Grammar actions can access the variable by casting it + to the proper pointer type. */ + +#ifdef YYPARSE_PARAM +#ifdef __cplusplus +#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM +#define YYPARSE_PARAM_DECL +#else /* not __cplusplus */ +#define YYPARSE_PARAM_ARG YYPARSE_PARAM +#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM; +#endif /* not __cplusplus */ +#else /* not YYPARSE_PARAM */ +#define YYPARSE_PARAM_ARG +#define YYPARSE_PARAM_DECL +#endif /* not YYPARSE_PARAM */ + +/* Prevent warning if -Wstrict-prototypes. */ +#ifdef __GNUC__ +#ifdef YYPARSE_PARAM +int yyparse (void *); +#else +int yyparse (void); +#endif +#endif + +int +yyparse(YYPARSE_PARAM_ARG) + YYPARSE_PARAM_DECL +{ + register int yystate; + register int yyn; + register short *yyssp; + register YYSTYPE *yyvsp; + int yyerrstatus; /* number of tokens to shift before error messages enabled */ + int yychar1 = 0; /* lookahead token as an internal (translated) token number */ + + short yyssa[YYINITDEPTH]; /* the state stack */ + YYSTYPE yyvsa[YYINITDEPTH]; /* the semantic value stack */ + + short *yyss = yyssa; /* refer to the stacks thru separate pointers */ + YYSTYPE *yyvs = yyvsa; /* to allow yyoverflow to reallocate them elsewhere */ + +#ifdef YYLSP_NEEDED + YYLTYPE yylsa[YYINITDEPTH]; /* the location stack */ + YYLTYPE *yyls = yylsa; + YYLTYPE *yylsp; + +#define YYPOPSTACK (yyvsp--, yyssp--, yylsp--) +#else +#define YYPOPSTACK (yyvsp--, yyssp--) +#endif + + int yystacksize = YYINITDEPTH; + int yyfree_stacks = 0; + +#ifdef YYPURE + int yychar; + YYSTYPE yylval; + int yynerrs; +#ifdef YYLSP_NEEDED + YYLTYPE yylloc; +#endif +#endif + + YYSTYPE yyval; /* the variable used to return */ + /* semantic values from the action */ + /* routines */ + + int yylen; + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Starting parse\n"); +#endif + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + + yyssp = yyss - 1; + yyvsp = yyvs; +#ifdef YYLSP_NEEDED + yylsp = yyls; +#endif + +/* Push a new state, which is found in yystate . */ +/* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. */ +yynewstate: + + *++yyssp = yystate; + + if (yyssp >= yyss + yystacksize - 1) + { + /* Give user a chance to reallocate the stack */ + /* Use copies of these so that the &'s don't force the real ones into memory. */ + YYSTYPE *yyvs1 = yyvs; + short *yyss1 = yyss; +#ifdef YYLSP_NEEDED + YYLTYPE *yyls1 = yyls; +#endif + + /* Get the current used size of the three stacks, in elements. */ + int size = yyssp - yyss + 1; + +#ifdef yyoverflow + /* Each stack pointer address is followed by the size of + the data in use in that stack, in bytes. */ +#ifdef YYLSP_NEEDED + /* This used to be a conditional around just the two extra args, + but that might be undefined if yyoverflow is a macro. */ + yyoverflow("parser stack overflow", + &yyss1, size * sizeof (*yyssp), + &yyvs1, size * sizeof (*yyvsp), + &yyls1, size * sizeof (*yylsp), + &yystacksize); +#else + yyoverflow("parser stack overflow", + &yyss1, size * sizeof (*yyssp), + &yyvs1, size * sizeof (*yyvsp), + &yystacksize); +#endif + + yyss = yyss1; yyvs = yyvs1; +#ifdef YYLSP_NEEDED + yyls = yyls1; +#endif +#else /* no yyoverflow */ + /* Extend the stack our own way. */ + if (yystacksize >= YYMAXDEPTH) + { + yyerror("parser stack overflow"); + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); +#endif + } + return 2; + } + yystacksize *= 2; + if (yystacksize > YYMAXDEPTH) + yystacksize = YYMAXDEPTH; +#ifndef YYSTACK_USE_ALLOCA + yyfree_stacks = 1; +#endif + yyss = (short *) YYSTACK_ALLOC (yystacksize * sizeof (*yyssp)); + __yy_memcpy ((char *)yyss, (char *)yyss1, + size * (unsigned int) sizeof (*yyssp)); + yyvs = (YYSTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yyvsp)); + __yy_memcpy ((char *)yyvs, (char *)yyvs1, + size * (unsigned int) sizeof (*yyvsp)); +#ifdef YYLSP_NEEDED + yyls = (YYLTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yylsp)); + __yy_memcpy ((char *)yyls, (char *)yyls1, + size * (unsigned int) sizeof (*yylsp)); +#endif +#endif /* no yyoverflow */ + + yyssp = yyss + size - 1; + yyvsp = yyvs + size - 1; +#ifdef YYLSP_NEEDED + yylsp = yyls + size - 1; +#endif + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Stack size increased to %d\n", yystacksize); +#endif + + if (yyssp >= yyss + yystacksize - 1) + YYABORT; + } + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Entering state %d\n", yystate); +#endif + + goto yybackup; + yybackup: + +/* Do appropriate processing given the current state. */ +/* Read a lookahead token if we need one and don't already have one. */ +/* yyresume: */ + + /* First try to decide what to do without reference to lookahead token. */ + + yyn = yypact[yystate]; + if (yyn == YYFLAG) + goto yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* yychar is either YYEMPTY or YYEOF + or a valid token in external form. */ + + if (yychar == YYEMPTY) + { +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Reading a token: "); +#endif + yychar = YYLEX; + } + + /* Convert token to internal form (in yychar1) for indexing tables with */ + + if (yychar <= 0) /* This means end of input. */ + { + yychar1 = 0; + yychar = YYEOF; /* Don't call YYLEX any more */ + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Now at end of input.\n"); +#endif + } + else + { + yychar1 = YYTRANSLATE(yychar); + +#if YYDEBUG != 0 + if (yydebug) + { + fprintf (stderr, "Next token is %d (%s", yychar, yytname[yychar1]); + /* Give the individual parser a way to print the precise meaning + of a token, for further debugging info. */ +#ifdef YYPRINT + YYPRINT (stderr, yychar, yylval); +#endif + fprintf (stderr, ")\n"); + } +#endif + } + + yyn += yychar1; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != yychar1) + goto yydefault; + + yyn = yytable[yyn]; + + /* yyn is what to do for this token type in this state. + Negative => reduce, -yyn is rule number. + Positive => shift, yyn is new state. + New state is final state => don't bother to shift, + just return success. + 0, or most negative number => error. */ + + if (yyn < 0) + { + if (yyn == YYFLAG) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + else if (yyn == 0) + goto yyerrlab; + + if (yyn == YYFINAL) + YYACCEPT; + + /* Shift the lookahead token. */ + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Shifting token %d (%s), ", yychar, yytname[yychar1]); +#endif + + /* Discard the token being shifted unless it is eof. */ + if (yychar != YYEOF) + yychar = YYEMPTY; + + *++yyvsp = yylval; +#ifdef YYLSP_NEEDED + *++yylsp = yylloc; +#endif + + /* count tokens shifted since error; after three, turn off error status. */ + if (yyerrstatus) yyerrstatus--; + + yystate = yyn; + goto yynewstate; + +/* Do the default action for the current state. */ +yydefault: + + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + +/* Do a reduction. yyn is the number of a rule to reduce with. */ +yyreduce: + yylen = yyr2[yyn]; + if (yylen > 0) + yyval = yyvsp[1-yylen]; /* implement default value of the action */ + +#if YYDEBUG != 0 + if (yydebug) + { + int i; + + fprintf (stderr, "Reducing via rule %d (line %d), ", + yyn, yyrline[yyn]); + + /* Print the symbols being reduced, and their result. */ + for (i = yyprhs[yyn]; yyrhs[i] > 0; i++) + fprintf (stderr, "%s ", yytname[yyrhs[i]]); + fprintf (stderr, " -> %s\n", yytname[yyr1[yyn]]); + } +#endif + + + switch (yyn) { + +case 2: +#line 69 "ssl.y" +{yyval.val=1; + break;} +case 3: +#line 71 "ssl.y" +{ + yyval.val=1; + ; + break;} +case 6: +#line 81 "ssl.y" +{ + select_st *en; + char filename[100]; + + for(en=select_base;en;en=en->next){ + fprintf(dotc,"static int decode_%s_%s(ssl,dir,seg,data)\n", + yyvsp[-1].str,en->name); + fprintf(dotc," ssl_obj *ssl;\n"); + fprintf(dotc," int dir;\n"); + fprintf(dotc," segment *seg;\n"); + fprintf(dotc," Data *data;\n"); + fprintf(dotc," {\n"); + if(en->code){ + en->code+=2; + en->code[strlen(en->code)-2]=0; + fprintf(dotc,"\n%s\n",en->code); + } + else{ +/* fprintf(dotc," fprintf(dotc,\"Decoding %s...