From ea12dfe6d29fea026e3a87e075edc4c7d5aa4147 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 31 Jan 2015 10:13:33 +0100 Subject: [PATCH] ssldump_0.9b3.orig.tar.gz Import --- COPYRIGHT | 60 + CREDITS | 20 + ChangeLog | 158 ++ FILES | 9 + INSTALL | 46 + INSTALL.W32 | 114 ++ Makefile.in | 111 ++ README | 85 + VERSION | 1 + base/common.c | 66 + base/data | 60 + base/debug.c | 68 + base/debug.h | 58 + base/network.c | 241 +++ base/network.h | 106 ++ base/pcap-snoop.c | 365 ++++ base/print_utils.c | 88 + base/print_utils.h | 56 + base/proto_mod.c | 88 + base/proto_mod.h | 86 + base/targets.mk | 275 +++ base/tcpconn.c | 203 ++ base/tcpconn.h | 104 ++ base/tcppack.c | 446 +++++ base/tcppack.h | 54 + common/Makefile.in | 5 + common/configure.scan | 20 + common/include/.#r_macros.h.1.2 | 106 ++ common/include/r_assoc.h | 83 + common/include/r_bitfield.h | 26 + common/include/r_common.h | 66 + common/include/r_data.h | 68 + common/include/r_defaults.h | 59 + common/include/r_errors.h | 62 + common/include/r_includes.h | 61 + common/include/r_list.h | 69 + common/include/r_macros.h | 112 ++ common/include/r_thread.h | 69 + common/include/r_time.h | 75 + common/include/r_types.h | 91 + common/lib/assoc.h | 53 + common/lib/debug.c | 91 + common/lib/debug.h | 61 + common/lib/local.mk | 279 +++ common/lib/r_assoc.c | 425 +++++ common/lib/r_assoc_test.c | 137 ++ common/lib/r_bitfield.c | 113 ++ common/lib/r_data.c | 162 ++ common/lib/r_data.h | 52 + common/lib/r_errors.c | 61 + common/lib/r_list.c | 234 +++ common/lib/r_replace.c | 67 + common/lib/r_time.c | 158 ++ common/lib/rb_local.mk | 280 +++ common/lib/targets.mk | 2 + common/lib/threads/null/targets.mk | 0 common/lib/threads/pthreads/pthread.c | 151 ++ common/lib/threads/pthreads/targets.mk | 259 +++ common/lib/threads/targets.mk | 4 + config.guess | 693 +++++++ config.sub | 927 ++++++++++ configure | 2360 ++++++++++++++++++++++++ configure.in | 250 +++ dummy/targets.mk | 0 install-sh | 251 +++ null/Makefile | 0 null/null_analyze.c | 164 ++ null/null_analyze.h | 53 + null/targets.mk | 260 +++ rules.mk | 10 + ssl/Makefile | 20 + ssl/ciphersuites.c | 107 ++ ssl/ciphersuites.h | 52 + ssl/lex.yy.c | 1777 ++++++++++++++++++ ssl/main.c | 99 + ssl/ssl.enums | 419 +++++ ssl/ssl.enums.c | 1100 +++++++++++ ssl/ssl.enums.h | 7 + ssl/ssl.l | 67 + ssl/ssl.y | 241 +++ ssl/ssl_analyze.c | 624 +++++++ ssl/ssl_analyze.h | 87 + ssl/ssl_enum.c | 385 ++++ ssl/ssl_h.h | 134 ++ ssl/ssl_rec.c | 312 ++++ ssl/ssl_rec.h | 59 + ssl/sslciphers.h | 83 + ssl/ssldecode.c | 908 +++++++++ ssl/ssldecode.h | 75 + ssl/sslprint.c | 686 +++++++ ssl/sslprint.h | 99 + ssl/sslxprint.c | 234 +++ ssl/sslxprint.h | 54 + ssl/targets.mk | 282 +++ ssl/y.output | 526 ++++++ ssl/y.tab.c | 1124 +++++++++++ ssl/y.tab.h | 20 + ssldump.1 | 516 ++++++ win32/Ssldump.html | 394 ++++ win32/vcwin32.mak | 305 +++ 100 files changed, 22293 insertions(+) create mode 100644 COPYRIGHT create mode 100644 CREDITS create mode 100644 ChangeLog create mode 100644 FILES create mode 100644 INSTALL create mode 100644 INSTALL.W32 create mode 100644 Makefile.in create mode 100644 README create mode 100644 VERSION create mode 100644 base/common.c create mode 100644 base/data create mode 100644 base/debug.c create mode 100644 base/debug.h create mode 100644 base/network.c create mode 100644 base/network.h create mode 100644 base/pcap-snoop.c create mode 100644 base/print_utils.c create mode 100644 base/print_utils.h create mode 100644 base/proto_mod.c create mode 100644 base/proto_mod.h create mode 100644 base/targets.mk create mode 100644 base/tcpconn.c create mode 100644 base/tcpconn.h create mode 100644 base/tcppack.c create mode 100644 base/tcppack.h create mode 100644 common/Makefile.in create mode 100644 common/configure.scan create mode 100644 common/include/.#r_macros.h.1.2 create mode 100644 common/include/r_assoc.h create mode 100644 common/include/r_bitfield.h create mode 100644 common/include/r_common.h create mode 100644 common/include/r_data.h create mode 100644 common/include/r_defaults.h create mode 100644 common/include/r_errors.h create mode 100644 common/include/r_includes.h create mode 100644 common/include/r_list.h create mode 100644 common/include/r_macros.h create mode 100644 common/include/r_thread.h create mode 100644 common/include/r_time.h create mode 100644 common/include/r_types.h create mode 100644 common/lib/assoc.h create mode 100644 common/lib/debug.c create mode 100644 common/lib/debug.h create mode 100644 common/lib/local.mk create mode 100644 common/lib/r_assoc.c create mode 100644 common/lib/r_assoc_test.c create mode 100644 common/lib/r_bitfield.c create mode 100644 common/lib/r_data.c create mode 100644 common/lib/r_data.h create mode 100644 common/lib/r_errors.c create mode 100644 common/lib/r_list.c create mode 100644 common/lib/r_replace.c create mode 100644 common/lib/r_time.c create mode 100644 common/lib/rb_local.mk create mode 100644 common/lib/targets.mk create mode 100644 common/lib/threads/null/targets.mk create mode 100644 common/lib/threads/pthreads/pthread.c create mode 100644 common/lib/threads/pthreads/targets.mk create mode 100644 common/lib/threads/targets.mk create mode 100755 config.guess create mode 100755 config.sub create mode 100755 configure create mode 100644 configure.in create mode 100644 dummy/targets.mk create mode 100755 install-sh create mode 100644 null/Makefile create mode 100644 null/null_analyze.c create mode 100644 null/null_analyze.h create mode 100644 null/targets.mk create mode 100644 rules.mk create mode 100644 ssl/Makefile create mode 100644 ssl/ciphersuites.c create mode 100644 ssl/ciphersuites.h create mode 100644 ssl/lex.yy.c create mode 100644 ssl/main.c create mode 100644 ssl/ssl.enums create mode 100644 ssl/ssl.enums.c create mode 100644 ssl/ssl.enums.h create mode 100644 ssl/ssl.l create mode 100644 ssl/ssl.y create mode 100644 ssl/ssl_analyze.c create mode 100644 ssl/ssl_analyze.h create mode 100644 ssl/ssl_enum.c create mode 100644 ssl/ssl_h.h create mode 100644 ssl/ssl_rec.c create mode 100644 ssl/ssl_rec.h create mode 100644 ssl/sslciphers.h create mode 100644 ssl/ssldecode.c create mode 100644 ssl/ssldecode.h create mode 100644 ssl/sslprint.c create mode 100644 ssl/sslprint.h create mode 100644 ssl/sslxprint.c create mode 100644 ssl/sslxprint.h create mode 100644 ssl/targets.mk create mode 100644 ssl/y.output create mode 100644 ssl/y.tab.c create mode 100644 ssl/y.tab.h create mode 100644 ssldump.1 create mode 100644 win32/Ssldump.html create mode 100644 win32/vcwin32.mak diff --git a/COPYRIGHT b/COPYRIGHT new file mode 100644 index 0000000..eb03be5 --- /dev/null +++ b/COPYRIGHT @@ -0,0 +1,60 @@ +SSLDUMP LICENSE +Copyright (C) 1999-2001 RTFM, Inc. +All Rights Reserved + +This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + +4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE ERIC RESCORLA AND RTFM ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +TCPDUMP LICENSE +The manual page for this software is partially excerpted from +the tcpdump manual page, which is subject to the following license: +Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997 + The Regents of the University of California. All rights reserved. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that: (1) source code distributions +retain the above copyright notice and this paragraph in its entirety, (2) +distributions including binary code include the above copyright notice and +this paragraph in its entirety in the documentation or other materials +provided with the distribution, and (3) all advertising materials mentioning +features or use of this software display the following acknowledgement: +``This product includes software developed by the University of California, +Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +the University nor the names of its contributors may be used to endorse +or promote products derived from this software without specific prior +written permission. +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + diff --git a/CREDITS b/CREDITS new file mode 100644 index 0000000..bb42edc --- /dev/null +++ b/CREDITS @@ -0,0 +1,20 @@ +ssldump was written by Eric Rescorla + +The Windows port of ssldump was provided by Greg Stark. + +The following people have provided bug fixes, bug reports, or suggestions. +Adam Cain +Pavel Curtis +Chris Jepeway +Alexander Fetke +Jeffrey Hafey +Lutz Jaenicke +Dave Jagoda +Norbert Klasen +Richard Levitte +Hugh Mandeville +Eric Murray +Henrik Nordstrom + +If you think you should be on this list, send me mail at . + diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..16a2dbd --- /dev/null +++ b/ChangeLog @@ -0,0 +1,158 @@ +Wed Aug 21 10:48:45 2002 EKR + * Installed Greg Stark's new Win32 patches. + + * Added updated VLAN support (Jeffrey Hafey) + +Fri Aug 16 16:56:23 2002 EKR + * Cleaned up 56-bit ciphersuites in ciphersuites.c + + * Fixed memory errors in packet copying. + + * Fixed bugs in processing of bogus SSLv2 messages. + + * Fixed bugs in TCP packet reassembly code. + +Tue Aug 13 13:03:41 2002 EKR + * Fixed EXPORT1024 DES cipher suites + +Mon Aug 12 16:49:51 2002 EKR + * Added support for VLAN networks (Jeffrey Hafey) + + * Fixed printing of data with embedded tabs (Pavel Curtis) + + * Added support for non-promiscuous mode (-P flag) + (Bruce M Simpson) + + * Fixed potential small overrun in RSA decryption. + +Fri Sep 28 15:54:47 2001 EKR + * Fixed install so that we install in /usr/local/sbin + with mode 755. Bug report ssldump/22. + (Dave Jagoda) + + * Fixed compilation warning about create_null_analyzer + Bug report ssldump/23. + +Wed Sep 26 14:49:06 2001 EKR + * Fixed SYN & SYN/ACK detection to that it works with ECN. + (Henrik Nordstrom) + + * Added /usr/include/pcap to the PCAP search path + (Henrik Nordstrom) + +Sat Sep 15 13:41:10 2001 EKR + * Fix to ssldecode.c to remove error with empty + struct when compiling with VC++ and no OpenSSL + (Greg Stark) + + * Change to vcwin32.mak to print out that you're not + using OpenSSL (Greg Stark) + + * Automatic version changing courtesy of version-change.pl + +Fri Sep 14 15:22:29 2001 EKR + * Fixed bug 4. Delete the MS after decrypting a PMS + to force new MS generation in the key generation phase. + This makes decryption of renegotiated connections work + correctly. This got broken when session resumption + was added. + +2001-09-14 Eric Rescorla + + * Imported Greg Stark's Win32 port + +Sun Sep 2 15:53:06 2001 EKR + * Fixed the reassembler so it doesn't crash when + FIN/RST segments have data. + + * closure/connection freeing now works, thus meaning less + memory leakage and less crashing. + + * A bunch of trivial makefile/configure fixes. + +Fri Jul 20 16:40:51 2001 EKR + * Removed loading of certificate file. This served + no real purpose. Fix for bug 5. + +Fri Jul 20 11:02:09 2001 EKR + * Fixed initialization so that the key file is loaded + only once. + + Removed default keyfile and password. You now must + specify them. You also get an error if you specify + a bad password or keyfile. + +Fri Jul 20 10:17:36 2001 EKR + * Added support for session resumption. + +Fri Jul 20 10:17:16 2001 EKR + * Fixed SEQ_LT problems on Linux and other compilation + problems. + +Tue Mar 6 2001 EKR + * Removed statically allocated conn array. We can now + have an arbitrary number of + +Thu Nov 9 12:14:15 2000 EKR + * Cleanups to the man page and cleaned up some cases + where printing didn't work quite right. + +Mon Nov 6 10:22:25 2000 EKR + * Added the -X flag to force hex-only printing when + binary data is displayed as hex dumps. + +Fri Nov 3 09:23:35 2000 EKR + * cleaned up the case where multiple handshake messages + are in the same SSL record. + +Fri Nov 3 09:14:39 2000 EKR + * Modified printing so that when we're printing hex dumps + of application data traffic we also print the printable + sections of the data itself in a column on the side. + +Thu Nov 2 14:14:21 2000 EKR + * Modified cipher suite printing so that the names have + SSL_ if we're doing SSLv3 and TLS_ if we're doing TLS. + Suggestion by Eric Murray. + +Thu Nov 2 13:07:09 2000 EKR + * Fixed an ABW in ssldecode.c that caused crashes + on Solaris. Also, fixed a bunch of memory leaks + using Purify. + +Thu Nov 2 08:45:42 2000 EKR + * Various Portability fixes + CC=gcc -> CC=@CC@ in Makefile + Removed FLAGS in Makefile (it was a noop) + in base/tcpconn.c, changed {} to {0} to appease HPUX's compiler + made create_null_analyzer.c static as it should be. + Removed the final (bogus) entry in null_vtbl. + made sslx__print_serial() static to match its prototype + Rearranged library order for better linkage + Thanks to Lutze Jainecke for these fixes. + +Thu Nov 2 08:41:10 2000 EKR + * Added -r as a synonym for -f. -f will eventually + be removed and reused for some other option. + This was done for option compatibility with tcpdump + and on the theory that someday I might add a -w. + + * Renamed -h to -H and added it to the documentation. + -h now triggers usage info. + +Thu Nov 2 08:38:06 2000 EKR + * Removed blank lines in the man page. This confuses some + man page formatters. (Thanks to Hugh Mandeville for pointing + this one out) + +Thu Nov 2 08:37:59 2000 EKR + * Wired up -N (it was unwired) + +Thu Nov 2 08:37:47 2000 EKR + * Added -D_BSD_SOURCE=1 when you're compiling on Linux. + (Allowing it to compile) + + + + + diff --git a/FILES b/FILES new file mode 100644 index 0000000..a072604 --- /dev/null +++ b/FILES @@ -0,0 +1,9 @@ +record-fmt.txt +record_analyze.c +record_analyze.h +targets.mk + +CVS: +Entries +Repository +Root diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..572d0e9 --- /dev/null +++ b/INSTALL @@ -0,0 +1,46 @@ +$Id: INSTALL,v 1.5 2001/09/14 22:29:13 ekr Exp $ + +If you don't have libpcap, you'll need to get it and install it. You +can obtain it from: + http://www.tcpdump.org/ + +If you want to be able to decrypt SSL traffic or view certificates, +get OpenSSL if you don't have it: + http://www.openssl.org/ + +Once you've built and installed libpcap and OpenSSL, you're ready to +build ssldump. + +ssldump uses a GNU autoconf-based configuration to automatically +configure the build. + +In the simplest form you can simply do: + ./configure + +If the configure script can't find libpcap, it will abort. If you've +installed it in unobvious place, you may need to give configure a hint +using the '--with-pcap' or '--with-pcap-{lib,inc}' switches. + +If the configure script can't find OpenSSL, it will continue without +it. If your OpenSSL is in a nonstandard location, you may need to give +configure a hint with the '--with-openssl' or +'--with-openssl-{lib,include}' switches. + +Once you've done the configure, you can simply run 'make'. Note that +on some platforms (HP/UX) you will have to use GNU make (gmake). + +If the make succeeds, run a 'make install' (you will probably need to +be root to do this.) + +TESTED PLATFORMS +FreeBSD 2.2.8, 3.4 +HP/UX 10.20 +Linux (Red Hat, Debian) +Solaris 2.x + +If you get ssldump to work on a platform not listed above, please send mail +to ssldump@rtfm.com with the platform and any fixes you had to make. + +INSTALLING ON WINDOWS +Read the file INSTALL.W32 in this directory for instructions on +installing on Windows. diff --git a/INSTALL.W32 b/INSTALL.W32 new file mode 100644 index 0000000..0ce28df --- /dev/null +++ b/INSTALL.W32 @@ -0,0 +1,114 @@ + Notes + + +First, make sure you've read the README file. + +Build Environment +----------------- + +The build environment is assumed to be Microsoft Visual C++ 6.0 SP4 +(VC6), although earlier or later versions may work. In particular, the +make-like utility used to build this port of ssldump is NMAKE version +6.00.x from Microsoft. + +The basis for this port is ssldump version 0.9b3. The win32 directory +contains the win32-specific stuff, including the NMAKE makefile +vcwin32.mak. + +You need to have your environment variables and PATH correctly setup +to properly use the command-line VC6 tools. In the VC6\bin directory +is a batch file, VCVARS32.bat, which should set things up +correctly. You should run this batch file prior to attempting a build. + + + +What you need (besides the ssldump source) +------------------------------------------ + +You must have downloaded and installed the following from the +WinPcap/Windump project: + +1. The Winpcap developer's pack, version 2.3, from +http://winpcap.polito.it/install/bin/WPdpack_2_3.zip contains the +pcap.h and net/bpf.h files, and the pcap import library. Place these +in the win32 directory. + +2. The Winpcap source code distribution, version 2.3, from +http://winpcap.polito.it/install/bin/WPcapSrc_2_3.zip. It contains +some .h files commonly found on UNIX systems that ssldump +expects. Place these in the win32 directory. + +3. The Winpcap auto-installer, version 2.3, from +http://winpcap.polito.it/install/bin/WinPcap_2_3_nogui.exe. This is +only needed to run ssldump, not needed to build it. It is needed on +*any* windows system on which ssldump is run. It installs a device +driver and the pcap library DLL. + +4. Possibly the Windump utility from +http://windump.polito.it/install/bin/WinDump.exe. This is essentially +a Windows port of tcpdump, with an extra -D option. This option +enumerates the interface names so that you at least have a clue to +what to supply the -i option (see below). + +The win32 directory should look like the following after these files +are downloaded and extracted: + +winpcap +WPdpack +Ssldump.html +vcwin32.mak + + + +OpenSSL Support +--------------- + +By default, the OpenSSL libraries are not linked into ssldump. If you +want to link in the OpenSSL libraries, you'll need to customize the +makefile. First, look for the macro OPENSSL and change its value to +"yes". Next, look for the macro OPENSSL_DIR and make sure it points to +the openssl distribution on your machine. You must build a version(s) +of SSL that links to the static C run-time library; these are +distinguished by the use of the compiler flag /MT for release +versions, and /MTd for debug versions. Then you must set the +OPENSSL_RELEASE and OPENSSL_DEBUG macros to point to the directories +that contain the libraries for these versions. If you only intend to +build one of either the debug or release versions, you only need to +define the corresponding OPENSSL_ macro. + + + +Building ssldump +---------------- + +To build, run (from the ssldump root directory): + +nmake /f win32\vcwin32.mak all + +this creates a directory, out32, which contains the object files and +the ssldump.exe executable. The build produces a simple command-line +ssldump.exe which must be run from a console window (i.e. a DOS +box). It builds the release version by default. Set the macro +CFG="debug" to build a debug version, e.g. nmake /f vcwin32.mak all +CFG="debug". + +win32\ssldump.html contains an HTML version of the ssldump.1 +manpage. You should read this to learn the options. + + + +What are the names of the Interfaces? +------------------------------------- + +One tricky aspect is choosing the correct interface name for the -i +option of ssldump. AFAIK, there is no standard windows utility that +will give you the correct names for the interfaces. For example, on my +system they are named PPPMAC (for the PPP adapter) and CBEN5 (for my +Ethernet Adapter). I did find these names in the registry under +HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\nnnn\NDIS\LogDriverName, +but this may be different on other Windows OSes. The Windump utility +from the WinPcap folks has an option, -D, to enumerate these interface +names. Use the Windump utility or hunt through the registry to find +the names of your interfaces. If you don't specify the interface +explicitly with the -i option, ssldump will select the 'first' +interface and this may be exactly what you want. diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..2dd20a5 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,111 @@ +# Copyright (C) 1999-2000 RTFM, Inc. +# All Rights Reserved + +# This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +# and licensed by RTFM, Inc. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# +# This product includes software developed by Eric Rescorla for +# RTFM, Inc. + +# 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +# used to endorse or promote products derived from this +# software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +PLATFORM=freebsd31 +CC=@CC@ + +all: ssldump + +OBJSUFFIX=o +LIBSUFFIX=a +INSTALL=@INSTALL@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +BINDIR=@sbindir@ +MANDIR=@mandir@ +RM=rm -f + +ROOT=./ +ANALYZE_SRCDIR=$(ROOT)base/ +COMMONDIR=common/ +COMMON_LIB_SRCDIR=$(COMMONDIR)lib/ +ANALYZE_NULL_SRCDIR=$(ROOT)null/ +ANALYZE_SSL_SRCDIR=$(ROOT)ssl/ +ANALYZE_RECORD_SRCDIR=$(ROOT)@RECORD_MOD@/ +include rules.mk + +include $(COMMON_LIB_SRCDIR)/targets.mk +include $(ANALYZE_SRCDIR)targets.mk +include $(ANALYZE_NULL_SRCDIR)targets.mk +include $(ANALYZE_SSL_SRCDIR)targets.mk +include $(ANALYZE_RECORD_SRCDIR)targets.mk + +INCLUDES += -I$(COMMONDIR)include/ -I$(ANALYZE_NULL_SRCDIR) -I$(ANALYZE_SSL_SRCDIR) + + +DEFINES += @DEFINES@ +INCLUDES += @INCLUDES@ +LIBS += @LDFLAGS@ @LIBS@ + +CFLAGS += @CFLAGS@ @DEFS@ + + +ssldump: $(OBJECTS) + $(CC) $(OBJECTS) -o $@ $(LIBS) + +clean: + rm -f $(OBJECTS) ssldump + +install: + [ -d $(BINDIR) ] || mkdir -p $(BINDIR) + $(INSTALL) -m 755 ssldump $(BINDIR)/ssldump + [ -d $(MANDIR) ] || mkdir -p $(MANDIR)/man1 + $(INSTALL) -m 444 ssldump.1 $(MANDIR)/man1/ssldump.1 + +dist: + perl "./version-check.pl" + - name=ssldump-`cat VERSION`; \ + rm -rf /dist/ship/$$name; \ + mkdir /dist/ship/$$name; \ + cp -pR * /dist/ship/$$name; \ + cd /dist/ship/$$name; \ + make -f Makefile.in clean; \ + rm Makefile; \ + find . -name '*~' -exec rm {} \; -print;\ + find . -name '*.o' -exec rm {} \; -print;\ + find . -name '#*#' -exec rm {} \; -print;\ + find . -name 'CVS' -exec rm -rf {} \; -print;\ + find . -name '*bak' -exec rm -rf {} \; -print;\ + find . -name '*.core' -exec rm -rf {} \; -print;\ + find . -name '*.tr' -exec rm -rf {} \; -print;\ + find . -name '*.pl' -exec rm -rf {} \; -print;\ + find . -name '*.pem' -exec rm -rf {} \; -print;\ + find . -name '*orig' -exec rm -rf {} \; -print;\ + find . -name '*.rej' -exec rm -rf {} \; -print;\ + rm -f TODO TAGS; \ + rm -f config.status config.log config.cache config.h; \ + rm -f ssl/a.out all; \ + cd /dist/ship; tar cf - $$name | gzip > $$name.tar.gz + + diff --git a/README b/README new file mode 100644 index 0000000..a6d1b51 --- /dev/null +++ b/README @@ -0,0 +1,85 @@ +$Id: README,v 1.9 2002/08/17 01:33:15 ekr Exp $ + +SSLDUMP 0.9b3 + +ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP +connections on the chosen network interface and attempts to interpret +them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it +decodes the records and displays them in a textual form to stdout. If +provided with the appropriate keying material, it will also decrypt +the connections and display the application data traffic. + +ssldump depends on the libpcap packet capture library. Some systems +(e.g. FreeBSD) now have libpcap as part of their standard install. On +other systems, you will need to install it. You can obtain the +distribution from: + http://www.tcpdump.org/ + +If linked with OpenSSL, ssldump can display certificates in decoded +form and decrypt traffic (provided that it has the appropriate keying +material). Again, OpenSSL may be installed on your system. Otherwise +you can obtain it from: + http://www.openssl.org/ + +See the file INSTALL for instructions on building and installing +ssldump. + +STABILITY +This is a beta release of ssldump. The UNIX portions have received +extensive testing and are believed to be quite solid. The Windows +port is substantially less stable. + +CHANGES SINCE 0.9b2 + Security fix: some potential over and underflows + Added support for VLANs. + Added -P flag to disable promiscuous mode. + Fixed bugs in the TCP reassembly code. + A lot of bug fixes. + +See the ChangeLog for a more complete list of changes. + +MAILING LIST +For support questions and general discussion on ssldump, please +subscribe to the ssldump-users mailing list. Subscription is by +majordomo. To subscribe, send a message with no subject and a body +consisting of the single line: + +subscribe ssldump-users + +to majordomo@rtfm.com. Note, you cannot send messages to the list +unless you are subscribed. + +BUG REPORTS +Please send bug reports either to the ssldump-users mailing list +or to ssldump@rtfm.com. + +INTEROPERABILITY NOTE +Previous versions of ssldump automatically looked for the keyfile +in 'server.pem' and used the password 'password'. This version +removes those defaults. For decryption to work you MUST specify +the keyfile (and password if the keyfile is encrypted.) + +NEW VERSIONS +Newer versions of ssldump can be found at: + http://www.rtfm.com/ssldump/ + + +SSL REFERENCES +The SSLv3 specification can be found at: + http://home.netscape.com/eng/ssl3/draft302.txt + +The TLS specification is in RFC 2246 and can be found at: + http://www.ietf.org/rfc/rfc2246.txt + +SHAMELESS PLUG +Extremely detailed coverage of SSL/TLS can be found in + + _SSL_and_TLS:_Designing_and_Building_Secure_Systems_ + Eric Rescorla + Addison-Wesley, 2001 + ISBN 0-201-61598-3 + +_SSL_and_TLS_ makes extensive use of ssldump to demonstrate real-life +SSL behavior. If you like ssldump and want to learn about SSL, you +might consider buying my book. + diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..c46d0fa --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.9b3 diff --git a/base/common.c b/base/common.c new file mode 100644 index 0000000..2f29bf0 --- /dev/null +++ b/base/common.c @@ -0,0 +1,66 @@ +/** + common.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 09:59:39 1998 + */ + + +static char *RCSSTRING="$Id: common.c,v 1.2 2000/10/17 16:09:57 ekr Exp $"; + +#include + +int xdump(label,data,len) + char *label; + UCHAR *data; + int len; + { + int i; + + printf("%s[%d]",label,len); + for(i=0;i8) && !(i%20)) printf("\n"); + printf("%.2x ",data[i]&255); + } + + printf("\n"); + return(0); + } diff --git a/base/data b/base/data new file mode 100644 index 0000000..3377d9a --- /dev/null +++ b/base/data @@ -0,0 +1,60 @@ +network.c:126: off=ntohs(p.ip->ip_off); +network.c:134: hlen=p.ip->ip_hl * 4; +network.c:136: p.len =ntohs(p.ip->ip_len)-hlen; +network.c:139: switch(p.ip->ip_p){ +network.c:159: memcpy(&p->ts,&in->ts,sizeof(struct timeval)); +network.c:160: if(!(p->base=(UCHAR *)malloc(in->_len))) +network.c:162: memcpy(p->base,in->base,p->_len=in->_len); +network.c:164: p->data=p->base + (in->data -> in->base); +network.c:165: p->len=in->len; +network.c:167: p->ip=(struct ip *)(p->base + ((UCHAR *)in->ip - in->base)); +network.c:168: p->tcp=(struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base)); +network.c:186: FREE(p->base); +pcap-snoop.c:2: pcap-snoop.c +pcap-snoop.c:40: $Id: pcap-snoop.c,v 1.12 2002/01/21 17:36:51 ekr Exp $ +pcap-snoop.c:47:static char *RCSSTRING="$Id: pcap-snoop.c,v 1.12 2002/01/21 17:36:51 ekr Exp $"; +tcppack.c:84: p->tcp=(struct tcphdr *)p->data; +tcppack.c:88: if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, +tcppack.c:89: ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){ +tcppack.c:96: if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){ +tcppack.c:104: conn->i2r.seq=ntohl(p->tcp->th_seq)+1; +tcppack.c:114: if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=(TH_SYN|TH_ACK)) +tcppack.c:116: conn->r2i.seq=ntohl(p->tcp->th_seq)+1; +tcppack.c:117: conn->r2i.ack=ntohl(p->tcp->th_ack)+1; +tcppack.c:127: conn->i2r.ack=ntohl(p->tcp->th_ack)+1; +tcppack.c:148: if(p->tcp->th_flags & TH_SYN) +tcppack.c:150: length=p->len - (p->tcp->th_off * 4); +tcppack.c:178: if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), +tcppack.c:179: &p->ip->ip_dst,ntohs(p->tcp->th_dport))) +tcppack.c:183: memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); +tcppack.c:184: if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)) +tcppack.c:197: off=(s)->p->tcp->th_off*4; \ +tcppack.c:198: if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA);\ +tcppack.c:199: (s)->data=(s)->p->data + off + (l) ; \ +tcppack.c:200: (s)->len=(s)->p->len - off + (l); \ +tcppack.c:227: l=p->len - p->tcp->th_off * 4; +tcppack.c:238: seq=ntohl(p->tcp->th_seq); +tcppack.c:241: if(p->tcp->th_flags & TH_ACK){ +tcppack.c:245: acknum=ntohl(p->tcp->th_ack); +tcppack.c:250: if(r=timestamp_diff(&p->ts,&conn->start_time,&dt)) +tcppack.c:268: if(!(p->tcp->th_flags & (TH_RST)) && SEQ_LT(seq,stream->seq)) +tcppack.c:310: if(_seg.p->tcp->th_flags & (TH_RST)){ +tcppack.c:311: stream->close=_seg.p->tcp->th_flags & (TH_RST); +tcppack.c:319: if(_seg.p->tcp->th_flags & (TH_FIN)){ +tcppack.c:320: stream->close=_seg.p->tcp->th_flags & (TH_FIN); +tcppack.c:325: if(seg->p->tcp->th_flags & (TH_FIN)){ +tcppack.c:326: stream->close=_seg.p->tcp->th_flags & (TH_FIN); +tcppack.c:338: if(seg->p->tcp->th_flags & (TH_FIN) ){ +tcppack.c:374: lookuphostname(&p->ip->ip_src,&src); +tcppack.c:375: lookuphostname(&p->ip->ip_dst,&dst); +tcppack.c:379: ntohs(p->tcp->th_sport), +tcppack.c:381: ntohs(p->tcp->th_dport)); +tcppack.c:384: ntohl(p->tcp->th_seq), +tcppack.c:385: p->len - p->tcp->th_off *4); +tcppack.c:387: if(p->tcp->th_flags & TH_ACK) +tcppack.c:388: printf("ACK %ld ",ntohl(p->tcp->th_ack)); +tcppack.c:390: if(p->tcp->th_flags & TH_FIN) +tcppack.c:392: if(p->tcp->th_flags & TH_SYN) +tcppack.c:394: if(p->tcp->th_flags & TH_RST) +tcppack.c:396: if(p->tcp->th_flags & TH_PUSH) +tcppack.c:398: if(p->tcp->th_flags & TH_URG) diff --git a/base/debug.c b/base/debug.c new file mode 100644 index 0000000..a0ff54b --- /dev/null +++ b/base/debug.c @@ -0,0 +1,68 @@ +/** + debug.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:08:58 1999 + */ + + +static char *RCSSTRING="$Id: debug.c,v 1.2 2000/10/17 16:09:57 ekr Exp $"; + +#ifdef DEBUG + +#include +#include + +int debug(int class,char *format,...) + { + va_list ap; + + va_start(ap,format); + vfprintf(stderr,format,ap); + fprintf(stderr,"\n"); + return(0); + } + +#endif + + + + diff --git a/base/debug.h b/base/debug.h new file mode 100644 index 0000000..b5d45de --- /dev/null +++ b/base/debug.h @@ -0,0 +1,58 @@ +/** + debug.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.h,v 1.2 2000/10/17 16:09:57 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:13:00 1999 + */ + + +#ifndef _debug_h +#define _debug_h + +#ifdef DEBUG +#define DBG(a) debug a +int debug(int class,char *format,...); +#else +#define DBG(a) +#endif + +#endif + diff --git a/base/network.c b/base/network.c new file mode 100644 index 0000000..e95623c --- /dev/null +++ b/base/network.c @@ -0,0 +1,241 @@ +/** + network.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 09:52:54 1998 + */ + + +static char *RCSSTRING="$Id: network.c,v 1.10 2002/09/09 21:02:58 ekr Exp $"; + +#include +#include +#include "network.h" +#ifndef _WIN32 +#include +#include +#include +#include +#endif + +#include "tcppack.h" + +#ifdef STDC_HEADERS +#include +#endif + +UINT4 NET_print_flags; + +struct network_handler_ { + proto_mod *mod; + proto_ctx *ctx; +}; + +int network_handler_create(mod,handlerp) + proto_mod *mod; + n_handler **handlerp; + { + int r,_status; + n_handler *handler=0; + + if(!(handler=(n_handler *)malloc(sizeof(n_handler)))) + ABORT(R_NO_MEMORY); + if(mod->vtbl->create_ctx){ + if(r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)) + ABORT(r); + } + handler->mod=mod; + *handlerp=handler; + _status=0; + abort: + if(_status){ + network_handler_destroy(&handler); + } + return(_status); + } + +int network_handler_destroy(handlerp) + n_handler **handlerp; + { + if(!handlerp || !*handlerp) + return(0); + + free(*handlerp); + *handlerp=0; + return(0); + } + +int network_process_packet(handler,timestamp,data,length) + n_handler *handler; + struct timeval *timestamp; + UCHAR *data; + int length; + { + int r; + int hlen; + packet p; + u_short off; + + /*We can pretty much ignore all the options*/ + memcpy(&p.ts,timestamp,sizeof(struct timeval)); + p.base=data; + p._len=length; + p.data=data; + p.len=length; + p.ip=(struct ip *)data; + + /*Handle, or rather mishandle, fragmentation*/ + off=ntohs(p.ip->ip_off); + + if((off & 0x1fff) || /*Later fragment*/ + (off & 0x2000)){ /*More fragments*/ +/* fprintf(stderr,"Fragmented packet! rejecting\n"); */ + return(0); + } + + hlen=p.ip->ip_hl * 4; + p.data += hlen; + p.len =ntohs(p.ip->ip_len)-hlen; + + + switch(p.ip->ip_p){ + case IPPROTO_TCP: + if(r=process_tcp_packet(handler->mod,handler->ctx,&p)) + ERETURN(r); + break; + } + return(0); + } + +int packet_copy(in,out) + packet *in; + packet **out; + { + int _status; + + packet *p=0; + + if(!(p=(packet *)calloc(sizeof(packet),1))) + ABORT(R_NO_MEMORY); + + memcpy(&p->ts,&in->ts,sizeof(struct timeval)); + if(!(p->base=(UCHAR *)malloc(in->_len))) + ABORT(R_NO_MEMORY); + memcpy(p->base,in->base,p->_len=in->_len); + + p->data=p->base + (in->data - in->base); + p->len=in->len; + + p->ip=(struct ip *)(p->base + ((UCHAR *)in->ip - in->base)); + p->tcp=(struct tcphdr *)(p->base + ((UCHAR *)in->tcp - in->base)); + + *out=p; + + _status=0; + abort: + if(_status){ + packet_destroy(p); + } + return(_status); + } + +int packet_destroy(p) + packet *p; + { + if(!p) + return(0); + + FREE(p->base); + return(0); + } + +int timestamp_diff(t1,t0,diff) + struct timeval *t1; + struct timeval *t0; + struct timeval *diff; + { + long d; + + if(t0->tv_sec > t1->tv_sec) + ERETURN(R_BAD_ARGS); + + /*Easy case*/ + if(t0->tv_usec <= t1->tv_usec){ + diff->tv_sec=t1->tv_sec - t0->tv_sec; + diff->tv_usec=t1->tv_usec - t0->tv_usec; + return(0); + } + + /*Hard case*/ + d=t0->tv_usec - t1->tv_usec; + if(t1->tv_sec < (t0->tv_sec + 1)) + ERETURN(R_BAD_ARGS); + diff->tv_sec=t1->tv_sec - (t0->tv_sec + 1); + diff->tv_usec=1000000 - d; + + return(0); + } + + + +int lookuphostname(addr,namep) + struct in_addr *addr; + char **namep; + { + struct hostent *ne=0; + + if(!(NET_print_flags & NET_PRINT_NO_RESOLVE)){ + ne=gethostbyaddr((char *)addr,4,AF_INET); + } + + if(!ne){ + *namep=strdup((char *)inet_ntoa(*addr)); + } + else{ + *namep=strdup(ne->h_name); + } + + return(0); + } + + + + diff --git a/base/network.h b/base/network.h new file mode 100644 index 0000000..09cd545 --- /dev/null +++ b/base/network.h @@ -0,0 +1,106 @@ +/** + network.