%cn\");\n",en->name,'\\');*/ + fprintf(dotc," return(0);\n"); + } + fprintf(dotc," }\n"); + } + + fprintf(dotc,"decoder %s_decoder[]={\n",yyvsp[-1].str); + fprintf(doth,"extern decoder %s_decoder[];\n",yyvsp[-1].str); + for(en=select_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," decode_%s_%s\n",yyvsp[-1].str,en->name); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + + + + select_base=0; + ; + break;} +case 8: +#line 126 "ssl.y" +{; +; + break;} +case 9: +#line 131 "ssl.y" +{yyval.val=1;; + break;} +case 12: +#line 139 "ssl.y" +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=yyvsp[-2].val; + en->name=strdup(yyvsp[-4].str); + en->code=strdup(yyvsp[0].str); + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +; + break;} +case 13: +#line 161 "ssl.y" +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=yyvsp[-1].val; + en->name=strdup(yyvsp[-3].str); + en->code=0; + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +; + break;} +case 14: +#line 182 "ssl.y" +{ + select_st *en; + + fprintf(dotc,"decoder %s_decoder[]={\n",yyvsp[-1].str); + fprintf(doth,"extern decoder %s_decoder[];\n",yyvsp[-1].str); + + for(en=constant_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," 0"); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + constant_ptr=0; + constant_base=0; + ; + break;} +case 16: +#line 204 "ssl.y" +{; +; + break;} +case 17: +#line 209 "ssl.y" +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=yyvsp[-2].val; + en->name=strdup(yyvsp[-5].str); + + if(!constant_base){ + constant_base=en; + constant_ptr=en; + } + else{ + constant_ptr->next=en; + constant_ptr=en; + } +; + break;} +case 18: +#line 229 "ssl.y" +{ + yyval.val=(yyvsp[-4].val << 16) | (yyvsp[-2].val << 8) | yyvsp[0].val; + ; + break;} +case 19: +#line 233 "ssl.y" +{ + yyval.val=(yyvsp[-2].val << 8) | yyvsp[0].val; + ; + break;} +case 20: +#line 237 "ssl.y" +{ + yyval.val=yyvsp[0].val; + ; + break;} +} + /* the action file gets copied in in place of this dollarsign */ +#line 543 "/usr/local/share/bison.simple" + + yyvsp -= yylen; + yyssp -= yylen; +#ifdef YYLSP_NEEDED + yylsp -= yylen; +#endif + +#if YYDEBUG != 0 + if (yydebug) + { + short *ssp1 = yyss - 1; + fprintf (stderr, "state stack now"); + while (ssp1 != yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif + + *++yyvsp = yyval; + +#ifdef YYLSP_NEEDED + yylsp++; + if (yylen == 0) + { + yylsp->first_line = yylloc.first_line; + yylsp->first_column = yylloc.first_column; + yylsp->last_line = (yylsp-1)->last_line; + yylsp->last_column = (yylsp-1)->last_column; + yylsp->text = 0; + } + else + { + yylsp->last_line = (yylsp+yylen-1)->last_line; + yylsp->last_column = (yylsp+yylen-1)->last_column; + } +#endif + + /* Now "shift" the result of the reduction. + Determine what state that goes to, + based on the state we popped back to + and the rule number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTBASE] + *yyssp; + if (yystate >= 0 && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTBASE]; + + goto yynewstate; + +yyerrlab: /* here on detecting error */ + + if (! yyerrstatus) + /* If not already recovering from an error, report this error. */ + { + ++yynerrs; + +#ifdef YYERROR_VERBOSE + yyn = yypact[yystate]; + + if (yyn > YYFLAG && yyn < YYLAST) + { + int size = 0; + char *msg; + int x, count; + + count = 0; + /* Start X at -yyn if nec to avoid negative indexes in yycheck. */ + for (x = (yyn < 0 ? -yyn : 0); + x < (sizeof(yytname) / sizeof(char *)); x++) + if (yycheck[x + yyn] == x) + size += strlen(yytname[x]) + 15, count++; + msg = (char *) malloc(size + 15); + if (msg != 0) + { + strcpy(msg, "parse error"); + + if (count < 5) + { + count = 0; + for (x = (yyn < 0 ? -yyn : 0); + x < (sizeof(yytname) / sizeof(char *)); x++) + if (yycheck[x + yyn] == x) + { + strcat(msg, count == 0 ? ", expecting `" : " or `"); + strcat(msg, yytname[x]); + strcat(msg, "'"); + count++; + } + } + yyerror(msg); + free(msg); + } + else + yyerror ("parse error; also virtual memory exceeded"); + } + else +#endif /* YYERROR_VERBOSE */ + yyerror("parse error"); + } + + goto yyerrlab1; +yyerrlab1: /* here on error raised explicitly by an action */ + + if (yyerrstatus == 3) + { + /* if just tried and failed to reuse lookahead token after an error, discard it. */ + + /* return failure if at end of input */ + if (yychar == YYEOF) + YYABORT; + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Discarding token %d (%s).\n", yychar, yytname[yychar1]); +#endif + + yychar = YYEMPTY; + } + + /* Else will try to reuse lookahead token + after shifting the error token. */ + + yyerrstatus = 3; /* Each real token shifted decrements this */ + + goto yyerrhandle; + +yyerrdefault: /* current state does not do anything special for the error token. */ + +#if 0 + /* This is wrong; only states that explicitly want error tokens + should shift them. */ + yyn = yydefact[yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ + if (yyn) goto yydefault; +#endif + +yyerrpop: /* pop the current state because it cannot handle the error token */ + + if (yyssp == yyss) YYABORT; + yyvsp--; + yystate = *--yyssp; +#ifdef YYLSP_NEEDED + yylsp--; +#endif + +#if YYDEBUG != 0 + if (yydebug) + { + short *ssp1 = yyss - 1; + fprintf (stderr, "Error: state stack now"); + while (ssp1 != yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif + +yyerrhandle: + + yyn = yypact[yystate]; + if (yyn == YYFLAG) + goto yyerrdefault; + + yyn += YYTERROR; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != YYTERROR) + goto yyerrdefault; + + yyn = yytable[yyn]; + if (yyn < 0) + { + if (yyn == YYFLAG) + goto yyerrpop; + yyn = -yyn; + goto yyreduce; + } + else if (yyn == 0) + goto yyerrpop; + + if (yyn == YYFINAL) + YYACCEPT; + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Shifting error token, "); +#endif + + *++yyvsp = yylval; +#ifdef YYLSP_NEEDED + *++yylsp = yylloc; +#endif + + yystate = yyn; + goto yynewstate; + + yyacceptlab: + /* YYACCEPT comes here. */ + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); +#endif + } + return 0; + + yyabortlab: + /* YYABORT comes here. */ + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); +#endif + } + return 1; +} +#line 242 "ssl.y" diff --git a/ssl/y.tab.h b/ssl/y.tab.h new file mode 100644 index 0000000..13309c6 --- /dev/null +++ b/ssl/y.tab.h @@ -0,0 +1,20 @@ +typedef union { + int val; + unsigned char str[8192]; +} YYSTYPE; +#define NAME_ 257 +#define NUM_ 258 +#define DOT_DOT_ 259 +#define STRUCT_ 260 +#define SELECT_ 261 +#define OPAQUE_ 262 +#define ENUM_ 263 +#define DIGITALLY_SIGNED_ 264 +#define COMMENT_START_ 265 +#define CODE_ 266 +#define COMMENT_END_ 267 +#define CASE_ 268 +#define CONSTANT_ 269 + + +extern YYSTYPE yylval; diff --git a/ssldump.1 b/ssldump.1 new file mode 100644 index 0000000..25e21f1 --- /dev/null +++ b/ssldump.1 @@ -0,0 +1,516 @@ +.\" This file contains sections of the tcpdump man page, to which the +.\" following copyright applies --EKR +.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.\" Copyright (C) 1999-2000 RTFM, Inc. +.\" All Rights Reserved +.\" +.\" This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +.\" and licensed by RTFM, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" +.\" This product includes software developed by Eric Rescorla for +.\" RTFM, Inc. +.\" +.\" 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +.\" used to endorse or promote products derived from this +.\" software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +.TH SSLDUMP 1 "28 September 2001" +.SH NAME +ssldump \- dump SSL traffic on a network +.SH SYNOPSIS +.na +.B ssldump +[ +.B \-vtaTnsAxXhHVNdq +] [ +.B \-r +.I dumpfile +] +[ +.B \-i +.I interface +] +.br +.ti +8 +[ +.B \-k +.I keyfile +] +[ +.B \-p +.I password +] +[ +.I expression +] +.br +.ad +.SH DESCRIPTION +.LP +\fIssldump\fP is an SSL/TLS network protocol analyzer. It identifies +TCP connections on the chosen network interface and attempts to +interpret them as SSL/TLS traffic. When it identifies SSL/TLS +traffic, it decodes the records and displays them in a textual +form to stdout. If provided with the appropriate keying material, +it will also decrypt the connections and display the application +data traffic. +.LP +ssldump has been tested on FreeBSD, Linux, Solaris, and HP/UX. Since +it's based on PCAP, it should work on most platforms. However, unlike +tcpdump, ssldump needs to be able to see both sides of the data +transmission so you may have trouble using it with network taps such +as SunOS nit that don't permit you to see transmitted data. +.B Under SunOS with nit or bpf: +To run +.I tcpdump +you must have read access to +.I /dev/nit +or +.IR /dev/bpf* . +.B Under Solaris with dlpi: +You must have read access to the network pseudo device, e.g. +.IR /dev/le . +.B Under HP-UX with dlpi: +You must be root or it must be installed setuid to root. +.B Under IRIX with snoop: +You must be root or it must be installed setuid to root. +.B Under Linux: +You must be root or it must be installed setuid to root. +.B Under Ultrix and Digital UNIX: +Once the super-user has enabled promiscuous-mode operation using +.IR pfconfig (8), +any user may run +.BR ssldump +.B Under BSD: +You must have read access to +.IR /dev/bpf* . +.SH OPTIONS +.B \-a +Print bare TCP ACKs (useful for observing Nagle behavior) +.TP +.B \-A +Print all record fields (by default ssldump chooses +the most interesting fields) +.TP +.B \-d +Display the application data traffic. This usually means +decrypting it, but when -d is used ssldump will also decode +application data traffic _before_ the SSL session initiates. +This allows you to see HTTPS CONNECT behavior as well as +SMTP STARTTLS. As a side effect, since ssldump can't tell +whether plaintext is traffic before the initiation of an +SSL connection or just a regular TCP connection, this allows +you to use ssldump to sniff any TCP connection. +ssldump will automatically detect ASCII data and display it +directly to the screen. non-ASCII data is displayed as hex +dumps. See also -X. +.TP +.B \-e +Print absolute timestamps instead of relative timestamps +.TP +.B \-r +Read data from \fIfile\fP instead of from the network. +The old -f option still works but is deprecated and will +probably be removed with the next version. +.B \-H +Print the full SSL packet header. +.TP +.B \-k +Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) +Previous versions of ssldump automatically looked in ./server.pem. +Now you must specify your keyfile every time. +.TP +.B \-n +Don't try to resolve host names from IP addresses +.TP +.B \-N +Attempt to parse ASN.1 when it appears, such as in +certificates and DNs. +.TP +.B \-p +Use \fIpassword\fP as the SSL keyfile password. +.TP +.B \-P +Don't put the interface into promiscuous mode. +.TP +.B \-q +Don't decode any record fields beyond a single summary line. (quiet mode). +.TP +.B \-x +Print each record in hex, as well as decoding it. +.TP +.B \-X +When the -d option is used, binary data is automatically printed +in two columns with a hex dump on the left and the printable characters +on the right. -X suppresses the display of the printable characters, +thus making it easier to cut and paste the hext data into some other +program. +.B \-y +Decorate the output for processing with troff. Not very +useful for the average user. +.TP +.IP "\fI expression\fP" +.RS +Selects what packets ssldump will examine. Technically speaking, +ssldump supports the full expression syntax from PCAP and tcpdump. +In fact, the description here is cribbed from the tcpdump man +page. However, since ssldump needs to examine full TCP streams, +most of the tcpdump expressions will select traffic mixes +that ssldump will simply ignore. Only the expressions which +don't result in incomplete TCP streams are listed here. +.LP +The \fIexpression\fP consists of one or more +.I primitives. +Primitives usually consist of an +.I id +(name or number) preceded by one or more qualifiers. There are three +different kinds of qualifier: +.IP \fItype\fP +qualifiers say what kind of thing the id name or number refers to. +Possible types are +.BR host , +.B net +and +.BR port . +E.g., `host foo', `net 128.3', `port 20'. If there is no type +qualifier, +.B host +is assumed. +.IP \fIdir\fP +qualifiers specify a particular transfer direction to and/or from +.I id. +Possible directions are +.BR src , +.BR dst , +.B "src or dst" +and +.B "src and" +.BR dst . +E.g., `src foo', `dst net 128.3', `src or dst port ftp-data'. If +there is no dir qualifier, +.B "src or dst" +is assumed. +For `null' link layers (i.e. point to point protocols such as slip) the +.B inbound +and +.B outbound +qualifiers can be used to specify a desired direction. +.LP +More complex filter expressions are built up by using the words +.BR and , +.B or +and +.B not +to combine primitives. E.g., `host foo and not port ftp and not port ftp-data'. +To save typing, identical qualifier lists can be omitted. E.g., +`tcp dst port ftp or ftp-data or domain' is exactly the same as +`tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'. +.LP +Allowable primitives are: +.IP "\fBdst host \fIhost\fR" +True if the IPv4/v6 destination field of the packet is \fIhost\fP, +which may be either an address or a name. +.IP "\fBsrc host \fIhost\fR" +True if the IPv4/v6 source field of the packet is \fIhost\fP. +.IP "\fBhost \fIhost\fP +True if either the IPv4/v6 source or destination of the packet is \fIhost\fP. +Any of the above host expressions can be prepended with the keywords, +\fBip\fP, \fBarp\fP, \fBrarp\fP, or \fBip6\fP as in: +.in +.5i +.nf +\fBip host \fIhost\fR +.fi +.in -.5i +which is equivalent to: +.in +.5i +.nf +\fBether proto \fI\\ip\fB and host \fIhost\fR +.fi +.in -.5i +If \fIhost\fR is a name with multiple IP addresses, each address will +be checked for a match. +.IP "\fBether dst \fIehost\fP +True if the