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: network.h,v 1.3 2001/09/14 22:29:14 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 09:53:50 1998 + */ + + +#ifndef _network_h +#define _network_h + +#include +#include + +#include +#include +#ifndef _WIN32 +#include +#include +#else +#include +#endif +#include +#include +#include +#include +#include + +typedef struct network_handler_ n_handler; +typedef struct proto_mod_ proto_mod; +typedef struct proto_handler_ proto_handler; +typedef struct packet_ packet; + +int network_handler_create PROTO_LIST((proto_mod *mod, + n_handler **handlerp)); +int network_handler_destroy PROTO_LIST((n_handler **handlerp)); +int network_process_packet PROTO_LIST((n_handler *handler, + struct timeval *timestamp,UCHAR *data,int length)); +int packet_copy PROTO_LIST((packet *in,packet **out)); +int packet_destroy PROTO_LIST((packet *p)); +int timestamp_diff PROTO_LIST(( struct timeval *t1,struct timeval *t0, + struct timeval *diff)); +int lookuphostname PROTO_LIST((struct in_addr *addr,char **name)); + +struct packet_ { + struct timeval ts; + UCHAR *base; /*The base of the packet*/ + int _len; + UCHAR *data; /*The data ptr appropriate to this layer*/ + int len; /*The length of the data segment*/ + + /*These just save us the effort of doing casts to the data + segments*/ + struct ip *ip; /*The IP header*/ + struct tcphdr *tcp; /*The TCP header*/ +}; + +#include "tcpconn.h" +#include "proto_mod.h" + +extern UINT4 NET_print_flags; + +#define NET_PRINT_TCP_HDR 1 +#define NET_PRINT_TYPESET 2 +#define NET_PRINT_ACKS 4 +#define NET_PRINT_NO_RESOLVE 8 +#endif + diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c new file mode 100644 index 0000000..7dba440 --- /dev/null +++ b/base/pcap-snoop.c @@ -0,0 +1,365 @@ +/** + pcap-snoop.c + + + Copyright (C) 1999-2001 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 10:17:41 1998 + */ + + +static char *RCSSTRING="$Id: pcap-snoop.c,v 1.14 2002/09/09 21:02:58 ekr Exp $"; + + +#include +#include +#include +#ifndef _WIN32 +#include +#endif +#include +#ifndef _WIN32 +#include +#include +#else +#include +#include +#endif +#include + +#include +#include +#include "network.h" +#include +#include +#include "null_analyze.h" +#include "ssl_analyze.h" +#ifdef ENABLE_RECORD +#include "record_analyze.h" +#endif + +#ifndef ETHERTYPE_8021Q +# define ETHERTYPE_8021Q 0x8100 +#endif + +char *collapse_args PROTO_LIST((int argc,char **argv)); +static int pcap_if_type=DLT_NULL; +int err_exit PROTO_LIST((char *str,int num)); +int usage PROTO_LIST((void)); +int print_version PROTO_LIST((void)); +RETSIGTYPE sig_handler PROTO_LIST((void)); +void pcap_cb PROTO_LIST((u_char *ptr,struct pcap_pkthdr *hdr,u_char *data)); +int main PROTO_LIST((int argc,char **argv)); + +int err_exit(str,num) + char *str; + int num; + { + fprintf(stderr,"ERROR: %s\n",str); + exit(num); + } + +int usage() + { + fprintf(stderr,"Usage: ssldump [-r dumpfile] [-i interface] \n"); + fprintf(stderr," [-k keyfile] [-p password] [-vtaTnsAxVNde]\n"); + fprintf(stderr," [filter]\n"); + exit(0); + } + +int print_version() + { + printf("ssldump 0.9b3\n"); + printf("Copyright (C) 1998-2001 RTFM, Inc.\n"); + printf("All rights reserved.\n"); +#ifdef OPENSSL + printf("Compiled with OpenSSL: decryption enabled\n"); +#endif + exit(0); + } + +RETSIGTYPE sig_handler() + { + fflush(stdout); + exit(0); + } + +void pcap_cb(ptr,hdr,data) + u_char *ptr; + struct pcap_pkthdr *hdr; + u_char *data; + { + n_handler *n; + int len; + struct ether_header *e_hdr=(struct ether_header *)data; + int type; + + n=(n_handler *)ptr; + if(hdr->caplen!=hdr->len) err_exit("Length mismatch",-1); + + len=hdr->len; + + switch(pcap_if_type){ + case DLT_NULL: + data+=4; + len-=4; + break; + case DLT_EN10MB: + type=ntohs(e_hdr->ether_type); + + data+=sizeof(struct ether_header); + len-=sizeof(struct ether_header); + + /* if vlans, push past VLAN header (4 bytes) */ + if(type==ETHERTYPE_8021Q) { + type=ntohs(*(u_int16_t *)(data + 2)); + + data+=4; + len+=4; + } + + if(type!=ETHERTYPE_IP) + return; + + break; + } + network_process_packet(n,&hdr->ts,data,len); + } + +typedef struct module_def_ { + char *name; + proto_mod *mod; +} module_def; + +static module_def modules[]={ + {"SSL",&ssl_mod}, + {"NULL",&null_mod}, +#ifdef ENABLE_RECORD + {"RECORD",&record_mod}, +#endif + {0,0} +}; + + +int parse_ssl_flag PROTO_LIST((int c)); + +int main(argc,argv) + int argc; + char **argv; + { + pcap_t *p; + int r; + n_handler *n; +#ifdef _WIN32 + __declspec(dllimport) char *optarg; + __declspec(dllimport) int optind; +#else + extern char *optarg; + extern int optind; +#endif + char *interface_name=0; + char *file=0; + char *filter=0; + proto_mod *mod=&ssl_mod; + bpf_u_int32 localnet,netmask; + int c; + module_def *m=0; + int no_promiscuous=0; + + char errbuf[PCAP_ERRBUF_SIZE]; + + signal(SIGINT,sig_handler); + + while((c=getopt(argc,argv,"vr:f:S:Ttai:k:p:nsAxXhHVNdqem:P"))!=EOF){ + switch(c){ + case 'v': + print_version(); + break; + case 'f': + fprintf(stderr,"-f option replaced by -r. Use that in the future\n"); + case 'r': + file=strdup(optarg); + break; + case 'S': + ssl_mod.vtbl->parse_flags(optarg); + break; + case 'y': + NET_print_flags|=NET_PRINT_TYPESET; + /*Kludge*/ + SSL_print_flags |= SSL_PRINT_NROFF; + break; + case 'a': + NET_print_flags |= NET_PRINT_ACKS; + break; + case 'T': + NET_print_flags |= NET_PRINT_TCP_HDR; + break; + case 'i': + interface_name=strdup(optarg); + break; + case 'k': + SSL_keyfile=strdup(optarg); + break; + case 'p': + SSL_password=strdup(optarg); + break; + case 'P': + ++no_promiscuous; + break; + case 'n': + NET_print_flags |= NET_PRINT_NO_RESOLVE; + break; + case 'm': + for(m=modules;m->name!=0;m++){ + if(!strcmp(m->name,optarg)){ + mod=m->mod; + break; + } + } + if(!m->name){ + fprintf(stderr,"Request analysis module %s not found\n", + optarg); + exit(1); + } + break; + case 'h': + usage(); + printf("Do 'man ssldump' for documentation\n"); + exit(1); + + case '?': + usage(); + exit(1); + + /* must be an SSL flag. This is kind of a gross + special case */ + default: + parse_ssl_flag(c); + break; + } + } + + argv+=optind; + argc-=optind; + + if(!file){ + if(!interface_name){ + interface_name=pcap_lookupdev(errbuf); + if(!interface_name){ + fprintf(stderr,"PCAP: %s\n",errbuf); + err_exit("Aborting",-1); + } + } + if(!(p=pcap_open_live(interface_name,5000,!no_promiscuous,1000,errbuf))){ + fprintf(stderr,"PCAP: %s\n",errbuf); + err_exit("Aborting",-1); + } + + if (pcap_lookupnet(interface_name, &localnet, &netmask, errbuf) < 0) + verr_exit("PCAP: %s\n",errbuf); + + } + else{ + if(!(p=pcap_open_offline(file,errbuf))){ + fprintf(stderr,"PCAP: %s\n",errbuf); + err_exit("Aborting",-1); + } + + netmask=0; + localnet=0; + } + + if(argc!=0) + filter=collapse_args(argc,argv); + + if(filter){ + struct bpf_program fp; + + if(pcap_compile(p,&fp,filter,0,netmask)<0) + verr_exit("PCAP: %s\n",pcap_geterr(p)); + + if(pcap_setfilter(p,&fp)<0) + verr_exit("PCAP: %s\n",pcap_geterr(p)); + } + + pcap_if_type=pcap_datalink(p); + + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\n.nf\n.ps -2\n"); + + if(r=network_handler_create(mod,&n)) + err_exit("Couldn't create network handler",r); + + pcap_loop(p,-1,pcap_cb,(u_char *)n); + + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\n.ps\n.fi\n"); + + exit(0); + } + + +char *collapse_args(argc,argv) + int argc; + char **argv; + { + int i,len=0; + char *ret; + + if(!argc) + return(0); + + for(i=0;i and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: print_utils.c,v 1.2 2000/10/17 16:09:58 ekr Exp $ + + + ekr@rtfm.com Mon Feb 15 17:23:36 1999 + */ + + +static char *RCSSTRING="$Id: print_utils.c,v 1.2 2000/10/17 16:09:58 ekr Exp $"; +int explain(char *format,...) + { + va_list ap; + + va_start(ap,format); + + INDENT; + + vprintf(format,ap); + va_end(ap); + return(0); + } + +int exdump(name,data) + char *name; + Data *data; + { + int i,j; + char prefix[100]; + + INDENT; + + if(name){ + sprintf(prefix,"%s[%d]=\n",name,data->len); + printf("%s",prefix); + INDENT_INCR; + } + for(i=0;ilen;i++){ + if(!i && (data->len>8)) INDENT; + if((data->len>8) && i && !(i%12)){ + printf("\n"); INDENT; + } + printf("%.2x ",data->data[i]&255); + } + if(name) INDENT_POP; + if(data->len>8 && i%12) + printf("\n"); + return(0); + } + + diff --git a/base/print_utils.h b/base/print_utils.h new file mode 100644 index 0000000..4f7d14d --- /dev/null +++ b/base/print_utils.h @@ -0,0 +1,56 @@ +/** + print_utils.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: print_utils.h,v 1.2 2000/10/17 16:09:58 ekr Exp $ + + + ekr@rtfm.com Mon Feb 15 17:23:56 1999 + */ + + +#ifndef _print_utils_h +#define _print_utils_h + +int explain PROTO_LIST((char *format,...)); +int exdump PROTO_LIST((char *name, + Data *data)); + + +#endif + diff --git a/base/proto_mod.c b/base/proto_mod.c new file mode 100644 index 0000000..de60272 --- /dev/null +++ b/base/proto_mod.c @@ -0,0 +1,88 @@ +/** + proto_mod.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: proto_mod.c,v 1.3 2001/07/20 23:33:14 ekr Exp $ + + + ekr@rtfm.com Thu Jan 7 22:35:23 1999 + */ + + +static char *RCSSTRING="$Id: proto_mod.c,v 1.3 2001/07/20 23:33:14 ekr Exp $"; + +#include "network.h" + +int create_proto_handler(mod,ctx,handlerp,conn,first_packet) + proto_mod *mod; + proto_ctx *ctx; + proto_handler **handlerp; + tcp_conn *conn; + struct timeval *first_packet; + { + int r,_status; + proto_handler *handler=0; + + if(!(handler=(proto_handler *)calloc(sizeof(proto_handler),1))) + ABORT(R_NO_MEMORY); + handler->vtbl=mod->vtbl; + if(r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj, + &conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet)) + ABORT(r); + + *handlerp=handler; + + _status=0; + abort: + if(_status){ + destroy_proto_handler(&handler); + } + return(_status); + } + +int destroy_proto_handler(handlerp) + proto_handler **handlerp; + { + if(!handlerp || !*handlerp) + return(0); + + (*handlerp)->vtbl->destroy(&(*handlerp)->obj); + free(*handlerp); + *handlerp=0; + return(0); + } diff --git a/base/proto_mod.h b/base/proto_mod.h new file mode 100644 index 0000000..2ee27a1 --- /dev/null +++ b/base/proto_mod.h @@ -0,0 +1,86 @@ +/** + proto_mod.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: proto_mod.h,v 1.4 2001/11/26 22:28:16 ekr Exp $ + + + ekr@rtfm.com Thu Dec 24 21:10:05 1998 + */ + + +#ifndef _proto_mod_h +#define _proto_mod_h + +typedef struct proto_obj_ proto_obj; +typedef struct proto_ctx_ proto_ctx; + +#define DIR_I2R 1 +#define DIR_R2I 2 + +struct proto_mod_vtbl_ { + int (*parse_flags) PROTO_LIST((char *str)); + int (*parse_flag) PROTO_LIST((int flag)); + int (*create_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp)); + int (*create) PROTO_LIST((void *handle,proto_ctx *ctx, + tcp_conn *conn, + proto_obj **objp, + struct in_addr *i_addr,u_short i_port, + struct in_addr *r_addr,u_short r_port,struct timeval *time_base)); + int (*destroy) PROTO_LIST((proto_obj **objp)); + int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction)); + int (*close) PROTO_LIST((proto_obj *obj,packet *p,int direction)); +}; + +struct proto_mod_ { + void *handle; + struct proto_mod_vtbl_ *vtbl; +}; + +struct proto_handler_ { + proto_obj *obj; + struct proto_mod_vtbl_ *vtbl; +}; + +int create_proto_handler PROTO_LIST((proto_mod *mod,proto_ctx *ctx, + proto_handler **handlerp, + tcp_conn *conn,struct timeval *first_packet)); +int destroy_proto_handler PROTO_LIST((proto_handler **handlerp)); + +#endif + diff --git a/base/targets.mk b/base/targets.mk new file mode 100644 index 0000000..f14b45e --- /dev/null +++ b/base/targets.mk @@ -0,0 +1,275 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/base/targets.mk,v $ +# $Revision: 1.3 $ +# $Date: 2002/08/17 01:33:16 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 2001, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# ANALYZE_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# ANALYZE_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# ANALYZE_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# ANALYZE_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# ANALYZE_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# ANALYZE_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# ANALYZE_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# ANALYZE_MAKEFILES: +# the makefiles +# +# ANALYZE_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# ANALYZE_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# ANALYZE_PROGRAMS: +# programs to build +# +# ANALYZE_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# ANALYZE_SOURCES: +# the source files to compile to object +# +ANALYZE_DEFINES = +ANALYZE_INCLUDES = -I$(ANALYZE_SRCDIR) +ANALYZE_INTERNAL = +ANALYZE_LIBNAME = +ANALYZE_LIBPATHS = +ANALYZE_LIBRARIES = +ANALYZE_LOCALFLAGS = +ANALYZE_MAKEFILES = targets.mk +ANALYZE_PREFIX = ANALYZE +ANALYZE_PRIVATE = network.h proto_mod.h tcpconn.h tcppack.h +ANALYZE_PROGRAMS = +ANALYZE_PUBLIC = +ANALYZE_SOURCES = network.c pcap-snoop.c proto_mod.c tcpconn.c \ + tcppack.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# ANALYZE_OBJECTS: +# object files to build +# +# ANALYZE_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# ANALYZE_USED: +# all files in the module directory that are used +# during the build process +# +ANALYZE_OBJECTS = network.$(OBJSUFFIX) pcap-snoop.$(OBJSUFFIX) \ + proto_mod.$(OBJSUFFIX) tcpconn.$(OBJSUFFIX) \ + tcppack.$(OBJSUFFIX) +ANALYZE_UNUSED = common.c debug.c debug.h print_utils.c \ + print_utils.h +ANALYZE_USED = $(ANALYZE_INTERNAL:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_MAKEFILES:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_PRIVATE:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_PUBLIC:%=$(ANALYZE_SRCDIR)%) \ + $(ANALYZE_SOURCES:%=$(ANALYZE_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# ANALYZE_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(ANALYZE_DEFINES) +INCLUDES += $(ANALYZE_INCLUDES) +LIBPATHS += $(ANALYZE_LIBPATHS) +LIBRARIES += $(ANALYZE_LIBRARIES) +OBJECTS += $(ANALYZE_OBJECTS) +PUBLIC += $(ANALYZE_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(ANALYZE_LIBNAME) +default: $(ANALYZE_PROGRAMS) + +all: $(ANALYZE_PUBLIC) +all: $(ANALYZE_OBJECTS) +all: $(ANALYZE_LIBNAME) +all: $(ANALYZE_PROGRAMS) +build: $(ANALYZE_PUBLIC) +build: $(ANALYZE_OBJECTS) +ci: analyze_ci +clean: analyze_clean +clean_public: analyze_clean_public +objects: $(ANALYZE_OBJECTS) +private: $(ANALYZE_PRIVATE) +public: $(ANALYZE_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +analyze_ci: + $(CI) $(CIFLAGS) $(ANALYZE_USED) + +analyze_clean: + $(RM) $(RMFLAGS) $(ANALYZE_OBJECTS) $(ANALYZE_LIBNAME) $(ANALYZE_PROGRAMS) + +analyze_clean_public: + $(RM) $(RMFLAGS) $(ANALYZE_PUBLIC) + +analyze_objects: $(ANALYZE_OBJECTS) + +analyze_programs: $(ANALYZE_PROGRAMS) + +analyze_public: $(ANALYZE_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(ANALYZE_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(ANALYZE_OBJECTS): + $(COMPILE.c) $(ANALYZE_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(ANALYZE_LOCALFLAGS) + +$(ANALYZE_PUBLIC): + $(CP) $(CPFLAGS) $(ANALYZE_SRCDIR)$@ $@ + +$(ANALYZE_PROGRAMS): + $(LINK.c) -o $@ $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +network.$(OBJSUFFIX): $(ANALYZE_SRCDIR)network.h +network.$(OBJSUFFIX): $(ANALYZE_SRCDIR)network.c + +pcap-snoop.$(OBJSUFFIX): $(ANALYZE_SRCDIR)pcap-snoop.c + +proto_mod.$(OBJSUFFIX): $(ANALYZE_SRCDIR)proto_mod.h +proto_mod.$(OBJSUFFIX): $(ANALYZE_SRCDIR)proto_mod.c + +tcpconn.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcpconn.h +tcpconn.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcpconn.c + +tcppack.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcppack.h +tcppack.$(OBJSUFFIX): $(ANALYZE_SRCDIR)tcppack.c + +$(ANALYZE_LIBNAME): $(ANALYZE_OBJECTS) diff --git a/base/tcpconn.c b/base/tcpconn.c new file mode 100644 index 0000000..cd37753 --- /dev/null +++ b/base/tcpconn.c @@ -0,0 +1,203 @@ +/** + tcpconn.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcpconn.c,v 1.7 2002/08/17 01:33:16 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 15:13:03 1998 + */ + +static char *RCSSTRING="$Id: tcpconn.c,v 1.7 2002/08/17 01:33:16 ekr Exp $"; + +#include "network.h" +#include "tcpconn.h" + + +typedef struct conn_struct_ { + tcp_conn conn; + struct conn_struct_ *next; + struct conn_struct_ *prev; +} conn_struct; + +int conn_number=1; + +static conn_struct *first_conn=0; + +static int zero_conn PROTO_LIST((tcp_conn *conn)); + +static int zero_conn(conn) + tcp_conn *conn; + { + memset(conn,0,sizeof(tcp_conn)); + return(0); + } + +int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport) + tcp_conn **connp; + int *directionp; + struct in_addr *saddr; + u_short sport; + struct in_addr *daddr; + u_short dport; + { + conn_struct *conn; + + for(conn=first_conn;conn;conn=conn->next){ + + if(sport == conn->conn.i_port && dport==conn->conn.r_port){ + if(!memcmp(saddr,&conn->conn.i_addr,sizeof(struct in_addr)) + && !memcmp(daddr,&conn->conn.r_addr,sizeof(struct in_addr))) + { + *directionp=DIR_I2R; + *connp=&(conn->conn); + return(0); + } + } + + if(dport == conn->conn.i_port && sport==conn->conn.r_port){ + if(!memcmp(saddr,&conn->conn.r_addr,sizeof(struct in_addr)) + && !memcmp(daddr,&conn->conn.i_addr,sizeof(struct in_addr))) + { + *directionp=DIR_R2I; + *connp=&(conn->conn); + return(0); + } + } + } + + return(R_NOT_FOUND); + } + +int tcp_create_conn(connp,i_addr,i_port,r_addr,r_port) + tcp_conn **connp; + struct in_addr *i_addr; + u_short i_port; + struct in_addr *r_addr; + u_short r_port; + { + conn_struct *conn=0; + + if(!(conn=(conn_struct *)malloc(sizeof(conn_struct)))) + return(R_NO_MEMORY); + + conn->prev=0; + + zero_conn(&conn->conn); + conn->conn.backptr=conn; + conn->conn.conn_number=conn_number++; + + memcpy(&conn->conn.i_addr,i_addr,sizeof(struct in_addr)); + conn->conn.i_port=i_port; + memcpy(&conn->conn.r_addr,r_addr,sizeof(struct in_addr)); + conn->conn.r_port=r_port; + *connp=&(conn->conn); + + /* Insert at the head of the list */ + conn->next=first_conn; + if(first_conn) + first_conn->prev=conn; + first_conn=conn; + + + return(0); + } + +int tcp_destroy_conn(conn) + tcp_conn *conn; + { + conn_struct *c=conn->backptr; + + /* Detach from the list */ + if(c->next){ + c->next->prev=c->prev; + } + if(c->prev){ + c->prev->next=c->next; + } + else { + first_conn=c->next; + } + + destroy_proto_handler(&conn->analyzer); + free_tcp_segment_queue(conn->i2r.oo_queue); + free_tcp_segment_queue(conn->r2i.oo_queue); + zero_conn(conn); + + return(0); + } + +int free_tcp_segment_queue(seg) + segment *seg; + { + segment *tmp; + + while(seg){ + tmp=seg->next; + packet_destroy(seg->p); + free(seg); + seg=tmp; + } + + return(0); + } + +int copy_tcp_segment_queue(out,in) + segment **out; + segment *in; + { + int r,_status; + segment *base=0; + + for(;in;in=in->next){ + if(!(*out=(segment *)calloc(sizeof(segment),1))) + ABORT(R_NO_MEMORY); + if(!base) base=*out; + + if(r=packet_copy(in->p,&(*out)->p)) + ABORT(r); + out=&(*out)->next; /* Move the pointer we're assigning to */ + } + + _status=0; + abort: + if(_status){ + free_tcp_segment_queue(base); + } + return(_status); + } diff --git a/base/tcpconn.h b/base/tcpconn.h new file mode 100644 index 0000000..d081b01 --- /dev/null +++ b/base/tcpconn.h @@ -0,0 +1,104 @@ +/** + tcpconn.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcpconn.h,v 1.4 2001/07/20 23:33:15 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 13:00:52 1998 + */ + + +#ifndef _tcpconn_h +#define _tcpconn_h + +typedef struct segment_ { + u_char *data; + u_int len; + tcp_seq s_seq; + packet *p; + struct segment_ *next; +} segment; + +typedef struct stream_data_ { + tcp_seq seq; + tcp_seq ack; + short close; + segment *oo_queue; +} stream_data; + +typedef struct tcp_conn_ { + int conn_number; + int state; +#define TCP_STATE_SYN1 1 +#define TCP_STATE_SYN2 2 +#define TCP_STATE_ACK 3 +#define TCP_STATE_ESTABLISHED 4 +#define TCP_STATE_FIN1 5 +#define TCP_STATE_CLOSED 6 + /*The address which sent the first SYN*/ + struct in_addr i_addr; + u_short i_port; + + /*The address which sent the second SYN*/ + struct in_addr r_addr; + u_short r_port; + + stream_data i2r; /*The stream from initiator to responder*/ + stream_data r2i; /*The stream from responder to initiator*/ + + struct timeval start_time; + proto_handler *analyzer; /*The analyzer to call with new data*/ + struct conn_struct_ *backptr; +} tcp_conn; + +int tcp_find_conn PROTO_LIST((tcp_conn **connp, + int *directionp, + struct in_addr *src_addr, u_short src_port, + struct in_addr *dst_addr, u_short dst_port)); + +int tcp_create_conn PROTO_LIST((tcp_conn **connp, + struct in_addr *initiator_addr, u_short initiator_port, + struct in_addr *responder_addr, u_short responder_port)); + +int tcp_destroy_conn PROTO_LIST((tcp_conn *conn)); +int free_tcp_segment_queue PROTO_LIST((segment *seg)); +int copy_tcp_segment_queue PROTO_LIST((segment **out,segment *in)); + +#endif + diff --git a/base/tcppack.c b/base/tcppack.c new file mode 100644 index 0000000..4304800 --- /dev/null +++ b/base/tcppack.c @@ -0,0 +1,446 @@ +/** + tcppack.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcppack.c,v 1.11 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 29 12:43:39 1998 + */ + + +static char *RCSSTRING="$Id: tcppack.c,v 1.11 2002/09/09 21:02:58 ekr Exp $"; + +#include "network.h" +#ifndef _WIN32 +# include +# include +# ifndef LINUX +# include +# else +# define SEQ_LT(x,y) ((int)((x)-(y))<0) +# endif +#else +# include +# define SEQ_LT(x,y) ((int)((x)-(y))<0) +#endif +#include +#include "debug.h" +#include "tcpconn.h" +#include "tcppack.h" + + +static int process_data_segment PROTO_LIST((tcp_conn *conn, + proto_mod *handler,packet *p,stream_data *stream,int direction)); +static int new_connection PROTO_LIST((proto_mod *handler,proto_ctx *ctx, + packet *p,tcp_conn **connp)); +static int print_tcp_packet PROTO_LIST((packet *p)); +int STRIM PROTO_LIST((UINT4 _seq,segment *s)); + +int process_tcp_packet(handler,ctx,p) + proto_mod *handler; + proto_ctx *ctx; + packet *p; + { + int r,_status; + int direction; + stream_data *stream; + tcp_conn *conn; + + p->tcp=(struct tcphdr *)p->data; + + print_tcp_packet(p); + + if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, + ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){ + if(r!=R_NOT_FOUND) + ABORT(r); + + /*Note that we MUST receive the 3-way handshake in the + proper order. This shouldn't be a problem, though, + except for simultaneous connects*/ + if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=TH_SYN){ + DBG((0,"TCP: rejecting packet from unknown connection\n")); + return(0); + } + + DBG((0,"SYN1\n")); + if(r=new_connection(handler,ctx,p,&conn)) + ABORT(r); + conn->i2r.seq=ntohl(p->tcp->th_seq)+1; + return(0); + } + + stream=direction==DIR_R2I?&conn->r2i:&conn->i2r; + + switch(conn->state){ + case TCP_STATE_SYN1: + if(direction != DIR_R2I) + break; + if((p->tcp->th_flags & (TH_SYN|TH_ACK))!=(TH_SYN|TH_ACK)) + break; + conn->r2i.seq=ntohl(p->tcp->th_seq)+1; + conn->r2i.ack=ntohl(p->tcp->th_ack)+1; + conn->state=TCP_STATE_SYN2; + DBG((0,"SYN2\n")); + break; + case TCP_STATE_SYN2: + { + char *sn=0,*dn=0; + if(direction != DIR_I2R) + break; + DBG((0,"ACK\n")); + conn->i2r.ack=ntohl(p->tcp->th_ack)+1; + lookuphostname(&conn->i_addr,&sn); + lookuphostname(&conn->r_addr,&dn); + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\\fC"); + printf("New TCP connection #%d: %s(%d) <-> %s(%d)\n", + conn->conn_number, + sn,conn->i_port, + dn,conn->r_port); + if(NET_print_flags & NET_PRINT_TYPESET) + printf("\\fR"); + + conn->state=TCP_STATE_ESTABLISHED; + free(sn); + free(dn); + } + case TCP_STATE_ESTABLISHED: + case TCP_STATE_FIN1: + { + UINT4 length; + + if(p->tcp->th_flags & TH_SYN) + break; + length=p->len - (p->tcp->th_off * 4); + if(r=process_data_segment(conn,handler,p,stream,direction)) + ABORT(r); + } + break; + default: + break; + } + + if(conn->state==TCP_STATE_CLOSED) + tcp_destroy_conn(conn); + + + _status=0; + abort: + + return(_status); + } + +static int new_connection(handler,ctx,p,connp) + proto_mod *handler; + proto_ctx *ctx; + packet *p; + tcp_conn **connp; + { + int r,_status; + tcp_conn *conn=0; + + if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), + &p->ip->ip_dst,ntohs(p->tcp->th_dport))) + ABORT(r); + + conn->state=TCP_STATE_SYN1; + memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); + if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)) + ABORT(r); + + *connp=conn; + _status=0; + abort: + return(_status); + } + +/*#define STRIM(_seq,s) { \ + int l;\ + int off;\ + l=(s)->s_seq - _seq; \ + off=(s)->p->tcp->th_off*4; \ + if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA);\ + (s)->data=(s)->p->data + off + (l) ; \ + (s)->len=(s)->p->len - off + (l); \ + (s)->s_seq += (l); \ + if((s)->next) { \ + if((s)->s_seq >= (s)->next->s_seq) {\ + l=(s)->next->s_seq - (s)->s_seq; \ + if((s)->len){\ + (s)->len-=(l+1); \ + (s)->s_seq-=(l+1);\ + }\ + }\ + }\ + } +*/ + +static int process_data_segment(conn,handler,p,stream,direction) + tcp_conn *conn; + proto_mod *handler; + packet *p; + stream_data *stream; + int direction; + { + int r,_status; + tcp_seq seq,right_edge; + segment _seg; + segment *seg,*nseg=0; + long l; + + l=p->len - p->tcp->th_off * 4; + + if(stream->close){ + DBG((0,"Rejecting packet received after FIN")); + return(0); + } + + /*The idea here is to pass all available segments + to the analyzer at once. Since we want to preserve + the segment packet data, we pass the data as a linked list of + segments*/ + seq=ntohl(p->tcp->th_seq); + + /*Add ACK processing logic here */ + if(p->tcp->th_flags & TH_ACK){ + long acknum,acked; + + + acknum=ntohl(p->tcp->th_ack); + acked=acknum-stream->ack; + + if(acked && !l){ + /* + if(r=timestamp_diff(&p->ts,&conn->start_time,&dt)) + ERETURN(r); + printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); + if(direction == DIR_R2I) + printf("S>C "); + else + printf("C>S "); + + printf("ACK (%d)\n",acked); */ + } + + stream->ack=acknum; + } + + + DBG((0,"Stream Seq %u ",stream->seq)); + + /* Check to see if this packet has been processed already */ + right_edge=seq + (p->len - (p->tcp->th_off)*4); + if(!(p->tcp->th_flags & (TH_RST)) && SEQ_LT(right_edge,stream->seq)) + return(0); + + if(SEQ_LT(stream->seq,seq)){ + /* Out of order segment */ + tcp_seq left_edge; + + for(seg=0;seg;seg=seg?seg->next:stream->oo_queue){ + if(seg->next->s_seq > seq) + break; + } + + if(!(nseg=(segment *)calloc(sizeof(segment),1))) + ABORT(R_NO_MEMORY); + if(r=packet_copy(p,&nseg->p)) + ABORT(r); + nseg->s_seq=seq; + + /*Insert this segment into the reassembly queue*/ + if(seg){ + nseg->next=seg->next; + seg->next=nseg; + } + else{ + nseg->next=stream->oo_queue; + stream->oo_queue=nseg; + } + + left_edge=seg?seg->s_seq:stream->seq; + STRIM(left_edge,nseg); + } + else{ + /*First segment -- just thread the unallocated data on the + list so we can pass to the analyzer*/ + _seg.next=0; + _seg.p=p; + _seg.s_seq=seq; + + /*Now split the queue. Assemble as many packets as possible + and pass them to the analyzer. But process anything with a + RST in it immediately and ignore any data that might be in it + */ + if(_seg.p->tcp->th_flags & (TH_RST)){ + stream->close=_seg.p->tcp->th_flags & (TH_RST); + seg=&_seg; + + conn->state=TCP_STATE_CLOSED; + } + else{ + STRIM(stream->seq,&_seg); + + if(_seg.p->tcp->th_flags & (TH_FIN)){ + stream->close=_seg.p->tcp->th_flags & (TH_FIN); + seg=&_seg; + } + else { + for(seg=&_seg;seg->next;seg=seg->next){ + if(seg->p->tcp->th_flags & (TH_FIN)){ + stream->close=_seg.p->tcp->th_flags & (TH_FIN); + break; + } + if(seg->len + seg->s_seq != seg->next->s_seq) + break; + } + } + + /*Note that this logic is broken because it doesn't + do the CLOSE_WAIT/FIN_WAIT stuff, but it's probably + close enough, since this is a higher level protocol analyzer, + not a TCP analyzer*/ + if(seg->p->tcp->th_flags & (TH_FIN) ){ + if(conn->state == TCP_STATE_ESTABLISHED) + conn->state=TCP_STATE_FIN1; + else + conn->state=TCP_STATE_CLOSED; + } + + stream->oo_queue=seg->next; + seg->next=0; + stream->seq=seg->s_seq + seg->len; + + if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) + ABORT(r); + } + + if(stream->close){ + if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) + ABORT(r); + } + + free_tcp_segment_queue(_seg.next); + } + + _status=0; + abort: + return(_status); + } + +static int print_tcp_packet(p) + packet *p; + { + char *src=0,*dst=0; + + if(!(NET_print_flags & NET_PRINT_TCP_HDR)) + return(0); + + lookuphostname(&p->ip->ip_src,&src); + lookuphostname(&p->ip->ip_dst,&dst); + + printf("TCP: %s(%d) -> %s(%d) ", + src, + ntohs(p->tcp->th_sport), + dst, + ntohs(p->tcp->th_dport)); + + printf("Seq %u.(%d) ", + ntohl(p->tcp->th_seq), + p->len - p->tcp->th_off *4); + + if(p->tcp->th_flags & TH_ACK) + printf("ACK %u ",ntohl(p->tcp->th_ack)); + + if(p->tcp->th_flags & TH_FIN) + printf("FIN "); + if(p->tcp->th_flags & TH_SYN) + printf("SYN "); + if(p->tcp->th_flags & TH_RST) + printf("RST "); + if(p->tcp->th_flags & TH_PUSH) + printf("PUSH "); + if(p->tcp->th_flags & TH_URG) + printf("URG "); + + printf("\n"); + + free(src); + free(dst); + return(0); + } + +int STRIM(_seq,s) + UINT4 _seq; + segment *s; + { + int l; + int off; + + /* Test: this shouldn't damage things at all + s->p->data-=4; + s->p->len+=4; + s->s_seq-=4; + */ + + l=_seq - (s)->s_seq; /* number of bytes to trim + from the left of s */ + off=(s)->p->tcp->th_off*4; + if(l>((s)->p->len-off)) ERETURN(R_BAD_DATA); + + /* Now remove the leading l bytes */ + (s)->data=(s)->p->data + off + (l) ; + (s)->len=(s)->p->len - (off + l); + (s)->s_seq += (l); + + /* Now trim to the right if necessary */ + if((s)->next) { + if((s)->s_seq >= (s)->next->s_seq) { + l=(s)->s_seq - (s)->next->s_seq; + + if((s)->len){ + (s)->len-=(l+1); + } + } + } + + return(0); + } + diff --git a/base/tcppack.h b/base/tcppack.h new file mode 100644 index 0000000..b9ed111 --- /dev/null +++ b/base/tcppack.h @@ -0,0 +1,54 @@ +/** + tcppack.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: tcppack.h,v 1.3 2001/07/20 23:33:15 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 15:08:30 1999 + */ + + +#ifndef _tcppack_h +#define _tcppack_h + +int process_tcp_packet PROTO_LIST((proto_mod *mod,proto_ctx *ctx, + packet *p)); + +#endif + diff --git a/common/Makefile.in b/common/Makefile.in new file mode 100644 index 0000000..9506951 --- /dev/null +++ b/common/Makefile.in @@ -0,0 +1,5 @@ +OBJECTS=r_assoc.o r_data.o r_errors.o r_list.c r_time.o +INCLUDES += ../includes +OBJECTS: + $(CC) $(CFLAGS) $(@:%.c + diff --git a/common/configure.scan b/common/configure.scan new file mode 100644 index 0000000..4d9218c --- /dev/null +++ b/common/configure.scan @@ -0,0 +1,20 @@ +dnl Process this file with autoconf to produce a configure script. +AC_INIT(include/r_assoc.h) + +dnl Checks for programs. +AC_PROG_CC + +dnl Checks for libraries. + +dnl Checks for header files. +AC_HEADER_STDC +AC_CHECK_HEADERS(sys/time.h) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_HEADER_TIME + +dnl Checks for library functions. +AC_FUNC_MEMCMP +AC_FUNC_VPRINTF + +AC_OUTPUT(make/freebsd31/Makefile make/freebsd22/Makefile make/sunos413/Makefile) diff --git a/common/include/.#r_macros.h.1.2 b/common/include/.#r_macros.h.1.2 new file mode 100644 index 0000000..20c9b1d --- /dev/null +++ b/common/include/.#r_macros.h.1.2 @@ -0,0 +1,106 @@ +/** + r_macros.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_macros.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:37:32 1998 + */ + + +#ifndef _r_macros_h +#define _r_macros_h + +#if (R_USE_PROTOTYPES==1) +#define PROTO_LIST(a) a +#else +#define PROTO_LIST(a) () +#endif + +#ifndef __GNUC__ +#define __FUNCTION__ "unknown" +#endif + +#ifdef R_TRACE_ERRORS +#define REPORT_ERROR_(caller,a) fprintf(stderr,"%s: error %d at %s:%d (function %s)\n", \ + caller,a,__FILE__,__LINE__,__FUNCTION__) +#else +#define REPORT_ERROR_(caller,a) +#endif + +#ifndef ERETURN +#define ERETURN(a) do {int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ERETURN",_r); return(_r);} while(0) +#endif + +#ifndef ABORT +#define ABORT(a) do { int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ABORT",_r); _status=_r; goto abort;} while(0) +#endif + +#ifndef FREE +#define FREE(a) if(a) free(a) +#endif +#ifndef MIN +#define MIN(a,b) ((a)>(b))?(b):(a) +#endif + +#ifndef MAX +#define MAX(a,b) ((b)>(a))?(b):(a) +#endif + +#ifdef DEBUG +#define DBG(a) debug a +int debug(int class,char *format,...); +#else +#define DBG(a) +#endif + +#ifndef RMALLOC +#define RMALLOC(a) malloc(A) +#endif + +#ifndef RCALLOC +#define RCALLOC(a) calloc(1,a) +#endif + +#ifndef RFREE +#define RFREE(a) if(a) free(a) +#endif + +#endif + diff --git a/common/include/r_assoc.h b/common/include/r_assoc.h new file mode 100644 index 0000000..699f287 --- /dev/null +++ b/common/include/r_assoc.h @@ -0,0 +1,83 @@ +/** + r_assoc.h + + Associative array code. This code has the advantage that different + elements can have different create and destroy operators. Unfortunately, + this can waste space. + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_assoc.h,v 1.3 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 17:57:18 1999 + */ + + +#ifndef _r_assoc_h +#define _r_assoc_h + +typedef struct r_assoc_ r_assoc; + +int r_assoc_create PROTO_LIST((r_assoc **assocp)); +int r_assoc_insert PROTO_LIST((r_assoc *assoc,char *key,int len, + void *value,int (*copy)(void **new,void *old), + int (*destroy)(void *ptr),int how)); +#define R_ASSOC_REPLACE 0x1 +#define R_ASSOC_NEW 0x2 + +int r_assoc_fetch PROTO_LIST((r_assoc *assoc,char *key, int len, + void **value)); +int r_assoc_copy PROTO_LIST((r_assoc **new,r_assoc *old)); +int r_assoc_destroy PROTO_LIST((r_assoc **assocp)); + +/*We need iterators, but I haven't written them yet*/ +typedef struct r_assoc_iterator_ { + r_assoc *assoc; + int prev_chain; + struct r_assoc_el_ *prev; + int next_chain; + struct r_assoc_el_ *next; +} r_assoc_iterator; + +int r_assoc_init_iter PROTO_LIST((r_assoc *assoc,r_assoc_iterator *)); +int r_assoc_iter PROTO_LIST((r_assoc_iterator *iter,void **key,int *keyl, + void **val)); +int r_assoc_iter_delete PROTO_LIST((r_assoc_iterator *)); + +#endif + diff --git a/common/include/r_bitfield.h b/common/include/r_bitfield.h new file mode 100644 index 0000000..a5b89b0 --- /dev/null +++ b/common/include/r_bitfield.h @@ -0,0 +1,26 @@ +/** + r_bitfield.h + + Copyright (C) 2001 RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Wed Oct 3 10:43:50 2001 + */ + + +#ifndef _r_bitfield_h +#define _r_bitfield_h + +typedef struct r_bitfield_ { + UINT4 *data; + UINT4 len; + UINT4 base; +} r_bitfield; + +int r_bitfield_set PROTO_LIST((r_bitfield *,int bit)); +int r_bitfield_isset PROTO_LIST((r_bitfield *,int bit)); +int r_bitfield_create PROTO_LIST((r_bitfield **setp,UINT4 size)); +int r_bitfield_destroy PROTO_LIST((r_bitfield **setp)); + +#endif + diff --git a/common/include/r_common.h b/common/include/r_common.h new file mode 100644 index 0000000..787addd --- /dev/null +++ b/common/include/r_common.h @@ -0,0 +1,66 @@ +/** + r_common.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_common.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:40:07 1998 + */ + + +#ifndef _r_common_h +#define _r_common_h + +#include "r_defaults.h" +#include "r_includes.h" +#include "r_types.h" +#include "r_macros.h" +#include "r_errors.h" +#include "r_data.h" + +/*AAH*/ +int xdump PROTO_LIST((char *label,UCHAR *data,int len)); + +/* defines for possibly replaced functions */ +#ifndef HAVE_STRDUP +char *strdup PROTO_LIST((char *in)); +#endif + +#endif + diff --git a/common/include/r_data.h b/common/include/r_data.h new file mode 100644 index 0000000..8ec136a --- /dev/null +++ b/common/include/r_data.h @@ -0,0 +1,68 @@ +/** + r_data.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_data.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Wed Feb 10 14:18:19 1999 + */ + + +#ifndef _r_data_h +#define _r_data_h + +typedef struct Data_ { + UCHAR *data; + int len; +} Data; + +int r_data_create PROTO_LIST((Data **dp,UCHAR *d,int l)); +int r_data_alloc PROTO_LIST((Data **dp, int l)); +int r_data_make PROTO_LIST((Data *dp, UCHAR *d,int l)); +int r_data_destroy PROTO_LIST((Data **dp)); +int r_data_copy PROTO_LIST((Data *dst,Data *src)); +int r_data_zfree PROTO_LIST((Data *d)); +int r_data_compare PROTO_LIST((Data *d1,Data *d2)); + +#define INIT_DATA(a,b,c) (a).data=b; (a).len=c +#define ATTACH_DATA(a,b) (a).data=b; (a).len=sizeof(b) +#define ZERO_DATA(a) (a).data=0; (a).len=0 + +#endif + diff --git a/common/include/r_defaults.h b/common/include/r_defaults.h new file mode 100644 index 0000000..180ab0d --- /dev/null +++ b/common/include/r_defaults.h @@ -0,0 +1,59 @@ +/** + r_defaults.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_defaults.