ethernet destination address is \fIehost\fP. \fIEhost\fP +may be either a name from /etc/ethers or a number (see +.IR ethers (3N) +for numeric format). +.IP "\fBether src \fIehost\fP +True if the ethernet source address is \fIehost\fP. +.IP "\fBether host \fIehost\fP +True if either the ethernet source or destination address is \fIehost\fP. +.IP "\fBgateway\fP \fIhost\fP +True if the packet used \fIhost\fP as a gateway. I.e., the ethernet +source or destination address was \fIhost\fP but neither the IP source +nor the IP destination was \fIhost\fP. \fIHost\fP must be a name and +must be found in both /etc/hosts and /etc/ethers. (An equivalent +expression is +.in +.5i +.nf +\fBether host \fIehost \fBand not host \fIhost\fR +.fi +.in -.5i +which can be used with either names or numbers for \fIhost / ehost\fP.) +This syntax does not work in IPv6-enabled configuration at this moment. +.IP "\fBdst net \fInet\fR" +True if the IPv4/v6 destination address of the packet has a network +number of \fInet\fP. \fINet\fP may be either a name from /etc/networks +or a network number (see \fInetworks(4)\fP for details). +.IP "\fBsrc net \fInet\fR" +True if the IPv4/v6 source address of the packet has a network +number of \fInet\fP. +.IP "\fBnet \fInet\fR" +True if either the IPv4/v6 source or destination address of the packet has a network +number of \fInet\fP. +.IP "\fBnet \fInet\fR \fBmask \fImask\fR" +True if the IP address matches \fInet\fR with the specific netmask. +May be qualified with \fBsrc\fR or \fBdst\fR. +Note that this syntax is not valid for IPv6 \fInet\fR. +.IP "\fBnet \fInet\fR/\fIlen\fR" +True if the IPv4/v6 address matches \fInet\fR a netmask \fIlen\fR bits wide. +May be qualified with \fBsrc\fR or \fBdst\fR. +.IP "\fBdst port \fIport\fR" +True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a +destination port value of \fIport\fP. +The \fIport\fP can be a number or a name used in /etc/services (see +.IR tcp (4P) +and +.IR udp (4P)). +If a name is used, both the port +number and protocol are checked. If a number or ambiguous name is used, +only the port number is checked (e.g., \fBdst port 513\fR will print both +tcp/login traffic and udp/who traffic, and \fBport domain\fR will print +both tcp/domain and udp/domain traffic). +.IP "\fBsrc port \fIport\fR" +True if the packet has a source port value of \fIport\fP. +.IP "\fBport \fIport\fR" +True if either the source or destination port of the packet is \fIport\fP. +Any of the above port expressions can be prepended with the keywords, +\fBtcp\fP or \fBudp\fP, as in: +.in +.5i +.nf +\fBtcp src port \fIport\fR +.fi +.in -.5i +which matches only tcp packets whose source port is \fIport\fP. +.LP +Primitives may be combined using: +.IP +A parenthesized group of primitives and operators +(parentheses are special to the Shell and must be escaped). +.IP +Negation (`\fB!\fP' or `\fBnot\fP'). +.IP +Concatenation (`\fB&&\fP' or `\fBand\fP'). +.IP +Alternation (`\fB||\fP' or `\fBor\fP'). +.LP +Negation has highest precedence. +Alternation and concatenation have equal precedence and associate +left to right. Note that explicit \fBand\fR tokens, not juxtaposition, +are now required for concatenation. +.LP +If an identifier is given without a keyword, the most recent keyword +is assumed. +For example, +.in +.5i +.nf +\fBnot host vs and ace\fR +.fi +.in -.5i +is short for +.in +.5i +.nf +\fBnot host vs and host ace\fR +.fi +.in -.5i +which should not be confused with +.in +.5i +.nf +\fBnot ( host vs or ace )\fR +.fi +.in -.5i +.LP +Expression arguments can be passed to ssldump as either a single argument +or as multiple arguments, whichever is more convenient. +Generally, if the expression contains Shell metacharacters, it is +easier to pass it as a single, quoted argument. +Multiple arguments are concatenated with spaces before being parsed. +.SH EXAMPLES +.LP +To listen to traffic on interface \fIle0\fP port \fI443\fP +.RS +.nf +\fBssldump -i le0 port 443\fP +.fi +.RE +.LP +To listen to traffic to the server \fIromeo\fP on port \fI443\fP. +.RS +.nf +\fBssldump -i le0 port 443 and host romeo\fP +.fi +.RE +.LP +To decrypt traffic to to host \fIromeo\fR +\fIserver.pem\fR and the password \fIfoobar\fR +.RS +.nf +\fBssldump -Ad -k ~/server.pem -p foobar -i le0 host romeo +.fi +.RE +.SH OUTPUT FORMAT +.LP +All output is printed to standard out. +.LP +ssldump prints an indication of every new TCP connection using a line +like the following +.nf +.LP +\fBNew TCP connection #2: iromeo.rtfm.com(2302) <-> sr1.rtfm.com(4433)\fP +.LP +.fi +The host which send the first SYN is printed on the left and the host +which responded is printed on the right. Ordinarily, this means that +the SSL client will be printed on the left with the SSL server on the +right. In this case we have a connection from \fIiromeo.rtfm.com\fR (port \fI2303\fR) +to \fIsr1.rtfm.com\fR (port \fI4433\fR). To allow the user to disentangle +traffic from different connections, each connection is numbered. This is +connection \fI2\fR. +.LP +The printout of each SSL record begins with a record line. This +line contains the connection and record number, a timestamp, and the +record type, as in the following: +.LP +.nf +\fB2 3 0.2001 (0.0749) S>C Handshake Certificate\fR +.fi +.LP +This is record \fI3\fR on connection \fI2\fR. The first timestamp +is the time since the beginning of the connection. The second is +the time since the previous record. Both are in seconds. +.LP +The next field in the record line is the direction that the record +was going. \fIC>S\fR indicates records transmitted from client to +server and \fIS>C\fR indicates records transmitted from server to client. +ssldump assumes that the host to transmit the first SYN +is the SSL client (this is nearly always correct). +.LP +The next field is the record type, one of \fIHandshake\fR, \fIIAlert\fR, +\fIChangeCipherSpec\fR, or \fIapplication_data\fR. Finally, ssldump +may print record-specific data on the rest of the line. For \fIHandshake\fR +records, it prints the handshake message. Thus, this record is +a \fICertificate\fR message. +.LP +ssldump chooses certain record types for further decoding. These +are the ones that have proven to be most useful for debugging: +.LP +.nf +\fIClientHello\fR \- version, offered cipher suites, session id + if provided) +\fIServerHello\fR \- version, session_id, chosen cipher suite, + compression method +\fIAlert\fR \- type and level (if obtainable) +.fi +.LP +Fuller decoding of the various records can be obtained by using the +.B \-A +, +.B \-d +, +.B \-k +and +.B \-p +flags. +.LP +.SH DECRYPTION +.LP +ssldump can decrypt traffic between two hosts if the following two +conditions are met: +.RS +.nf +1. ssldump has the keys. +2. Static RSA was used. +.fi +.RE +In any other case, once encryption starts, +ssldump will only be able to determine the +record type. Consider the following section of a trace. +.LP +.nf +\fB1 5 0.4129 (0.1983) C>S Handshake ClientKeyExchange +1 6 0.4129 (0.0000) C>S ChangeCipherSpec +1 7 0.4129 (0.0000) C>S Handshake +1 8 0.5585 (0.1456) S>C ChangeCipherSpec +1 9 0.6135 (0.0550) S>C Handshake +1 10 2.3121 (1.6986) C>S application_data +1 11 2.5336 (0.2214) C>S application_data +1 12 2.5545 (0.0209) S>C application_data +1 13 2.5592 (0.0046) S>C