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:39:14 1998 + */ + + +#ifndef _r_defaults_h +#define _r_defaults_h + +#ifndef R_USE_PROTOTYPES +#define R_USE_PROTOTYPES 1 +#endif + + +/*The needs defines don't belong here*/ +#define R_NEEDS_STDLIB_H + +#endif + diff --git a/common/include/r_errors.h b/common/include/r_errors.h new file mode 100644 index 0000000..d3d93c0 --- /dev/null +++ b/common/include/r_errors.h @@ -0,0 +1,62 @@ +/** + r_errors.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_errors.h,v 1.3 2002/01/21 17:36:51 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:59:49 1998 + */ + + +#ifndef _r_errors_h +#define _r_errors_h + +#define R_NO_MEMORY 1 /*out of memory*/ +#define R_NOT_FOUND 2 /*Item not found*/ +#define R_INTERNAL 3 /*Unspecified internal error*/ +#define R_ALREADY 4 /*Action already done*/ +#define R_EOD 5 /*end of data*/ +#define R_BAD_ARGS 6 /*Bad arguments*/ +#define R_BAD_DATA 7 /*Bad data*/ +#define R_WOULDBLOCK 8 /*Operation would block */ + +int verr_exit PROTO_LIST((char *fmt,...)); + +#endif + diff --git a/common/include/r_includes.h b/common/include/r_includes.h new file mode 100644 index 0000000..cc9d6b5 --- /dev/null +++ b/common/include/r_includes.h @@ -0,0 +1,61 @@ +/** + r_includes.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_includes.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 11:38:50 1998 + */ + + +#ifndef _r_includes_h +#define _r_includes_h + +#ifdef R_NEEDS_STDLIB_H +#include +#endif + +#ifdef R_NEEDS_MEMORY_H +#include +#endif + +#include + +#endif + diff --git a/common/include/r_list.h b/common/include/r_list.h new file mode 100644 index 0000000..6addb7c --- /dev/null +++ b/common/include/r_list.h @@ -0,0 +1,69 @@ +/** + r_list.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_list.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Jan 19 08:36:48 1999 + */ + + +#ifndef _r_list_h +#define _r_list_h + +typedef struct r_list_ r_list; + +typedef struct r_list_iterator_ { + r_list *list; + struct r_list_el_ *ptr; +} r_list_iterator; + +int r_list_create PROTO_LIST((r_list **listp)); +int r_list_destroy PROTO_LIST((r_list **listp)); +int r_list_copy PROTO_LIST((r_list **out,r_list *in)); +int r_list_insert PROTO_LIST((r_list *list,void *value, + int (*copy)(void **new,void *old), + int (*destroy)(void **ptr))); +int r_list_append PROTO_LIST((r_list *list,void *value, + int (*copy)(void **new,void *old), + int (*destroy)(void **ptr))); +int r_list_init_iter PROTO_LIST((r_list *list,r_list_iterator *iter)); +int r_list_iter PROTO_LIST((r_list_iterator *iter,void **val)); + +#endif diff --git a/common/include/r_macros.h b/common/include/r_macros.h new file mode 100644 index 0000000..fa1b318 --- /dev/null +++ b/common/include/r_macros.h @@ -0,0 +1,112 @@ +/** + r_macros.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_macros.h,v 1.4 2001/11/20 17:45:18 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:37:32 1998 + */ + + +#ifndef _r_macros_h +#define _r_macros_h + +#if (R_USE_PROTOTYPES==1) +#define PROTO_LIST(a) a +#else +#define PROTO_LIST(a) () +#endif + +#ifndef __GNUC__ +#define __FUNCTION__ "unknown" +#endif + +#ifdef R_TRACE_ERRORS +#define REPORT_ERROR_(caller,a) fprintf(stderr,"%s: error %d at %s:%d (function %s)\n", \ + caller,a,__FILE__,__LINE__,__FUNCTION__) +#else +#define REPORT_ERROR_(caller,a) +#endif + +#ifndef ERETURN +#define ERETURN(a) do {int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ERETURN",_r); return(_r);} while(0) +#endif + +#ifndef ABORT +#define ABORT(a) do { int _r=a; if(!_r) _r=-1; REPORT_ERROR_("ABORT",_r); _status=_r; goto abort;} while(0) +#endif + +#ifndef FREE +#define FREE(a) if(a) free(a) +#endif +#ifndef MIN +#define MIN(a,b) ((a)>(b))?(b):(a) +#endif + +#ifndef MAX +#define MAX(a,b) ((b)>(a))?(b):(a) +#endif + +#ifdef DEBUG +#define DBG(a) debug a +int debug(int class,char *format,...); +#else +#define DBG(a) +#endif + +#ifndef RMALLOC +#define RMALLOC(a) malloc(a) +#endif + +#ifndef RCALLOC +#define RCALLOC(a) calloc(1,a) +#endif + +#ifndef RFREE +#define RFREE(a) if(a) free(a) +#endif + +#ifndef RREALLOC +#define RREALLOC(a,b) realloc(a,b) +#endif + +#define UNIMPLEMENTED do { fprintf(stderr,"Function %s unimplemented\n",__FUNCTION__); abort(); } while(0) + + +#endif diff --git a/common/include/r_thread.h b/common/include/r_thread.h new file mode 100644 index 0000000..9c72825 --- /dev/null +++ b/common/include/r_thread.h @@ -0,0 +1,69 @@ +/** + r_thread.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_thread.h,v 1.2 2000/10/17 16:09:59 ekr Exp $ + + + ekr@rtfm.com Tue Feb 23 14:58:36 1999 + */ + + +#ifndef _r_thread_h +#define _r_thread_h + +typedef void *r_thread; +typedef void *r_rwlock; + +int r_thread_fork PROTO_LIST((void (*func)(void *),void *arg, + r_thread *tid)); +int r_thread_destroy PROTO_LIST((r_thread tid)); +int r_thread_yield PROTO_LIST((void)); +int r_thread_exit PROTO_LIST((void)); +int r_thread_wait_last PROTO_LIST((void)); + +int r_rwlock_create PROTO_LIST((r_rwlock **lockp)); +int r_rwlock_destroy PROTO_LIST((r_rwlock **lock)); +int r_rwlock_lock PROTO_LIST((r_rwlock *lock,int action)); + +#define R_RWLOCK_UNLOCK 0 +#define R_RWLOCK_RLOCK 1 +#define R_RWLOCK_WLOCK 2 + +#endif + diff --git a/common/include/r_time.h b/common/include/r_time.h new file mode 100644 index 0000000..4510cfe --- /dev/null +++ b/common/include/r_time.h @@ -0,0 +1,75 @@ +/** + r_time.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_time.h,v 1.4 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Thu Mar 4 08:45:41 1999 + */ + + +#ifndef _r_time_h +#define _r_time_h + +#ifdef _WIN32 +# include +#else +/* Cribbed from the autoconf doc */ +# if TIME_WITH_SYS_TIME +# include +# include +# else +# if HAVE_SYS_TIME_H +# include +# else +# include +# endif +# endif +#endif + +int r_timeval_diff PROTO_LIST((struct timeval *t1,struct timeval *t0, + struct timeval *diff)); +int r_timeval_add PROTO_LIST((struct timeval *t1,struct timeval *t2, + struct timeval *sum)); + +UINT8 r_timeval2int PROTO_LIST((struct timeval *tv)); +UINT8 r_gettimeint PROTO_LIST((void)); + +#endif + diff --git a/common/include/r_types.h b/common/include/r_types.h new file mode 100644 index 0000000..53dcdf4 --- /dev/null +++ b/common/include/r_types.h @@ -0,0 +1,91 @@ +/** + r_types.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_types.h,v 1.3 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Tue Dec 22 10:36:02 1998 + */ + + +#ifndef _r_types_h +#define _r_types_h + +#ifndef R_DEFINED_UINT4 +#ifndef SIZEOF_UNSIGNED_INT +typedef unsigned int UINT4; +#else +# if (SIZEOF_UNSIGNED_INT==4) +typedef unsigned int UINT4; +# elif (SIZEOF_UNSIGNED_SHORT==4) +typedef unsigned short UINT4; +# elif (SIZEOF_UNSIGNED_LONG==4) +typedef unsigned long UINT4; +# else +# error no type for UINT4 +# endif +#endif +#endif + +#ifndef R_DEFINED_UINT8 +#ifndef SIZEOF_UNSIGNED_LONG +typedef unsigned long UINT8; +#else +# if (SIZEOF_UNSIGNED_INT==8) +typedef unsigned int UINT8; +# elif (SIZEOF_UNSIGNED_SHORT==8) +typedef unsigned short UINT8; +# elif (SIZEOF_UNSIGNED_LONG==8) +typedef unsigned long UINT8; +# elif (SIZEOF_UNSIGNED_LONG_LONG==8) +typedef unsigned long long UINT8; +# elif defined (_WIN32) && defined (_MSC_VER) +typedef unsigned __int64 UINT8; +# else +# error no type for UINT8 +# endif +#endif +#endif + +#ifndef R_DEFINED_UCHAR +typedef unsigned char UCHAR; +#endif + +#endif + diff --git a/common/lib/assoc.h b/common/lib/assoc.h new file mode 100644 index 0000000..5fbd0d5 --- /dev/null +++ b/common/lib/assoc.h @@ -0,0 +1,53 @@ +/** + assoc.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: assoc.h,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 17:56:35 1999 + */ + + +#ifndef _assoc_h +#define _assoc_h + +typedef struct assoc_ assoc; + +#endif + diff --git a/common/lib/debug.c b/common/lib/debug.c new file mode 100644 index 0000000..e275f83 --- /dev/null +++ b/common/lib/debug.c @@ -0,0 +1,91 @@ +/** + debug.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.c,v 1.3 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:08:58 1999 + */ + + +static char *RCSSTRING="$Id: debug.c,v 1.3 2001/12/24 06:06:26 ekr Exp $"; + + +#include +#include +#include "r_common.h" +#include "debug.h" + +int debug(int class,char *format,...) + { + va_list ap; + + va_start(ap,format); + vfprintf(stderr,format,ap); + fprintf(stderr,"\n"); + return(0); + } + +int xdump(name,data,len) + char *name; + UCHAR *data; + int len; + { + int i; + + if(name){ + printf("%s[%d]=\n",name,len); + } + for(i=0;i8) && i && !(i%12)){ + printf("\n"); + } + printf("%.2x ",data[i]&255); + } + if(i%12) + printf("\n"); + return(0); + } + + + + + + diff --git a/common/lib/debug.h b/common/lib/debug.h new file mode 100644 index 0000000..9fb10f4 --- /dev/null +++ b/common/lib/debug.h @@ -0,0 +1,61 @@ +/** + debug.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: debug.h,v 1.3 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Wed Jan 6 17:13:00 1999 + */ + + +#ifndef _debug_h +#define _debug_h + +#ifdef DEBUG +#define DBG(a) debug a +#else +#define DBG(a) +#endif + +int debug(int class,char *format,...); +int xdump PROTO_LIST((char *name,UCHAR *data, + int len)); + +#endif + diff --git a/common/lib/local.mk b/common/lib/local.mk new file mode 100644 index 0000000..3c03c16 --- /dev/null +++ b/common/lib/local.mk @@ -0,0 +1,279 @@ +# +# local.mk +# +# $Source: /usr/local/CVS/ssldump/common/lib/local.mk,v $ +# $Revision: 1.2 $ +# $Date: 2001/10/04 17:19:47 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 2001, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# COMMON_LIB_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# COMMON_LIB_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# COMMON_LIB_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# COMMON_LIB_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# COMMON_LIB_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# COMMON_LIB_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# COMMON_LIB_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# COMMON_LIB_MAKEFILES: +# the makefiles +# +# COMMON_LIB_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# COMMON_LIB_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# COMMON_LIB_PROGRAMS: +# programs to build +# +# COMMON_LIB_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# COMMON_LIB_SOURCES: +# the source files to compile to object +# +COMMON_LIB_DEFINES = +COMMON_LIB_INCLUDES = +COMMON_LIB_INTERNAL = +COMMON_LIB_LIBNAME = +COMMON_LIB_LIBPATHS = +COMMON_LIB_LIBRARIES = +COMMON_LIB_LOCALFLAGS = +COMMON_LIB_MAKEFILES = targets.mk +COMMON_LIB_PREFIX = COMMON_LIB +COMMON_LIB_PRIVATE = +COMMON_LIB_PROGRAMS = +COMMON_LIB_PUBLIC = +COMMON_LIB_SOURCES = debug.c r_assoc.c r_bitfield.c r_data.c \ + r_errors.c r_list.c r_replace.c r_time.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# COMMON_LIB_OBJECTS: +# object files to build +# +# COMMON_LIB_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# COMMON_LIB_USED: +# all files in the module directory that are used +# during the build process +# +COMMON_LIB_OBJECTS = debug.$(OBJSUFFIX) r_assoc.$(OBJSUFFIX) \ + r_bitfield.$(OBJSUFFIX) r_data.$(OBJSUFFIX) \ + r_errors.$(OBJSUFFIX) r_list.$(OBJSUFFIX) \ + r_replace.$(OBJSUFFIX) r_time.$(OBJSUFFIX) +COMMON_LIB_UNUSED = assoc.h debug.h local.mk r_assoc_test.c r_data.h +COMMON_LIB_USED = $(COMMON_LIB_INTERNAL:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_MAKEFILES:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PRIVATE:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PUBLIC:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_SOURCES:%=$(COMMON_LIB_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# COMMON_LIB_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(COMMON_LIB_DEFINES) +INCLUDES += $(COMMON_LIB_INCLUDES) +LIBPATHS += $(COMMON_LIB_LIBPATHS) +LIBRARIES += $(COMMON_LIB_LIBRARIES) +OBJECTS += $(COMMON_LIB_OBJECTS) +PUBLIC += $(COMMON_LIB_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(COMMON_LIB_LIBNAME) +default: $(COMMON_LIB_PROGRAMS) + +all: $(COMMON_LIB_PUBLIC) +all: $(COMMON_LIB_OBJECTS) +all: $(COMMON_LIB_LIBNAME) +all: $(COMMON_LIB_PROGRAMS) +build: $(COMMON_LIB_PUBLIC) +build: $(COMMON_LIB_OBJECTS) +ci: common_lib_ci +clean: common_lib_clean +clean_public: common_lib_clean_public +objects: $(COMMON_LIB_OBJECTS) +private: $(COMMON_LIB_PRIVATE) +public: $(COMMON_LIB_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +common_lib_ci: + $(CI) $(CIFLAGS) $(COMMON_LIB_USED) + +common_lib_clean: + $(RM) $(RMFLAGS) $(COMMON_LIB_OBJECTS) $(COMMON_LIB_LIBNAME) $(COMMON_LIB_PROGRAMS) + +common_lib_clean_public: + $(RM) $(RMFLAGS) $(COMMON_LIB_PUBLIC) + +common_lib_objects: $(COMMON_LIB_OBJECTS) + +common_lib_programs: $(COMMON_LIB_PROGRAMS) + +common_lib_public: $(COMMON_LIB_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(COMMON_LIB_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(COMMON_LIB_OBJECTS): + $(COMPILE.c) $(COMMON_LIB_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(COMMON_LIB_LOCALFLAGS) + +$(COMMON_LIB_PUBLIC): + $(CP) $(CPFLAGS) $(COMMON_LIB_SRCDIR)$@ $@ + +$(COMMON_LIB_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.h +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.c + +r_assoc.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_assoc.c + +r_bitfield.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_bitfield.c + +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.h +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.c + +r_errors.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_errors.c + +r_list.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_list.c + +r_replace.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_replace.c + +r_time.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_time.c + +$(COMMON_LIB_LIBNAME): $(COMMON_LIB_OBJECTS) diff --git a/common/lib/r_assoc.c b/common/lib/r_assoc.c new file mode 100644 index 0000000..1328350 --- /dev/null +++ b/common/lib/r_assoc.c @@ -0,0 +1,425 @@ +/** + r_assoc.c + + This is an associative array implementation, using an open-chained + hash bucket technique. + + Note that this implementation permits each data entry to have + separate copy constructors and destructors. This currently wastes + space, but could be implemented while saving space by using + the high order bit of the length value or somesuch. + + The major problem with this code is it's not resizable, though it + could be made so. + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_assoc.c,v 1.4 2001/12/24 06:06:26 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 17:57:15 1999 + */ + +static char *RCSSTRING="$Id: r_assoc.c,v 1.4 2001/12/24 06:06:26 ekr Exp $"; + +#include +#include "r_assoc.h" + +typedef struct r_assoc_el_ { + char *key; + int key_len; + void *data; + struct r_assoc_el_ *prev; + struct r_assoc_el_ *next; + int (*copy) PROTO_LIST((void **new,void *old)); + int (*destroy) PROTO_LIST((void *ptr)); +} r_assoc_el; + +struct r_assoc_ { + int size; + int bits; + r_assoc_el **chains; +}; + +#define DEFAULT_TABLE_BITS 5 + +static int destroy_assoc_chain PROTO_LIST((r_assoc_el *chain)); +static int r_assoc_fetch_bucket PROTO_LIST((r_assoc *assoc, + char *key,int len,r_assoc_el **bucketp)); +UINT4 hash_compute PROTO_LIST((char *key,int len,int size)); +static int copy_assoc_chain PROTO_LIST((r_assoc_el **newp, + r_assoc_el *old)); + +int r_assoc_create(assocp) + r_assoc **assocp; + { + r_assoc *assoc=0; + int _status; + + if(!(assoc=(r_assoc *)calloc(sizeof(r_assoc),1))) + ABORT(R_NO_MEMORY); + assoc->size=(1<bits=DEFAULT_TABLE_BITS; + + if(!(assoc->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el *), + assoc->size))) + ABORT(R_NO_MEMORY); + + *assocp=assoc; + + _status=0; + abort: + if(_status){ + r_assoc_destroy(&assoc); + } + return(_status); + } + +int r_assoc_destroy(assocp) + r_assoc **assocp; + { + r_assoc *assoc; + int i; + + if(!assocp || !*assocp) + return(0); + + assoc=*assocp; + for(i=0;isize;i++) + destroy_assoc_chain(assoc->chains[i]); + + return(0); + } + +static int destroy_assoc_chain(chain) + r_assoc_el *chain; + { + r_assoc_el *nxt; + + while(chain){ + nxt=chain->next; + + if(chain->destroy) + chain->destroy(chain->data); + + free(chain->key); + + free(chain); + chain=nxt; + } + + return(0); + } + +static int copy_assoc_chain(newp,old) + r_assoc_el **newp; + r_assoc_el *old; + { + r_assoc_el *new=0,*ptr,*tmp; + int r,_status; + + if(!old) { + *newp=0; + return(0); + } + for(;old;old=old->next){ + if(!(tmp=(r_assoc_el *)calloc(sizeof(r_assoc_el),1))) + ABORT(R_NO_MEMORY); + + if(!new){ + new=tmp; + ptr=new; + } + else{ + ptr->next=tmp; + tmp->prev=ptr; + ptr=tmp; + } + + ptr->destroy=old->destroy; + ptr->copy=old->copy; + + if(old->copy){ + if(r=old->copy(&ptr->data,old->data)) + ABORT(r); + } + else + ptr->data=old->data; + + if(!(ptr->key=(char *)malloc(old->key_len))) + ABORT(R_NO_MEMORY); + memcpy(ptr->key,old->key,ptr->key_len=old->key_len); + } + + *newp=new; + + _status=0; + abort: + if(_status){ + destroy_assoc_chain(new); + } + return(_status); + } + +static int r_assoc_fetch_bucket(assoc,key,len,bucketp) + r_assoc *assoc; + char *key; + int len; + r_assoc_el **bucketp; + { + UINT4 hash_value; + r_assoc_el *bucket; + + hash_value=hash_compute(key,len,assoc->bits); + + for(bucket=assoc->chains[hash_value];bucket;bucket=bucket->next){ + if(bucket->key_len == len && !memcmp(bucket->key,key,len)){ + *bucketp=bucket; + return(0); + } + } + + return(R_NOT_FOUND); + } + +int r_assoc_fetch(assoc,key,len,datap) + r_assoc *assoc; + char *key; + int len; + void **datap; + { + r_assoc_el *bucket; + int r; + + if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ + if(r!=R_NOT_FOUND) + ERETURN(r); + return(r); + } + + *datap=bucket->data; + return(0); + } + +int r_assoc_insert(assoc,key,len,data,copy,destroy,how) + r_assoc *assoc; + char *key; + int len; + void *data; + int (*copy) PROTO_LIST((void **new,void *old)); + int (*destroy) PROTO_LIST((void *ptr)); + int how; + { + r_assoc_el *bucket,*new_bucket=0; + int r,_status; + + if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ + /*Note that we compute the hash value twice*/ + UINT4 hash_value; + + if(r!=R_NOT_FOUND) + ABORT(r); + hash_value=hash_compute(key,len,assoc->bits); + + if(!(new_bucket=(r_assoc_el *)calloc(sizeof(r_assoc_el),1))) + ABORT(R_NO_MEMORY); + if(!(new_bucket->key=(char *)malloc(len))) + ABORT(R_NO_MEMORY); + memcpy(new_bucket->key,key,len); + new_bucket->key_len=len; + + /*Insert at the list head. Is FIFO a good algorithm?*/ + if(assoc->chains[hash_value]) + assoc->chains[hash_value]->prev=new_bucket; + new_bucket->next=assoc->chains[hash_value]; + assoc->chains[hash_value]=new_bucket; + bucket=new_bucket; + } + else{ + if(!(how&R_ASSOC_REPLACE)) + ABORT(R_ALREADY); + + if(bucket->destroy) + bucket->destroy(bucket->data); + } + + bucket->data=data; + bucket->copy=copy; + bucket->destroy=destroy; + + _status=0; + abort: + if(_status && new_bucket){ + free(new_bucket->key); + free(new_bucket); + } + return(_status); + } + +int r_assoc_copy(newp,old) + r_assoc **newp; + r_assoc *old; + { + int r,_status,i; + r_assoc *new; + + if(!(new=(r_assoc *)calloc(sizeof(r_assoc),1))) + ABORT(r); + new->size=old->size; + new->bits=old->bits; + + if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size))) + ABORT(R_NO_MEMORY); + for(i=0;isize;i++){ + if(r=copy_assoc_chain(new->chains+i,old->chains[i])) + ABORT(r); + } + *newp=new; + + _status=0; + abort: + if(_status){ + r_assoc_destroy(&new); + } + return(_status); + } + +int r_assoc_init_iter(assoc,iter) + r_assoc *assoc; + r_assoc_iterator *iter; + { + int i; + + iter->assoc=assoc; + iter->prev_chain=-1; + iter->prev=0; + + iter->next_chain=assoc->size; + iter->next=0; + + for(i=0;isize;i++){ + if(assoc->chains[i]!=0){ + iter->next_chain=i; + iter->next=assoc->chains[i]; + break; + } + } + + return(0); + } + +int r_assoc_iter(iter,key,keyl,val) + r_assoc_iterator *iter; + void **key; + int *keyl; + void **val; + { + int i; + r_assoc_el *ret; + + if(!iter->next) + return(R_EOD); + ret=iter->next; + + *key=ret->key; + *keyl=ret->key_len; + *val=ret->data; + + /* Now increment */ + iter->prev_chain=iter->next_chain; + iter->prev=iter->next; + + /* More on this chain */ + if(iter->next->next){ + iter->next=iter->next->next; + } + else{ + iter->next=0; + + /* FInd the next occupied chain*/ + for(i=iter->next_chain;iassoc->size;i++){ + if(iter->assoc->chains[i]){ + iter->next_chain=i; + iter->next=iter->assoc->chains[i]; + break; + } + } + } + + return(0); + } + +/* Delete the last returned value*/ +int r_assoc_iter_delete(iter) + r_assoc_iterator *iter; + { + /* First unhook it from the list*/ + if(!iter->prev->prev){ + /* First element*/ + iter->assoc->chains[iter->prev_chain]=iter->prev->next; + } + else{ + iter->prev->prev->next=iter->prev->next; + } + + if(iter->prev->next){ + iter->prev->next->prev=iter->prev->prev; + } + + iter->prev->destroy(iter->prev->data); + free(iter->prev->data); + free(iter->prev); + return(0); + } + + +/*This is a hack from AMS. Supposedly, it's pretty good for strings, even + though it doesn't take into account all the data*/ +UINT4 hash_compute(key,len,bits) + char *key; + int len; + int bits; + { + UINT4 h=0; + + h=key[0] +(key[len-1] * len); + + h &= (1< and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_assoc_test.c,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Sun Jan 17 21:09:22 1999 + */ + + +static char *RCSSTRING="$Id: r_assoc_test.c,v 1.2 2000/10/17 16:10:00 ekr Exp $"; + +#include +#include + +int main() + { + char test_vector[1024],*v; + int rnd,ct,r; + r_assoc *assoc,*new_assoc; + + if(r=r_assoc_create(&assoc)){ + fprintf(stderr,"Couldn't create\n"); + exit(1); + } + + srand(getpid()); + + v=test_vector; + for(ct=0;ct<256;ct++){ + v[0]=ct & 255; + v[1]=(ct>>8) & 255; + v[2]=(ct>>16) & 255; + v[3]=(ct>>24) & 255; + + + if(r=r_assoc_insert(assoc,v,4,v,0,0,R_ASSOC_REPLACE)){ + fprintf(stderr,"Couldn't insert %d\n",ct); + exit(1); + } + + v+=4; + } + + fetch_test(assoc); + + if(r=r_assoc_copy(&new_assoc,assoc)){ + fprintf(stderr,"Couldn't copy\n"); + exit(1); + } + + r_assoc_destroy(&assoc); + + fetch_test(new_assoc); + + r_assoc_destroy(&new_assoc); + + printf("Tests pass\n"); + exit(0); + } + +int fetch_test(assoc) + r_assoc *assoc; + { + int ct; + char vec[4],*v; + int r,_status,rnd; + + for(ct=0;ct<65537;ct++){ + rnd=rand(); + + rnd &= 0x3ff; + + vec[0]=rnd & 255; + vec[1]=(rnd>>8) & 255; + vec[2]=(rnd>>16) & 255; + vec[3]=(rnd>>24) & 255; + + if(r=r_assoc_fetch(assoc,vec,4,(void **)&v)){ + + if(rnd<256){ + fprintf(stderr,"Couldn't fetch\n"); + exit(1); + } + else + continue; + } + else{ + if(rnd>255){ + fprintf(stderr,"Spurious fetch\n"); + exit(1); + } + } + + if(memcmp(vec,v,4)){ + fprintf(stderr,"Fetch error\n"); + exit(1); + } + } + return(0); + } diff --git a/common/lib/r_bitfield.c b/common/lib/r_bitfield.c new file mode 100644 index 0000000..cfdbba5 --- /dev/null +++ b/common/lib/r_bitfield.c @@ -0,0 +1,113 @@ +/** + r_bitfield.c + + Copyright (C) 2001 RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Wed Oct 3 11:15:23 2001 + */ + + +static char *RCSSTRING="$Id: r_bitfield.c,v 1.3 2001/12/24 06:06:26 ekr Exp $"; + +#include +#include "r_bitfield.h" + +int r_bitfield_create(setp,size) + r_bitfield **setp; + UINT4 size; + { + r_bitfield *set=0; + int _status; + int num_words=size/32+!!(size%32); + + if(!(set=(r_bitfield *)RMALLOC(sizeof(r_bitfield)))) + ABORT(R_NO_MEMORY); + + if(!(set->data=(UINT4 *)RMALLOC(num_words*4))) + ABORT(R_NO_MEMORY); + memset(set->data,0,4*num_words); + + set->base=0; + set->len=num_words; + + *setp=set; + + _status=0; + abort: + if(_status){ + r_bitfield_destroy(&set); + } + return(_status); + } + +int r_bitfield_destroy(setp) + r_bitfield **setp; + { + r_bitfield *set; + + if(!setp || !*setp) + return(0); + + set=*setp; + + RFREE(set->data); + RFREE(set); + + *setp=0; + return(0); + } + +int r_bitfield_set(set,bit) + r_bitfield *set; + int bit; + { + int word=(bit-set->base)/32; + int bbit=(bit-set->base)%32; + int _status; + + /* Resize? */ + if(word>set->len){ + UINT4 newlen=set->len; + UINT4 *tmp; + + while(newlendata,set->len*4); + memset(tmp+set->len*4,0,(newlen-set->len)*4); + + RFREE(set->data); + set->data=tmp; + } + + set->data[word]|=1<base)/32; + int bbit=(bit-set->base)%32; + int _status; + + if(bitbase) + return(0); + + /* Resize? */ + if(word>set->len) + return(0); + + return(set->data[word]&(1< and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_data.c,v 1.3 2001/07/20 23:33:15 ekr Exp $ + + + ekr@rtfm.com Tue Aug 17 15:39:50 1999 + */ + + +static char *RCSSTRING="$Id: r_data.c,v 1.3 2001/07/20 23:33:15 ekr Exp $"; + +#include +#include + +int r_data_create(dp,d,l) + Data **dp; + UCHAR *d; + int l; + { + Data *d_=0; + int _status; + + if(!(d_=(Data *)calloc(sizeof(Data),1))) + ABORT(R_NO_MEMORY); + if(!(d_->data=(UCHAR *)malloc(l))) + ABORT(R_NO_MEMORY); + + memcpy(d_->data,d,l); + d_->len=l; + + *dp=d_; + + _status=0; + abort: + if(_status) + r_data_destroy(&d_); + + return(_status); + } + +int r_data_alloc(dp,l) + Data **dp; + int l; + { + Data *d_=0; + int _status; + + if(!(d_=(Data *)calloc(sizeof(Data),1))) + ABORT(R_NO_MEMORY); + if(!(d_->data=(UCHAR *)calloc(l,1))) + ABORT(R_NO_MEMORY); + + d_->len=l; + + *dp=d_; + _status=0; + abort: + if(_status) + r_data_destroy(&d_); + + return(_status); + } + +int r_data_make(dp,d,l) + Data *dp; + UCHAR *d; + int l; + { + if(!(dp->data=(UCHAR *)malloc(l))) + ERETURN(R_NO_MEMORY); + + memcpy(dp->data,d,l); + dp->len=l; + + return(0); + } + +int r_data_destroy(dp) + Data **dp; + { + if(!dp || !*dp) + return(0); + + if((*dp)->data) + free((*dp)->data); + + free(*dp); + *dp=0; + + return(0); + } + +int r_data_copy(dst,src) + Data *dst; + Data *src; + { + if(!(dst->data=(UCHAR *)malloc(src->len))) + ERETURN(R_NO_MEMORY); + memcpy(dst->data,src->data,dst->len=src->len); + return(0); + } + +int r_data_zfree(d) + Data *d; + { + if(!d) + return(0); + if(!d->data) + return(0); + memset(d->data,0,d->len); + free(d->data); + return(0); + } + +int r_data_compare(d1,d2) + Data *d1; + Data *d2; + { + if(d1->lenlen) + return(-1); + if(d2->lenlen) + return(-1); + return(memcmp(d1->data,d2->data,d1->len)); + } + diff --git a/common/lib/r_data.h b/common/lib/r_data.h new file mode 100644 index 0000000..bc3507b --- /dev/null +++ b/common/lib/r_data.h @@ -0,0 +1,52 @@ +/** + r_data.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_data.h,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Fri Feb 4 08:58:48 2000 + */ + + +#ifndef _r_data_h +#define _r_data_h + + +#endif + diff --git a/common/lib/r_errors.c b/common/lib/r_errors.c new file mode 100644 index 0000000..a65f671 --- /dev/null +++ b/common/lib/r_errors.c @@ -0,0 +1,61 @@ +/** + r_errors.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_errors.c,v 1.3 2001/12/24 06:06:27 ekr Exp $ + + + ekr@rtfm.com Tue Feb 16 16:37:05 1999 + */ + + +static char *RCSSTRING="$Id: r_errors.c,v 1.3 2001/12/24 06:06:27 ekr Exp $"; + +#include +#include +#include "r_common.h" +#include "r_errors.h" + +int verr_exit(char *fmt,...) + { + va_list ap; + + va_start(ap,fmt); + vfprintf(stderr,fmt,ap); + exit(1); + } diff --git a/common/lib/r_list.c b/common/lib/r_list.c new file mode 100644 index 0000000..f2205df --- /dev/null +++ b/common/lib/r_list.c @@ -0,0 +1,234 @@ +/** + r_list.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_list.c,v 1.4 2001/12/24 06:06:27 ekr Exp $ + + + ekr@rtfm.com Tue Jan 19 08:36:39 1999 + */ + + +static char *RCSSTRING="$Id: r_list.c,v 1.4 2001/12/24 06:06:27 ekr Exp $"; + +#include +#include "r_list.h" + +typedef struct r_list_el_ { + void *data; + struct r_list_el_ *next; + struct r_list_el_ *prev; + int (*copy) PROTO_LIST((void **new,void *old)); + int (*destroy) PROTO_LIST((void **ptr)); +} r_list_el; + +struct r_list_ { + struct r_list_el_ *first; + struct r_list_el_ *last; +}; + +int r_list_create(listp) + r_list **listp; + { + r_list *list=0; + int _status; + + if(!(list=(r_list *)calloc(sizeof(r_list),1))) + ABORT(R_NO_MEMORY); + + list->first=0; + list->last=0; + *listp=list; + + _status=0; + abort: + return(_status); + } + +int r_list_destroy(listp) + r_list **listp; + { + r_list *list; + r_list_el *el; + + if(!listp || !*listp) + return(0); + list=*listp; + + el=list->first; + + while(el){ + r_list_el *el_t; + + if(el->destroy && el->data) + el->destroy(&el->data); + el_t=el; + el=el->next; + free(el_t); + } + + free(list); + *listp=0; + + return(0); + } + +int r_list_copy(outp,in) + r_list**outp; + r_list *in; + { + r_list *out=0; + r_list_el *el,*el2,*last=0; + int r, _status; + + if(r=r_list_create(&out)) + ABORT(r); + + for(el=in->first;in;el=el->next){ + if(!(el2=(r_list_el *)calloc(sizeof(r_list_el),1))) + ABORT(R_NO_MEMORY); + + if(el->copy && el->data){ + if(r=el->copy(&el2->data,el->data)) + ABORT(r); + } + + el2->copy=el->copy; + el2->destroy=el->destroy; + + if(!(out->first)) + out->first=el2; + + el2->prev=last; + last->next=el2; + last=el2; + } + + out->last=last; + + *outp=out; + + _status=0; + abort: + if(_status) + r_list_destroy(&out); + return(_status); + } + +int r_list_insert(list,value,copy,destroy) + r_list *list; + void *value; + int (*copy) PROTO_LIST((void **out, void *in)); + int (*destroy) PROTO_LIST((void **val)); + { + r_list_el *el=0; + int _status; + + if(!(el=(r_list_el *)calloc(sizeof(r_list_el),1))) + ABORT(R_NO_MEMORY); + el->data=value; + el->copy=copy; + el->destroy=destroy; + + el->prev=0; + el->next=list->first; + if(list->first){ + list->first->prev=el; + } + list->first=el; + + _status=0; + abort: + return(_status); + } + +int r_list_append(list,value,copy,destroy) + r_list *list; + void *value; + int (*copy) PROTO_LIST((void **out, void *in)); + int (*destroy) PROTO_LIST((void **val)); + { + r_list_el *el=0; + int _status; + + if(!(el=(r_list_el *)calloc(sizeof(r_list_el),1))) + ABORT(R_NO_MEMORY); + el->data=value; + el->copy=copy; + el->destroy=destroy; + + el->prev=list->last; + el->next=0; + + if(list->last) list->last->next=el; + else list->first=el; + + list->last=el; + + _status=0; + abort: + return(_status); + } + +int r_list_init_iter(list,iter) + r_list *list; + r_list_iterator *iter; + { + iter->list=list; + iter->ptr=list->first; + + return(0); + } + +int r_list_iter(iter,val) + r_list_iterator *iter; + void **val; + { + if(!iter->ptr) + return(R_EOD); + + *val=iter->ptr->data; + iter->ptr=iter->ptr->next; + + return(0); + } + + + + + diff --git a/common/lib/r_replace.c b/common/lib/r_replace.c new file mode 100644 index 0000000..ebe4786 --- /dev/null +++ b/common/lib/r_replace.c @@ -0,0 +1,67 @@ +/** + r_replace.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_replace.c,v 1.2 2000/10/17 16:10:00 ekr Exp $ + + + ekr@rtfm.com Sun Oct 1 11:18:49 2000 + */ + + +static char *RCSSTRING="$Id: r_replace.c,v 1.2 2000/10/17 16:10:00 ekr Exp $"; + +#include "r_common.h" + +#ifndef HAVE_STRDUP + +char *strdup(str) + char *str; + { + int len=strlen(str); + char *n; + + if(!(n=(char *)malloc(len+1))) + return(0); + + memcpy(n,str,len+1); + + return(n); + } +#endif + diff --git a/common/lib/r_time.c b/common/lib/r_time.c new file mode 100644 index 0000000..c6357e8 --- /dev/null +++ b/common/lib/r_time.c @@ -0,0 +1,158 @@ +/** + r_time.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: r_time.c,v 1.6 2002/09/09 21:02:58 ekr Exp $ + + + ekr@rtfm.com Thu Mar 4 08:43:46 1999 + */ + + +static char *RCSSTRING="$Id: r_time.c,v 1.6 2002/09/09 21:02:58 ekr Exp $"; + +#include +#include + +#ifdef _WIN32 + +#include + +int gettimeofday(struct timeval *tv, struct timezone *tzp) +{ + /* JAN1_1970_OFFSET is the number of 100-nanoseconds ticks + between midnight jan 1, 1970 and jan 1, 1601. + */ + + const ULARGE_INTEGER JAN1_1970_OFFSET = {0xd53e8000, 0x019db1de}; + ULARGE_INTEGER currentTimeSinceJan_1_1970; + FILETIME currentTime; + + GetSystemTimeAsFileTime( ¤tTime ); + currentTimeSinceJan_1_1970.LowPart = currentTime.dwLowDateTime; + currentTimeSinceJan_1_1970.HighPart = currentTime.dwHighDateTime; + currentTimeSinceJan_1_1970.QuadPart -= JAN1_1970_OFFSET.QuadPart; + + /* At this point, currentTimeSinceJan_1_1970 contains the + number of 100-nanosecond 'ticks' since midnight, Jan. 1, + 1970. This is equivalent to 10 * the number of microseconds + elapsed since this time. The BSD man pages for gettimeofday() + suggest that we should return the whole number of seconds in + the tv_sec field, and the fractional number of seconds in units + of microseconds in the tv_usec field. + + sec = time / 10000000, usec = (time % 10000000) / 10; + */ + + tv->tv_sec = currentTimeSinceJan_1_1970.QuadPart / 10000000; + tv->tv_usec = (currentTimeSinceJan_1_1970.QuadPart % 10000000) / 10; + return 0; +} +#endif +/*Note that t1 must be > t0 */ +int r_timeval_diff(t1,t0,diff) + struct timeval *t1; + struct timeval *t0; + struct timeval *diff; + { + long d; + + if(t0->tv_sec > t1->tv_sec) + ERETURN(R_BAD_ARGS); + + /*Easy case*/ + if(t0->tv_usec <= t1->tv_usec){ + diff->tv_sec=t1->tv_sec - t0->tv_sec; + diff->tv_usec=t1->tv_usec - t0->tv_usec; + return(0); + } + + /*Hard case*/ + d=t0->tv_usec - t1->tv_usec; + if(t1->tv_sec < (t0->tv_sec + 1)) + ERETURN(R_BAD_ARGS); + diff->tv_sec=t1->tv_sec - (t0->tv_sec + 1); + diff->tv_usec=1000000 - d; + + return(0); + } + +int r_timeval_add(t1,t2,sum) + struct timeval *t1; + struct timeval *t2; + struct timeval *sum; + { + long tv_sec,tv_usec,d; + + tv_sec=t1->tv_sec + t2->tv_sec; + + d=t1->tv_usec + t2->tv_usec; + if(d>1000000){ + tv_sec++; + tv_usec=d-1000000; + } + else{ + tv_usec=d; + } + + sum->tv_sec=tv_sec; + sum->tv_usec=tv_usec; + + return(0); + } + +UINT8 r_timeval2int(tv) + struct timeval *tv; + { + UINT8 r=0; + + r=(tv->tv_sec); + r*=1000000; + r+=tv->tv_usec; + + return r; + } + +UINT8 r_gettimeint() + { + struct timeval tv; + + gettimeofday(&tv,0); + + return r_timeval2int(&tv); + } diff --git a/common/lib/rb_local.mk b/common/lib/rb_local.mk new file mode 100644 index 0000000..a44df54 --- /dev/null +++ b/common/lib/rb_local.mk @@ -0,0 +1,280 @@ +# +# rb_local.mk +# +# $Source$ +# $Revision$ +# $Date$ +# $Name$ +# $Disclaimer$ +# +# Copyright (C) 2001, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# COMMON_LIB_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# COMMON_LIB_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# COMMON_LIB_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# COMMON_LIB_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# COMMON_LIB_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# COMMON_LIB_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# COMMON_LIB_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# COMMON_LIB_MAKEFILES: +# the makefiles +# +# COMMON_LIB_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# COMMON_LIB_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# COMMON_LIB_PROGRAMS: +# programs to build +# +# COMMON_LIB_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# COMMON_LIB_SOURCES: +# the source files to compile to object +# +COMMON_LIB_DEFINES = +COMMON_LIB_INCLUDES = +COMMON_LIB_INTERNAL = +COMMON_LIB_LIBNAME = libcommon.$(LIBSUFFIX) +COMMON_LIB_LIBPATHS = +COMMON_LIB_LIBRARIES = +COMMON_LIB_LOCALFLAGS = +COMMON_LIB_MAKEFILES = targets.mk +COMMON_LIB_PREFIX = COMMON_LIB +COMMON_LIB_PRIVATE = +COMMON_LIB_PROGRAMS = +COMMON_LIB_PUBLIC = +COMMON_LIB_SOURCES = debug.c r_assoc.c r_bitfield.c r_data.c \ + r_errors.c r_list.c r_replace.c r_time.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# COMMON_LIB_OBJECTS: +# object files to build +# +# COMMON_LIB_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# COMMON_LIB_USED: +# all files in the module directory that are used +# during the build process +# +COMMON_LIB_OBJECTS = debug.$(OBJSUFFIX) r_assoc.$(OBJSUFFIX) \ + r_bitfield.$(OBJSUFFIX) r_data.$(OBJSUFFIX) \ + r_errors.$(OBJSUFFIX) r_list.$(OBJSUFFIX) \ + r_replace.$(OBJSUFFIX) r_time.$(OBJSUFFIX) +COMMON_LIB_UNUSED = assoc.h debug.h local.mk r_assoc_test.c r_data.h \ + rb_local.mk +COMMON_LIB_USED = $(COMMON_LIB_INTERNAL:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_MAKEFILES:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PRIVATE:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_PUBLIC:%=$(COMMON_LIB_SRCDIR)%) \ + $(COMMON_LIB_SOURCES:%=$(COMMON_LIB_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# COMMON_LIB_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(COMMON_LIB_DEFINES) +INCLUDES += $(COMMON_LIB_INCLUDES) +LIBPATHS += $(COMMON_LIB_LIBPATHS) +LIBRARIES += $(COMMON_LIB_LIBRARIES) +OBJECTS += $(COMMON_LIB_OBJECTS) +PUBLIC += $(COMMON_LIB_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(COMMON_LIB_LIBNAME) +default: $(COMMON_LIB_PROGRAMS) + +all: $(COMMON_LIB_PUBLIC) +all: $(COMMON_LIB_OBJECTS) +all: $(COMMON_LIB_LIBNAME) +all: $(COMMON_LIB_PROGRAMS) +build: $(COMMON_LIB_PUBLIC) +build: $(COMMON_LIB_OBJECTS) +ci: common_lib_ci +clean: common_lib_clean +clean_public: common_lib_clean_public +objects: $(COMMON_LIB_OBJECTS) +private: $(COMMON_LIB_PRIVATE) +public: $(COMMON_LIB_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +common_lib_ci: + $(CI) $(CIFLAGS) $(COMMON_LIB_USED) + +common_lib_clean: + $(RM) $(RMFLAGS) $(COMMON_LIB_OBJECTS) $(COMMON_LIB_LIBNAME) $(COMMON_LIB_PROGRAMS) + +common_lib_clean_public: + $(RM) $(RMFLAGS) $(COMMON_LIB_PUBLIC) + +common_lib_objects: $(COMMON_LIB_OBJECTS) + +common_lib_programs: $(COMMON_LIB_PROGRAMS) + +common_lib_public: $(COMMON_LIB_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(COMMON_LIB_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(COMMON_LIB_OBJECTS): + $(COMPILE.c) $(COMMON_LIB_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(COMMON_LIB_LOCALFLAGS) + +$(COMMON_LIB_PUBLIC): + $(CP) $(CPFLAGS) $(COMMON_LIB_SRCDIR)$@ $@ + +$(COMMON_LIB_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.h +debug.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)debug.c + +r_assoc.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_assoc.c + +r_bitfield.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_bitfield.c + +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.h +r_data.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_data.c + +r_errors.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_errors.c + +r_list.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_list.c + +r_replace.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_replace.c + +r_time.$(OBJSUFFIX): $(COMMON_LIB_SRCDIR)r_time.c + +$(COMMON_LIB_LIBNAME): $(COMMON_LIB_OBJECTS) diff --git a/common/lib/targets.mk b/common/lib/targets.mk new file mode 100644 index 0000000..6bc07d3 --- /dev/null +++ b/common/lib/targets.mk @@ -0,0 +1,2 @@ +include $(COMMON_LIB_SRCDIR)local.mk + diff --git a/common/lib/threads/null/targets.mk b/common/lib/threads/null/targets.mk new file mode 100644 index 0000000..e69de29 diff --git a/common/lib/threads/pthreads/pthread.c b/common/lib/threads/pthreads/pthread.c new file mode 100644 index 0000000..486bab1 --- /dev/null +++ b/common/lib/threads/pthreads/pthread.c @@ -0,0 +1,151 @@ +/** + pthread.c + + Copyright (C) 1999, RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Tue Feb 23 15:08:03 1999 + */ + + +static char *RCSSTRING="$Id: pthread.c,v 1.1.1.1 2000/10/09 00:45:39 ekr Exp $"; + +#include +#include +#include + +static int thread_count=0; + +typedef struct { + void (*func) PROTO_LIST((void *)); + void *arg; +} helper; + + +static void *r_thread_real_create PROTO_LIST((void *arg)); + +static void *r_thread_real_create(arg) + void *arg; + { + helper *h; + + h=(helper *)arg; + + thread_count++; + + h->func(h->arg); + + thread_count--; + free(h); + return(0); + } + +int r_thread_fork(func,arg,id) + void (*func) PROTO_LIST((void *)); + void *arg; + r_thread *id; + { + pthread_t thread; + helper *h; + int r,_status; + + h=(helper *)malloc(sizeof(helper)); + + h->func=func; + h->arg=arg; + + if(r=pthread_create(&thread,0,r_thread_real_create,(void *)h)) + ABORT(R_INTERNAL); + + _status=0; + abort: + return(_status); + } + +int r_thread_yield() + { + pthread_yield(); + } + +int r_thread_exit() + { + thread_count--; + pthread_exit(0); + return(0); + } + +int r_thread_wait_last() + { + do { + pthread_yield(); + usleep(10000); + DBG((0,"%d threads left",thread_count)); + } while (thread_count); + + return(0); + } + +int r_rwlock_create(lockp) + r_rwlock **lockp; + { + pthread_rwlock_t *lock; + int r; + + if(!(lock=(pthread_rwlock_t *)malloc(sizeof(pthread_rwlock_t)))) + ERETURN(R_NO_MEMORY); + + if(r=pthread_rwlock_init(lock,0)) + ERETURN(R_INTERNAL); + + *lockp=(void *)lock; + return(0); + } + +int r_rwlock_destroy(lock) + r_rwlock **lock; + { + pthread_rwlock_t *plock; + + if(!lock || !*lock) + return(0); + + plock=(pthread_rwlock_t *)(*lock); + + pthread_rwlock_destroy(plock); + + return(0); + } + +int r_rwlock_lock(lock,action) + r_rwlock *lock; + int action; + { + pthread_rwlock_t *plock; + int r,_status; + + plock=(pthread_rwlock_t *)lock; + + switch(action){ + case R_RWLOCK_UNLOCK: + if(r=pthread_rwlock_unlock(plock)) + ABORT(R_INTERNAL); + break; + case R_RWLOCK_RLOCK: + if(r=pthread_rwlock_rdlock(plock)) + ABORT(R_INTERNAL); + break; + case R_RWLOCK_WLOCK: + if(r=pthread_rwlock_wrlock(plock)) + ABORT(R_INTERNAL); + break; + default: + ABORT(R_BAD_ARGS); + } + + _status=0; + abort: + return(_status); + } + + + diff --git a/common/lib/threads/pthreads/targets.mk b/common/lib/threads/pthreads/targets.mk new file mode 100644 index 0000000..0ea5ac0 --- /dev/null +++ b/common/lib/threads/pthreads/targets.mk @@ -0,0 +1,259 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/common/lib/threads/pthreads/targets.mk,v $ +# $Revision: 1.1.1.1 $ +# $Date: 2000/10/09 00:45:39 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 1999, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# THREADS_PTHREADS_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# THREADS_PTHREADS_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# THREADS_PTHREADS_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# THREADS_PTHREADS_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# THREADS_PTHREADS_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# THREADS_PTHREADS_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# THREADS_PTHREADS_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# THREADS_PTHREADS_MAKEFILES: +# the makefiles +# +# THREADS_PTHREADS_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# THREADS_PTHREADS_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# THREADS_PTHREADS_PROGRAMS: +# programs to build +# +# THREADS_PTHREADS_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# THREADS_PTHREADS_SOURCES: +# the source files to compile to object +# +THREADS_PTHREADS_DEFINES = +THREADS_PTHREADS_INCLUDES = +THREADS_PTHREADS_INTERNAL = +THREADS_PTHREADS_LIBNAME = +THREADS_PTHREADS_LIBPATHS = +THREADS_PTHREADS_LIBRARIES = +THREADS_PTHREADS_LOCALFLAGS = +THREADS_PTHREADS_MAKEFILES = +THREADS_PTHREADS_PREFIX = THREADS_PTHREADS +THREADS_PTHREADS_PRIVATE = +THREADS_PTHREADS_PROGRAMS = +THREADS_PTHREADS_PUBLIC = +THREADS_PTHREADS_SOURCES = pthread.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# THREADS_PTHREADS_OBJECTS: +# object files to build +# +# THREADS_PTHREADS_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# THREADS_PTHREADS_USED: +# all files in the module directory that are used +# during the build process +# +THREADS_PTHREADS_OBJECTS = pthread.$(OBJSUFFIX) +THREADS_PTHREADS_UNUSED = targets.mk +THREADS_PTHREADS_USED = $(THREADS_PTHREADS_INTERNAL:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_MAKEFILES:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_PRIVATE:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_PUBLIC:%=$(THREADS_PTHREADS_SRCDIR)%) \ + $(THREADS_PTHREADS_SOURCES:%=$(THREADS_PTHREADS_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# THREADS_PTHREADS_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(THREADS_PTHREADS_DEFINES) +INCLUDES += $(THREADS_PTHREADS_INCLUDES) +LIBPATHS += $(THREADS_PTHREADS_LIBPATHS) +LIBRARIES += $(THREADS_PTHREADS_LIBRARIES) +OBJECTS += $(THREADS_PTHREADS_OBJECTS) +PUBLIC += $(THREADS_PTHREADS_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(THREADS_PTHREADS_LIBNAME) +default: $(THREADS_PTHREADS_PROGRAMS) + +all: $(THREADS_PTHREADS_PUBLIC) +all: $(THREADS_PTHREADS_OBJECTS) +all: $(THREADS_PTHREADS_LIBNAME) +all: $(THREADS_PTHREADS_PROGRAMS) +build: $(THREADS_PTHREADS_PUBLIC) +build: $(THREADS_PTHREADS_OBJECTS) +ci: threads_pthreads_ci +clean: threads_pthreads_clean +clean_public: threads_pthreads_clean_public +objects: $(THREADS_PTHREADS_OBJECTS) +private: $(THREADS_PTHREADS_PRIVATE) +public: $(THREADS_PTHREADS_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +threads_pthreads_ci: + $(CI) $(CIFLAGS) $(THREADS_PTHREADS_USED) + +threads_pthreads_clean: + $(RM) $(RMFLAGS) $(THREADS_PTHREADS_OBJECTS) $(THREADS_PTHREADS_LIBNAME) $(THREADS_PTHREADS_PROGRAMS) + +threads_pthreads_clean_public: + $(RM) $(RMFLAGS) $(THREADS_PTHREADS_PUBLIC) + +threads_pthreads_objects: $(THREADS_PTHREADS_OBJECTS) + +threads_pthreads_programs: $(THREADS_PTHREADS_PROGRAMS) + +threads_pthreads_public: $(THREADS_PTHREADS_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(THREADS_PTHREADS_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(THREADS_PTHREADS_OBJECTS): + $(COMPILE.c) $(THREADS_PTHREADS_SRCDIR)$(@:%.$(OBJSUFFIX)=%.c) $(DEFINES) $(INCLUDES) $(THREADS_PTHREADS_LOCALFLAGS) + +$(THREADS_PTHREADS_PUBLIC): + $(CP) $(CPFLAGS) $(THREADS_PTHREADS_SRCDIR)$@ $@ + +$(THREADS_PTHREADS_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +pthread.$(OBJSUFFIX): $(THREADS_PTHREADS_SRCDIR)pthread.c + +$(THREADS_PTHREADS_LIBNAME): $(THREADS_PTHREADS_OBJECTS) diff --git a/common/lib/threads/targets.mk b/common/lib/threads/targets.mk new file mode 100644 index 0000000..17cf9ab --- /dev/null +++ b/common/lib/threads/targets.mk @@ -0,0 +1,4 @@ +THREADS_SRCDIR=$(COMMON_LIB_SRCDIR)threads/ +THREADS_PTHREADS_SRCDIR=$(THREADS_SRCDIR)pthreads/ + +include $(THREADS_SRCDIR)$(THREADS_TYPE)/targets.mk diff --git a/config.guess b/config.guess new file mode 100755 index 0000000..e9e4455 --- /dev/null +++ b/config.guess @@ -0,0 +1,693 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Written by Per Bothner . +# The master version of this file is at the FSF in /home/gd/gnu/lib. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit system type (host/target name). +# +# Only a few systems have been added to this list; please add others +# (but try to keep the structure clean). +# + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 8/24/94.) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + alpha:OSF1:*:*) + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-cbm-sysv4 + exit 0;; + amiga:NetBSD:*:*) + echo m68k-cbm-netbsd${UNAME_RELEASE} + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-cbm-openbsd${UNAME_RELEASE} + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + atari*:NetBSD:*:*) + echo m68k-atari-netbsd${UNAME_RELEASE} + exit 0 ;; + atari*:OpenBSD:*:*) + echo m68k-atari-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:NetBSD:*:*) + echo m68k-sun-netbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:OpenBSD:*:*) + echo m68k-sun-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:NetBSD:*:*) + echo m68k-apple-netbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-apple-openbsd${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + sed 's/^ //' << EOF >dummy.c + int main (argc, argv) int argc; char **argv; { + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + ${CC-cc} dummy.c -o dummy \ + && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ + -o ${TARGET_BINARY_INTERFACE}x = x ] ; then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i?86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + sed 's/^ //' << EOF >dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:4) + if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=4.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[3478]??:HP-UX:*:*) + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; + 9000/8?? ) HP_ARCH=hppa1.0 ;; + esac + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + sed 's/^ //' << EOF >dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i?86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*X-MP:*:*:*) + echo xmp-cray-unicos + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY-2:*:*:*) + echo cray2-cray-unicos + exit 0 ;; + F300:UNIX_System_V:*:*) + FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + F301:UNIX_System_V:*:*) + echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` + exit 0 ;; + hp3[0-9][05]:NetBSD:*:*) + echo m68k-hp-netbsd${UNAME_RELEASE} + exit 0 ;; + hp3[0-9][05]:OpenBSD:*:*) + echo m68k-hp-openbsd${UNAME_RELEASE} + exit 0 ;; + i?86:BSD/386:*:* | *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + *:NetBSD:*:*) + echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + i*:CYGWIN*:*) + echo i386-pc-cygwin32 + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin32 + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + *:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. + ld_help_string=`ld --help 2>&1` + if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then + echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then + echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then + echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then + echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then + echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then + echo "powerpc-unknown-linux-gnu" ; exit 0 + elif test "${UNAME_MACHINE}" = "alpha" ; then + echo alpha-unknown-linux-gnu ; exit 0 + elif test "${UNAME_MACHINE}" = "sparc" ; then + echo sparc-unknown-linux-gnu ; exit 0 + else + # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us + # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. + test ! -d /usr/lib/ldscripts/. \ + && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 + # Determine whether the default compiler is a.out or elf + cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + fi ;; +# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions +# are messed up and put the nodename in both sysname and nodename. + i?86:DYNIX/ptx:4*:*) + echo i386-sequent-sysv4 + exit 0 ;; + i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} + fi + exit 0 ;; + i?86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` + (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i?86:LynxOS:2.*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +cat >dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +#if !defined (ultrix) + printf ("vax-dec-bsd\n"); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 +rm -f dummy.c dummy + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +#echo '(Unable to guess system type)' 1>&2 + +exit 1 diff --git a/config.sub b/config.sub new file mode 100755 index 0000000..0432524 --- /dev/null +++ b/config.sub @@ -0,0 +1,927 @@ +#! /bin/sh +# Configuration validation subroutine script, version 1.1. +# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +if [ x$1 = x ] +then + echo Configuration name missing. 1>&2 + echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 + echo "or $0 ALIAS" 1>&2 + echo where ALIAS is a recognized configuration type. 1>&2 + exit 1 +fi + +# First pass through any local machine types. +case $1 in + *local*) + echo $1 + exit 0 + ;; + *) + ;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + linux-gnu*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple) + os= + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ + | arme[lb] | pyramid \ + | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ + | alpha | we32k | ns16k | clipper | i370 | sh \ + | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ + | pdp11 | mips64el | mips64orion | mips64orionel \ + | sparc | sparclet | sparclite | sparc64) + basic_machine=$basic_machine-unknown + ;; + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i[3456]86) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ + | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ + | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ + | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ + | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ + | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-cbm + ;; + amigados) + basic_machine=m68k-cbm + os=-amigados + ;; + amigaunix | amix) + basic_machine=m68k-cbm + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | ymp) + basic_machine=ymp-cray + os=-unicos + ;; + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [ctj]90-cray) + basic_machine=c90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + os=-mvs + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i[3456]86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i[3456]86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i[3456]86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i[3456]86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + miniframe) + basic_machine=m68000-convergent + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + np1) + basic_machine=np1-gould + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5) + basic_machine=i586-intel + ;; + pentiumpro | p6) + basic_machine=i686-intel + ;; + pentium-* | p5-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + k5) + # We don't have specific support for AMD's K5 yet, so just call it a Pentium + basic_machine=i586-amd + ;; + nexen) + # We don't have specific support for Nexgen yet, so just call it a Pentium + basic_machine=i586-nexgen + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=rs6000-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + xmp) + basic_machine=xmp-cray + os=-unicos + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + mips) + basic_machine=mips-mips + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sparc) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -unixware* | svr4*) + os=-sysv4 + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -linux-gnu* | -uxpv*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -ctix* | -uts*) + os=-sysv + ;; + -ns2 ) + os=-nextstep2 + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -xenix) + os=-xenix + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-semi) + os=-aout + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-ibm) + os=-aix + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigados + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f301-fujitsu) + os=-uxpv + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -hpux*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os diff --git a/configure b/configure new file mode 100755 index 0000000..7d03516 --- /dev/null +++ b/configure @@ -0,0 +1,2360 @@ +#! /bin/sh + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.13 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: +ac_help="$ac_help +--with-pcap root location for pcap library" +ac_help="$ac_help +--with-pcap-inc PCAP include files" +ac_help="$ac_help +--with-pcap-lib PCAP library files" +ac_help="$ac_help +--with-openssl root location for OpenSSL" +ac_help="$ac_help +--with-openssl-inc OpenSSL include files" +ac_help="$ac_help +--with-openssl-lib OpenSSL library files" +ac_help="$ac_help +--with-record Compile with record module (RTFM Internal Use Only)" + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.13" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=base/pcap-snoop.c + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +ac_exeext= +ac_objext=o +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } +fi +ac_config_guess=$ac_aux_dir/config.guess +ac_config_sub=$ac_aux_dir/config.sub +ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. + + +# Do some error checking and defaulting for the host and target type. +# The inputs are: +# configure --host=HOST --target=TARGET --build=BUILD NONOPT +# +# The rules are: +# 1. You are not allowed to specify --host, --target, and nonopt at the +# same time. +# 2. Host defaults to nonopt. +# 3. If nonopt is not specified, then host defaults to the current host, +# as determined by config.guess. +# 4. Target and build default to nonopt. +# 5. If nonopt is not specified, then target and build default to host. + +# The aliases save the names the user supplied, while $host etc. +# will get canonicalized. +case $host---$target---$nonopt in +NONE---*---* | *---NONE---* | *---*---NONE) ;; +*) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;; +esac + + +# Make sure we can run config.sub. +if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : +else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } +fi + +echo $ac_n "checking host system type""... $ac_c" 1>&6 +echo "configure:586: checking host system type" >&5 + +host_alias=$host +case "$host_alias" in +NONE) + case $nonopt in + NONE) + if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : + else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } + fi ;; + *) host_alias=$nonopt ;; + esac ;; +esac + +host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` +host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$host" 1>&6 + +echo $ac_n "checking target system type""... $ac_c" 1>&6 +echo "configure:607: checking target system type" >&5 + +target_alias=$target +case "$target_alias" in +NONE) + case $nonopt in + NONE) target_alias=$host_alias ;; + *) target_alias=$nonopt ;; + esac ;; +esac + +target=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $target_alias` +target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$target" 1>&6 + +echo $ac_n "checking build system type""... $ac_c" 1>&6 +echo "configure:625: checking build system type" >&5 + +build_alias=$build +case "$build_alias" in +NONE) + case $nonopt in + NONE) build_alias=$host_alias ;; + *) build_alias=$nonopt ;; + esac ;; +esac + +build=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $build_alias` +build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$build" 1>&6 + +test "$host_alias" != "$target_alias" && + test "$program_prefix$program_suffix$program_transform_name" = \ + NONENONEs,x,x, && + program_prefix=${target_alias}- + + +# Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:651: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="gcc" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:681: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_prog_rejected=no + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + break + fi + done + IFS="$ac_save_ifs" +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# -gt 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + set dummy "$ac_dir/$ac_word" "$@" + shift + ac_cv_prog_CC="$@" + fi +fi +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + if test -z "$CC"; then + case "`uname -s`" in + *win32* | *WIN32*) + # Extract the first word of "cl", so it can be a program name with args. +set dummy cl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:732: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="cl" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + ;; + esac + fi + test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +fi + +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +echo "configure:764: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +cat > conftest.$ac_ext << EOF + +#line 775 "configure" +#include "confdefs.h" + +main(){return(0);} +EOF +if { (eval echo configure:780: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then + ac_cv_prog_cc_cross=no + else + ac_cv_prog_cc_cross=yes + fi +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_prog_cc_works=no +fi +rm -fr conftest* +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 +if test $ac_cv_prog_cc_works = no; then + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } +fi +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +echo "configure:806: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 +cross_compiling=$ac_cv_prog_cc_cross + +echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +echo "configure:811: checking whether we are using GNU C" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes +else + ac_cv_prog_gcc=no +fi +fi + +echo "$ac_t""$ac_cv_prog_gcc" 1>&6 + +if test $ac_cv_prog_gcc = yes; then + GCC=yes +else + GCC= +fi + +ac_test_CFLAGS="${CFLAGS+set}" +ac_save_CFLAGS="$CFLAGS" +CFLAGS= +echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +echo "configure:839: checking whether ${CC-cc} accepts -g" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + ac_cv_prog_cc_g=yes +else + ac_cv_prog_cc_g=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS="$ac_save_CFLAGS" +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi + +echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6 +echo "configure:871: checking whether ${MAKE-make} sets \${MAKE}" >&5 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftestmake <<\EOF +all: + @echo 'ac_maketemp="${MAKE}"' +EOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftestmake +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$ac_t""yes" 1>&6 + SET_MAKE= +else + echo "$ac_t""no" 1>&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + +# Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:900: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_RANLIB="ranlib" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":" +fi +fi +RANLIB="$ac_cv_prog_RANLIB" +if test -n "$RANLIB"; then + echo "$ac_t""$RANLIB" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +echo "configure:939: checking for a BSD compatible install" >&5 +if test -z "$INSTALL"; then +if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + IFS="$ac_save_IFS" + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL="$ac_cv_path_install" + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL="$ac_install_sh" + fi +fi +echo "$ac_t""$INSTALL" 1>&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + + +echo "$ac_t""configuring for $target_os" 1>&6 + +echo $ac_n "checking for pow in -lm""... $ac_c" 1>&6 +echo "configure:995: checking for pow in -lm" >&5 +ac_lib_var=`echo m'_'pow | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lm $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo m | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + +case "$target_os" in +linux*) + DEFINES="$DEFINES -D_BSD_SOURCE=1 -DLINUX" + ;; +solaris*) + LIBS="$LIBS -lsocket -lnsl" + ;; +esac + +RECORD_MOD="dummy" + +ac_pcap_inc_dir="/usr/include /usr/include/pcap /usr/local/include" +ac_pcap_lib_dir="/usr/lib /usr/local/lib" + +# Check whether --with-pcap or --without-pcap was given. +if test "${with_pcap+set}" = set; then + withval="$with_pcap" + if test "$withval" = "no"; then + { echo "configure: error: PCAP required for ssldump" 1>&2; exit 1; } + else + ac_pcap_inc_dir=$withval/include + ac_pcap_lib_dir=$withval/lib + fi + +fi + + +# Check whether --with-pcap-inc or --without-pcap-inc was given. +if test "${with_pcap_inc+set}" = set; then + withval="$with_pcap_inc" + ac_pcap_inc_dir=$withval + +fi + +# Check whether --with-pcap-lib or --without-pcap-lib was given. +if test "${with_pcap_lib+set}" = set; then + withval="$with_pcap_lib" + ac_pcap_lib_dir=$withval + +fi + + +echo $ac_n "checking for PCAP include files""... $ac_c" 1>&6 +echo "configure:1085: checking for PCAP include files" >&5 +ac_found_pcap_inc_dir="no" +for dir in $ac_pcap_inc_dir; do + if test -f $dir/pcap.h; then + if test "$dir" != "/usr/include"; then + INCLUDES="-I$dir $INCLUDES" + fi + ac_found_pcap_inc_dir=$dir + echo "found in $dir" + break; + fi +done + +if test "$ac_found_pcap_inc_dir" = "no"; then + echo + { echo "configure: error: Couldn't find PCAP includes: needed for ssldump" 1>&2; exit 1; } +fi + +echo $ac_n "checking for PCAP library""... $ac_c" 1>&6 +echo "configure:1104: checking for PCAP library" >&5 +ac_found_pcap_lib_dir="no" +for dir in $ac_pcap_lib_dir; do + if test -f $dir/libpcap.a; then + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lpcap $LIBS" + if test "$dir" != "/usr/lib"; then + LDFLAGS="-L$dir $LDFLAGS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_linked_libpcap="true" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_linked_libpcap="false" +fi +rm -f conftest*; + if test "$ac_linked_libpcap" != "false"; then + ac_found_pcap_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi +done + +if test "$ac_found_pcap_lib_dir" = "no"; then + echo + { echo "configure: error: Couldn't find PCAP library: needed for ssldump" 1>&2; exit 1; } +else + echo "found in $ac_found_pcap_lib_dir" +fi + +ac_use_openssl="true" +ac_openssl_lib_dir="/usr/lib /usr/local /usr/local/ssl /usr/local/ssl/lib /usr/pkg" +ac_openssl_inc_dir="/usr/include /usr/local /usr/local/ssl /usr/pkg /usr/local/ssl/include" + +# Check whether --with-openssl or --without-openssl was given. +if test "${with_openssl+set}" = set; then + withval="$with_openssl" + if test "$withval" = "no"; then + ac_use_openssl="false" + else + ac_openssl_lib_dir="$withval/lib $withval" + ac_openssl_inc_dir=$withval/include + fi + +fi + + +# Check whether --with-openssl-inc or --without-openssl-inc was given. +if test "${with_openssl_inc+set}" = set; then + withval="$with_openssl_inc" + ac_openssl_inc_dir=$withval + +fi + +# Check whether --with-openssl-lib or --without-openssl-lib was given. +if test "${with_openssl_lib+set}" = set; then + withval="$with_openssl_lib" + ac_openssl_lib_dir=$withval + +fi + + +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_inc_dir="no" + echo $ac_n "checking for OpenSSL include files""... $ac_c" 1>&6 +echo "configure:1187: checking for OpenSSL include files" >&5 + for dir in $ac_openssl_inc_dir; do + if test -f $dir/openssl/ssl.h; then + ac_found_openssl_inc_dir=$dir + break + fi + done + if test "$ac_found_openssl_inc_dir" != "no"; then + echo "found in $ac_found_openssl_inc_dir" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_lib_dir="no" + echo $ac_n "checking for OpenSSL libraries""... $ac_c" 1>&6 +echo "configure:1205: checking for OpenSSL libraries" >&5 + for dir in $ac_openssl_lib_dir; do + found_ssl="false" + if test -f $dir/libssl.a -a -f $dir/libcrypto.a; then + found_ssl="true" + fi + if test -f $dir/libssl.so -a -f $dir/libcrypto.so; then + found_ssl="true" + fi + if $found_ssl != "false"; then + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lssl -lcrypto $LIBS" + LDFLAGS="-L$dir $LDFLAGS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_linked_libssl="true" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_linked_libssl="false" +fi +rm -f conftest*; + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_linked_libcrypto="true" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_linked_libcrypto="false" +fi +rm -f conftest*; + if test "$ac_linked_libssl" != "false" -a \ + "$ac_linked_libcrypto" != "false"; then + ac_found_openssl_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi + done + if test "$ac_found_openssl_lib_dir" != "no"; then + echo "found in $ac_found_openssl_lib_dir" + INCLUDES="-I$ac_found_openssl_inc_dir $INCLUDES" + DEFINES="-DOPENSSL $DEFINES" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" = "false"; then + echo "configure: warning: compiling without OpenSSL" 1>&2 +fi + +# Check whether --with-record or --without-record was given. +if test "${with_record+set}" = set; then + withval="$with_record" + DEFINES="-DENABLE_RECORD $DEFINES" + RECORD_MOD="record" + +fi + + +echo $ac_n "checking for pcap_open in -lpcap""... $ac_c" 1>&6 +echo "configure:1296: checking for pcap_open in -lpcap" >&5 +ac_lib_var=`echo pcap'_'pcap_open | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lpcap $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo pcap | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + + +echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +echo "configure:1345: checking how to run the C preprocessor" >&5 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then +if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # This must be in double quotes, not single quotes, because CPP may get + # substituted into the Makefile and "${CC-cc}" will confuse make. + CPP="${CC-cc} -E" + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1366: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1383: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1400: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP=/lib/cpp +fi +rm -f conftest* +fi +rm -f conftest* +fi +rm -f conftest* + ac_cv_prog_CPP="$CPP" +fi + CPP="$ac_cv_prog_CPP" +else + ac_cv_prog_CPP="$CPP" +fi +echo "$ac_t""$CPP" 1>&6 + +for ac_hdr in sys/time.