application_data +1 14 2.5592 (0.0000) S>C Alert\fP +.fi +.LP +Note that the \fIClientKeyExchange\fR message type is printed +but the rest of the \fIHandshake\fR messages do not have +types. These are the \fIFinished\fR messages, but because they +are encrypted ssldump only knows that they are of type \fIHandshake\fR. +Similarly, had the \fIAlert\fR in record 14 happened during the handshake, +it's type and level would have been printed. However, since it +is encrypted we can only tell that it is an alert. +.LP +.SH BUGS +.LP +Please send bug reports to ssldump@rtfm.com. +.LP +The TCP reassembler is not perfect. No attempt is made to reassemble IP +fragments and the 3-way handshake and close handshake are imperfectly +implemented. In practice, this turns out not to be much of a problem. +.LP +Support is provided for only for Ethernet and loopback interfaces +because that's all that I have. If you have another kind of network +you will need to modify pcap_cb in base/pcap-snoop.c. If you have +direct experience with ssldump on other networks, please send me patches. +.LP +ssldump doesn't implement session caching and therefore can't decrypt +resumed sessions. + + diff --git a/win32/Ssldump.html b/win32/Ssldump.html new file mode 100644 index 0000000..38403dc --- /dev/null +++ b/win32/Ssldump.html @@ -0,0 +1,394 @@ + + +
+

+       ssldump - dump SSL traffic on a network
+
+
+
+

SYNOPSIS

+       ssldump [ -vtaTnsAxXhHVNdq ] [ -r dumpfile ] 
       [ -i interface ] [ -k keyfile ] [ -p password ] [ expression ]
+
+
+
+

DESCRIPTION

+       ssldump is an SSL/TLS network protocol analyzer. It  iden-
+       tifies TCP connections on the chosen network interface and
+       attempts to interpret them as  SSL/TLS  traffic.  When  it
+       identifies  SSL/TLS  traffic,  it  decodes the records and
+       displays them in a textual form  to  stdout.  If  provided
+       with the appropriate keying material, it will also decrypt
+       the connections and display the application data  traffic.
+
+       ssldump  has  been  tested on FreeBSD, Linux, Solaris, and
+       HP/UX.  Since it's based on PCAP, it should work  on  most
+       platforms.  However,  unlike  tcpdump, ssldump needs to be
+       able to see both sides of the data transmission so you may
+       have  trouble using it with network taps such as SunOS nit
+       that don't permit you  to  see  transmitted  data.   Under
+       SunOS  with  nit or bpf: To run tcpdump you must have read
+       access to /dev/nit or /dev/bpf*.  Under Solaris with dlpi:
+       You  must  have  read access to the network pseudo device,
+       e.g.  /dev/le.  Under HP-UX with dlpi: You must be root or
+       it  must  be  installed  setuid  to root.  Under IRIX with
+       snoop: You must be root or it must be installed setuid  to
+       root.   Under  Linux:  You  must  be  root  or  it must be
+       installed setuid to root.  Under Ultrix and Digital  UNIX:
+       Once the super-user has enabled promiscuous-mode operation
+       using pfconfig(8), any user may run ssldump Under BSD: You
+       must have read access to /dev/bpf*.
+
+
+
+

OPTIONS

+       -a     Print bare TCP ACKs (useful for observing Nagle behav-
+              ior)
+
+       -A     Print all record fields (by default ssldump chooses
+              the most interesting fields)
+
+       -d     Display  the application data traffic. This usually
+              means decrypting it, but when -d  is  used  ssldump
+              will  also decode application data traffic _before_
+              the SSL session initiates.  This allows you to  see
+              HTTPS CONNECT behavior as well as SMTP STARTTLS. As
+              a side effect, since  ssldump  can't  tell  whether
+              plaintext  is  traffic  before the initiation of an
+              SSL connection or just a  regular  TCP  connection,
+              this  allows  you  to  use ssldump to sniff any TCP
+              connection.   ssldump  will  automatically   detect
+              ASCII  data  and display it directly to the screen.
+
+       -e     Print   absolute  timestamps  instead  of  relative
+              timestamps
+
+       -r     Read data from file instead of  from  the  network.
+              The old -f option still works but is deprecated and
+              will probably be removed with the next version.
              
       -H
+              Print the full SSL packet header.
+
+       -k     Use  keyfile  as  the  location  of the SSL keyfile
+              (OpenSSL format)  ssldump  automatically  looks  in
+              ./server.pem.
+
+       -n     Don't try to resolve host names from IP addresses
+
+       -N     Attempt  to parse ASN.1 when it appears, such as in
+              certificates and DNs.
+
+       -p     Use password as the SSL keyfile password default is
+              "password".
+
+       -q     Don't decode any record fields beyond a single sum-
+              mary line. (quiet mode).
+
+       -x     Print each record in hex, as well as decoding it.
+
+       -X     When the -d option is used, binary data is automat-
+              ically  printed  in  two columns with a hex dump on
+              the left and the printable characters on the right.
+              -X  suppresses the display of the printable charac-
+              ters, thus making it easier to cut  and  paste  the
+              hext data into some other program.  -y Decorate the
+              output for processing with troff. Not  very  useful
+              for the average user.
+
+
+        expression
+              Selects  what packets ssldump will examine. Techni-
+              cally speaking, ssldump supports the  full  expres-
+              sion  syntax  from  PCAP and tcpdump.  In fact, the
+              description here is cribbed from  the  tcpdump  man
+              page.  However, since ssldump needs to examine full
+              TCP streams, most of the tcpdump  expressions  will
+              select  traffic  mixes  that  ssldump  will  simply
+              ignore. Only the expressions which don't result  in
+              incomplete TCP streams are listed here.
+
+              The  expression consists of one or more primitives.
+              Primitives usually consist of an id (name  or  num-
+              ber) preceded by one or more qualifiers.  There are
+              three different kinds of qualifier:
+
+                     are host, net and port.  E.g.,  `host  foo',
+                     `net 128.3', `port 20'.  If there is no type
+                     qualifier, host is assumed.
+
+              dir    qualifiers  specify  a  particular  transfer
+                     direction   to  and/or  from  id.   Possible
+                     directions are src, dst, src or dst and  src
+                     and  dst.  E.g., `src foo', `dst net 128.3',
+                     `src or dst port ftp-data'.  If there is  no
+                     dir  qualifier,  src or dst is assumed.  For
+                     `null' link layers (i.e. point to point pro-
+                     tocols  such  as  slip) the inbound and out-
+                     bound qualifiers can be used  to  specify  a
+                     desired direction.