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:1428: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1438: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +echo "configure:1465: checking for ANSI C header files" >&5 +if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +#include +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1478: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "memchr" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "free" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int main () { int i; for (i = 0; i < 256; i++) +if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); +exit (0); } + +EOF +if { (eval echo configure:1545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_header_stdc=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_header_stdc" 1>&6 +if test $ac_cv_header_stdc = yes; then + cat >> confdefs.h <<\EOF +#define STDC_HEADERS 1 +EOF + +fi + + +echo $ac_n "checking for working const""... $ac_c" 1>&6 +echo "configure:1570: checking for working const" >&5 +if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <j = 5; +} +{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; +} + +; return 0; } +EOF +if { (eval echo configure:1624: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_const=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_c_const" 1>&6 +if test $ac_cv_c_const = no; then + cat >> confdefs.h <<\EOF +#define const +EOF + +fi + +echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +echo "configure:1645: checking whether time.h and sys/time.h may both be included" >&5 +if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +int main() { +struct tm *tp; +; return 0; } +EOF +if { (eval echo configure:1659: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_time=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_time" 1>&6 +if test $ac_cv_header_time = yes; then + cat >> confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 +EOF + +fi + + +echo $ac_n "checking size of unsigned short""... $ac_c" 1>&6 +echo "configure:1681: checking size of unsigned short" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_short'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned short)); + exit(0); +} +EOF +if { (eval echo configure:1700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_short=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_short=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_short" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1720: checking size of unsigned int" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned int)); + exit(0); +} +EOF +if { (eval echo configure:1739: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_int=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_int=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_int" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1759: checking size of unsigned long" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned long)); + exit(0); +} +EOF +if { (eval echo configure:1778: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_long=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_long=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_long" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1798: checking size of unsigned long long" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_long_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext < +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(unsigned long long)); + exit(0); +} +EOF +if { (eval echo configure:1817: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_unsigned_long_long=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_unsigned_long_long=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_unsigned_long_long" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1838: checking for 8-bit clean memcmp" >&5 +if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_memcmp_clean=no +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_func_memcmp_clean=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_memcmp_clean=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_memcmp_clean" 1>&6 +test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" + +echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 +echo "configure:1874: checking return type of signal handlers" >&5 +if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#ifdef signal +#undef signal +#endif +#ifdef __cplusplus +extern "C" void (*signal (int, void (*)(int)))(int); +#else +void (*signal ()) (); +#endif + +int main() { +int i; +; return 0; } +EOF +if { (eval echo configure:1896: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_signal=int +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_signal" 1>&6 +cat >> confdefs.h <&6 +echo "configure:1915: checking for vprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char vprintf(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_vprintf) || defined (__stub___vprintf) +choke me +#else +vprintf(); +#endif + +; return 0; } +EOF +if { (eval echo configure:1943: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_vprintf=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_vprintf=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'vprintf`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_VPRINTF 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +if test "$ac_cv_func_vprintf" != yes; then +echo $ac_n "checking for _doprnt""... $ac_c" 1>&6 +echo "configure:1967: checking for _doprnt" >&5 +if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char _doprnt(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub__doprnt) || defined (__stub____doprnt) +choke me +#else +_doprnt(); +#endif + +; return 0; } +EOF +if { (eval echo configure:1995: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func__doprnt=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func__doprnt=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'_doprnt`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_DOPRNT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +fi + +for ac_func in strdup +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:2022: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:2050: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + + + + + +trap '' 1 2 15 +cat > confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +cat > conftest.defs <<\EOF +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g +s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g +s%\[%\\&%g +s%\]%\\&%g +s%\$%$$%g +EOF +DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` +rm -f conftest.defs + + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS </dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.13" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir +ac_given_INSTALL="$INSTALL" + +trap 'rm -fr `echo "Makefile" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@SHELL@%$SHELL%g +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@host@%$host%g +s%@host_alias@%$host_alias%g +s%@host_cpu@%$host_cpu%g +s%@host_vendor@%$host_vendor%g +s%@host_os@%$host_os%g +s%@target@%$target%g +s%@target_alias@%$target_alias%g +s%@target_cpu@%$target_cpu%g +s%@target_vendor@%$target_vendor%g +s%@target_os@%$target_os%g +s%@build@%$build%g +s%@build_alias@%$build_alias%g +s%@build_cpu@%$build_cpu%g +s%@build_vendor@%$build_vendor%g +s%@build_os@%$build_os%g +s%@CC@%$CC%g +s%@SET_MAKE@%$SET_MAKE%g +s%@RANLIB@%$RANLIB%g +s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g +s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g +s%@INSTALL_DATA@%$INSTALL_DATA%g +s%@CPP@%$CPP%g +s%@LIBOBJS@%$LIBOBJS%g +s%@RECORD_MOD@%$RECORD_MOD%g +s%@INCLUDES@%$INCLUDES%g +s%@DEFINES@%$DEFINES%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + case "$ac_given_INSTALL" in + [/$]*) INSTALL="$ac_given_INSTALL" ;; + *) INSTALL="$ac_dots$ac_given_INSTALL" ;; + esac + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +s%@INSTALL@%$INSTALL%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +EOF +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + diff --git a/configure.in b/configure.in new file mode 100644 index 0000000..b4e0f2f --- /dev/null +++ b/configure.in @@ -0,0 +1,250 @@ +dnl Copyright (C) 1999-2000 RTFM, Inc. +dnl All Rights Reserved + +dnl This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +dnl and licensed by RTFM, Inc. + +dnl Redistribution and use in source and binary forms, with or without +dnl modification, are permitted provided that the following conditions +dnl are met: +dnl 1. Redistributions of source code must retain the above copyright +dnl notice, this list of conditions and the following disclaimer. +dnl 2. Redistributions in binary form must reproduce the above copyright +dnl notice, this list of conditions and the following disclaimer in the +dnl documentation and/or other materials provided with the distribution. +dnl 3. All advertising materials mentioning features or use of this software +dnl must display the following acknowledgement: +dnl +dnl This product includes software developed by Eric Rescorla for +dnl RTFM, Inc. +dnl +dnl 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +dnl used to endorse or promote products derived from this +dnl software without specific prior written permission. +dnl +dnl THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +dnl ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +dnl ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +dnl FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +dnl DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +dnl OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +dnl HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +dnl LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +dnl OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +dnl Process this file with autoconf to produce a configure script. +AC_INIT(base/pcap-snoop.c) +AC_CANONICAL_SYSTEM + +dnl Checks for programs. +AC_PROG_CC +AC_PROG_MAKE_SET +AC_PROG_RANLIB +AC_PROG_INSTALL + +AC_MSG_RESULT(configuring for $target_os) + +dnl Replace `main' with a function in -lm: +AC_CHECK_LIB(m, pow) + +dnl System-specific stuff +case "$target_os" in +linux*) + DEFINES="$DEFINES -D_BSD_SOURCE=1 -DLINUX" + ;; +solaris*) + LIBS="$LIBS -lsocket -lnsl" + ;; +esac + +RECORD_MOD="dummy" + +dnl Look for PCAP +dnl We absolutely need pcap +ac_pcap_inc_dir="/usr/include /usr/include/pcap /usr/local/include" +ac_pcap_lib_dir="/usr/lib /usr/local/lib" + +AC_ARG_WITH(pcap,[--with-pcap root location for pcap library], + if test "$withval" = "no"; then + AC_MSG_ERROR(PCAP required for ssldump) + else + ac_pcap_inc_dir=$withval/include + ac_pcap_lib_dir=$withval/lib + fi +) + +AC_ARG_WITH(pcap-inc,[--with-pcap-inc PCAP include files], + ac_pcap_inc_dir=$withval +) +AC_ARG_WITH(pcap-lib,[--with-pcap-lib PCAP library files], + ac_pcap_lib_dir=$withval +) + +dnl Now look for it +AC_MSG_CHECKING(for PCAP include files) +ac_found_pcap_inc_dir="no" +for dir in $ac_pcap_inc_dir; do + if test -f $dir/pcap.h; then + if test "$dir" != "/usr/include"; then + INCLUDES="-I$dir $INCLUDES" + fi + ac_found_pcap_inc_dir=$dir + echo "found in $dir" + break; + fi +done + +if test "$ac_found_pcap_inc_dir" = "no"; then + echo + AC_MSG_ERROR(Couldn't find PCAP includes: needed for ssldump) +fi + +AC_MSG_CHECKING(for PCAP library) +ac_found_pcap_lib_dir="no" +for dir in $ac_pcap_lib_dir; do + if test -f $dir/libpcap.a; then + dnl Ok, we think we've found them, but check that they + dnl actually ontain the right functions + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lpcap $LIBS" + if test "$dir" != "/usr/lib"; then + LDFLAGS="-L$dir $LDFLAGS" + fi + AC_TRY_LINK_FUNC(pcap_open_live,ac_linked_libpcap="true", + ac_linked_libpcap="false"); + if test "$ac_linked_libpcap" != "false"; then + ac_found_pcap_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi +done + +if test "$ac_found_pcap_lib_dir" = "no"; then + echo + AC_MSG_ERROR(Couldn't find PCAP library: needed for ssldump) +else + echo "found in $ac_found_pcap_lib_dir" +fi + +dnl See if we can find OpenSSL +dnl We can compile without OpenSSL if we have to +ac_use_openssl="true" +ac_openssl_lib_dir="/usr/lib /usr/local /usr/local/ssl /usr/local/ssl/lib /usr/pkg" +ac_openssl_inc_dir="/usr/include /usr/local /usr/local/ssl /usr/pkg /usr/local/ssl/include" + +AC_ARG_WITH(openssl,[--with-openssl root location for OpenSSL], + if test "$withval" = "no"; then + ac_use_openssl="false" + else + ac_openssl_lib_dir="$withval/lib $withval" + ac_openssl_inc_dir=$withval/include + fi +) + +AC_ARG_WITH(openssl-inc,[--with-openssl-inc OpenSSL include files], + ac_openssl_inc_dir=$withval +) +AC_ARG_WITH(openssl-lib,[--with-openssl-lib OpenSSL library files], + ac_openssl_lib_dir=$withval +) + +dnl Now look for OpenSSL +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_inc_dir="no" + AC_MSG_CHECKING(for OpenSSL include files) + for dir in $ac_openssl_inc_dir; do + if test -f $dir/openssl/ssl.h; then + ac_found_openssl_inc_dir=$dir + break + fi + done + if test "$ac_found_openssl_inc_dir" != "no"; then + echo "found in $ac_found_openssl_inc_dir" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" != "false"; then + ac_found_openssl_lib_dir="no" + AC_MSG_CHECKING(for OpenSSL libraries) + for dir in $ac_openssl_lib_dir; do + found_ssl="false" + if test -f $dir/libssl.a -a -f $dir/libcrypto.a; then + found_ssl="true" + fi + if test -f $dir/libssl.so -a -f $dir/libcrypto.so; then + found_ssl="true" + fi + if $found_ssl != "false"; then + dnl Ok, we think we've found them, but check that they + dnl actually ontain the right functions + save_LIBS=$LIBS + save_LDFLAGS=$LDFLAGS + LIBS="-lssl -lcrypto $LIBS" + LDFLAGS="-L$dir $LDFLAGS" + AC_TRY_LINK_FUNC(SSL_load_error_strings,ac_linked_libssl="true", + ac_linked_libssl="false"); + AC_TRY_LINK_FUNC(RC4_set_key,ac_linked_libcrypto="true", + ac_linked_libcrypto="false"); + if test "$ac_linked_libssl" != "false" -a \ + "$ac_linked_libcrypto" != "false"; then + ac_found_openssl_lib_dir=$dir + break + fi + LIBS=$save_LIBS + LDFLAGS=$save_LDFLAGS + fi + done + if test "$ac_found_openssl_lib_dir" != "no"; then + echo "found in $ac_found_openssl_lib_dir" + INCLUDES="-I$ac_found_openssl_inc_dir $INCLUDES" + DEFINES="-DOPENSSL $DEFINES" + else + echo "not found." + ac_use_openssl="false" + fi +fi + +if test "$ac_use_openssl" = "false"; then + AC_MSG_WARN(compiling without OpenSSL) +fi + +AC_ARG_WITH(record,[--with-record Compile with record module (EKR Use Only)], + DEFINES="-DENABLE_RECORD $DEFINES" + RECORD_MOD="record" +) + +dnl Replace `main' with a function in -lpcap: +AC_CHECK_LIB(pcap, pcap_open) + + +dnl Checks for header files. +AC_CHECK_HEADERS(sys/time.h) +AC_HEADER_STDC + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_HEADER_TIME + +dnl Find a 4-byte integer size +AC_CHECK_SIZEOF(unsigned short) +AC_CHECK_SIZEOF(unsigned int) +AC_CHECK_SIZEOF(unsigned long) +AC_CHECK_SIZEOF(unsigned long long) + +dnl Checks for library functions. +AC_FUNC_MEMCMP +AC_TYPE_SIGNAL +AC_FUNC_VPRINTF +AC_CHECK_FUNCS(strdup) + + +AC_SUBST(RECORD_MOD) +AC_SUBST(INCLUDES) +AC_SUBST(DEFINES) +AC_OUTPUT(Makefile) diff --git a/dummy/targets.mk b/dummy/targets.mk new file mode 100644 index 0000000..e69de29 diff --git a/install-sh b/install-sh new file mode 100755 index 0000000..e9de238 --- /dev/null +++ b/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/null/Makefile b/null/Makefile new file mode 100644 index 0000000..e69de29 diff --git a/null/null_analyze.c b/null/null_analyze.c new file mode 100644 index 0000000..c327a61 --- /dev/null +++ b/null/null_analyze.c @@ -0,0 +1,164 @@ +/** + null_analyze.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: null_analyze.c,v 1.6 2001/11/26 22:28:16 ekr Exp $ + + + ekr@rtfm.com Thu Jan 7 22:58:27 1999 + */ + + +static char *RCSSTRING="$Id: null_analyze.c,v 1.6 2001/11/26 22:28:16 ekr Exp $"; + +#include +#include "network.h" +#include "proto_mod.h" +#include "debug.h" + +typedef struct null_analyzer_ { + int num; +} null_analyzer; + +static int create_null_analyzer PROTO_LIST((void *handle, + proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, + struct in_addr *i_addr,u_short i_port, + struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); + +static int create_null_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port, + base_time) + void *handle; + proto_ctx *ctx; + tcp_conn *conn; + proto_obj **objp; + struct in_addr *i_addr; + u_short i_port; + struct in_addr *r_addr; + u_short r_port; + struct timeval *base_time; + { + null_analyzer *obj=0; + static int ctr; + + if(!(obj=(null_analyzer *)calloc(sizeof(null_analyzer),1))) + ERETURN(R_NO_MEMORY); + + obj->num=ctr++; + + DBG((0,"Creating analyzer for connection %d\n",obj->num)); + + *objp=(proto_obj *)obj; + return(0); + } + +int destroy_null_analyzer(objp) + proto_obj **objp; + { + null_analyzer *obj; + + if(!objp || !*objp) + return(0); + + obj=(null_analyzer *)*objp; + DBG((0,"Destroying analyzer for connection %d\n",obj->num)); + + free(*objp); + *objp=0; + + return(0); + } + +int data_null_analyzer(_obj,seg,direction) + proto_obj *_obj; + segment *seg; + int direction; + { +#ifdef DEBUG + null_analyzer *obj=(null_analyzer *)_obj; +#endif + DBG((0,"Processing data for connection %d dir %d\n",obj->num, + direction)); + + for(;seg;seg=seg->next){ + int i; + + for(i=0;ilen,20);i++){ + if(!isascii(seg->data[i])) + break; + } + if(i<20) + xdump("NSEGMENT",seg->data,seg->len); + else{ + printf("NSEGMENT: "); + fwrite(seg->data,1,seg->len,stdout); + } + printf("====\n"); + } + + return(0); + } + +int fin_null_analyzer(_obj,p,direction) + proto_obj *_obj; + packet *p; + int direction; + { +#ifdef DEBUG + null_analyzer *obj=(null_analyzer *)_obj; +#endif + DBG((0,"Received FIN on connection %d\n",obj->num)); + return(0); + } + + + + +static struct proto_mod_vtbl_ null_vtbl ={ + 0, + 0, + 0, + create_null_analyzer, + destroy_null_analyzer, + data_null_analyzer, + fin_null_analyzer, +}; + +struct proto_mod_ null_mod = { + 0, + &null_vtbl +}; diff --git a/null/null_analyze.h b/null/null_analyze.h new file mode 100644 index 0000000..3902c2a --- /dev/null +++ b/null/null_analyze.h @@ -0,0 +1,53 @@ +/** + null_analyze.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: null_analyze.h,v 1.2 2000/10/17 16:10:01 ekr Exp $ + + + ekr@rtfm.com Fri Jan 8 11:23:10 1999 + */ + + +#ifndef _null_analyze_h +#define _null_analyze_h + +extern proto_mod null_mod; + +#endif + diff --git a/null/targets.mk b/null/targets.mk new file mode 100644 index 0000000..fc8a5f1 --- /dev/null +++ b/null/targets.mk @@ -0,0 +1,260 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/null/targets.mk,v $ +# $Revision: 1.1.1.1 $ +# $Date: 2000/10/09 00:45:39 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 1999, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# ANALYZE_NULL_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# ANALYZE_NULL_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# ANALYZE_NULL_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# ANALYZE_NULL_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# ANALYZE_NULL_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# ANALYZE_NULL_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# ANALYZE_NULL_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# ANALYZE_NULL_MAKEFILES: +# the makefiles +# +# ANALYZE_NULL_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# ANALYZE_NULL_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# ANALYZE_NULL_PROGRAMS: +# programs to build +# +# ANALYZE_NULL_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# ANALYZE_NULL_SOURCES: +# the source files to compile to object +# +ANALYZE_NULL_DEFINES = +ANALYZE_NULL_INCLUDES = -I$(ANALYZE_NULL_SRCDIR) +ANALYZE_NULL_INTERNAL = +ANALYZE_NULL_LIBNAME = +ANALYZE_NULL_LIBPATHS = +ANALYZE_NULL_LIBRARIES = +ANALYZE_NULL_LOCALFLAGS = +ANALYZE_NULL_MAKEFILES = targets.mk +ANALYZE_NULL_PREFIX = ANALYZE_NULL +ANALYZE_NULL_PRIVATE = null_analyze.h +ANALYZE_NULL_PROGRAMS = +ANALYZE_NULL_PUBLIC = +ANALYZE_NULL_SOURCES = null_analyze.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# ANALYZE_NULL_OBJECTS: +# object files to build +# +# ANALYZE_NULL_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# ANALYZE_NULL_USED: +# all files in the module directory that are used +# during the build process +# +ANALYZE_NULL_OBJECTS = null_analyze.$(OBJSUFFIX) +ANALYZE_NULL_UNUSED = +ANALYZE_NULL_USED = $(ANALYZE_NULL_INTERNAL:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_MAKEFILES:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_PRIVATE:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_PUBLIC:%=$(ANALYZE_NULL_SRCDIR)%) \ + $(ANALYZE_NULL_SOURCES:%=$(ANALYZE_NULL_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# ANALYZE_NULL_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(ANALYZE_NULL_DEFINES) +INCLUDES += $(ANALYZE_NULL_INCLUDES) +LIBPATHS += $(ANALYZE_NULL_LIBPATHS) +LIBRARIES += $(ANALYZE_NULL_LIBRARIES) +OBJECTS += $(ANALYZE_NULL_OBJECTS) +PUBLIC += $(ANALYZE_NULL_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(ANALYZE_NULL_LIBNAME) +default: $(ANALYZE_NULL_PROGRAMS) + +all: $(ANALYZE_NULL_PUBLIC) +all: $(ANALYZE_NULL_OBJECTS) +all: $(ANALYZE_NULL_LIBNAME) +all: $(ANALYZE_NULL_PROGRAMS) +build: $(ANALYZE_NULL_PUBLIC) +build: $(ANALYZE_NULL_OBJECTS) +ci: analyze_null_ci +clean: analyze_null_clean +clean_public: analyze_null_clean_public +objects: $(ANALYZE_NULL_OBJECTS) +private: $(ANALYZE_NULL_PRIVATE) +public: $(ANALYZE_NULL_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +analyze_null_ci: + $(CI) $(CIFLAGS) $(ANALYZE_NULL_USED) + +analyze_null_clean: + $(RM) $(RMFLAGS) $(ANALYZE_NULL_OBJECTS) $(ANALYZE_NULL_LIBNAME) $(ANALYZE_NULL_PROGRAMS) + +analyze_null_clean_public: + $(RM) $(RMFLAGS) $(ANALYZE_NULL_PUBLIC) + +analyze_null_objects: $(ANALYZE_NULL_OBJECTS) + +analyze_null_programs: $(ANALYZE_NULL_PROGRAMS) + +analyze_null_public: $(ANALYZE_NULL_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(ANALYZE_NULL_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(ANALYZE_NULL_OBJECTS): + $(COMPILE.c) $(ANALYZE_NULL_SRCDIR)$(@:%.o=%.c) $(DEFINES) $(INCLUDES) $(ANALYZE_NULL_LOCALFLAGS) + +$(ANALYZE_NULL_PUBLIC): + $(CP) $(CPFLAGS) $(ANALYZE_NULL_SRCDIR)$@ $@ + +$(ANALYZE_NULL_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +null_analyze.$(OBJSUFFIX): $(ANALYZE_NULL_SRCDIR)null_analyze.h +null_analyze.$(OBJSUFFIX): $(ANALYZE_NULL_SRCDIR)null_analyze.c + +$(ANALYZE_NULL_LIBNAME): $(ANALYZE_NULL_OBJECTS) diff --git a/rules.mk b/rules.mk new file mode 100644 index 0000000..4a1ab59 --- /dev/null +++ b/rules.mk @@ -0,0 +1,10 @@ +OBJSUFFIX=o +LIBSUFFIX=a +RANLIB=ranlib + +COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ +LINK.c = $(CC) $(CFLAGS) $(LDFLAGS) -o $@ + +.c.$(OBJSUFFIX): + $(COMPILE.c) $(OUTPUT_OPTION) $< + diff --git a/ssl/Makefile b/ssl/Makefile new file mode 100644 index 0000000..dd76f59 --- /dev/null +++ b/ssl/Makefile @@ -0,0 +1,20 @@ +CC=gcc -g -I../../common/include -DYYDEBUG=1 +YACC=bison -d -y -v +LEX=flex +OBJS=lex.yy.o y.tab.o main.o + +default: all + +lex.yy.c: ssl.l + $(LEX) ssl.l + +y.tab.c: ssl.y + $(YACC) ssl.y + +grammar: y.tab.c lex.yy.c + $(LEX) ssl.l + $(YACC) ssl.y + +all: grammar $(OBJS) + $(CC) $(OBJS) -L../../common/make/freebsd31 -ly -lm + diff --git a/ssl/ciphersuites.c b/ssl/ciphersuites.c new file mode 100644 index 0000000..9df8459 --- /dev/null +++ b/ssl/ciphersuites.c @@ -0,0 +1,107 @@ +/** + ciphersuites.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ciphersuites.c,v 1.3 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Tue Mar 30 17:19:56 1999 + */ + + +static char *RCSSTRING="$Id: ciphersuites.c,v 1.3 2002/08/17 01:33:17 ekr Exp $"; + +#include + +#include "sslciphers.h" + +static SSL_CipherSuite CipherSuites[]={ + {1,KEX_RSA,SIG_RSA,ENC_NULL,0,0,0,DIG_MD5,16,0}, + {2,KEX_RSA,SIG_RSA,ENC_NULL,0,0,0,DIG_SHA,20,0}, + {3,KEX_RSA,SIG_RSA,ENC_RC4,1,128,40,DIG_MD5,16,1}, + {4,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_MD5,16,0}, + {5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0}, + {6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_SHA,20,1}, + {7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA,20,0}, + {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1}, + {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0}, + {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA,20,1}, + {12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,0}, + {13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {14,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1}, + {15,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0}, + {16,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {17,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA,20,1}, + {18,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,0}, + {19,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {20,KEX_DH,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1}, + {21,KEX_DH,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0}, + {22,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0}, + {23,KEX_DH,SIG_NONE,ENC_RC4,1,128,40,DIG_MD5,16,1}, + {24,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_MD5,16,0}, + {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1}, + {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0}, + {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0}, + {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1}, + {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1}, + {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1}, + {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1}, + {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1}, + {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, + {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, + {-1} +}; + +int ssl_find_cipher(num,cs) + int num; + SSL_CipherSuite **cs; + { + SSL_CipherSuite *c; + + for(c=CipherSuites;c->number!=-1;c++){ + if(c->number==num){ + *cs=c; + return(0); + } + } + + ERETURN(R_NOT_FOUND); + } + + diff --git a/ssl/ciphersuites.h b/ssl/ciphersuites.h new file mode 100644 index 0000000..74fe097 --- /dev/null +++ b/ssl/ciphersuites.h @@ -0,0 +1,52 @@ +/** + ciphersuites.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ciphersuites.h,v 1.2 2000/10/17 16:10:01 ekr Exp $ + + + ekr@rtfm.com Sat Sep 23 18:01:27 2000 + */ + + +#ifndef _ciphersuites_h +#define _ciphersuites_h + +int ssl_find_cipher PROTO_LIST((int num,SSL_CipherSuite **cs)); +#endif + diff --git a/ssl/lex.yy.c b/ssl/lex.yy.c new file mode 100644 index 0000000..4ceaba7 --- /dev/null +++ b/ssl/lex.yy.c @@ -0,0 +1,1777 @@ +/* A lexical scanner generated by flex */ + +/* Scanner skeleton version: + * $Header: /usr/local/CVS/ssldump/ssl/lex.yy.c,v 1.2 2002/04/15 16:53:59 ekr Exp $ + * $FreeBSD: src/usr.bin/lex/flex.skl,v 1.4 1999/10/27 07:56:44 obrien Exp $ + */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 + +#include + + +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus +#endif +#endif + + +#ifdef __cplusplus + +#include +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +#if __STDC__ + +#define YY_USE_PROTOS +#define YY_USE_CONST + +#endif /* __STDC__ */ +#endif /* ! __cplusplus */ + +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN yy_start = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START ((yy_start - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart( yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#define YY_BUF_SIZE 16384 + +typedef struct yy_buffer_state *YY_BUFFER_STATE; + +extern int yyleng; +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + *yy_cp = yy_hold_char; \ + YY_RESTORE_YY_MORE_OFFSET \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, yytext_ptr ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + */ +typedef unsigned int yy_size_t; + + +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + }; + +static YY_BUFFER_STATE yy_current_buffer = 0; + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + */ +#define YY_CURRENT_BUFFER yy_current_buffer + + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; + +static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 1; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart YY_PROTO(( FILE *input_file )); + +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) + +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); + +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) + + +#define YY_USES_REJECT +typedef unsigned char YY_CHAR; +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; +typedef int yy_state_type; +extern int yylineno; +int yylineno = 1; +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + yy_c_buf_p = yy_cp; + +#define YY_NUM_RULES 32 +#define YY_END_OF_BUFFER 33 +static yyconst short int yy_acclist[153] = + { 0, + 33, 31, 32, 12, 31, 32, 12, 32, 18, 31, + 32, 19, 31, 32, 26, 31, 32, 29, 31, 32, + 27, 31, 32, 31, 32, 14, 31, 32, 14, 31, + 32, 25, 31, 32, 24, 31, 32, 22, 31, 32, + 30, 31, 32, 23, 31, 32, 31, 32, 20, 31, + 32, 21, 31, 32, 28, 31, 32, 31, 32, 31, + 32, 31, 32, 31, 32, 31, 32, 31, 32, 16, + 31, 32, 17, 31, 32, 12, 1, 14, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 15, 13, 13, + 13, 13, 13, 13, 13, 13, 10, 9, 13, 13, + + 13, 2, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 11, 13, 13, 4, 13, 13, 5, + 13, 3, 13, 13, 13, 13, 6, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 7, 13, 13, 13, 13, 13, + 8, 13 + } ; + +static yyconst short int yy_accept[110] = + { 0, + 1, 1, 1, 2, 4, 7, 9, 12, 15, 18, + 21, 24, 26, 29, 32, 35, 38, 41, 44, 47, + 49, 52, 55, 58, 60, 62, 64, 66, 68, 70, + 73, 76, 77, 78, 78, 79, 79, 80, 81, 82, + 83, 84, 85, 86, 87, 88, 88, 88, 88, 89, + 90, 91, 92, 93, 94, 95, 96, 97, 97, 98, + 100, 101, 102, 104, 105, 106, 107, 108, 108, 109, + 110, 111, 112, 113, 114, 115, 116, 117, 119, 120, + 122, 124, 125, 126, 127, 129, 130, 131, 132, 133, + 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, + + 144, 145, 147, 148, 149, 150, 151, 153, 153 + } ; + +static yyconst int yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 2, 2, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 1, 1, 1, 1, 1, 1, 1, 4, + 5, 6, 1, 7, 8, 9, 10, 11, 12, 12, + 12, 12, 12, 12, 12, 12, 12, 13, 14, 15, + 16, 17, 1, 18, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, + 19, 19, 19, 19, 19, 19, 19, 19, 19, 19, + 20, 1, 21, 22, 23, 1, 24, 25, 26, 27, + + 28, 19, 29, 19, 30, 19, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 19, 19, 42, + 43, 19, 44, 1, 45, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst int yy_meta[46] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 2, 2, 3, + 4, 4, 1, 1, 1, 1, 1, 5, 4, 1, + 1, 1, 2, 4, 4, 4, 4, 4, 4, 4, + 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, + 4, 4, 4, 1, 1 + } ; + +static yyconst short int yy_base[113] = + { 0, + 0, 0, 141, 142, 44, 46, 142, 142, 142, 142, + 131, 133, 39, 41, 142, 142, 142, 142, 142, 0, + 142, 142, 142, 30, 108, 103, 100, 94, 27, 116, + 142, 54, 142, 127, 47, 0, 0, 93, 97, 101, + 88, 104, 102, 94, 87, 0, 118, 54, 0, 95, + 83, 91, 87, 82, 86, 89, 75, 97, 142, 0, + 74, 73, 0, 71, 81, 84, 83, 63, 83, 82, + 77, 78, 63, 62, 142, 67, 68, 0, 91, 0, + 0, 58, 65, 65, 0, 52, 66, 79, 40, 41, + 71, 48, 49, 47, 41, 40, 47, 44, 33, 43, + + 26, 0, 32, 26, 35, 35, 0, 142, 80, 84, + 57, 89 + } ; + +static yyconst short int yy_def[113] = + { 0, + 108, 1, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 109, + 108, 108, 108, 109, 109, 109, 109, 109, 109, 108, + 108, 108, 108, 110, 108, 111, 109, 109, 109, 109, + 109, 109, 109, 109, 109, 112, 110, 110, 111, 109, + 109, 109, 109, 109, 109, 109, 109, 112, 108, 109, + 109, 109, 109, 109, 109, 109, 109, 108, 109, 109, + 109, 109, 109, 109, 108, 109, 109, 109, 109, 109, + 109, 109, 109, 109, 109, 109, 109, 109, 109, 109, + 109, 109, 109, 109, 109, 109, 109, 109, 109, 109, + + 109, 109, 109, 109, 109, 109, 109, 0, 108, 108, + 108, 108 + } ; + +static yyconst short int yy_nxt[188] = + { 0, + 4, 5, 6, 7, 8, 4, 9, 10, 11, 12, + 13, 14, 15, 16, 17, 18, 19, 4, 20, 21, + 22, 23, 4, 20, 20, 24, 25, 26, 20, 20, + 20, 20, 20, 20, 27, 28, 20, 20, 29, 20, + 20, 20, 20, 30, 31, 32, 32, 32, 32, 35, + 35, 35, 35, 38, 44, 32, 32, 35, 35, 48, + 49, 107, 106, 59, 39, 105, 45, 104, 103, 102, + 101, 100, 99, 98, 97, 96, 95, 94, 93, 92, + 36, 37, 91, 37, 47, 47, 90, 47, 47, 58, + 58, 58, 58, 89, 88, 87, 86, 85, 84, 83, + + 82, 81, 80, 79, 78, 77, 76, 75, 74, 73, + 72, 71, 70, 69, 68, 67, 66, 65, 64, 63, + 62, 61, 60, 48, 57, 56, 55, 54, 53, 52, + 51, 50, 48, 46, 43, 42, 41, 40, 34, 33, + 108, 3, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108 + } ; + +static yyconst short int yy_chk[188] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 5, 5, 6, 6, 13, + 13, 14, 14, 24, 29, 32, 32, 35, 35, 48, + 111, 106, 105, 48, 24, 104, 29, 103, 101, 100, + 99, 98, 97, 96, 95, 94, 93, 92, 91, 90, + 13, 109, 89, 109, 110, 110, 88, 110, 110, 112, + 112, 112, 112, 87, 86, 84, 83, 82, 79, 77, + + 76, 74, 73, 72, 71, 70, 69, 68, 67, 66, + 65, 64, 62, 61, 58, 57, 56, 55, 54, 53, + 52, 51, 50, 47, 45, 44, 43, 42, 41, 40, + 39, 38, 34, 30, 28, 27, 26, 25, 12, 11, + 3, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108, 108, 108, 108, + 108, 108, 108, 108, 108, 108, 108 + } ; + +static yy_state_type yy_state_buf[YY_BUF_SIZE + 2], *yy_state_ptr; +static char *yy_full_match; +static int yy_lp; +#define REJECT \ +{ \ +*yy_cp = yy_hold_char; /* undo effects of setting up yytext */ \ +yy_cp = yy_full_match; /* restore poss. backed-over text */ \ +++yy_lp; \ +goto find_rule; \ +} +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "ssl.l" +#define INITIAL 0 +#line 4 "ssl.l" +#include "y.tab.h" + +#if 0 +#define RETURN(x) printf("TOK:%s\n",#x); return(x) +#else +#define RETURN return +#endif + +long strtol(); +#line 479 "lex.yy.c" + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap YY_PROTO(( void )); +#else +extern int yywrap YY_PROTO(( void )); +#endif +#endif + +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + +#ifndef yytext_ptr +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen YY_PROTO(( yyconst char * )); +#endif + +#ifndef YY_NO_INPUT +#ifdef __cplusplus +static int yyinput YY_PROTO(( void )); +#else +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); +#endif + +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ + +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( yy_current_buffer->yy_is_interactive ) \ + { \ + int c = '*', n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL int yylex YY_PROTO(( void )) +#endif + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +YY_DECL + { + register yy_state_type yy_current_state; + register char *yy_cp, *yy_bp; + register int yy_act; + +#line 23 "ssl.l" + + +#line 633 "lex.yy.c" + + if ( yy_init ) + { + yy_init = 0; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! yy_start ) + yy_start = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_load_buffer_state(); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = yy_c_buf_p; + + /* Support of yytext. */ + *yy_cp = yy_hold_char; + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = yy_start; + yy_state_ptr = yy_state_buf; + *yy_state_ptr++ = yy_current_state; +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 109 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + *yy_state_ptr++ = yy_current_state; + ++yy_cp; + } + while ( yy_base[yy_current_state] != 142 ); + +yy_find_action: + yy_current_state = *--yy_state_ptr; + yy_lp = yy_accept[yy_current_state]; +find_rule: /* we branch to this label when backing up */ + for ( ; ; ) /* until we find what rule we matched */ + { + if ( yy_lp && yy_lp < yy_accept[yy_current_state + 1] ) + { + yy_act = yy_acclist[yy_lp]; + { + yy_full_match = yy_cp; + break; + } + } + --yy_cp; + yy_current_state = *--yy_state_ptr; + yy_lp = yy_accept[yy_current_state]; + } + + YY_DO_BEFORE_ACTION; + + if ( yy_act != YY_END_OF_BUFFER ) + { + int yyl; + for ( yyl = 0; yyl < yyleng; ++yyl ) + if ( yytext[yyl] == '\n' ) + ++yylineno; + } + +do_action: /* This label is used only to access EOF actions. */ + + + switch ( yy_act ) + { /* beginning of action switch */ +case 1: +YY_RULE_SETUP +#line 25 "ssl.l" +{RETURN(DOT_DOT_);} + YY_BREAK +case 2: +YY_RULE_SETUP +#line 26 "ssl.l" +{RETURN(ENUM_);} + YY_BREAK +case 3: +YY_RULE_SETUP +#line 27 "ssl.l" +{RETURN(STRUCT_);} + YY_BREAK +case 4: +YY_RULE_SETUP +#line 28 "ssl.l" +{mkname();RETURN(OPAQUE_);} + YY_BREAK +case 5: +YY_RULE_SETUP +#line 29 "ssl.l" +{RETURN(SELECT_);} + YY_BREAK +case 6: +YY_RULE_SETUP +#line 30 "ssl.l" +{RETURN(CONSTANT_);} + YY_BREAK +case 7: +YY_RULE_SETUP +#line 31 "ssl.l" +{/* Do nothing*/} + YY_BREAK +case 8: +YY_RULE_SETUP +#line 32 "ssl.l" +{/* Do nothing*/} + YY_BREAK +case 9: +YY_RULE_SETUP +#line 33 "ssl.l" +{RETURN(CASE_);} + YY_BREAK +case 10: +YY_RULE_SETUP +#line 34 "ssl.l" +{ /*Do nothing*/} + YY_BREAK +case 11: +YY_RULE_SETUP +#line 35 "ssl.l" +{ strcpy(yylval.str,yytext); RETURN(CODE_);} + YY_BREAK +case 12: +YY_RULE_SETUP +#line 37 "ssl.l" +{/*do nothing*/} + YY_BREAK +case 13: +YY_RULE_SETUP +#line 38 "ssl.l" +{mkname();RETURN(NAME_);} + YY_BREAK +case 14: +YY_RULE_SETUP +#line 39 "ssl.l" +{yylval.val=atoi(yytext); RETURN(NUM_);} + YY_BREAK +case 15: +YY_RULE_SETUP +#line 40 "ssl.l" +{yylval.val=strtol(yytext,0,16); RETURN(NUM_);} + YY_BREAK +case 16: +YY_RULE_SETUP +#line 41 "ssl.l" +{ RETURN('{'); } + YY_BREAK +case 17: +YY_RULE_SETUP +#line 42 "ssl.l" +{ RETURN('}'); } + YY_BREAK +case 18: +YY_RULE_SETUP +#line 43 "ssl.l" +{ RETURN('('); } + YY_BREAK +case 19: +YY_RULE_SETUP +#line 44 "ssl.l" +{ RETURN(')'); } + YY_BREAK +case 20: +YY_RULE_SETUP +#line 45 "ssl.l" +{ RETURN('['); } + YY_BREAK +case 21: +YY_RULE_SETUP +#line 46 "ssl.l" +{ RETURN(']'); } + YY_BREAK +case 22: +YY_RULE_SETUP +#line 47 "ssl.l" +{ RETURN('<'); } + YY_BREAK +case 23: +YY_RULE_SETUP +#line 48 "ssl.l" +{ RETURN('>'); } + YY_BREAK +case 24: +YY_RULE_SETUP +#line 49 "ssl.l" +{ RETURN(';'); } + YY_BREAK +case 25: +YY_RULE_SETUP +#line 50 "ssl.l" +{ RETURN(':'); } + YY_BREAK +case 26: +YY_RULE_SETUP +#line 51 "ssl.l" +{ RETURN(','); } + YY_BREAK +case 27: +YY_RULE_SETUP +#line 52 "ssl.l" +{ RETURN('.'); } + YY_BREAK +case 28: +YY_RULE_SETUP +#line 53 "ssl.l" +{ RETURN('^'); } + YY_BREAK +case 29: +YY_RULE_SETUP +#line 54 "ssl.l" +{ RETURN('-'); } + YY_BREAK +case 30: +YY_RULE_SETUP +#line 55 "ssl.l" +{ RETURN('='); } + YY_BREAK +case 31: +YY_RULE_SETUP +#line 56 "ssl.l" +{ fprintf(stderr,"Invalid input token: %s at %d!!!