+
+              More  complex  filter  expressions  are built up by
+              using the words and, or and not to  combine  primi-
+              tives.   E.g.,  `host  foo and not port ftp and not
+              port ftp-data'.  To save typing,  identical  quali-
+              fier lists can be omitted.  E.g., `tcp dst port ftp
+              or ftp-data or domain' is exactly the same as  `tcp
+              dst  port  ftp  or tcp dst port ftp-data or tcp dst
+              port domain'.
+
+              Allowable primitives are:
+
+              dst host host
+                     True if the IPv4/v6 destination field of the
+                     packet  is  host,  which  may  be  either an
+                     address or a name.
+
+              src host host
+                     True if the  IPv4/v6  source  field  of  the
+                     packet is host.
+
+              host host
+                     True  if either the IPv4/v6 source or desti-
+                     nation of the packet is host.   Any  of  the
+                     above host expressions can be prepended with
+                     the keywords, ip, arp, rarp, or ip6 as in:
+                          ip host host
+                     which is equivalent to:
+                          ether proto \ip and host host
+                     If  host  is  a  name   with   multiple   IP
+                     addresses,  each address will be checked for
+                     a match.
+
+              ether dst ehost
+                     True if the ethernet destination address  is
+                     ehost.   Ehost  may  be  either  a name from
+                     /etc/ethers or a number (see ethers(3N)  for
+                     numeric format).
+                     True  if  the  ethernet  source  address  is
+                     ehost.
+
+              ether host ehost
+                     True if either the ethernet source or desti-
+                     nation address is ehost.
+
+              gateway host
+                     True  if  the packet used host as a gateway.
+                     I.e., the  ethernet  source  or  destination
+                     address  was  host but neither the IP source
+                     nor the IP destination was host.  Host  must
+                     be   a  name  and  must  be  found  in  both
+                     /etc/hosts and /etc/ethers.  (An  equivalent
+                     expression is
+                          ether host ehost and not host host
+                     which  can be used with either names or num-
+                     bers for host / ehost.)   This  syntax  does
+                     not  work  in  IPv6-enabled configuration at
+                     this moment.
+
+              dst net net
+                     True if the IPv4/v6 destination  address  of
+                     the  packet has a network number of net. Net
+                     may be either a name from /etc/networks or a
+                     network    number   (see   networks(4)   for
+                     details).
+
+              src net net
+                     True if the IPv4/v6 source  address  of  the
+                     packet has a network number of net.
+
+              net net
+                     True  if either the IPv4/v6 source or desti-
+                     nation address of the packet has  a  network
+                     number of net.
+
+              net net mask mask
+                     True  if the IP address matches net with the
+                     specific netmask.  May be qualified with src
+                     or  dst.  Note that this syntax is not valid
+                     for IPv6 net.
+
+              net net/len
+                     True if the IPv4/v6 address  matches  net  a
+                     netmask  len  bits  wide.   May be qualified
+                     with src or dst.
+
+              dst port port
+                     True  if  the  packet  is  ip/tcp,   ip/udp,
+                     ip6/tcp  or  ip6/udp  and  has a destination
+                     port value of port.  The port can be a  num-
+                     both   the  port  number  and  protocol  are
+                     checked.  If a number or ambiguous  name  is
+                     used, only the port number is checked (e.g.,
+                     dst port 513 will print both tcp/login traf-
+                     fic  and  udp/who  traffic,  and port domain
+                     will print both  tcp/domain  and  udp/domain
+                     traffic).
+
+              src port port
+                     True  if  the packet has a source port value
+                     of port.
+
+              port port
+                     True if either  the  source  or  destination
+                     port  of  the  packet  is  port.  Any of the
+                     above port expressions can be prepended with
+                     the keywords, tcp or udp, as in:
+                          tcp src port port
+                     which  matches only tcp packets whose source
+                     port is port.
+
+              Primitives may be combined using:
+
+                     A  parenthesized  group  of  primitives  and
+                     operators  (parentheses  are  special to the
+                     Shell and must be escaped).
+
+                     Negation (`!' or `not').
+
+                     Concatenation (`&&' or `and').
+
+                     Alternation (`||' or `or').
+
+              Negation has highest precedence.   Alternation  and
+              concatenation  have  equal precedence and associate
+              left to right.  Note that explicit and tokens,  not
+              juxtaposition,  are now required for concatenation.
+
+              If an identifier is given without  a  keyword,  the
+              most recent keyword is assumed.  For example,
+                   not host vs and ace
+              is short for
+                   not host vs and host ace
+              which should not be confused with
+                   not ( host vs or ace )
+
+              Expression  arguments  can  be passed to ssldump as
+              either a single argument or as multiple  arguments,
+              whichever  is  more  convenient.  Generally, if the
+              expression contains  Shell  metacharacters,  it  is
+              easier  to  pass  it  as a single, quoted argument.
+              Multiple arguments  are  concatenated  with  spaces
+
+       To listen to traffic on interface le0 port 443
+              ssldump -i le0 port 443
+
+       To listen to traffic to the server romeo on port 443.
+              ssldump -i le0 port 443 and host romeo
+
+       To  decrypt  traffic  to  to host romeo server.pem and the
+       password foobar
+              ssldump -Ad -k ~/server.pem -p foobar -i le0 host romeo
+
+
+
+

OUTPUT FORMAT

+       All output is printed to standard out.
+
+       ssldump prints an indication of every new  TCP  connection
+       using a line like the following
+
+       New TCP connection #2: iromeo.rtfm.com(2302) <-> sr1.rtfm.com(4433)
+
+       The  host  which send the first SYN is printed on the left
+       and the host which responded  is  printed  on  the  right.
+       Ordinarily, this means that the SSL client will be printed
+       on the left with the SSL server on the right. In this case
+       we  have  a connection from iromeo.rtfm.com (port 2303) to
+       sr1.rtfm.com (port 4433). To allow the user to disentangle
+       traffic  from  different  connections,  each connection is
+       numbered. This is connection 2.
+
+       The printout of each SSL record begins with a record line.
+       This  line  contains  the  connection and record number, a
+       timestamp, and the record type, as in the following:
+
+       2 3  0.2001 (0.0749)  S>C  Handshake      Certificate
+
+       This is record 3 on connection 2. The first  timestamp  is
+       the time since the beginning of the connection. The second
+       is the time since the previous record. Both  are  in  sec-
+       onds.
+
+       The  next  field  in the record line is the direction that
+       the record was going. C>S  indicates  records  transmitted
+       from  client to server and S>C indicates records transmit-
+       ted from server to client.  ssldump assumes that the  host
+       to  transmit  the  first  SYN  is  the SSL client (this is
+       nearly always correct).
+
+       The next field is  the  record  type,  one  of  Handshake,
+       IAlert,  ChangeCipherSpec,  or  application_data. Finally,
+       ssldump may print record-specific data on the rest of  the
+       line.  For Handshake records, it prints the handshake mes-
+       sage. Thus, this record is a Certificate message.
+
+       ssldump chooses certain record types for further decoding.
+
+       ClientHello - version, offered cipher suites, session id
+                            if provided)
+       ServerHello - version, session_id, chosen cipher suite,
+                      compression method
+       Alert - type and level (if obtainable)
+
+       Fuller decoding of the various records can be obtained  by
+       using the -A , -d , -k and -p flags.
+
+
+
+
+

DECRYPTION

+       ssldump  can decrypt traffic between two hosts if the fol-
+       lowing two conditions are met:
+              1. ssldump has the keys.
+              2. Static RSA was used.
+       In any other case, once encryption  starts,  ssldump  will
+       only  be  able  to determine the record type. Consider the
+       following section of a trace.