\n",yytext,yylineno); + exit(1); + } + YY_BREAK +case 32: +YY_RULE_SETUP +#line 60 "ssl.l" +ECHO; + YY_BREAK +#line 886 "lex.yy.c" + case YY_STATE_EOF(INITIAL): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = yy_hold_char; + YY_RESTORE_YY_MORE_OFFSET + + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between yy_current_buffer and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state(); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = yytext_ptr + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++yy_c_buf_p; + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = yy_c_buf_p; + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer() ) + { + case EOB_ACT_END_OF_FILE: + { + yy_did_buffer_switch_on_eof = 0; + + if ( yywrap() ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! yy_did_buffer_switch_on_eof ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state(); + + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; + + yy_current_state = yy_get_previous_state(); + + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ + } /* end of yylex */ + + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; + register int number_to_move, i; + int ret_val; + + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( yy_current_buffer->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + yy_current_buffer->yy_n_chars = yy_n_chars = 0; + + else + { + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = yy_current_buffer; + + int yy_c_buf_p_offset = + (int) (yy_c_buf_p - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = yy_current_buffer->yy_buf_size - + number_to_move - 1; +#endif + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); + + yy_current_buffer->yy_n_chars = yy_n_chars; + } + + if ( yy_n_chars == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart( yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + yy_current_buffer->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + + return ret_val; + } + + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + +static yy_state_type yy_get_previous_state() + { + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = yy_start; + yy_state_ptr = yy_state_buf; + *yy_state_ptr++ = yy_current_state; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 109 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + *yy_state_ptr++ = yy_current_state; + } + + return yy_current_state; + } + + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { + register int yy_is_jam; + + register YY_CHAR yy_c = 1; + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 109 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 108); + if ( ! yy_is_jam ) + *yy_state_ptr++ = yy_current_state; + + return yy_is_jam ? 0 : yy_current_state; + } + + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; + + /* undo effects of setting up yytext */ + *yy_cp = yy_hold_char; + + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; + register char *source = + &yy_current_buffer->yy_ch_buf[number_to_move]; + + while ( source > yy_current_buffer->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; + + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + if ( c == '\n' ) + --yylineno; + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + + +#ifdef __cplusplus +static int yyinput() +#else +static int input() +#endif + { + int c; + + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + /* This was really a NUL. */ + *yy_c_buf_p = '\0'; + + else + { /* need more input */ + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; + + switch ( yy_get_next_buffer() ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart( yyin ); + + /* fall through */ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap() ) + return EOF; + + if ( ! yy_did_buffer_switch_on_eof ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + yy_c_buf_p = yytext_ptr + offset; + break; + } + } + } + + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + + if ( c == '\n' ) + ++yylineno; + + return c; + } + + +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); + } + + +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) + return; + + if ( yy_current_buffer ) + { + /* Flush out information for old buffer. */ + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; + } + + yy_current_buffer = new_buffer; + yy_load_buffer_state(); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + yy_did_buffer_switch_on_eof = 1; + } + + +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer( b, file ); + + return b; + } + + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { + if ( ! b ) + return; + + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yy_flex_free( (void *) b->yy_ch_buf ); + + yy_flex_free( (void *) b ); + } + + +#ifndef YY_ALWAYS_INTERACTIVE +#ifndef YY_NEVER_INTERACTIVE +extern int isatty YY_PROTO(( int )); +#endif +#endif + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } + + +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == yy_current_buffer ) + yy_load_buffer_state(); + } + + +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer( b ); + + return b; + } +#endif + + +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = len + 2; + buf = (char *) yy_flex_alloc( n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; + + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer( buf, n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; + } +#endif + + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; +#endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; + + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); + + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); + + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); + + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } + + yy_start_stack[yy_start_stack_ptr++] = YY_START; + + BEGIN(new_state); + } +#endif + + +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); + + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif + + +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } + + + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) + + +/* Internal utility routines. */ + +#ifndef yytext_ptr +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; + } +#endif + +#ifdef YY_NEED_STRLEN +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; + } +#endif + + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { + return (void *) malloc( size ); + } + +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); + } + +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } + +#if YY_MAIN +int main() + { + yylex(); + return 0; + } +#endif +#line 60 "ssl.l" + +int mkname() +{ +#if 0 +printf("%s\n",yytext); +#endif +strcpy(yylval.str,yytext); +} diff --git a/ssl/main.c b/ssl/main.c new file mode 100644 index 0000000..8c36157 --- /dev/null +++ b/ssl/main.c @@ -0,0 +1,99 @@ +/** + main.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: main.c,v 1.2 2000/10/17 16:10:01 ekr Exp $ + + + ekr@rtfm.com Mon Jan 18 16:28:43 1999 + */ + + +static char *RCSSTRING="$Id: main.c,v 1.2 2000/10/17 16:10:01 ekr Exp $"; + +#include +#include + +extern int yydebug; + +FILE *doth,*dotc; + +int verr_exit(char *fmt,...) + { + va_list ap; + + va_start(ap,fmt); + vfprintf(stderr,fmt,ap); + exit(1); + } + + +int main(argc,argv) + int argc; + char **argv; + { + char name[100]; + FILE *in; + + if(!(in=freopen(argv[1],"r",stdin))) + verr_exit("Couldn't open input file %s\n",argv[1]); + + sprintf(name,"%s.c",argv[1]); + dotc=fopen(name,"w"); + sprintf(name,"%s.h",argv[1]); + doth=fopen(name,"w"); + + fprintf(dotc,"#include \"network.h\"\n#include \"ssl_h.h\"\n#include \"sslprint.h\"\n#include \"sslxprint.h\"\n#ifdef OPENSSL\n#include \n#endif\n"); + fprintf(dotc,"#include \"%s\"\n",name); + + yyparse(); + } + + +extern int yylineno; + +int yywrap() +{ +;} + +int yyerror(s) + char *s; + { + printf("Parse error %s at line %d\n",s,yylineno); + exit(1); + } diff --git a/ssl/ssl.enums b/ssl/ssl.enums new file mode 100644 index 0000000..dba21a1 --- /dev/null +++ b/ssl/ssl.enums @@ -0,0 +1,419 @@ + select { + ChangeCipherSpec(20) +{@ + ssl_process_change_cipher_spec(ssl,ssl->decoder,dir); + + if(dir==DIR_I2R){ + ssl->i_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + else{ + ssl->r_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + + printf("\n"); + return(0); +@} +, Alert(21) +{@ + int r; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + if(data->len!=2){ + fprintf(stderr,"Wrong length for alert message: %d\n", + data->len); + ERETURN(R_EOD); + } + + P_(P_HL){ + printf("\n"); + SSL_DECODE_ENUM(ssl,"level",1,AlertLevel_decoder,P_HL,data,0); + printf("\n"); + SSL_DECODE_ENUM(ssl,"value",1,AlertDescription_decoder,P_HL,data,0); + printf("\n"); + } + else { + SSL_DECODE_ENUM(ssl,0,1,AlertLevel_decoder,SSL_PRINT_ALL,data,0); + SSL_DECODE_ENUM(ssl,0,1,AlertDescription_decoder,SSL_PRINT_ALL,data,0); + printf("\n"); + } + return(0); + +@}, + Handshake(22) +{@ + extern decoder HandshakeType_decoder[]; + int r; + UINT4 t,l; + int rs=0; + Data d; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + while(data->len>0){ + SSL_DECODE_UINT8(ssl,0,0,data,&t); + SSL_DECODE_UINT24(ssl,0,0,data,&l); + + if(data->lenlen); + ERETURN(R_EOD); + } + + d.data=data->data; + d.len=l; + data->len-=l; + data->data+=l; + P_(P_HL){ + if(!rs){ + printf("\n"); + rs=1; + } + } + ssl_decode_switch(ssl,HandshakeType_decoder,t,dir,seg,&d); + } + return(0); +@}, + application_data(23) +{@ + int r; + Data d; + + SSL_DECODE_OPAQUE_ARRAY(ssl,"data",data->len,0,data,&d); + + P_(P_AD){ + print_data(ssl,&d); + } + else { + printf("\n"); + } + return(0); +@} +, (255) + } ContentType; + + select { + HelloRequest(0) +{@ + printf("\n"); +@}, +ClientHello(1) +{@ + UINT4 vj,vn,cs,cslen,complen,comp; + Data session_id,random; + int r; + + extern decoder cipher_suite_decoder[]; + extern decoder compression_method_decoder[]; + + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&random); + ssl_set_client_random(ssl->decoder,random.data,random.len); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,0,data,&session_id); + ssl_set_client_session_id(ssl->decoder,session_id.data,session_id.len); + + P_(P_HL){ + if(session_id.len) + exdump(ssl,"resume ",&session_id); + } + + P_(P_HL){ + SSL_DECODE_UINT16(ssl,"cipher Suites len",0,data,&cslen); + explain(ssl,"cipher suites\n"); + + for(;cslen;cslen-=2){ + ssl_decode_enum(ssl,0,2,cipher_suite_decoder, + 0,data,&cs); + ssl_print_cipher_suite(ssl,(vj<<8)|vn,P_HL,cs); + printf("\n"); + } + } + + SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen); + if(complen){ + explain(ssl,"compression methods\n"); + for(;complen;complen--){ + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,&comp); + printf("\n"); + } + } + return(0); +@}, + ServerHello(2) +{@ + int r; + Data rnd,session_id; + UINT4 vj,vn; + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + ssl->version=vj*256+vn; + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&rnd); + ssl_set_server_random(ssl->decoder,rnd.data,rnd.len); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,P_HL,data,&session_id); + SSL_DECODE_ENUM(ssl,"cipherSuite",2,cipher_suite_decoder, + 0,data,&ssl->cipher_suite); + P_(P_HL){ + explain(ssl,"cipherSuite "); + ssl_print_cipher_suite(ssl,ssl->version,P_HL,ssl->cipher_suite); + } + ssl_find_cipher(ssl->cipher_suite,&ssl->cs); + + ssl_process_server_session_id(ssl,ssl->decoder,session_id.data, + session_id.len); + + P_(P_HL) printf("\n"); + SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); + P_(P_HL) printf("\n"); + return(0); +@}, +Certificate(11) +{@ + UINT4 len; + Data cert; + int r; + + printf("\n"); + SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); + + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate",-((1<<23)-1), + 0,data,&cert); + sslx_print_certificate(ssl,&cert,P_ND); + len-=(cert.len + 3); + } + + return(0); +@}, +ServerKeyExchange (12) +{@ + int r; + + printf("\n"); + + if(ssl->cs){ + P_(P_ND){ + explain(ssl,"params\n"); + } + INDENT_INCR; + + switch(ssl->cs->kex){ + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_p",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_g",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_Ys",-((1<<15)-1),P_ND,data,0); + break; + case KEX_RSA: + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_modulus",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_exponent",-((1<<15)-1),P_ND,data,0); + break; + } + INDENT_POP; + SSL_DECODE_OPAQUE_ARRAY(ssl,"signature",-((1<<15)-1),P_ND,data,0); + } + + return(0); +@} +, +CertificateRequest(13) +{@ + UINT4 len; + Data ca; + int r; + + printf("\n"); + SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len); + for(;len;len--){ + SSL_DECODE_ENUM(ssl,"certificate_types",1, + client_certificate_type_decoder, P_HL,data,0); + P_(P_HL){ + printf("\n"); + } + }; + + SSL_DECODE_UINT16(ssl,"certificate_authorities len",0,data,&len); + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate_authorities", + -((1<<15)-1),0,data,&ca); + explain(ssl,"certificate_authority\n"); + INDENT_INCR; + sslx_print_dn(ssl,&ca,P_HL); + INDENT_POP; + len-=(ca.len + 2); + } + return(0); +@} +, ServerHelloDone(14) +{@ + printf("\n"); +@}, +CertificateVerify(15) +{@ + int r; + printf("\n"); + SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); + return(0); +@} +, +ClientKeyExchange(16) +{@ + int r; + Data pms; + + printf("\n"); + if(ssl->cs){ + switch(ssl->cs->kex){ + + case KEX_RSA: + if(ssl->version > 768) { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1), + P_ND,data,&pms); + + } + else { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",data->len,P_ND,data,&pms); + } + ssl_process_client_key_exchange(ssl, + ssl->decoder,pms.data,pms.len); + + break; + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DiffieHellmanClientPublicValue", + -(1<<15-1),P_HL,data,0); + } + } + return(0); +@} +, + Finished(20) +{@ + int r; + + printf("\n"); + switch(ssl->version){ + case 0x300: + SSL_DECODE_OPAQUE_ARRAY(ssl,"md5_hash",16,P_ND,data,0); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"sha_hash",20,P_ND,data,0); + break; + case 0x301: + SSL_DECODE_OPAQUE_ARRAY(ssl,"verify_data",12,P_ND,data,0); + P_(P_ND) + printf("\n"); + break; + } + + return (0); +@} +, (255) + } HandshakeType; + + constant { + CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 }; + CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 }; + CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 }; + CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 }; + CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 }; + CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 }; + CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; + CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 }; + CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 }; + CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A }; + CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B }; + CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C }; + CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D }; + CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E }; + CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F }; + CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 }; + CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 }; + CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 }; + CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 }; + CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 }; + CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 }; + CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; + CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 }; + CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 }; + CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; + CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; + CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; + CipherSuite TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x63 }; + CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = { 0x00,0x64 }; + CipherSuite TLS_DHE_DSS_WITH_RC2_56_CBC_SHA = { 0x00,0x65 }; + CipherSuite TLS_DHE_DSS_WITH_RC4_128_SHA = { 0x00,0x66 }; + CipherSuite TLS_DHE_DSS_WITH_NULL_SHA = { 0x00,0x67 }; + CipherSuite SSL2_CK_RC4 = { 0x01,0x00,0x80}; + CipherSuite SSL2_CK_RC4_EXPORT40 = { 0x02,0x00,0x80}; + CipherSuite SSL2_CK_RC2 = { 0x03,0x00,0x80}; + CipherSuite SSL2_CK_RC2_EXPORT40 = { 0x04,0x00,0x80}; + CipherSuite SSL2_CK_IDEA = { 0x05,0x00,0x80}; + CipherSuite SSL2_CK_DES = { 0x06,0x00,0x40}; + CipherSuite SSL2_CK_RC464 = { 0x08,0x00,0x80}; + CipherSuite SSL2_CK_3DES = { 0x07,0x00,0xc0}; + CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = {0x00,0x4a}; + CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = {0x00,0x48}; + CipherSuite SSL_RSA_WITH_RC2_CBC_MD5 = {0xff,0x80}; + CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = {0x00,0x49}; + CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA={0xff,0x85}; + CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA={0xff,0x84}; + } cipher_suite; + + + select { warning(1), fatal(2), (255) } AlertLevel; + select { + close_notify(0), + unexpected_message(10), + bad_record_mac(20), + decryption_failed(21), + record_overflow(22), + decompression_failure(30), + handshake_failure(40), + bad_certificate(42), + unsupported_certificate(43), + certificate_revoked(44), + certificate_expired(45), + certificate_unknown(46), + illegal_parameter(47), + unknown_ca(48), + access_denied(49), + decode_error(50), + decrypt_error(51), + export_restriction(60), + protocol_version(70), + insufficient_security(71), + internal_error(80), + user_canceled(90), + no_renegotiation(100), + (255) + } AlertDescription; + + constant { + CompressionMethod NULL={0}; + } compression_method; + + select { + rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), + (255) + } client_certificate_type; diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c new file mode 100644 index 0000000..1d4a9bd --- /dev/null +++ b/ssl/ssl.enums.c @@ -0,0 +1,1100 @@ +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "sslxprint.h" +#ifdef OPENSSL +#include +#endif +#include "ssl.enums.h" +static int decode_ContentType_ChangeCipherSpec(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + ssl_process_change_cipher_spec(ssl,ssl->decoder,dir); + + if(dir==DIR_I2R){ + ssl->i_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + else{ + ssl->r_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC; + } + + printf("\n"); + return(0); + + } +static int decode_ContentType_Alert(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + if(data->len!=2){ + fprintf(stderr,"Wrong length for alert message: %d\n", + data->len); + ERETURN(R_EOD); + } + + P_(P_HL){ + printf("\n"); + SSL_DECODE_ENUM(ssl,"level",1,AlertLevel_decoder,P_HL,data,0); + printf("\n"); + SSL_DECODE_ENUM(ssl,"value",1,AlertDescription_decoder,P_HL,data,0); + printf("\n"); + } + else { + SSL_DECODE_ENUM(ssl,0,1,AlertLevel_decoder,SSL_PRINT_ALL,data,0); + SSL_DECODE_ENUM(ssl,0,1,AlertDescription_decoder,SSL_PRINT_ALL,data,0); + printf("\n"); + } + return(0); + + + } +static int decode_ContentType_Handshake(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + extern decoder HandshakeType_decoder[]; + int r; + UINT4 t,l; + int rs=0; + Data d; + + if(ssl->record_encryption==REC_CIPHERTEXT){ + printf("\n"); + return(0); + } + + while(data->len>0){ + SSL_DECODE_UINT8(ssl,0,0,data,&t); + SSL_DECODE_UINT24(ssl,0,0,data,&l); + + if(data->lenlen); + ERETURN(R_EOD); + } + + d.data=data->data; + d.len=l; + data->len-=l; + data->data+=l; + P_(P_HL){ + if(!rs){ + printf("\n"); + rs=1; + } + } + ssl_decode_switch(ssl,HandshakeType_decoder,t,dir,seg,&d); + } + return(0); + + } +static int decode_ContentType_application_data(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + Data d; + + SSL_DECODE_OPAQUE_ARRAY(ssl,"data",data->len,0,data,&d); + + P_(P_AD){ + print_data(ssl,&d); + } + else { + printf("\n"); + } + return(0); + + } +decoder ContentType_decoder[]={ + { + 20, + "ChangeCipherSpec", + decode_ContentType_ChangeCipherSpec + }, + { + 21, + "Alert", + decode_ContentType_Alert + }, + { + 22, + "Handshake", + decode_ContentType_Handshake + }, + { + 23, + "application_data", + decode_ContentType_application_data + }, +{0} +}; + +static int decode_HandshakeType_HelloRequest(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + printf("\n"); + + } +static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 vj,vn,cs,cslen,complen,comp; + Data session_id,random; + int r; + + extern decoder cipher_suite_decoder[]; + extern decoder compression_method_decoder[]; + + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&random); + ssl_set_client_random(ssl->decoder,random.data,random.len); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,0,data,&session_id); + ssl_set_client_session_id(ssl->decoder,session_id.data,session_id.len); + + P_(P_HL){ + if(session_id.len) + exdump(ssl,"resume ",&session_id); + } + + P_(P_HL){ + SSL_DECODE_UINT16(ssl,"cipher Suites len",0,data,&cslen); + explain(ssl,"cipher suites\n"); + + for(;cslen;cslen-=2){ + ssl_decode_enum(ssl,0,2,cipher_suite_decoder, + 0,data,&cs); + ssl_print_cipher_suite(ssl,(vj<<8)|vn,P_HL,cs); + printf("\n"); + } + } + + SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen); + if(complen){ + explain(ssl,"compression methods\n"); + for(;complen;complen--){ + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,&comp); + printf("\n"); + } + } + return(0); + + } +static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + Data rnd,session_id; + UINT4 vj,vn; + printf("\n"); + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + ssl->version=vj*256+vn; + P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn); + printf("\n"); + } + + + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&rnd); + ssl_set_server_random(ssl->decoder,rnd.data,rnd.len); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,P_HL,data,&session_id); + SSL_DECODE_ENUM(ssl,"cipherSuite",2,cipher_suite_decoder, + 0,data,&ssl->cipher_suite); + P_(P_HL){ + explain(ssl,"cipherSuite "); + ssl_print_cipher_suite(ssl,ssl->version,P_HL,ssl->cipher_suite); + } + ssl_find_cipher(ssl->cipher_suite,&ssl->cs); + + ssl_process_server_session_id(ssl,ssl->decoder,session_id.data, + session_id.len); + + P_(P_HL) printf("\n"); + SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); + P_(P_HL) printf("\n"); + return(0); + + } +static int decode_HandshakeType_Certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 len; + Data cert; + int r; + + printf("\n"); + SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); + + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate",-((1<<23)-1), + 0,data,&cert); + sslx_print_certificate(ssl,&cert,P_ND); + len-=(cert.len + 3); + } + + return(0); + + } +static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + printf("\n"); + + if(ssl->cs){ + P_(P_ND){ + explain(ssl,"params\n"); + } + INDENT_INCR; + + switch(ssl->cs->kex){ + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_p",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_g",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_Ys",-((1<<15)-1),P_ND,data,0); + break; + case KEX_RSA: + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_modulus",-((1<<15)-1),P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_exponent",-((1<<15)-1),P_ND,data,0); + break; + } + INDENT_POP; + SSL_DECODE_OPAQUE_ARRAY(ssl,"signature",-((1<<15)-1),P_ND,data,0); + } + + return(0); + + } +static int decode_HandshakeType_CertificateRequest(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 len; + Data ca; + int r; + + printf("\n"); + SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len); + for(;len;len--){ + SSL_DECODE_ENUM(ssl,"certificate_types",1, + client_certificate_type_decoder, P_HL,data,0); + P_(P_HL){ + printf("\n"); + } + }; + + SSL_DECODE_UINT16(ssl,"certificate_authorities len",0,data,&len); + while(len){ + SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate_authorities", + -((1<<15)-1),0,data,&ca); + explain(ssl,"certificate_authority\n"); + INDENT_INCR; + sslx_print_dn(ssl,&ca,P_HL); + INDENT_POP; + len-=(ca.len + 2); + } + return(0); + + } +static int decode_HandshakeType_ServerHelloDone(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + printf("\n"); + + } +static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + printf("\n"); + SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); + return(0); + + } +static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + Data pms; + + printf("\n"); + if(ssl->cs){ + switch(ssl->cs->kex){ + + case KEX_RSA: + if(ssl->version > 768) { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1), + P_ND,data,&pms); + + } + else { + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",data->len,P_ND,data,&pms); + } + ssl_process_client_key_exchange(ssl, + ssl->decoder,pms.data,pms.len); + + break; + case KEX_DH: + SSL_DECODE_OPAQUE_ARRAY(ssl,"DiffieHellmanClientPublicValue", + -(1<<15-1),P_HL,data,0); + } + } + return(0); + + } +static int decode_HandshakeType_Finished(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + printf("\n"); + switch(ssl->version){ + case 0x300: + SSL_DECODE_OPAQUE_ARRAY(ssl,"md5_hash",16,P_ND,data,0); + + SSL_DECODE_OPAQUE_ARRAY(ssl,"sha_hash",20,P_ND,data,0); + break; + case 0x301: + SSL_DECODE_OPAQUE_ARRAY(ssl,"verify_data",12,P_ND,data,0); + P_(P_ND) + printf("\n"); + break; + } + + return (0); + + } +decoder HandshakeType_decoder[]={ + { + 0, + "HelloRequest", + decode_HandshakeType_HelloRequest + }, + { + 1, + "ClientHello", + decode_HandshakeType_ClientHello + }, + { + 2, + "ServerHello", + decode_HandshakeType_ServerHello + }, + { + 11, + "Certificate", + decode_HandshakeType_Certificate + }, + { + 12, + "ServerKeyExchange", + decode_HandshakeType_ServerKeyExchange + }, + { + 13, + "CertificateRequest", + decode_HandshakeType_CertificateRequest + }, + { + 14, + "ServerHelloDone", + decode_HandshakeType_ServerHelloDone + }, + { + 15, + "CertificateVerify", + decode_HandshakeType_CertificateVerify + }, + { + 16, + "ClientKeyExchange", + decode_HandshakeType_ClientKeyExchange + }, + { + 20, + "Finished", + decode_HandshakeType_Finished + }, +{0} +}; + +decoder cipher_suite_decoder[]={ + { + 1, + "TLS_RSA_WITH_NULL_MD5", + 0 }, + { + 2, + "TLS_RSA_WITH_NULL_SHA", + 0 }, + { + 3, + "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 4, + "TLS_RSA_WITH_RC4_128_MD5", + 0 }, + { + 5, + "TLS_RSA_WITH_RC4_128_SHA", + 0 }, + { + 6, + "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + 0 }, + { + 7, + "TLS_RSA_WITH_IDEA_CBC_SHA", + 0 }, + { + 8, + "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 9, + "TLS_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 10, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 11, + "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 12, + "TLS_DH_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 13, + "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 14, + "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 15, + "TLS_DH_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 16, + "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 17, + "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 18, + "TLS_DHE_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 19, + "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 20, + "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 21, + "TLS_DHE_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 22, + "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 23, + "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 24, + "TLS_DH_anon_WITH_RC4_128_MD5", + 0 }, + { + 25, + "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 26, + "TLS_DH_anon_WITH_DES_CBC_SHA", + 0 }, + { + 27, + "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 96, + "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", + 0 }, + { + 97, + "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5", + 0 }, + { + 98, + "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", + 0 }, + { + 99, + "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", + 0 }, + { + 100, + "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", + 0 }, + { + 101, + "TLS_DHE_DSS_WITH_RC2_56_CBC_SHA", + 0 }, + { + 102, + "TLS_DHE_DSS_WITH_RC4_128_SHA", + 0 }, + { + 103, + "TLS_DHE_DSS_WITH_NULL_SHA", + 0 }, + { + 65664, + "SSL2_CK_RC4", + 0 }, + { + 131200, + "SSL2_CK_RC4_EXPORT40", + 0 }, + { + 196736, + "SSL2_CK_RC2", + 0 }, + { + 262272, + "SSL2_CK_RC2_EXPORT40", + 0 }, + { + 327808, + "SSL2_CK_IDEA", + 0 }, + { + 393280, + "SSL2_CK_DES", + 0 }, + { + 524416, + "SSL2_CK_RC464", + 0 }, + { + 458944, + "SSL2_CK_3DES", + 0 }, + { + 74, + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 72, + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + 0 }, + { + 65408, + "SSL_RSA_WITH_RC2_CBC_MD5", + 0 }, + { + 73, + "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA", + 0 }, + { + 65413, + "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA", + 0 }, + { + 65412, + "TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA", + 0 }, +{-1} +}; + +static int decode_AlertLevel_warning(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertLevel_fatal(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder AlertLevel_decoder[]={ + { + 1, + "warning", + decode_AlertLevel_warning + }, + { + 2, + "fatal", + decode_AlertLevel_fatal + }, +{0} +}; + +static int decode_AlertDescription_close_notify(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_unexpected_message(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_bad_record_mac(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decryption_failed(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_record_overflow(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decompression_failure(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_handshake_failure(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_bad_certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_unsupported_certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_certificate_revoked(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_certificate_expired(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_certificate_unknown(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_illegal_parameter(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_unknown_ca(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_access_denied(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decode_error(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_decrypt_error(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_export_restriction(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_protocol_version(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_insufficient_security(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_internal_error(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_user_canceled(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_AlertDescription_no_renegotiation(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder AlertDescription_decoder[]={ + { + 0, + "close_notify", + decode_AlertDescription_close_notify + }, + { + 10, + "unexpected_message", + decode_AlertDescription_unexpected_message + }, + { + 20, + "bad_record_mac", + decode_AlertDescription_bad_record_mac + }, + { + 21, + "decryption_failed", + decode_AlertDescription_decryption_failed + }, + { + 22, + "record_overflow", + decode_AlertDescription_record_overflow + }, + { + 30, + "decompression_failure", + decode_AlertDescription_decompression_failure + }, + { + 40, + "handshake_failure", + decode_AlertDescription_handshake_failure + }, + { + 42, + "bad_certificate", + decode_AlertDescription_bad_certificate + }, + { + 43, + "unsupported_certificate", + decode_AlertDescription_unsupported_certificate + }, + { + 44, + "certificate_revoked", + decode_AlertDescription_certificate_revoked + }, + { + 45, + "certificate_expired", + decode_AlertDescription_certificate_expired + }, + { + 46, + "certificate_unknown", + decode_AlertDescription_certificate_unknown + }, + { + 47, + "illegal_parameter", + decode_AlertDescription_illegal_parameter + }, + { + 48, + "unknown_ca", + decode_AlertDescription_unknown_ca + }, + { + 49, + "access_denied", + decode_AlertDescription_access_denied + }, + { + 50, + "decode_error", + decode_AlertDescription_decode_error + }, + { + 51, + "decrypt_error", + decode_AlertDescription_decrypt_error + }, + { + 60, + "export_restriction", + decode_AlertDescription_export_restriction + }, + { + 70, + "protocol_version", + decode_AlertDescription_protocol_version + }, + { + 71, + "insufficient_security", + decode_AlertDescription_insufficient_security + }, + { + 80, + "internal_error", + decode_AlertDescription_internal_error + }, + { + 90, + "user_canceled", + decode_AlertDescription_user_canceled + }, + { + 100, + "no_renegotiation", + decode_AlertDescription_no_renegotiation + }, +{0} +}; + +decoder compression_method_decoder[]={ + { + 0, + "NULL", + 0 }, +{-1} +}; + +static int decode_client_certificate_type_rsa_sign(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_client_certificate_type_dss_sign(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_client_certificate_type_rsa_fixed_dh(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_client_certificate_type_dss_fixed_dh(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder client_certificate_type_decoder[]={ + { + 1, + "rsa_sign", + decode_client_certificate_type_rsa_sign + }, + { + 2, + "dss_sign", + decode_client_certificate_type_dss_sign + }, + { + 3, + "rsa_fixed_dh", + decode_client_certificate_type_rsa_fixed_dh + }, + { + 4, + "dss_fixed_dh", + decode_client_certificate_type_dss_fixed_dh + }, +{0} +}; + diff --git a/ssl/ssl.enums.h b/ssl/ssl.enums.h new file mode 100644 index 0000000..88cbfd8 --- /dev/null +++ b/ssl/ssl.enums.h @@ -0,0 +1,7 @@ +extern decoder ContentType_decoder[]; +extern decoder HandshakeType_decoder[]; +extern decoder cipher_suite_decoder[]; +extern decoder AlertLevel_decoder[]; +extern decoder AlertDescription_decoder[]; +extern decoder compression_method_decoder[]; +extern decoder client_certificate_type_decoder[]; diff --git a/ssl/ssl.l b/ssl/ssl.l new file mode 100644 index 0000000..a9f9960 --- /dev/null +++ b/ssl/ssl.l @@ -0,0 +1,67 @@ +%option yylineno + +%{ +#include "y.tab.h" + +#if 0 +#define RETURN(x) printf("TOK:%s\n",#x); return(x) +#else +#define RETURN return +#endif + +long strtol(); +%} + +IDCHAR [a-zA-Z0-9_\-\.] +NUMCHAR [0-9] +S [ \t\n\r\f]+ +NAME [a-zA-Z]{IDCHAR}+ +NUM {NUMCHAR}+ +HEXNUM "0x"[0-9A-Za-z]+ +COMMENT "/*"("*"?[^/]+)*("*/") +CODE "{@"[^@]+"@}" +%% + +".." {RETURN(DOT_DOT_);} +"enum" {RETURN(ENUM_);} +"struct" {RETURN(STRUCT_);} +"opaque" {mkname();RETURN(OPAQUE_);} +"select" {RETURN(SELECT_);} +"constant" {RETURN(CONSTANT_);} +"digitally-signed" {/* Do nothing*/} +"public-key-encrypted" {/* Do nothing*/} +"case" {RETURN(CASE_);} +{COMMENT} { /*Do nothing*/} +{CODE} { strcpy(yylval.str,yytext); RETURN(CODE_);} + +{S} {/*do nothing*/} +{NAME} {mkname();RETURN(NAME_);} +{NUM} {yylval.val=atoi(yytext); RETURN(NUM_);} +{HEXNUM} {yylval.val=strtol(yytext,0,16); RETURN(NUM_);} +"{" { RETURN('{'); } +"}" { RETURN('}'); } +"(" { RETURN('('); } +")" { RETURN(')'); } +"[" { RETURN('['); } +"]" { RETURN(']'); } +"<" { RETURN('<'); } +">" { RETURN('>'); } +";" { RETURN(';'); } +":" { RETURN(':'); } +"," { RETURN(','); } +"." { RETURN('.'); } +"^" { RETURN('^'); } +"-" { RETURN('-'); } +"=" { RETURN('='); } +. { fprintf(stderr,"Invalid input token: %s at %d!!!\n",yytext,yylineno); + exit(1); + } + +%% +int mkname() +{ +#if 0 +printf("%s\n",yytext); +#endif +strcpy(yylval.str,yytext); +} diff --git a/ssl/ssl.y b/ssl/ssl.y new file mode 100644 index 0000000..5e90588 --- /dev/null +++ b/ssl/ssl.y @@ -0,0 +1,241 @@ +/** + ssl.y + + Copyright (C) 1998, RTFM, Inc. + All Rights Reserved. + + ekr@rtfm.com Fri Dec 25 20:33:47 1998 + */ + + +%{ + +typedef struct select_st_ { + char *name; + char *code; + int val; + struct select_st_ *next; +} select_st; + + +select_st *select_base; +select_st *select_ptr; + +select_st *constant_base; +select_st *constant_ptr; + +#include + +extern FILE *dotc; +extern FILE *doth; + +%} +%union { + int val; + unsigned char str[8192]; +} + + +/*These tokens have attributes*/ +%token NAME_ +%token NUM_ + +/*Tokens*/ +%token DOT_DOT_ +%token STRUCT_ +%token SELECT_ +%token OPAQUE_ +%token SELECT_ +%token ENUM_ +%token DIGITALLY_SIGNED_ +%token COMMENT_START_ +%token CODE_ +%token COMMENT_END_ +%token CASE_ +%token CONSTANT_ +/*Types for nonterminals*/ +%type module +%type typelist +%type definition +%type selecttype +%type constant_type +%type selecterateds +%type selectmax +%type constval +/*%type selecterated*/ +%% +module: typelist + +typelist: {$$=1}; + | definition typelist + { + $$=1; + } +; + +definition: selecttype + | constant_type +; + +selecttype: SELECT_ '{' selecterateds ',' selectmax '}' NAME_ ';' + { + select_st *en; + char filename[100]; + + for(en=select_base;en;en=en->next){ + fprintf(dotc,"static int decode_%s_%s(ssl,dir,seg,data)\n", + $7,en->name); + fprintf(dotc," ssl_obj *ssl;\n"); + fprintf(dotc," int dir;\n"); + fprintf(dotc," segment *seg;\n"); + fprintf(dotc," Data *data;\n"); + fprintf(dotc," {\n"); + if(en->code){ + en->code+=2; + en->code[strlen(en->code)-2]=0; + fprintf(dotc,"\n%s\n",en->code); + } + else{ +/* fprintf(dotc," fprintf(dotc,\"Decoding %s...%cn\");\n",en->name,'\\');*/ + fprintf(dotc," return(0);\n"); + } + fprintf(dotc," }\n"); + } + + fprintf(dotc,"decoder %s_decoder[]={\n",$7); + fprintf(doth,"extern decoder %s_decoder[];\n",$7); + for(en=select_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," decode_%s_%s\n",$7,en->name); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + + + + select_base=0; + } +; + +selecterateds: selecterateds ',' selecterated + | selecterated +{; +} +; + +selectmax: '(' NUM_ ')' +{$$=1;}; + +selecterated: selecterated_no_code + | selecterated_code +; + + +selecterated_code: NAME_ '(' NUM_ ')' CODE_ +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=$3; + en->name=strdup($1); + en->code=strdup($5); + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +}; + + +selecterated_no_code: NAME_ '(' NUM_ ')' +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=$3; + en->name=strdup($1); + en->code=0; + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +}; + +constant_type: CONSTANT_ '{' constants '}' NAME_ ';' + { + select_st *en; + + fprintf(dotc,"decoder %s_decoder[]={\n",$5); + fprintf(doth,"extern decoder %s_decoder[];\n",$5); + + for(en=constant_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," 0"); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + constant_ptr=0; + constant_base=0; + } + +constants: constants constant + | constant +{; +} +; + +constant: NAME_ NAME_ '=' '{' constval '}' ';' +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=$5; + en->name=strdup($2); + + if(!constant_base){ + constant_base=en; + constant_ptr=en; + } + else{ + constant_ptr->next=en; + constant_ptr=en; + } +}; + +constval: NUM_ ',' NUM_ ',' NUM_ + { + $$=($1 << 16) | ($3 << 8) | $5; + } + | NUM_ ',' NUM_ + { + $$=($1 << 8) | $3; + } + | NUM_ + { + $$=$1; + } +; + diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c new file mode 100644 index 0000000..8f07e4c --- /dev/null +++ b/ssl/ssl_analyze.c @@ -0,0 +1,624 @@ +/** + ssl_analyze.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_analyze.c,v 1.8 2002/01/21 18:46:13 ekr Exp $ + + + ekr@rtfm.com Fri Jan 8 14:07:05 1999 + */ + + +static char *RCSSTRING="$Id: ssl_analyze.c,v 1.8 2002/01/21 18:46:13 ekr Exp $"; + +#include "network.h" +#include "debug.h" +#include "sslprint.h" +#include "ssl_h.h" +#include "ssl_analyze.h" + +/*UINT4 SSL_print_flags=P_HL| P_ND;*/ +UINT4 SSL_print_flags = 1 | P_HT | P_HL; + +static int parse_ssl_flags PROTO_LIST((char *str)); +static int create_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp)); +static int create_ssl_analyzer PROTO_LIST((void *handle, + proto_ctx *ctx,tcp_conn *conn,proto_obj **objp, + struct in_addr *i_addr,u_short i_port, + struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); +static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp)); +static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg, + int offset,segment **lastp,int *offsetp)); +static int read_data PROTO_LIST((r_queue *q,segment *seg,int offset, + segment **lastp,int *offsetp)); +static int data_ssl_analyzer PROTO_LIST((proto_obj *_obj,segment *seg, + int direction)); +int close_ssl_analyzer PROTO_LIST((proto_obj *_obj,packet *p,int direction)); + +static int create_r_queue PROTO_LIST((r_queue **qp)); + +static int free_r_queue PROTO_LIST((r_queue *q)); +static int print_ssl_record PROTO_LIST((ssl_obj *obj,int direction, + segment *q,UCHAR *data,int len)); +char *SSL_keyfile=0; +char *SSL_password=0; + +#define NEGATE 0x800000 + +typedef struct { + int ch; + char *name; + UINT4 flag; +} flag_struct; + +flag_struct flags[]={ + { + 't', + "ts", + SSL_PRINT_TIMESTAMP, + }, + { + 'e', + "tsa", + SSL_PRINT_TIMESTAMP|SSL_PRINT_TIMESTAMP_ABSOLUTE + }, + { + 'x', + "x", + SSL_PRINT_HEXDUMP + }, + { + 'X', + "X", + SSL_PRINT_HEX_ONLY + }, + { + 'r', + "rh", + SSL_PRINT_RECORD_HEADER + }, + { + 0, + "ht", + SSL_PRINT_HANDSHAKE_TYPE + }, + { + 0, + "H", + SSL_PRINT_HIGHLIGHTS + }, + { + 'A', + "all", + SSL_PRINT_ALL_FIELDS + }, + { + 0, + "d", + SSL_PRINT_DECODE + }, + { + 0, + "nroff", + SSL_PRINT_NROFF + }, + { + 'N', + "asn", + SSL_PRINT_DECODE_ASN1 + }, + { + 0, + "crypto", + SSL_PRINT_CRYPTO + }, + { + 'd', + "appdata", + SSL_PRINT_APP_DATA + }, + { 'q', + "quiet", + P_HL | NEGATE + }, + {0} +}; + +int parse_ssl_flag(flag) + int flag; + { + flag_struct *fl; + + for(fl=flags;fl->name;fl++){ + if(fl->ch==flag){ + if(fl->flag & NEGATE){ + SSL_print_flags &= ~(fl->flag); + } + else + SSL_print_flags |= fl->flag; + break; + } + } + + return(0); + } + +static int parse_ssl_flags(str) + char *str; + { + char *x,*y; + flag_struct *fl; + int bang; + + y=str; + + while(x=strtok(y,",")){ + y=0; + + if(*x=='!'){ + bang=1; + x++; + } + else + bang=0; + for(fl=flags;fl->name;fl++){ + if(!strcmp(x,fl->name)){ + if(!bang) SSL_print_flags |= fl->flag; + else SSL_print_flags &= ~fl->flag; + break; + } + } + if(!fl->name){ + fprintf(stderr,"SSL: Bad flag %s\n",x); + } + } + + return(0); + } + +static int create_ssl_ctx(handle,ctxp) + void *handle; + proto_ctx **ctxp; + { + ssl_decode_ctx *ctx=0; + int r,_status; + + if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password)) + ABORT(r); + + *ctxp=(proto_ctx *)ctx; + _status=0; + abort: + return(_status); + } + +static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,base_time) + void *handle; + proto_ctx *ctx; + tcp_conn *conn; + proto_obj **objp; + struct in_addr *i_addr; + u_short i_port; + struct in_addr *r_addr; + u_short r_port; + struct timeval *base_time; + { + int r,_status; + ssl_obj *obj=0; + + if(!(obj=(ssl_obj *)calloc(sizeof(ssl_obj),1))) + ABORT(R_NO_MEMORY); + + obj->ssl_ctx=(ssl_decode_ctx *)ctx; + obj->conn=conn; + + if(r=create_r_queue(&obj->r2i_queue)) + ABORT(r); + if(r=create_r_queue(&obj->i2r_queue)) + ABORT(r); + + lookuphostname(i_addr,&obj->client_name); + obj->client_port=i_port; + lookuphostname(r_addr,&obj->server_name); + obj->server_port=r_port; + + obj->i_state=SSL_ST_SENT_NOTHING; + obj->r_state=SSL_ST_HANDSHAKE; + + memcpy(&obj->time_start,base_time,sizeof(struct timeval)); + memcpy(&obj->time_last,base_time,sizeof(struct timeval)); + + if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)) + ABORT(r); + + *objp=(proto_obj *)obj; + + _status=0; + abort: + if(_status){ + destroy_ssl_analyzer((proto_obj **)&obj); + } + return(_status); + } + +static int destroy_ssl_analyzer(objp) + proto_obj **objp; + { + ssl_obj *obj; + + if(!objp || !*objp) + return(0); + + obj=(ssl_obj *)*objp; + DBG((0,"Destroying SSL analyzer")); + + free_r_queue(obj->i2r_queue); + free_r_queue(obj->r2i_queue); + ssl_decoder_destroy(&obj->decoder); + free(obj->client_name); + free(obj->server_name); + free(*objp); + *objp=0; + + return(0); + } + + +static int free_r_queue(q) + r_queue *q; + { + FREE(q->data); + if(q->q) free_tcp_segment_queue(q->q); + free(q); + return(0); + } + +static int create_r_queue(qp) + r_queue **qp; + { + r_queue *q=0; + int _status; + + if(!(q=(r_queue *)calloc(sizeof(r_queue),1))) + ABORT(R_NO_MEMORY); + + if(!(q->data=(UCHAR *)malloc(SSL_HEADER_SIZE))) + ABORT(R_NO_MEMORY); + q->ptr=q->data; + q->_allocated=SSL_HEADER_SIZE; + q->len=0; + + q->state=SSL_READ_NONE; + *qp=q; + _status=0; + abort: + if(_status){ + free_r_queue(q); + } + return(_status); + } + +static int read_ssl_record(obj,q,seg,offset,lastp,offsetp) + ssl_obj *obj; + r_queue *q; + segment *seg; + int offset; + segment **lastp; + int *offsetp; + + { + segment *last=seg; + int rec_len,r,_status; + + switch(q->state){ + case SSL_READ_NONE: + q->read_left=SSL_HEADER_SIZE; + if(r=read_data(q,seg,offset,&last,&offset)) + ABORT(r); + + q->state=SSL_READ_HEADER; + switch(q->data[0]){ + case 20: + case 21: + case 22: + case 23: + break; + default: + printf("Unknown SSL content type %d\n",q->data[0] & 255); + ABORT(R_INTERNAL); + } + + rec_len=COMBINE(q->data[3],q->data[4]); + + /*Expand the buffer*/ + if(q->_allocated<(rec_len+SSL_HEADER_SIZE)){ + if(!(q->data=realloc(q->data,rec_len+5))) + ABORT(R_NO_MEMORY); + q->_allocated=rec_len+SSL_HEADER_SIZE; + }; + + q->ptr=q->data+SSL_HEADER_SIZE; + q->read_left=rec_len; + + case SSL_READ_HEADER: + if(r=read_data(q,last,offset,&last,&offset)) + ABORT(r); + break; + default: + ABORT(R_INTERNAL); + } + + q->state=SSL_READ_NONE; + /*Whew. If we get here, we've managed to read a whole record*/ + *lastp=last; + *offsetp=offset; + + _status=0; + abort: + return(_status); + } + + +static int read_data(q,seg,offset,lastp,offsetp) + r_queue *q; + segment *seg; + int offset; + segment **lastp; + int *offsetp; + { + int tocpy=0,r,_status; +#ifdef DEBUG + int bread=0; +#endif + + DBG((0,"read_data %d bytes requested",q->read_left)); + + for(;seg;seg=seg->next,offset=0){ + int left; + + left=seg->len-offset; + + tocpy=MIN(q->read_left,left); + memcpy(q->ptr,seg->data+offset,tocpy); + q->read_left-=tocpy; + q->ptr+=tocpy; + q->len+=tocpy; +#ifdef DEBUG + bread+=tocpy; +#endif + if(!q->read_left) + break; + }; + + if(q->read_left){ + if(r=copy_tcp_segment_queue(&q->q,seg)) + ABORT(r); + return(SSL_NO_DATA); + } + + if(seg && tocpy==(seg->len - offset)){ + *lastp=0; + *offsetp=0; + } + else{ + *lastp=seg; + if(seg) *offsetp=tocpy+offset; + } + + if(q->read_left<0) abort(); + + DBG((0,"read_data %d bytes read",bread)); + + _status=0; + abort: + return(_status); + } + +static int data_ssl_analyzer(_obj,seg,direction) + proto_obj *_obj; + segment *seg; + int direction; + { + int _status,r; + r_queue *q; + segment *last,*q_next,*assembled; + ssl_obj *ssl=(ssl_obj *)_obj; + int offset=0; + + q=direction==DIR_R2I?ssl->r2i_queue:ssl->i2r_queue; + + /* Handle SSLv2 backwards compat client hello + This is sloppy because we'll assume that it's + all in one TCP segment -- an assumption we make + nowhere else in the code + */ + if(direction==DIR_I2R && ssl->i_state==SSL_ST_SENT_NOTHING){ + r=process_v2_hello(ssl,seg); + + if(r==SSL_NO_DATA) + return(0); + + if(r==0) + return(0); + } + + if(ssl->i_state==SSL_ST_SENT_NOTHING){ + + r=process_beginning_plaintext(ssl,seg,direction); + if(r==SSL_NO_DATA) + return(0); + + if(r==0) + return(0); + } + + while(!(r=read_ssl_record(ssl,q,seg,offset,&last,&offset))){ + if(ssl->i_state==SSL_ST_SENT_NOTHING) + ssl->i_state=SSL_ST_HANDSHAKE; + if(last){ + q_next=last->next; + last->next=0; + } + if(q->q_last){ + q->q_last->next=seg; + assembled=q->q; + } + else + assembled=seg; + + ssl->direction=direction; + + if(r=print_ssl_record(ssl,direction,assembled,q->data,q->len)) + ABORT(r); + + /*Now reset things, so we can read another record*/ + if(q){ + if(q->q_last) q->q_last->next=0; + if(last) + last->next=q_next; + free_tcp_segment_queue(q->q); + q->q=0;q->q_last=0;q->offset=0;q->len=0;q->ptr=q->data; + q->state=SSL_READ_NONE; + } + + seg=last; + } + + if(r!=SSL_NO_DATA) + ABORT(r); + + _status=0; + abort: + return(_status); + } + +static int print_ssl_header(obj,direction,q,data,len) + ssl_obj *obj; + int direction; + segment *q; + UCHAR *data; + int len; + { + int ct=0; + int r; + segment *s; + struct timeval dt; + + ssl_print_record_num(obj); + + if(SSL_print_flags & SSL_PRINT_TIMESTAMP){ + for(s=q;s;s=s->next) ct++; + + for(s=q;s;s=s->next){ + ssl_print_timestamp(obj,&s->p->ts); + + if(s->next) + printf(", "); + } + } + + ssl_print_direction_indicator(obj,direction); + + return(0); + } + +static int print_ssl_record(obj,direction,q,data,len) + ssl_obj *obj; + int direction; + segment *q; + UCHAR *data; + int len; + { + int r; + + if(r=print_ssl_header(obj,direction,q,data,len)) + ERETURN(r); + + ssl_expand_record(obj,q,direction,data,len); + if(SSL_print_flags & SSL_PRINT_HEXDUMP){ + Data d; + + INIT_DATA(d,data,len); + exdump(obj,"Packet data",&d); + printf("\n\n"); + } + + return(0); + } + +int close_ssl_analyzer(_obj,p,dir) + proto_obj *_obj; + packet *p; + int dir; + { + ssl_obj *ssl=(ssl_obj *)_obj; + char *what; + + if(p->tcp->th_flags & TH_RST) + what="RST"; + else + what="FIN"; + + explain(ssl,"%d ",ssl->conn->conn_number); + ssl_print_timestamp(ssl,&p->ts); + ssl_print_direction_indicator(ssl,dir); + explain(ssl," TCP %s",what); + printf("\n"); + + return(0); + } + + +static struct proto_mod_vtbl_ ssl_vtbl ={ + parse_ssl_flags, + parse_ssl_flag, + create_ssl_ctx, + create_ssl_analyzer, + destroy_ssl_analyzer, + data_ssl_analyzer, + close_ssl_analyzer, +}; + +struct proto_mod_ ssl_mod = { + 0, + &ssl_vtbl +}; + + + + diff --git a/ssl/ssl_analyze.h b/ssl/ssl_analyze.h new file mode 100644 index 0000000..d985218 --- /dev/null +++ b/ssl/ssl_analyze.h @@ -0,0 +1,87 @@ +/** + ssl_analyze.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_analyze.h,v 1.3 2000/11/09 18:52:24 ekr Exp $ + + + ekr@rtfm.com Tue Jan 12 08:45:44 1999 + */ + + +#ifndef _ssl_analyze_h +#define _ssl_analyze_h + +extern proto_mod ssl_mod; + +/*The type of data this is*/ +#define P_RH (1<<3) +#define P_HT (1<<4) +#define P_HL (1<<5) +#define P_ND (1<<6) +#define P_DC (1<<7) +#define P_NR (1<<8) +#define P_ASN (1<<9) +#define P_CR (1<<10) +#define P_AD (1<<11) +#define P_TSA (1<<12) +#define P_QT (1<<13) +#define P_HO (1<<14) + +#define SSL_PRINT_TIMESTAMP (1) /*Timestamp records*/ +#define SSL_PRINT_HEXDUMP (1<<2) /*Print the whole record in hex*/ +#define SSL_PRINT_RECORD_HEADER P_RH /*Print the record header*/ +#define SSL_PRINT_HANDSHAKE_TYPE P_HT /*Print the handshake type*/ +#define SSL_PRINT_HIGHLIGHTS (P_HT | P_HL) +#define SSL_PRINT_ALL_FIELDS (P_RH | P_HT | P_HL | P_ND) +#define SSL_PRINT_DECODE (P_DC) /*Print fields as decoded*/ +#define SSL_PRINT_NROFF (P_NR) +#define SSL_PRINT_DECODE_ASN1 (P_ASN) +#define SSL_PRINT_CRYPTO (P_CR) +#define SSL_PRINT_APP_DATA (P_AD) +#define SSL_PRINT_TIMESTAMP_ABSOLUTE (P_TSA) +#define SSL_PRINT_QUIET (P_QT) +#define SSL_PRINT_HEX_ONLY (P_HO) +#define SSL_PRINT_ALL 0xfffffff + +extern UINT4 SSL_print_flags; +extern char *SSL_keyfile; +extern char *SSL_password; + +#endif + diff --git a/ssl/ssl_enum.c b/ssl/ssl_enum.c new file mode 100644 index 0000000..fde56c6 --- /dev/null +++ b/ssl/ssl_enum.c @@ -0,0 +1,385 @@ +#include "network.h" +#include "ssl.h" +#include "sslprint.h" +static int decode_ContentType_change_cipher_spec(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_ContentType_alert(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_ContentType_handshake(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + extern decoder HandshakeType_decoder[]; + int r; + UINT4 t,l; + + SSL_DECODE_UINT8(ssl,0,0,data,&t); + SSL_DECODE_UINT24(ssl,0,0,data,&l); + + if(data->len!=l){ + fprintf(stderr,"Error: short handshake length: expected %d got %d\n", + l,data->len); + ERETURN(R_EOD); + } + + ssl_decode_switch(ssl,HandshakeType_decoder,t,dir,seg,data); + + } +static int decode_ContentType_application_data(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder ContentType_decoder[]={ + { + 20, + "change_cipher_spec", + decode_ContentType_change_cipher_spec + }, + { + 21, + "alert", + decode_ContentType_alert + }, + { + 22, + "handshake", + decode_ContentType_handshake + }, + { + 23, + "application_data", + decode_ContentType_application_data + }, +{0} +}; + +static int decode_HandshakeType_hello_request(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_client_hello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + UINT4 vj,vn,cs,cslen,complen,comp; + Data session_id,random; + int r; + + extern decoder cipher_suite_decoder[]; + extern decoder compression_method_decoder[]; + + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_ND) {explain(ssl,"Client version %d.%d ",vj,vn);} + + printf("\n"); + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&random); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,0,data,&session_id); + + if(session_id.len) + exdump(ssl,"resume ",&session_id); + + SSL_DECODE_UINT16(ssl,"cipher Suites len",0,data,&cslen); + explain(ssl,"cipher suites\n"); + + for(;cslen;cslen-=2){ + SSL_DECODE_ENUM(ssl,0,2,cipher_suite_decoder, + P_HL,data,&cs); + printf("\n"); + } + + SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen); + if(complen){ + explain(ssl,"compression methods\n"); + for(;complen;complen--){ + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,&comp); + printf("\n"); + } + } + return(0); + + } +static int decode_HandshakeType_server_hello(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + + + int r; + + UINT4 vj,vn; + + SSL_DECODE_UINT8(ssl,0,0,data,&vj); + SSL_DECODE_UINT8(ssl,0,0,data,&vn); + + P_(P_ND) {explain(ssl,"SSL version %d.%d ",vj,vn);} + SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",32,P_ND,data,0); + SSL_DECODE_ENUM(ssl,0,2,cipher_suite_decoder, + P_HL,data,0); + SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,0); + + return(0); + + } +static int decode_HandshakeType_certificate(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_server_key_exchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_certificate_request(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_server_hello_done(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_certificate_verify(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_client_key_exchange(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +static int decode_HandshakeType_finished(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + return(0); + } +decoder HandshakeType_decoder[]={ + { + 0, + "hello_request", + decode_HandshakeType_hello_request + }, + { + 1, + "client_hello", + decode_HandshakeType_client_hello + }, + { + 2, + "server_hello", + decode_HandshakeType_server_hello + }, + { + 11, + "certificate", + decode_HandshakeType_certificate + }, + { + 12, + "server_key_exchange", + decode_HandshakeType_server_key_exchange + }, + { + 13, + "certificate_request", + decode_HandshakeType_certificate_request + }, + { + 14, + "server_hello_done", + decode_HandshakeType_server_hello_done + }, + { + 15, + "certificate_verify", + decode_HandshakeType_certificate_verify + }, + { + 16, + "client_key_exchange", + decode_HandshakeType_client_key_exchange + }, + { + 20, + "finished", + decode_HandshakeType_finished + }, +{0} +}; + +decoder cipher_suite_decoder[]={ + { + 1, + "TLS_RSA_WITH_NULL_MD5", + 0 }, + { + 2, + "TLS_RSA_WITH_NULL_SHA", + 0 }, + { + 3, + "TLS_RSA_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 4, + "TLS_RSA_WITH_RC4_128_MD5", + 0 }, + { + 5, + "TLS_RSA_WITH_RC4_128_SHA", + 0 }, + { + 6, + "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", + 0 }, + { + 7, + "TLS_RSA_WITH_IDEA_CBC_SHA", + 0 }, + { + 8, + "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 9, + "TLS_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 10, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 11, + "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 12, + "TLS_DH_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 13, + "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 14, + "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 15, + "TLS_DH_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 16, + "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 17, + "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 18, + "TLS_DHE_DSS_WITH_DES_CBC_SHA", + 0 }, + { + 19, + "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 20, + "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 21, + "TLS_DHE_RSA_WITH_DES_CBC_SHA", + 0 }, + { + 22, + "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", + 0 }, + { + 23, + "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", + 0 }, + { + 24, + "TLS_DH_anon_WITH_RC4_128_MD5", + 0 }, + { + 25, + "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", + 0 }, + { + 26, + "TLS_DH_anon_WITH_DES_CBC_SHA", + 0 }, + { + 27, + "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", + 0 }, +{-1} +}; + +decoder compression_method_decoder[]={ + { + 7, + "NULL", + 0 }, +{-1} +}; + diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h new file mode 100644 index 0000000..2799c48 --- /dev/null +++ b/ssl/ssl_h.h @@ -0,0 +1,134 @@ +/** + ssl.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_h.h,v 1.6 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Fri Jan 8 14:09:37 1999 + */ + + +#ifndef _ssl_h +#define _ssl_h + +#include "sslciphers.h" + +typedef struct ssl_decode_ctx_ ssl_decode_ctx; +typedef struct ssl_decoder_ ssl_decoder; + + +typedef struct d_queue_ { + short state; /*What state we're in*/ +#define SSL_READ_NONE 1 +#define SSL_READ_HEADER 2 + int read_left; /*How many more bytes to read in this state*/ + int len; /*The length of the total record, including header*/ + UCHAR *data; /*The data for this record*/ + UCHAR *ptr; /*The data ptr*/ + int _allocated; /*The number of data bytes allocated for this record*/ + segment *q; /*The segments that match this record*/ + segment *q_last; /*The last segment*/ + int offset; /*How far into the first segment this record starts*/ +} r_queue; + +typedef struct ssl_obj_ { + tcp_conn *conn; + int r_state; + int i_state; + int version; + int cipher_suite; + + char *client_name; + int client_port; + char *server_name; + int server_port; + + struct SSL_CipherSuite_ *cs; + r_queue *i2r_queue; + r_queue *r2i_queue; + struct timeval time_start; + struct timeval time_last; + ssl_decode_ctx *ssl_ctx; + ssl_decoder *decoder; + + int process_ciphertext; + + /*Printing bookkeeping*/ + #define REC_PLAINTEXT 1 + #define REC_DECRYPTED_CIPHERTEXT 2 + #define REC_CIPHERTEXT 3 + int record_encryption; + + int direction; /* The direction we're currently working in*/ + int record_count; + int indent_depth; + int indent_name_len; +} ssl_obj; + +typedef struct decoder_ { + int type; + char *name; + int (*print) PROTO_LIST((ssl_obj *,int direction,segment *seg,Data *data)); +} decoder; + +#define SSL_NO_DATA 1 +#define SSL_BAD_CONTENT_TYPE 2 +#define SSL_BAD_PMS 3 +#define SSL_CANT_DO_CIPHER 4 +#define SSL_NO_DECRYPT 5 +#define SSL_BAD_MAC 6 +#define SSL_BAD_DATA 7 + +/*SSL defines*/ +#define COMBINE(a,b) ((a<<8) | b) +#define SSL_HEADER_SIZE 5 + +#define SSLV3_VERSION 0x300 +#define TLSV1_VERSION 0x301 + +/*State defines*/ +#define SSL_ST_SENT_NOTHING 0 +#define SSL_ST_HANDSHAKE 1 +#define SSL_ST_SENT_CHANGE_CIPHER_SPEC 2 + +#include "ssldecode.h" + + +#endif + diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c new file mode 100644 index 0000000..e0224e6 --- /dev/null +++ b/ssl/ssl_rec.c @@ -0,0 +1,312 @@ +/** + ssl_rec.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_rec.c,v 1.3 2000/11/03 06:38:06 ekr Exp $ + + + ekr@rtfm.com Wed Aug 18 15:46:57 1999 + */ + + +static char *RCSSTRING="$Id: ssl_rec.c,v 1.3 2000/11/03 06:38:06 ekr Exp $"; + +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#ifdef OPENSSL +#include +#include +#include +#endif +#include "ssldecode.h" +#include "ssl_rec.h" + +struct ssl_rec_decoder_ { + SSL_CipherSuite *cs; + Data *mac_key; +#ifdef OPENSSL + EVP_CIPHER_CTX *evp; +#endif + UINT4 seq; +}; + + +static char *digests[]={ + "MD5", + "SHA1" +}; + +static char *ciphers[]={ + "DES", + "DES3", + "RC4", + "RC2", + "IDEA" +}; + + +static int tls_check_mac PROTO_LIST((ssl_rec_decoder *d,int ct, + int ver,UCHAR *data,UINT4 datalen,UCHAR *mac)); +static int fmt_seq PROTO_LIST((UINT4 num,UCHAR *buf)); + +int ssl_create_rec_decoder(dp,cs,mk,sk,iv) + ssl_rec_decoder **dp; + SSL_CipherSuite *cs; + UCHAR *mk; + UCHAR *sk; + UCHAR *iv; + { + int r,_status; + ssl_rec_decoder *dec=0; +#ifdef OPENSSL + const EVP_CIPHER *ciph=0; + + /* Find the SSLeay cipher */ + if(cs->enc!=ENC_NULL){ + ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); + } + + if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1))) + ABORT(R_NO_MEMORY); + + dec->cs=cs; + if(r=r_data_create(&dec->mac_key,mk,cs->dig_len)) + ABORT(r); + if(!(dec->evp=(EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX)))) + ABORT(R_NO_MEMORY); + EVP_CIPHER_CTX_init(dec->evp); + EVP_CipherInit(dec->evp,ciph,sk,iv,0); +#endif + + *dp=dec; + _status=0; + abort: + if(_status){ + ssl_destroy_rec_decoder(&dec); + } + return(_status); + } + +int ssl_destroy_rec_decoder(dp) + ssl_rec_decoder **dp; + { + ssl_rec_decoder *d; + + if(!dp || !*dp) + return(0); + d=*dp; + + r_data_destroy(&d->mac_key); +#ifdef OPENSSL + if(d->evp){ + EVP_CIPHER_CTX_cleanup(d->evp); + free(d->evp); + } + free(*dp); +#endif + + *dp=0; + return(0); + } + +int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) + ssl_obj *ssl; + ssl_rec_decoder *d; + int ct; + int version; + UCHAR *in; + int inl; + UCHAR *out; + int *outl; + { +#ifdef OPENSSL + int pad; + int r; + UCHAR *mac; + + CRDUMP("Ciphertext",in,inl); + /* First decrypt*/ + EVP_Cipher(d->evp,out,in,inl); + + CRDUMP("Plaintext",out,inl); + *outl=inl; + + /* Now strip off the padding*/ + if(d->cs->block!=1){ + pad=out[inl-1]; + *outl-=(pad+1); + } + + /* And the MAC */ + *outl-=d->cs->dig_len; + mac=out+(*outl); + CRDUMP("Record data",out,*outl); + + /* Now check the MAC */ + if(ssl->version==0x300){ + if(r=ssl3_check_mac(d,ct,version,out,*outl,mac)) + ERETURN(r); + } + else{ + if(r=tls_check_mac(d,ct,version,out,*outl,mac)) + ERETURN(r); + } + +#endif + return(0); + } + + +#define MSB(a) ((a>>8)&0xff) +#define LSB(a) (a&0xff) +#ifdef OPENSSL + +/* This should go to 2^128, but we're never really going to see + more than 2^64, so we cheat*/ +static int fmt_seq(num,buf) + UINT4 num; + UCHAR *buf; + { + UINT4 netnum; + + memset(buf,0,8); + netnum=htonl(num); + memcpy(buf+4,&netnum,4); + + return(0); + } + +static int tls_check_mac(d,ct,ver,data,datalen,mac) + ssl_rec_decoder *d; + int ct; + int ver; + UCHAR *data; + UINT4 datalen; + UCHAR *mac; + { + HMAC_CTX hm; + const EVP_MD *md; + UINT4 l; + UCHAR buf[20]; + + md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); + HMAC_Init(&hm,d->mac_key->data,d->mac_key->len,md); + + fmt_seq(d->seq,buf); + d->seq++; + HMAC_Update(&hm,buf,8); + buf[0]=ct; + HMAC_Update(&hm,buf,1); + + buf[0]=MSB(ver); + buf[1]=LSB(ver); + HMAC_Update(&hm,buf,2); + + buf[0]=MSB(datalen); + buf[1]=LSB(datalen); + HMAC_Update(&hm,buf,2); + + HMAC_Update(&hm,data,datalen); + + HMAC_Final(&hm,buf,&l); + if(memcmp(mac,buf,l)) + ERETURN(SSL_BAD_MAC); + + HMAC_cleanup(&hm); + return(0); + } + +int ssl3_check_mac(d,ct,ver,data,datalen,mac) + ssl_rec_decoder *d; + int ct; + int ver; + UCHAR *data; + UINT4 datalen; + UCHAR *mac; + { + EVP_MD_CTX mc; + const EVP_MD *md; + UINT4 l; + UCHAR buf[64],dgst[20]; + int pad_ct; + + pad_ct=(d->cs->dig==DIG_SHA)?40:48; + + md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); + EVP_DigestInit(&mc,md); + + EVP_DigestUpdate(&mc,d->mac_key->data,d->mac_key->len); + + memset(buf,0x36,pad_ct); + EVP_DigestUpdate(&mc,buf,pad_ct); + + fmt_seq(d->seq,buf); + d->seq++; + EVP_DigestUpdate(&mc,buf,8); + + buf[0]=ct; + EVP_DigestUpdate(&mc,buf,1); + + buf[0]=MSB(datalen); + buf[1]=LSB(datalen); + EVP_DigestUpdate(&mc,buf,2); + + EVP_DigestUpdate(&mc,data,datalen); + + EVP_DigestFinal(&mc,dgst,&l); + + EVP_DigestInit(&mc,md); + + EVP_DigestUpdate(&mc,d->mac_key->data,d->mac_key->len); + + memset(buf,0x5c,pad_ct); + EVP_DigestUpdate(&mc,buf,pad_ct); + + EVP_DigestUpdate(&mc,dgst,l); + + EVP_DigestFinal(&mc,dgst,&l); + + if(memcmp(mac,dgst,l)) + ERETURN(SSL_BAD_MAC); + + return(0); + } + +#endif diff --git a/ssl/ssl_rec.h b/ssl/ssl_rec.h new file mode 100644 index 0000000..203f55f --- /dev/null +++ b/ssl/ssl_rec.h @@ -0,0 +1,59 @@ +/** + ssl_rec.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssl_rec.h,v 1.2 2000/10/17 16:10:02 ekr Exp $ + + + ekr@rtfm.com Wed Aug 18 16:16:23 1999 + */ + + +#ifndef _ssl_rec_h +#define _ssl_rec_h + +typedef struct ssl_rec_decoder_ ssl_rec_decoder; + +int ssl_destroy_rec_decoder PROTO_LIST((ssl_rec_decoder **dp)); +int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp, + SSL_CipherSuite *cs,UCHAR *mk,UCHAR *sk,UCHAR *iv)); +int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d, + int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); + +#endif + diff --git a/ssl/sslciphers.h b/ssl/sslciphers.h new file mode 100644 index 0000000..96256ca --- /dev/null +++ b/ssl/sslciphers.h @@ -0,0 +1,83 @@ +/** + sslciphers.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslciphers.h,v 1.3 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Tue Mar 30 18:11:55 1999 + */ + + +#ifndef _sslciphers_h +#define _sslciphers_h +typedef struct SSL_CipherSuite_ { + int number; + int kex; + int sig; + int enc; + int block; + int bits; + int eff_bits; + int dig; + int dig_len; + int export; +} SSL_CipherSuite; + +#define KEX_RSA 0x10 +#define KEX_DH 0x11 + +#define SIG_RSA 0x20 +#define SIG_DSS 0x21 +#define SIG_NONE 0x22 + +#define ENC_DES 0x30 +#define ENC_3DES 0x31 +#define ENC_RC4 0x32 +#define ENC_RC2 0x33 +#define ENC_IDEA 0x34 +#define ENC_NULL 0x35 + +#define DIG_MD5 0x40 +#define DIG_SHA 0x41 + +int ssl_find_cipher PROTO_LIST((int num,SSL_CipherSuite **cs)); + + +#endif + diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c new file mode 100644 index 0000000..ae608dd --- /dev/null +++ b/ssl/ssldecode.c @@ -0,0 +1,908 @@ +/** + ssldecode.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Thu Apr 1 09:54:53 1999 + */ + +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#ifdef OPENSSL +#include +#include +#include +#include +#endif +#include "ssldecode.h" +#include "ssl_rec.h" +#include "r_assoc.h" +static char *RCSSTRING="$Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $"; + +#define PRF(ssl,secret,usage,rnd1,rnd2,out) (ssl->version==SSLV3_VERSION)? \ + ssl3_prf(ssl,secret,usage,rnd1,rnd2,out): \ + tls_prf(ssl,secret,usage,rnd1,rnd2,out) + + +static char *ssl_password; + +extern UINT4 SSL_print_flags; + +struct ssl_decode_ctx_ { +#ifdef OPENSSL + SSL_CTX *ssl_ctx; + SSL *ssl; + r_assoc *session_cache; +#else + char dummy; /* Some compilers (Win32) don't like empty + structs */ +#endif +}; + +struct ssl_decoder_ { + ssl_decode_ctx *ctx; + Data *session_id; + SSL_CipherSuite *cs; + Data *client_random; + Data *server_random; + int ephemeral_rsa; + Data *PMS; + Data *MS; + ssl_rec_decoder *c_to_s; + ssl_rec_decoder *s_to_c; + ssl_rec_decoder *c_to_s_n; + ssl_rec_decoder *s_to_c_n; +}; + + +#ifdef OPENSSL +static int tls_P_hash PROTO_LIST((ssl_obj *ssl,Data *secret,Data *seed, + const EVP_MD *md,Data *out)); +static int tls_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, + Data *rnd1,Data *rnd2,Data *out)); +static int ssl3_prf PROTO_LIST((ssl_obj *ssl,Data *secret,char *usage, + Data *rnd1,Data *rnd2,Data *out)); +static int ssl3_generate_export_iv PROTO_LIST((ssl_obj *ssl, + Data *rnd1,Data *rnd2,Data *out)); +static int ssl_generate_keying_material PROTO_LIST((ssl_obj *ssl, + ssl_decoder *d)); +#endif + +static int ssl_create_session_lookup_key PROTO_LIST((ssl_obj *ssl, + UCHAR *id,UINT4 idlen,UCHAR **keyp,UINT4 *keyl)); +int ssl_save_session PROTO_LIST((ssl_obj *ssl,ssl_decoder *d)); +int ssl_restore_session PROTO_LIST((ssl_obj *ssl,ssl_decoder *d)); + +/*The password code is not thread safe*/ +static int password_cb(char *buf,int num,int rwflag,void *userdata) + { + if(numssl_ctx=SSL_CTX_new(SSLv23_server_method()))) + ABORT(R_NO_MEMORY); + if(keyfile){ + if(pass){ + ssl_password=pass; + SSL_CTX_set_default_passwd_cb(d->ssl_ctx,password_cb); + } +#if 0 + if(SSL_CTX_use_certificate_file(d->ssl_ctx,keyfile,SSL_FILETYPE_PEM)!=1){ + fprintf(stderr,"Problem loading certificate file\n"); + ABORT(R_INTERNAL); + } +#endif + if(SSL_CTX_use_PrivateKey_file(d->ssl_ctx,keyfile,SSL_FILETYPE_PEM)!=1){ + fprintf(stderr,"Problem loading private key\n"); + ABORT(R_INTERNAL); + } + } + if(!(d->ssl=SSL_new(d->ssl_ctx))) + ABORT(R_NO_MEMORY); + + if(r_assoc_create(&d->session_cache)) + ABORT(R_NO_MEMORY); + + X509V3_add_standard_extensions(); + + *dp=d; + _status=0; + abort: + return(_status); +#else + return(0); +#endif + } + +int ssl_decoder_create(dp,ctx) + ssl_decoder **dp; + ssl_decode_ctx *ctx; + { + int _status; + + ssl_decoder *d=0; + +#ifdef OPENSSL + if(!(d=(ssl_decoder *)calloc(sizeof(ssl_decoder),1))) + ABORT(R_NO_MEMORY); + d->ctx=ctx; + + *dp=d; + _status=0; + abort: + if(_status) + ssl_decoder_destroy(&d); + return(_status); +#else + return 0; +#endif + } + +int ssl_decoder_destroy(dp) + ssl_decoder **dp; + { +#ifdef OPENSSL + ssl_decoder *d; + + if(!dp || !*dp) + return(0); + d=*dp; + r_data_destroy(&d->client_random); + r_data_destroy(&d->server_random); + r_data_destroy(&d->session_id); + r_data_destroy(&d->PMS); + r_data_destroy(&d->MS); + ssl_destroy_rec_decoder(&d->c_to_s); + ssl_destroy_rec_decoder(&d->c_to_s_n); + ssl_destroy_rec_decoder(&d->s_to_c); + ssl_destroy_rec_decoder(&d->s_to_c_n); + free(d); + *dp=0; +#endif + return(0); + } + +int ssl_set_client_random(d,msg,len) + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r; + + if(r=r_data_create(&d->client_random,msg,len)) + ERETURN(r); +#endif + return(0); + } + +int ssl_set_server_random(d,msg,len) + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r; + + if(r=r_data_create(&d->server_random,msg,len)) + ERETURN(r); +#endif + return(0); + } + +int ssl_set_client_session_id(d,msg,len) + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r; + + if(r=r_data_create(&d->session_id,msg,len)) + ERETURN(r); +#endif + return(0); + } + +int ssl_process_server_session_id(ssl,d,msg,len) + ssl_obj *ssl; + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r,_status; + Data idd; + int restored=0; + + INIT_DATA(idd,msg,len); + + /* First check to see if the client tried to restore */ + if(d->session_id){ + /* Now check to see if we restored */ + if(r_data_compare(&idd,d->session_id)) + goto abort; + + /* Now try to look up the session. We may not be able + to find it if, for instance, the original session + was initiated with something other than static RSA */ + if(r=ssl_restore_session(ssl,d)) + ABORT(r); + + restored=1; + } + + _status=0; + abort: + if(!restored){ + /* Copy over the session ID */ + r_data_zfree(d->session_id); + r_data_create(&d->session_id,msg,len); + } + return(_status); +#else + return(0); +#endif + } + +int ssl_process_change_cipher_spec(ssl,d,direction) + ssl_obj *ssl; + ssl_decoder *d; + int direction; + { +#ifdef OPENSSL + if(direction==DIR_I2R){ + d->c_to_s=d->c_to_s_n; + d->c_to_s_n=0; + if(d->c_to_s) ssl->process_ciphertext |= direction; + } + else{ + d->s_to_c=d->s_to_c_n; + d->s_to_c_n=0; + if(d->s_to_c) ssl->process_ciphertext |= direction; + } + +#endif + return(0); + } +int ssl_decode_record(ssl,dec,direction,ct,version,d) + ssl_obj *ssl; + ssl_decoder *dec; + int direction; + int ct; + int version; + Data *d; + { + ssl_rec_decoder *rd; + UCHAR *out; + int outl; + int r,_status; + UINT4 state; + + if(dec) + rd=(direction==DIR_I2R)?dec->c_to_s:dec->s_to_c; + else + rd=0; + state=(direction==DIR_I2R)?ssl->i_state:ssl->r_state; + + if(!rd){ + if(state & SSL_ST_SENT_CHANGE_CIPHER_SPEC){ + ssl->record_encryption=REC_CIPHERTEXT; + return(SSL_NO_DECRYPT); + } + else { + ssl->record_encryption=REC_PLAINTEXT; + return(0); + } + } + + ssl->record_encryption=REC_CIPHERTEXT; +#ifdef OPENSSL + if(!