+
+       1 5  0.4129 (0.1983)  C>S  Handshake      ClientKeyExchange
+       1 6  0.4129 (0.0000)  C>S  ChangeCipherSpec
+       1 7  0.4129 (0.0000)  C>S  Handshake
+       1 8  0.5585 (0.1456)  S>C  ChangeCipherSpec
+       1 9  0.6135 (0.0550)  S>C  Handshake
+       1 10 2.3121 (1.6986)  C>S  application_data
+       1 11 2.5336 (0.2214)  C>S  application_data
+       1 12 2.5545 (0.0209)  S>C  application_data
+       1 13 2.5592 (0.0046)  S>C  application_data
+       1 14 2.5592 (0.0000)  S>C  Alert
+
+       Note that the ClientKeyExchange message  type  is  printed
+       but  the rest of the Handshake messages do not have types.
+       These are the Finished  messages,  but  because  they  are
+       encrypted  ssldump  only knows that they are of type Hand-
+       shake.  Similarly, had the Alert  in  record  14  happened
+       during  the handshake, it's type and level would have been
+       printed. However, since it is encrypted we can  only  tell
+       that it is an alert.
+
+
+
+
+

BUGS

+       Please send bug reports to ssldump@rtfm.com.
+
+       The  TCP reassembler is not perfect. No attempt is made to
+       reassemble IP fragments and the 3-way handshake and  close
+       handshake  are  imperfectly implemented. In practice, this
+       turns out not to be much of a problem.
+
+       Support is provided for only  for  Ethernet  and  loopback
+       interfaces  because  that's  all  that I have. If you have
+       another kind of network you will need to modify pcap_cb in
+       base/pcap-snoop.c. If you have direct experience with ssldump
+       on other networks, please send me patches.
+
+       ssldump doesn't implement session  caching  and  therefore
+       can't decrypt resumed sessions.
+
+
+
+
+
+Man(1) output converted with +man2html +
+ + diff --git a/win32/vcwin32.mak b/win32/vcwin32.mak new file mode 100644 index 0000000..ac7a6f6 --- /dev/null +++ b/win32/vcwin32.mak @@ -0,0 +1,305 @@ +# Copyright (C) 1999-2000 RTFM, Inc. +# All Rights Reserved + +# This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +# and licensed by RTFM, Inc. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# +# This product includes software developed by Eric Rescorla for +# RTFM, Inc. + +# 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +# used to endorse or promote products derived from this +# software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +!IF "$(CFG)" == "" +CFG=release +!MESSAGE No configuration specified. Defaulting to release. +!ENDIF + +!IF "$(CFG)" != "release" && "$(CFG)" != "debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "vcwin32.mak" CFG="debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "release" +!MESSAGE "debug" +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF + + +# Directories, relative to this one + +ROOT=. +ANALYZE_SRCDIR=$(ROOT)\base +COMMONDIR=$(ROOT)\common +COMMON_LIB_SRCDIR=$(COMMONDIR)\lib +ANALYZE_NULL_SRCDIR=$(ROOT)\null +ANALYZE_SSL_SRCDIR=$(ROOT)\ssl + +WIN32_DIR=$(ROOT)\win32 +OBJ_DIR=$(ROOT)\out32 +WINPCAP_DEV_DIR=$(WIN32_DIR)\WPdpack +WINPCAP_SRC_DIR=$(WIN32_DIR)\winpcap +WINPCAP_INCLUDES=-I$(WINPCAP_DEV_DIR)\include -I$(WINPCAP_DEV_DIR)\include\net \ +-I$(WINPCAP_SRC_DIR)\wpcap\libpcap\win32\include + +# +# OpenSSL-specific stuff +# + +!IF "$(OPENSSL)" == "" +OPENSSL=no +!MESSAGE OpenSSL support defaulting to "no". +!ENDIF + +!IF "$(OPENSSL)" == "yes" + +# +# Customize the next 3 macros match your openssl development setup +# +OPENSSL_DIR=$(ROOT)\..\openssl\openssl-0.9.6g +OPENSSL_RELEASE=$(OPENSSL_DIR)\out32 +OPENSSL_DEBUG=$(OPENSSL_DIR)\out32.dbg + +OPENSSL_DEFINES=/D OPENSSL +OPENSSL_RELEASE_LIBS=$(OPENSSL_RELEASE)\libeay32.lib $(OPENSSL_RELEASE)\ssleay32.lib +OPENSSL_DEBUG_LIBS=$(OPENSSL_DEBUG)\libeay32.lib $(OPENSSL_DEBUG)\ssleay32.lib +OPENSSL_INCLUDES=-I$(OPENSSL_DIR)\inc32 + +!ELSE # no OpenSSL + +OPENSSL_DEFINES= +OPENSSL_DIR= +OPENSSL_RELEASE= +OPENSSL_RELEASE_LIBS= +OPENSSL_DEBUG= +OPENSSL_DEBUG_LIBS= +OPENSSL_INCLUDES= + +!ENDIF + + +PLATFORM=VC-WIN32 +CC=cl.exe +LINK=link.exe + +# +# Getting the C run-time flag correct is critical and difficult, sadly +# The same C run-time should be used by all the object code that comprises +# the process. This means all DLL's and static libs we link to must use the +# same C run-time, and we must match it with our flag. +# +# the wpcap.dll is linked to the static C run-time lib, so we will also +# + +C_RUNTIME_FLAG=/MT +COMMON_INCLUDES=-I$(ANALYZE_SRCDIR) -I$(COMMONDIR)\include -I$(COMMON_LIB_SRCDIR) -I$(ANALYZE_NULL_SRCDIR) \ +-I$(ANALYZE_SSL_SRCDIR) -I$(WIN32_DIR) $(WINPCAP_INCLUDES) $(OPENSSL_INCLUDES) +COMMON_DEFINES=/D STDC /D WIN32 /D _CONSOLE \ + $(OPENSSL_DEFINES) /D STDC_HEADERS /D SIZEOF_UNSIGNED_SHORT=2 /D SIZEOF_UNSIGNED_LONG=4 \ + /D RETSIGTYPE=void /D SIZEOF_CHAR=1 /D SIZEOF_SHORT=2 /D SIZEOF_INT=4 +COMMON_CFLAGS=/nologo /W3 $(COMMON_INCLUDES) $(COMMON_DEFINES) /Fp"$(OBJ_DIR)\ssldump.pch" /YX /Fd"$(OBJ_DIR)\\" /FD /c +COMMON_LIBS=gdi32.lib Wsock32.lib $(WINPCAP_DEV_DIR)\lib\wpcap.lib +COMMON_LFLAGS=/nologo /subsystem:console /machine:I386 /opt:ref /incremental:no + + + +# Set build-specific (i.e., release vs. debug) options + +!IF "$(CFG)" == "release" + +BUILD_SPECIFIC_INCLUDES= +BUILD_SPECIFIC_DEFINES=/D NDEBUG +BUILD_SPECIFIC_CFLAGS=$(C_RUNTIME_FLAG) /O2 $(BUILD_SPECIFIC_INCLUDES) $(BUILD_SPECIFIC_DEFINES) +BUILD_SPECIFIC_LIBS=$(OPENSSL_RELEASE_LIBS) +BUILD_SPECIFIC_LFLAGS= + +!ELSE # =="debug" + +BUILD_SPECIFIC_INCLUDES= +BUILD_SPECIFIC_DEFINES=/D _DEBUG +BUILD_SPECIFIC_CFLAGS=$(C_RUNTIME_FLAG)d /ZI /Od /GZ $(BUILD_SPECIFIC_INCLUDES) $(BUILD_SPECIFIC_DEFINES) +BUILD_SPECIFIC_LIBS=$(OPENSSL_DEBUG_LIBS) +BUILD_SPECIFIC_LFLAGS= + +!ENDIF + +CFLAGS=$(COMMON_CFLAGS) $(BUILD_SPECIFIC_CFLAGS) +LFLAGS=$(COMMON_LFLAGS) $(BUILD_SPECIFIC_LFLAGS) $(COMMON_LIBS) $(BUILD_SPECIFIC_LIBS) + + + +ALL : $(OBJ_DIR) "$(OBJ_DIR)\ssldump.exe" + +"$(OBJ_DIR)" : + if not exist "$(OBJ_DIR)/$(NULL)" mkdir "$(OBJ_DIR)" + + +CLEAN : + -@erase "$(OBJ_DIR)\debug.obj" + -@erase "$(OBJ_DIR)\r_assoc.obj" + -@erase "$(OBJ_DIR)\r_data.obj" + -@erase "$(OBJ_DIR)\r_errors.obj" + -@erase "$(OBJ_DIR)\r_list.obj" + -@erase "$(OBJ_DIR)\r_replace.obj" + -@erase "$(OBJ_DIR)\r_time.obj" + -@erase "$(OBJ_DIR)\network.obj" + -@erase "$(OBJ_DIR)\pcap-snoop.obj" + -@erase "$(OBJ_DIR)\proto_mod.obj" + -@erase "$(OBJ_DIR)\tcpconn.obj" + -@erase "$(OBJ_DIR)\tcppack.obj" + -@erase "$(OBJ_DIR)\null_analyze.obj" + -@erase "$(OBJ_DIR)\ciphersuites.obj" + -@erase "$(OBJ_DIR)\ssl.enums.obj" + -@erase "$(OBJ_DIR)\ssl_analyze.obj" + -@erase "$(OBJ_DIR)\ssl_rec.obj" + -@erase "$(OBJ_DIR)\ssldecode.obj" + -@erase "$(OBJ_DIR)\sslprint.obj" + -@erase "$(OBJ_DIR)\sslxprint.obj" + -@erase "$(OBJ_DIR)\ssldump.exe" + + +LINK_OBJS= \ + "$(OBJ_DIR)\debug.obj" \ + "$(OBJ_DIR)\r_assoc.obj" \ + "$(OBJ_DIR)\r_data.obj" \ + "$(OBJ_DIR)\r_errors.obj" \ + "$(OBJ_DIR)\r_list.obj" \ + "$(OBJ_DIR)\r_replace.obj" \ + "$(OBJ_DIR)\r_time.obj" \ + "$(OBJ_DIR)\network.obj" \ + "$(OBJ_DIR)\pcap-snoop.obj" \ + "$(OBJ_DIR)\proto_mod.obj" \ + "$(OBJ_DIR)\tcpconn.obj" \ + "$(OBJ_DIR)\tcppack.obj" \ + "$(OBJ_DIR)\null_analyze.obj" \ + "$(OBJ_DIR)\ciphersuites.obj" \ + "$(OBJ_DIR)\ssl.enums.obj" \ + "$(OBJ_DIR)\ssl_analyze.obj" \ + "$(OBJ_DIR)\ssl_rec.obj" \ + "$(OBJ_DIR)\ssldecode.obj" \ + "$(OBJ_DIR)\sslprint.obj" \ + "$(OBJ_DIR)\sslxprint.obj" + +"$(OBJ_DIR)\ssldump.exe": "$(OBJ_DIR)" $(LINK_OBJS) + $(LINK) @<< + /OUT:$@ $(LFLAGS) $(LINK_OBJS) +<< + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +$(OBJ_DIR)\debug.obj: $(COMMON_LIB_SRCDIR)\debug.h +$(OBJ_DIR)\debug.obj: $(COMMON_LIB_SRCDIR)\debug.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\debug.c + +$(OBJ_DIR)\r_assoc.obj: $(COMMON_LIB_SRCDIR)\r_assoc.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_assoc.c + +$(OBJ_DIR)\r_data.obj: $(COMMON_LIB_SRCDIR)\r_data.h +$(OBJ_DIR)\r_data.obj: $(COMMON_LIB_SRCDIR)\r_data.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_data.c + +$(OBJ_DIR)\r_errors.obj: $(COMMON_LIB_SRCDIR)\r_errors.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_errors.c + +$(OBJ_DIR)\r_list.obj: $(COMMON_LIB_SRCDIR)\r_list.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_list.c + +$(OBJ_DIR)\r_replace.obj: $(COMMON_LIB_SRCDIR)\r_replace.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_replace.c + +$(OBJ_DIR)\r_time.obj: $(COMMON_LIB_SRCDIR)\r_time.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_time.c + + + + +$(OBJ_DIR)\network.obj: $(ANALYZE_SRCDIR)\network.h +$(OBJ_DIR)\network.obj: $(ANALYZE_SRCDIR)\network.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\network.c + +$(OBJ_DIR)\pcap-snoop.obj: $(ANALYZE_SRCDIR)\pcap-snoop.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\pcap-snoop.c + +$(OBJ_DIR)\proto_mod.obj: $(ANALYZE_SRCDIR)\proto_mod.h +$(OBJ_DIR)\proto_mod.obj: $(ANALYZE_SRCDIR)\proto_mod.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\proto_mod.c + +$(OBJ_DIR)\tcpconn.obj: $(ANALYZE_SRCDIR)\tcpconn.h +$(OBJ_DIR)\tcpconn.obj: $(ANALYZE_SRCDIR)\tcpconn.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\tcpconn.c + +$(OBJ_DIR)\tcppack.obj: $(ANALYZE_SRCDIR)\tcppack.h +$(OBJ_DIR)\tcppack.obj: $(ANALYZE_SRCDIR)\tcppack.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\tcppack.c + + +$(OBJ_DIR)\null_analyze.obj: $(ANALYZE_NULL_SRCDIR)\null_analyze.h +$(OBJ_DIR)\null_analyze.obj: $(ANALYZE_NULL_SRCDIR)\null_analyze.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_NULL_SRCDIR)\null_analyze.c + + + +$(OBJ_DIR)\ciphersuites.obj: $(ANALYZE_SSL_SRCDIR)\ciphersuites.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ciphersuites.c + +$(OBJ_DIR)\ssl.enums.obj: $(ANALYZE_SSL_SRCDIR)\ssl.enums.h +$(OBJ_DIR)\ssl.enums.obj: $(ANALYZE_SSL_SRCDIR)\ssl.enums.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssl.enums.c + +$(OBJ_DIR)\ssl_analyze.obj: $(ANALYZE_SSL_SRCDIR)\ssl_analyze.h +$(OBJ_DIR)\ssl_analyze.obj: $(ANALYZE_SSL_SRCDIR)\ssl_analyze.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssl_analyze.c + +$(OBJ_DIR)\ssl_rec.obj: $(ANALYZE_SSL_SRCDIR)\ssl_rec.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssl_rec.c + +$(OBJ_DIR)\ssldecode.obj: $(ANALYZE_SSL_SRCDIR)\ssldecode.h +$(OBJ_DIR)\ssldecode.obj: $(ANALYZE_SSL_SRCDIR)\ssldecode.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssldecode.c + +$(OBJ_DIR)\sslprint.obj: $(ANALYZE_SSL_SRCDIR)\sslprint.h +$(OBJ_DIR)\sslprint.obj: $(ANALYZE_SSL_SRCDIR)\sslprint.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\sslprint.c + +$(OBJ_DIR)\sslxprint.obj: $(ANALYZE_SSL_SRCDIR)\sslxprint.h +$(OBJ_DIR)\sslxprint.obj: $(ANALYZE_SSL_SRCDIR)\sslxprint.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\sslxprint.c