(out=(UCHAR *)malloc(d->len))) + ABORT(R_NO_MEMORY); + + if(r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl)){ + ABORT(r); + } + + memcpy(d->data,out,outl); + d->len=outl; + + ssl->record_encryption=REC_DECRYPTED_CIPHERTEXT; + + _status=0; + abort: + FREE(out); + return(_status); +#else + return(0); +#endif + } + + +static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl) + ssl_obj *ssl; + UCHAR *id; + UINT4 idlen; + UCHAR **keyp; + UINT4 *keyl; + { + UCHAR *key=0; + UINT4 l; + int r,_status; + + l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */ + + if(!(key=(UCHAR *)malloc(l))) + ABORT(R_NO_MEMORY); + *keyp=key; + + memcpy(key,id,idlen); + *keyl=idlen; + key+=idlen; + + sprintf(key,"%s:%d",ssl->server_name,ssl->server_port); + *keyl+=strlen(key); + + _status=0; + abort: + return(_status); + } + +/* Look up the session id in the session cache and generate + the appropriate keying material */ +int ssl_restore_session(ssl,d) + ssl_obj *ssl; + ssl_decoder *d; + { + UCHAR *lookup_key=0; + void *msv; + Data *msd; + int lookup_key_len; + int r,_status; +#ifdef OPENSSL + if(r=ssl_create_session_lookup_key(ssl, + d->session_id->data,d->session_id->len,&lookup_key, + &lookup_key_len)) + ABORT(r); + if(r=r_assoc_fetch(d->ctx->session_cache,lookup_key,lookup_key_len, + &msv)) + ABORT(r); + msd=(Data *)msv; + if(r=r_data_create(&d->MS,msd->data,msd->len)) + ABORT(r); + CRDUMPD("Restored MS",d->MS); + + switch(ssl->version){ + case SSLV3_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + case TLSV1_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + default: + ABORT(SSL_CANT_DO_CIPHER); + } + + _status=0; + abort: + FREE(lookup_key); + return(_status); +#else + return(0); +#endif + } + +/* Look up the session id in the session cache and generate + the appropriate keying material */ +int ssl_save_session(ssl,d) + ssl_obj *ssl; + ssl_decoder *d; + { +#ifdef OPENSSL + UCHAR *lookup_key=0; + void *msv; + Data *msd=0; + int lookup_key_len; + int r,_status; + + if(r=ssl_create_session_lookup_key(ssl,d->session_id->data, + d->session_id->len,&lookup_key, + &lookup_key_len)) + ABORT(r); + if(r=r_data_create(&msd,d->MS->data,d->MS->len)) + ABORT(r); + if(r=r_assoc_insert(d->ctx->session_cache,lookup_key,lookup_key_len, + (void *)msd,0,(int (*)(void *))r_data_zfree, + R_ASSOC_NEW | R_ASSOC_REPLACE)) + ABORT(r); + + _status=0; + abort: + if(_status){ + r_data_zfree(msd); + } + FREE(lookup_key); + return(_status); +#else + return(0); +#endif + } + +/* This only works with RSA because the other cipher suites + offer PFS. Yuck. */ +int ssl_process_client_key_exchange(ssl,d,msg,len) + ssl_obj *ssl; + ssl_decoder *d; + UCHAR *msg; + int len; + { +#ifdef OPENSSL + int r,_status; + int i; + + EVP_PKEY *pk; + + if(ssl->cs->kex!=KEX_RSA) + return(-1); + + if(d->ephemeral_rsa) + return(-1); + + pk=SSL_get_privatekey(d->ctx->ssl); + if(!pk) + return(-1); + + if(pk->type!=EVP_PKEY_RSA) + return(-1); + + if(r=r_data_alloc(&d->PMS,BN_num_bytes(pk->pkey.rsa->n))) + ABORT(r); + + i=RSA_private_decrypt(len,msg,d->PMS->data, + pk->pkey.rsa,RSA_PKCS1_PADDING); + + if(i!=48) + ABORT(SSL_BAD_PMS); + + d->PMS->len=48; + + CRDUMPD("PMS",d->PMS); + + /* Remove the master secret if it was there + to force keying material regeneration in + case we're renegotiating */ + r_data_destroy(&d->MS); + + switch(ssl->version){ + case SSLV3_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + case TLSV1_VERSION: + if(r=ssl_generate_keying_material(ssl,d)) + ABORT(r); + break; + default: + ABORT(SSL_CANT_DO_CIPHER); + } + + + /* Now store the data in the session cache */ + if(r=ssl_save_session(ssl,d)) + ABORT(r); + + _status=0; + abort: + return(_status); +#else + return 0; +#endif + + } + +#ifdef OPENSSL +static int tls_P_hash(ssl,secret,seed,md,out) + ssl_obj *ssl; + Data *secret; + Data *seed; + const EVP_MD *md; + Data *out; + { + UCHAR *ptr=out->data; + int left=out->len; + int tocpy; + UCHAR *A; + UCHAR _A[20],tmp[20]; + unsigned int A_l,tmp_l; + HMAC_CTX hm; + + CRDUMPD("P_hash secret",secret); + CRDUMPD("P_hash seed",seed); + + A=seed->data; + A_l=seed->len; + + while(left){ + HMAC_Init(&hm,secret->data,secret->len,md); + HMAC_Update(&hm,A,A_l); + HMAC_Final(&hm,_A,&A_l); + A=_A; + + HMAC_Init(&hm,secret->data,secret->len,md); + HMAC_Update(&hm,A,A_l); + HMAC_Update(&hm,seed->data,seed->len); + HMAC_Final(&hm,tmp,&tmp_l); + + tocpy=MIN(left,tmp_l); + memcpy(ptr,tmp,tocpy); + ptr+=tocpy; + left-=tocpy; + } + + HMAC_cleanup(&hm); + + CRDUMPD("P_hash out",out); + + return (0); + } + + +static int tls_prf(ssl,secret,usage,rnd1,rnd2,out) + ssl_obj *ssl; + Data *secret; + char *usage; + Data *rnd1; + Data *rnd2; + Data *out; + { + int r,_status; + Data *md5_out=0,*sha_out=0; + Data *seed; + UCHAR *ptr; + Data *S1=0,*S2=0; + int i,S_l; + + if(r=r_data_alloc(&md5_out,MAX(out->len,16))) + ABORT(r); + if(r=r_data_alloc(&sha_out,MAX(out->len,20))) + ABORT(r); + if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) + ABORT(r); + ptr=seed->data; + memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); + memcpy(ptr,rnd1->data,rnd1->len); ptr+=rnd1->len; + memcpy(ptr,rnd2->data,rnd2->len); ptr+=rnd2->len; + + S_l=secret->len/2 + secret->len%2; + + if(r=r_data_alloc(&S1,S_l)) + ABORT(r); + if(r=r_data_alloc(&S2,S_l)) + ABORT(r); + + memcpy(S1->data,secret->data,S_l); + memcpy(S2->data,secret->data + (secret->len - S_l),S_l); + + if(r=tls_P_hash + (ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out)) + ABORT(r); + if(r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out)) + ABORT(r); + + + for(i=0;ilen;i++) + out->data[i]=md5_out->data[i] ^ sha_out->data[i]; + + CRDUMPD("PRF out",out); + _status=0; + abort: + r_data_destroy(&md5_out); + r_data_destroy(&sha_out); + r_data_destroy(&seed); + r_data_destroy(&S1); + r_data_destroy(&S2); + return(_status); + + } + +static int ssl3_generate_export_iv(ssl,r1,r2,out) + ssl_obj *ssl; + Data *r1; + Data *r2; + Data *out; + { + MD5_CTX md5; + UCHAR tmp[16]; + + MD5_Init(&md5); + MD5_Update(&md5,r1->data,r1->len); + MD5_Update(&md5,r2->data,r2->len); + MD5_Final(tmp,&md5); + + memcpy(out->data,tmp,out->len); + + return(0); + } + +static int ssl3_prf(ssl,secret,usage,r1,r2,out) + ssl_obj *ssl; + Data *secret; + char *usage; + Data *r1; + Data *r2; + Data *out; + { + MD5_CTX md5; + SHA_CTX sha; + Data *rnd1,*rnd2; + int off; + int i=0,j; + UCHAR buf[20]; + + rnd1=r1; rnd2=r2; + + CRDUMPD("Secret",secret); + CRDUMPD("RND1",rnd1); + CRDUMPD("RND2",rnd2); + + MD5_Init(&md5); + memset(&sha,0,sizeof(sha)); + SHA1_Init(&sha); + + for(off=0;offlen;off+=16){ + char outbuf[16]; + int tocpy; + i++; + + /* A, BB, CCC, ... */ + for(j=0;jdata,secret->len); + CRDUMPD("secret",secret); + + if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){ + SHA1_Update(&sha,rnd2->data,rnd2->len); + CRDUMPD("rnd2",rnd2); + SHA1_Update(&sha,rnd1->data,rnd1->len); + CRDUMPD("rnd1",rnd1); + } + else{ + SHA1_Update(&sha,rnd1->data,rnd1->len); + CRDUMPD("rnd1",rnd1); + SHA1_Update(&sha,rnd2->data,rnd2->len); + CRDUMPD("rnd2",rnd2); + } + + SHA1_Final(buf,&sha); + CRDUMP("SHA out",buf,20); + + SHA1_Init(&sha); + + MD5_Update(&md5,secret->data,secret->len); + MD5_Update(&md5,buf,20); + MD5_Final(outbuf,&md5); + tocpy=MIN(out->len-off,16); + memcpy(out->data+off,outbuf,tocpy); + CRDUMP("MD5 out",outbuf,16); + + MD5_Init(&md5); + } + + return(0); + } + +static int ssl_generate_keying_material(ssl,d) + ssl_obj *ssl; + ssl_decoder *d; + { + Data *key_block=0; + UCHAR _iv_c[8],_iv_s[8]; + UCHAR _key_c[16],_key_s[16]; + int needed; + int r,_status; + UCHAR *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv,*s_iv; + + if(!d->MS){ + if(r=r_data_alloc(&d->MS,48)) + ABORT(r); + + if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, + d->MS)) + ABORT(r); + + CRDUMPD("MS",d->MS); + } + + /* Compute the key block. First figure out how much data + we need*/ + needed=ssl->cs->dig_len*2; + needed+=ssl->cs->bits / 4; + if(ssl->cs->block>1) needed+=ssl->cs->block*2; + + + if(r=r_data_alloc(&key_block,needed)) + ABORT(r); + if(r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random, + key_block)) + ABORT(r); + + ptr=key_block->data; + c_mk=ptr; ptr+=ssl->cs->dig_len; + s_mk=ptr; ptr+=ssl->cs->dig_len; + + c_wk=ptr; ptr+=ssl->cs->eff_bits/8; + s_wk=ptr; ptr+=ssl->cs->eff_bits/8; + + if(ssl->cs->block>1){ + c_iv=ptr; ptr+=ssl->cs->block; + s_iv=ptr; ptr+=ssl->cs->block; + } + + if(ssl->cs->export){ + Data iv_c,iv_s; + Data c_iv_d,s_iv_d; + Data key_c,key_s; + Data k; + + if(ssl->cs->block>1){ + ATTACH_DATA(iv_c,_iv_c); + ATTACH_DATA(iv_s,_iv_s); + + if(ssl->version==SSLV3_VERSION){ + if(r=ssl3_generate_export_iv(ssl,d->client_random, + d->server_random,&iv_c)) + ABORT(r); + if(r=ssl3_generate_export_iv(ssl,d->server_random, + d->client_random,&iv_s)) + ABORT(r); + } + else{ + UCHAR _iv_block[16]; + Data iv_block; + Data key_null; + UCHAR _key_null; + + INIT_DATA(key_null,&_key_null,0); + + /* We only have room for 8 bit IVs, but that's + all we should need. This is a sanity check */ + if(ssl->cs->block>8) + ABORT(R_INTERNAL); + + ATTACH_DATA(iv_block,_iv_block); + + if(r=PRF(ssl,&key_null,"IV block",d->client_random, + d->server_random,&iv_block)) + ABORT(r); + + memcpy(_iv_c,iv_block.data,8); + memcpy(_iv_s,iv_block.data+8,8); + } + + c_iv=_iv_c; + s_iv=_iv_s; + } + + if(ssl->version==SSLV3_VERSION){ + MD5_CTX md5; + + MD5_Init(&md5); + MD5_Update(&md5,c_wk,ssl->cs->eff_bits/8); + MD5_Update(&md5,d->client_random->data,d->client_random->len); + MD5_Update(&md5,d->server_random->data,d->server_random->len); + MD5_Final(_key_c,&md5); + c_wk=_key_c; + + MD5_Init(&md5); + MD5_Update(&md5,s_wk,ssl->cs->eff_bits/8); + MD5_Update(&md5,d->server_random->data,d->server_random->len); + MD5_Update(&md5,d->client_random->data,d->client_random->len); + MD5_Final(_key_s,&md5); + s_wk=_key_s; + } + else{ + ATTACH_DATA(key_c,_key_c); + ATTACH_DATA(key_s,_key_s); + INIT_DATA(k,c_wk,ssl->cs->eff_bits/8); + if(r=PRF(ssl,&k,"client write key",d->client_random,d->server_random, + &key_c)) + ABORT(r); + c_wk=_key_c; + INIT_DATA(k,s_wk,ssl->cs->eff_bits/8); + if(r=PRF(ssl,&k,"server write key",d->client_random,d->server_random, + &key_s)) + ABORT(r); + s_wk=_key_s; + } + } + + CRDUMP("Client MAC key",c_mk,ssl->cs->dig_len); + CRDUMP("Server MAC key",s_mk,ssl->cs->dig_len); + CRDUMP("Client Write key",c_wk,ssl->cs->bits/8); + CRDUMP("Server Write key",s_wk,ssl->cs->bits/8); + + if(ssl->cs->block>1){ + CRDUMP("Client Write IV",c_iv,ssl->cs->block); + CRDUMP("Server Write IV",s_iv,ssl->cs->block); + } + + if(r=ssl_create_rec_decoder(&d->c_to_s_n, + ssl->cs,c_mk,c_wk,c_iv)) + ABORT(r); + if(r=ssl_create_rec_decoder(&d->s_to_c_n, + ssl->cs,s_mk,s_wk,s_iv)) + ABORT(r); + + + _status=0; + abort: + if(key_block){ + r_data_zfree(key_block); + free(key_block); + } + return(_status); + } + +#endif diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h new file mode 100644 index 0000000..e47f836 --- /dev/null +++ b/ssl/ssldecode.h @@ -0,0 +1,75 @@ +/** + ssldecode.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: ssldecode.h,v 1.3 2001/07/20 23:33:16 ekr Exp $ + + + ekr@rtfm.com Thu Apr 1 15:02:02 1999 + */ + + +#ifndef _ssldecode_h +#define _ssldecode_h + +#define CRDUMP(a,b,c) P_(P_CR) {Data d; d.data=b; d.len=c; exdump(ssl,a,&d); printf("\n");} +#define CRDUMPD(a,b) P_(P_CR) {exdump(ssl,a,b);printf("\n");} + +int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx, + char *keyfile,char *password)); +int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp)); +int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx)); +int ssl_set_client_random PROTO_LIST((ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_set_server_random PROTO_LIST((ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_set_client_session_id PROTO_LIST((ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_process_server_session_id PROTO_LIST((ssl_obj *obj,ssl_decoder *dp, + UCHAR *msg,int len)); +int ssl_process_client_key_exchange PROTO_LIST((struct ssl_obj_ *, + ssl_decoder *d,UCHAR *msg,int len)); +int ssl_process_change_cipher_spec PROTO_LIST((ssl_obj *ssl, + ssl_decoder *d,int direction)); + +int ssl_decode_record PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int direction, + int ct,int version,Data *d)); + + +#endif + diff --git a/ssl/sslprint.c b/ssl/sslprint.c new file mode 100644 index 0000000..bf12986 --- /dev/null +++ b/ssl/sslprint.c @@ -0,0 +1,686 @@ +/** + sslprint.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslprint.c,v 1.8 2002/08/17 01:33:17 ekr Exp $ + + + ekr@rtfm.com Tue Jan 12 18:06:39 1999 + */ + + +static char *RCSSTRING="$Id: sslprint.c,v 1.8 2002/08/17 01:33:17 ekr Exp $"; + +#include +#include +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#include "ssldecode.h" + +extern decoder ContentType_decoder[]; +extern decoder HandshakeType_decoder[]; + + +#define BYTES_NEEDED(x) (x<=255)?1:((x<=(1<<16))?2:(x<=(1<<24)?3:4)) + +int process_beginning_plaintext(ssl,seg,direction) + ssl_obj *ssl; + segment *seg; + int direction; + { + Data d; + int r; + struct timeval dt; + if(seg->len==0) + return(SSL_NO_DATA); + + d.data=seg->data; + d.len=seg->len; + + /* this looks like SSL data. Ignore it*/ + if(d.data[0]==0x16) + return(SSL_BAD_CONTENT_TYPE); + + P_(P_AD){ + ssl_print_timestamp(ssl,&seg->p->ts); + + ssl_print_direction_indicator(ssl,direction); + + print_data(ssl,&d); + printf("\n"); + } + + return(0); + } + +int process_v2_hello(ssl,seg) + ssl_obj *ssl; + segment *seg; + { + int r; + int rec_len; + int cs_len; + int sid_len; + int chall_len; + int ver; + Data d; + Data chall; + char random[32]; + struct timeval dt; + + if(seg->len==0) + return(SSL_NO_DATA); + + d.data=seg->data; + d.len=seg->len; + + /* First check the message length. */ + if(d.len<4) + return(SSL_BAD_CONTENT_TYPE); + rec_len=((d.data[0] & 0x7f)<<8) | (d.data[1]); + d.data+=2; d.len-=2; + + if(d.len!=rec_len) /* Whatever this is it isn't valid SSLv2*/ + return(SSL_BAD_CONTENT_TYPE); + + /* If msg_type==1 then we've got a v2 message (or trash)*/ + if(*d.data++!=1) + return(SSL_BAD_CONTENT_TYPE); + d.len--; + + SSL_DECODE_UINT16(ssl,"Version number",P_DC,&d,&ver); + /* We can't handle real v2 clients*/ + if(ver<=2){ + explain(ssl,"Version 2 Client.\n"); + return(SSL_BAD_DATA); + } + + ssl_print_record_num(ssl); + ssl_print_timestamp(ssl,&seg->p->ts); + ssl_print_direction_indicator(ssl,DIR_I2R); + explain(ssl," SSLv2 compatible client hello\n"); + + INDENT_INCR; + + P_(P_HL) { + explain(ssl,"Version %d.%d ",(ver>>8)&0xff, + ver&0xff); + printf("\n"); + } + SSL_DECODE_UINT16(ssl,"cipher_spec_length",P_DC,&d,&cs_len); + SSL_DECODE_UINT16(ssl,"session_id_length",P_DC,&d,&sid_len); + SSL_DECODE_UINT16(ssl,"challenge_length",P_DC,&d,&chall_len); + + if(cs_len%3){ + fprintf(stderr,"Bad cipher spec length %d\n",cs_len); + return(SSL_BAD_DATA); + } + P_(P_HL){ + explain(ssl,"cipher suites\n"); + } + + for(;cs_len;cs_len-=3){ + UINT4 val; + char *str; + + SSL_DECODE_UINT24(ssl,0,0,&d,&val); + ssl_print_cipher_suite(ssl,ver,P_HL,val); + P_(P_HL){ + explain(ssl,"\n"); + } + } + + if(sid_len!=0){ + fprintf(stderr,"Session ID field should be zero length\n"); + return(SSL_BAD_DATA); + } + + if(chall_len<16 || chall_len>32){ + fprintf(stderr,"Invalid challenge length %d\n",chall_len); + return(SSL_BAD_DATA); + } + + SSL_DECODE_OPAQUE_ARRAY(ssl,0,chall_len, + 0,&d,&chall); + P_(P_DC){ + exdump(ssl,"Challenge",&chall); + } + + memset(random,0,32); + memcpy(random+(32-chall_len),chall.data,chall_len); + + ssl_set_client_random(ssl->decoder,random,32); + ssl->i_state=SSL_ST_HANDSHAKE; + + P_(SSL_PRINT_HEXDUMP){ + Data d; + + INIT_DATA(d,seg->data,seg->len); + exdump(ssl,"Packet data",&d); + printf("\n\n"); + } + + INDENT_POP; + return(0); + } + +int ssl_decode_switch(ssl,dtable,value,dir,seg,data) + ssl_obj *ssl; + decoder *dtable; + int value; + int dir; + segment *seg; + Data *data; + { + while(dtable && dtable->type!=-1){ + if(dtable->type == value){ + INDENT_INCR; + explain(ssl,"%s",dtable->name); + if(dtable->print) { + INDENT_INCR; + dtable->print(ssl,dir,seg,data); + INDENT_POP; + } + INDENT_POP; + return(0); + } + dtable++; + } + + ERETURN(R_NOT_FOUND); + } + +int ssl_expand_record(ssl,q,direction,data,len) + ssl_obj *ssl; + segment *q; + int direction; + UCHAR *data; + int len; + { + int r; + Data d; + UINT4 ct,vermaj,vermin,length; + int version; + d.data=data; + d.len=len; + + /*This should be mapped to an enum*/ + SSL_DECODE_UINT8(ssl,0,0,&d,&ct); + SSL_DECODE_UINT8(ssl,0,0,&d,&vermaj); + SSL_DECODE_UINT8(ssl,0,0,&d,&vermin); + SSL_DECODE_UINT16(ssl,0,0,&d,&length); + + if(d.len!=length){ + explain(ssl,"Short record\n"); + return(0); + } + + P_(P_RH){ + explain(ssl,"V%d.%d(%d)",vermaj,vermin,length); + } + + + version=vermaj*256+vermin; + + r=ssl_decode_record(ssl,ssl->decoder,direction,ct,version,&d); + + if(r==SSL_BAD_MAC){ + explain(ssl," bad MAC\n"); + return(0); + } + + if(r){ + if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) + ERETURN(r); + printf("\n"); + } + else{ + if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, + &d)) + ERETURN(r); + } + + return(0); + } + +int ssl_decode_uintX(ssl,name,size,p,data,x) + ssl_obj *ssl; + char *name; + int size; + UINT4 p; + Data *data; + UINT4 *x; + { + UINT4 v=0; + UINT4 _x; + + if(!x) x=&_x; + + if(size>data->len){ + fprintf(stderr,"Short read: %d bytes available (expecting %d)\n", + data->len,size); + ERETURN(R_EOD); + } + + while(size--){ + v<<=8; + v|=*(data->data)++; + data->len--; + } + + P_(p){ + explain(ssl,"%s = %d\n",name,*x); + } + *x=v; + return(0); + } + +int ssl_decode_opaque_array(ssl,name,size,p,data,x) + ssl_obj *ssl; + char *name; + int size; + UINT4 p; + Data *data; + Data *x; + { + UINT4 len; + char n[1000]; + int r; + Data _x; + + if(!x) x=&_x; + + sprintf(n,"%s (length)",name?name:""); + if(size<0){ + size*=-1; + if(r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len)) + ERETURN(r); + } + else{ + len=size; + } + + if(len>data->len){ + fprintf(stderr,"Not enough data. Found %d bytes (expecting %d)\n", + data->len,size); + ERETURN(R_EOD); + } + + x->data=data->data; + x->len=len; + data->data+=len; + data->len-=len; + + P_(p){ + exdump(ssl,name,x); + } + + return(0); + } + +int ssl_lookup_enum(ssl,dtable,val,ptr) + ssl_obj *ssl; + decoder *dtable; + UINT4 val; + char **ptr; + { + while(dtable && dtable->type!=-1){ + if(dtable->type == val){ + *ptr=dtable->name; + return(0); + } + dtable++; + } + + return(-1); + } + +int ssl_decode_enum(ssl,name,size,dtable,p,data,x) + ssl_obj *ssl; + char *name; + int size; + decoder *dtable; + UINT4 p; + Data *data; + UINT4 *x; + { + int r; + UINT4 _x; + + if(!x) x=&_x; + + if(r=ssl_decode_uintX(ssl,name,size,0,data,x)) + ERETURN(r); + + P_(p){ + if(r=ssl_print_enum(ssl,name,dtable,*x)) + ERETURN(r); + } + + return(0); + } + +int ssl_print_enum(ssl,name,dtable,value) + ssl_obj *ssl; + char *name; + decoder *dtable; + UINT4 value; + { + if(name) explain(ssl,"%s ",name); + INDENT; + + while(dtable && dtable->type!=-1){ + if(dtable->type == value){ + INDENT_INCR; + explain(ssl,"%s",dtable->name); + INDENT_POP; + return(0); + } + dtable++; + } + + explain(ssl,"%s","unknown value"); + return(0); + } + +int explain(ssl_obj *ssl,char *format,...) + { + va_list ap; + + va_start(ap,format); + + P_(P_NR){ + if(ssl->record_encryption==REC_DECRYPTED_CIPHERTEXT) + printf("\\f(CI"); + else + printf("\\fC"); + } + INDENT; + + vprintf(format,ap); + va_end(ap); + return(0); + } + +int exdump(ssl,name,data) + ssl_obj *ssl; + char *name; + Data *data; + { + int i; + + if(name){ + explain(ssl,"%s[%d]=\n",name,data->len); + INDENT_INCR; + } + P_(P_NR){ + printf("\\f(CB"); + } + for(i=0;ilen;i++){ + + if(!i) INDENT; + + if((data->len>8) && i && !(i%16)){ + printf("\n"); INDENT; + } + printf("%.2x ",data->data[i]&255); + } + P_(P_NR){ + printf("\\fR"); + } + if(name) INDENT_POP; + printf("\n"); + return(0); + } + +int combodump(ssl,name,data) + ssl_obj *ssl; + char *name; + Data *data; + { + char *ptr=data->data; + int len=data->len; + + if(name){ + explain(ssl,"%s[%d]=\n",name,data->len); + INDENT_INCR; + } + while(len){ + int i; + int bytes=MIN(len,16); + + INDENT; + + P_(P_NR){ + if(ssl->record_encryption==REC_DECRYPTED_CIPHERTEXT) + printf("\\f[CBI]"); + else + printf("\\f(CB"); + } + + for(i=0;irecord_encryption==REC_DECRYPTED_CIPHERTEXT) + printf("\\f[CI]"); + else + printf("\\f(C"); + } + + for(i=0;ilen;i++){ + if(!isprint(d->data[i]) && !strchr("\r\n\t",d->data[i])){ + bit8=1; + break; + } + } + + if(bit8){ + INDENT; + printf("---------------------------------------------------------------\n"); + P_(P_HO){ + exdump(ssl,0,d); + } + else{ + combodump(ssl,0,d); + } + INDENT; + printf("---------------------------------------------------------------\n"); + + } + else{ + int nl=1; + INDENT; + printf("---------------------------------------------------------------\n"); if(SSL_print_flags & SSL_PRINT_NROFF){ + if(ssl->process_ciphertext & ssl->direction) + printf("\\f[CI]"); + else + printf("\\f(C"); + } + + INDENT; + for(i=0;ilen;i++){ + /* Escape leading . */ + if(nl==1 && (SSL_print_flags & SSL_PRINT_NROFF) && (d->data[i]=='.')) + printf("\\&"); + nl=0; + + putchar(d->data[i]); + if(d->data[i]=='\n') {nl=1;INDENT;} + } + printf("---------------------------------------------------------------\n"); + if(SSL_print_flags & SSL_PRINT_NROFF){ + printf("\\f(R"); + } + } + + return(0); + } +int ssl_print_direction_indicator(ssl,dir) + ssl_obj *ssl; + int dir; + { +#if 0 + if(dir==DIR_I2R){ + explain(ssl,"%s(%d) > %s>%d", + ssl->client_name,ssl->client_port,ssl->server_name,ssl->server_port); + } + else{ + explain(ssl,"%s(%d) > %s>%d", + ssl->client_name,ssl->client_port,ssl->server_name,ssl->server_port); + } +#else + if(dir==DIR_I2R){ + explain(ssl,"C>S"); + } + else{ + explain(ssl,"S>C"); + } +#endif + + return(0); + } + +int ssl_print_timestamp(ssl,ts) + ssl_obj *ssl; + struct timeval *ts; + { + struct timeval dt; + int r; + + if(SSL_print_flags & SSL_PRINT_TIMESTAMP_ABSOLUTE) { + explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100); + } + else{ + if(r=timestamp_diff(ts,&ssl->time_start,&dt)) + ERETURN(r); + explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); + } + + if(r=timestamp_diff(ts,&ssl->time_last,&dt)){ + ERETURN(r); + } + explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100); + + memcpy(&ssl->time_last,ts,sizeof(struct timeval)); + + return(0); + } + + +int ssl_print_record_num(ssl) + ssl_obj *ssl; + { + ssl->record_count++; + if(SSL_print_flags & SSL_PRINT_NROFF){ + printf("\\fI%d %d\\fR %s", + ssl->conn->conn_number, + ssl->record_count,ssl->record_count<10?" ":""); + } + else{ + printf("%d %d %s",ssl->conn->conn_number, + ssl->record_count,ssl->record_count<10?" ":""); + } + + return(0); + } + +int ssl_print_cipher_suite(ssl,version,p,val) + ssl_obj *ssl; + int version; + int p; + UINT4 val; + { + char *str; + char *prefix=version<=0x300?"SSL_":"TLS_"; + int r; + + P_(p){ + if(r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str)){ + explain(ssl,"Unknown value 0x%x",val); + return(0); + } + + /* Now the tricky bit. If the cipher suite begins with TLS_ + and the version is SSLv3 then we replace it with SSL_*/ + if(!strncmp(str,"TLS_",4)){ + explain(ssl,"%s%s",prefix,str+4); + } + else{ + explain(ssl,"%s",str); + } + } + return(0); + } + + + + + + diff --git a/ssl/sslprint.h b/ssl/sslprint.h new file mode 100644 index 0000000..217dbb8 --- /dev/null +++ b/ssl/sslprint.h @@ -0,0 +1,99 @@ +/** + sslprint.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslprint.h,v 1.3 2000/11/03 06:38:06 ekr Exp $ + + + ekr@rtfm.com Wed Feb 10 15:34:14 1999 + */ + + +#ifndef _sslprint_h +#define _sslprint_h + +#include "ssl_analyze.h" +#include "ssl_h.h" + +int ssl_expand_record PROTO_LIST((ssl_obj *ssl, + segment *q,int direction,UCHAR *data,int len)); +int ssl_decode_switch PROTO_LIST((ssl_obj *ssl, + decoder *dtable,int value,int dir,segment *seg,Data *data)); +int ssl_decode_uintX PROTO_LIST((ssl_obj *ssl,char *name,int size, + UINT4 print,Data *data,UINT4 *x)); +int ssl_decode_opaque_array PROTO_LIST((ssl_obj *ssl,char *name,int size, + UINT4 print,Data *data,Data *x)); +int ssl_decode_enum PROTO_LIST((ssl_obj *ssl,char *name, + int size,decoder *decode,UINT4 p,Data *data, + UINT4 *x)); +int ssl_lookup_enum PROTO_LIST((ssl_obj *ssl,decoder *dtable, + UINT4 val,char **ptr)); +int ssl_print_enum PROTO_LIST((ssl_obj *obj,char *name, + decoder *decode,UINT4 value)); +int print_data PROTO_LIST((ssl_obj *ssl,Data *d)); +int process_v2_hello PROTO_LIST((ssl_obj *ssl,segment *seg)); +int process_beginning_plaintext PROTO_LIST((ssl_obj *ssl, + segment *seg,int direction)); +int ssl_print_direction_indicator PROTO_LIST((ssl_obj *ssl,int dir)); +int ssl_print_timestamp PROTO_LIST((ssl_obj *ssl,struct timeval *ts)); +int ssl_print_record_num PROTO_LIST((ssl_obj *ssl)); +int ssl_print_cipher_suite PROTO_LIST((ssl_obj *ssl,int version,int p, + UINT4 val)); + +int explain PROTO_LIST((ssl_obj *ssl,char *format,...)); +int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data)); + + +#define SSL_DECODE_UINT8(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,1,b,c,d)) ERETURN(r) +#define SSL_DECODE_UINT16(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,2,b,c,d)) ERETURN(r) +#define SSL_DECODE_UINT24(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,3,b,c,d)) ERETURN(r) +#define SSL_DECODE_UINT32(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,4,b,c,d)) ERETURN(r) +#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if(r=ssl_decode_opaque_array(a,n,b,c,d,e)) ERETURN(r) +#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if(r=ssl_decode_enum(a,b,c,d,e,f,g)) ERETURN(r) +#define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags)) + +#define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0) +#define INDENT_INCR ssl->indent_depth+=2 +#define INDENT_POP ssl->indent_depth-=2 +#define INDENT_NAME(x) ssl->indent_name_len += strlen(x) +#define INDENT_NAME_POP ssl->indent_name_len=0 +#define LINE_LEFT (80-(ssl->indent_name_len + ssl->indent_depth) +#define LF printf("\n") + +#endif + diff --git a/ssl/sslxprint.c b/ssl/sslxprint.c new file mode 100644 index 0000000..0ba9897 --- /dev/null +++ b/ssl/sslxprint.c @@ -0,0 +1,234 @@ +/** + sslxprint.c + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslxprint.c,v 1.3 2000/11/03 06:38:06 ekr Exp $ + + + ekr@rtfm.com Thu Mar 25 21:17:16 1999 + */ + + +static char *RCSSTRING="$Id: sslxprint.c,v 1.3 2000/11/03 06:38:06 ekr Exp $"; + +#include "network.h" +#include "ssl_h.h" +#include "sslprint.h" +#include "ssl.enums.h" +#ifdef OPENSSL +#include +#include +#include +#endif + +#define BUFSIZE 1024 + +static int sslx__print_dn PROTO_LIST((ssl_obj *ssl,char *x)); +#ifdef OPENSSL +static int sslx__print_serial PROTO_LIST((ssl_obj *ssl,ASN1_INTEGER *a)); +#endif + +int sslx_print_certificate(ssl,data,pf) + ssl_obj *ssl; + Data *data; + int pf; + { +#ifdef OPENSSL + X509 *x=0; + ASN1_INTEGER *a; +#endif + UCHAR *d; + int _status; + +#ifdef OPENSSL + P_(P_ASN){ + char buf[BUFSIZE]; + int ext; + + d=data->data; + + if(!(x=d2i_X509(0,&d,data->len))){ + explain(ssl,"Bad certificate"); + ABORT(R_BAD_DATA); + } + X509_NAME_oneline(X509_get_subject_name(x),buf, + BUFSIZE); + explain(ssl,"Subject\n"); + INDENT_INCR; + sslx__print_dn(ssl,buf); + INDENT_POP; + X509_NAME_oneline(X509_get_issuer_name(x),buf, + BUFSIZE); + explain(ssl,"Issuer\n"); + INDENT_INCR; + sslx__print_dn(ssl,buf); + INDENT_POP; + a=X509_get_serialNumber(x); + explain(ssl,"Serial "); + sslx__print_serial(ssl,a); + + ext=X509_get_ext_count(x); + if(ext>0){ + int i,j; + UCHAR buf[1024]; + + explain(ssl,"Extensions\n"); + INDENT_INCR; + for(i=0;iprocess_ciphertext&ssl->direction) + printf("\\f(CI"); + else + printf("\\fC"); + + INDENT_INCR; + INDENT; + if(!X509V3_EXT_print_fp(stdout,ex,0,0)){ + printf("Hex value"); + } + INDENT_POP; + explain(ssl,"\n"); + } + } + INDENT_POP; + + } + else{ +#endif + P_(pf){ + exdump(ssl,"certificate",data); + } +#ifdef OPENSSL + } + } +#endif + + _status=0; + abort: +#ifdef OPENSSL + if(x) X509_free(x); +#endif + return(_status); + } + +int sslx_print_dn(ssl,data,pf) + ssl_obj *ssl; + Data *data; + int pf; + { + UCHAR buf[BUFSIZE]; + int _status; + UCHAR *d=data->data; +#ifdef OPENSSL + X509_NAME *n=0; +#endif + + P_(pf){ +#ifdef OPENSSL + P_(P_ASN){ + if(!(n=d2i_X509_NAME(0,&d,data->len))) + ABORT(R_BAD_DATA); + X509_NAME_oneline(n,buf,BUFSIZE); + sslx__print_dn(ssl,buf); + } + else{ +#endif + exdump(ssl,0,data); +#ifdef OPENSSL + } +#endif + } + + _status=0; + abort: +#ifdef OPENSSL + if(n) X509_NAME_free(n); +#endif + return(_status); + } + +static int sslx__print_dn(ssl,x) + ssl_obj *ssl; + char *x; + { + char *slash; + + if(*x=='/') x++; + + while (x){ + if(slash=strchr(x,'/')){ + *slash=0; + } + + explain(ssl,"%s\n",x); + + x=slash?slash+1:0; + }; + + return(0); + } + +#ifdef OPENSSL +static int sslx__print_serial(ssl,a) + ssl_obj *ssl; + ASN1_INTEGER *a; + { + Data d; + + if(a->length==0) + printf("0"); + + INIT_DATA(d,a->data,a->length); + exdump(ssl,0,&d); + + return(0); + } +#endif diff --git a/ssl/sslxprint.h b/ssl/sslxprint.h new file mode 100644 index 0000000..5d44876 --- /dev/null +++ b/ssl/sslxprint.h @@ -0,0 +1,54 @@ +/** + sslxprint.h + + + Copyright (C) 1999-2000 RTFM, Inc. + All Rights Reserved + + This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla + and licensed by RTFM, Inc. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + + This product includes software developed by Eric Rescorla for + RTFM, Inc. + + 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be + used to endorse or promote products derived from this + software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. + + $Id: sslxprint.h,v 1.2 2000/10/17 16:10:02 ekr Exp $ + + + ekr@rtfm.com Thu Mar 25 21:23:34 1999 + */ + + +#ifndef _sslxprint_h +#define _sslxprint_h + +int sslx_print_certificate PROTO_LIST((ssl_obj *ssl,Data *data,int pf)); +int sslx_print_dn PROTO_LIST((ssl_obj *ssl,Data *data,int pf)); + +#endif + diff --git a/ssl/targets.mk b/ssl/targets.mk new file mode 100644 index 0000000..c903360 --- /dev/null +++ b/ssl/targets.mk @@ -0,0 +1,282 @@ +# +# targets.mk +# +# $Source: /usr/local/CVS/ssldump/ssl/targets.mk,v $ +# $Revision: 1.2 $ +# $Date: 2001/12/08 14:57:51 $ +# $Name: $ +# $Disclaimer$ +# +# Copyright (C) 1999, Terisa Systems, Inc. +# All Rights Reserved. +# +# ekr@terisa.com +# + + + +# +# CONFIGURE USER-DEFINED MAKE ENVIRONMENT +# +# These fields are specified by the user. The remainder of +# this file is generated from this user-specified information. +# +# ANALYZE_SSL_DEFINES: +# cpp defines, with the -D flag preceeding each +# +# ANALYZE_SSL_INCLUDES: +# cpp include directories, with the -I flag preceeding each +# +# ANALYZE_SSL_INTERNAL: +# headers files which are local to a specific module directory, +# and should not be used by other parts of the toolkit or by +# the user +# +# ANALYZE_SSL_LIBNAME: +# the library associated with this module directory, used in +# most cases for debugging purposes +# +# ANALYZE_SSL_LIBPATHS: +# link-time directories to search for libraries, with the -L flag +# preceeding each +# +# ANALYZE_SSL_LIBRARIES: +# link-time libraries, with the -l flag preceeding each +# +# ANALYZE_SSL_LOCALFLAGS: +# compile-time flags specific to compiling only the files in +# this module directory--this variable should only be set in +# extremely exceptional cases +# +# ANALYZE_SSL_MAKEFILES: +# the makefiles +# +# ANALYZE_SSL_PREFIX: +# defines the module name, which also serves as the +# prefix for all the variable names defined in this file +# +# ANALYZE_SSL_PRIVATE: +# the private, for-toolkit-use-only API header files +# +# ANALYZE_SSL_PROGRAMS: +# programs to build +# +# ANALYZE_SSL_PUBLIC: +# the header files that define the public API for the toolkit +# and any other 'public' files that should be copied to +# the build directory +# +# ANALYZE_SSL_SOURCES: +# the source files to compile to object +# +ANALYZE_SSL_DEFINES = +ANALYZE_SSL_INCLUDES = -I$(ANALYZE_SSL_SRCDIR) +ANALYZE_SSL_INTERNAL = +ANALYZE_SSL_LIBNAME = +ANALYZE_SSL_LIBPATHS = +ANALYZE_SSL_LIBRARIES = +ANALYZE_SSL_LOCALFLAGS = +ANALYZE_SSL_MAKEFILES = +ANALYZE_SSL_PREFIX = ANALYZE_SSL +ANALYZE_SSL_PRIVATE = ssl_analyze.h +ANALYZE_SSL_PROGRAMS = +ANALYZE_SSL_PUBLIC = +ANALYZE_SSL_SOURCES = ciphersuites.c ssl.enums.c ssl_analyze.c \ + ssl_rec.c ssldecode.c sslprint.c sslxprint.c + + + +# +# CONFIGURE AUTOMATICALLY-GENERATED MAKE ENVIRONMENT +# +# ANALYZE_SSL_OBJECTS: +# object files to build +# +# ANALYZE_SSL_UNUSED: +# obsolete files in the module directory that are not +# used during the build process +# +# ANALYZE_SSL_USED: +# all files in the module directory that are used +# during the build process +# +ANALYZE_SSL_OBJECTS = ciphersuites.$(OBJSUFFIX) ssl.enums.$(OBJSUFFIX) \ + ssl_analyze.$(OBJSUFFIX) ssl_rec.$(OBJSUFFIX) \ + ssldecode.$(OBJSUFFIX) sslprint.$(OBJSUFFIX) \ + sslxprint.$(OBJSUFFIX) +ANALYZE_SSL_UNUSED = Makefile lex.yy.c main.c ssl.enums.h ssl_enum.c \ + ssl_h.h sslciphers.h ssldecode.h sslprint.h \ + sslxprint.h targets.mk y.tab.c y.tab.h +ANALYZE_SSL_USED = $(ANALYZE_SSL_INTERNAL:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_MAKEFILES:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_PRIVATE:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_PUBLIC:%=$(ANALYZE_SSL_SRCDIR)%) \ + $(ANALYZE_SSL_SOURCES:%=$(ANALYZE_SSL_SRCDIR)%) + + + +# +# NOTES +# +# The following variables may be used during the build process, +# but are not defined in this file. If they are to be set +# to something other than the default blank, then they must +# be set by the calling make system. +# +# ANALYZE_SSL_SRCDIR: +# if the build target directory is different from the +# module directory (the source directory), then this +# variable contains the relative or full path of +# the module directory +# +# LIBARS: +# the library archive files (with fully-specified paths) that +# executables built from this module directory depend upon +# +# LIBPATHS: +# the paths to search for library archives (specified with +# the -L) +# +# LIBRARIES: +# the libraries to use while building executables from +# this module directory (specified with the -l) +# + + + +# +# GLOBAL ENVIRONMENT +# +DEFINES += $(ANALYZE_SSL_DEFINES) +INCLUDES += $(ANALYZE_SSL_INCLUDES) +LIBPATHS += $(ANALYZE_SSL_LIBPATHS) +LIBRARIES += $(ANALYZE_SSL_LIBRARIES) +OBJECTS += $(ANALYZE_SSL_OBJECTS) +PUBLIC += $(ANALYZE_SSL_PUBLIC) + + + +# +# GENERIC DEPENDENCIES +# +# default: +# default dependency, must be the first dependency in this makefile +# +# all: +# build everything in this module directory +# +# build: +# make only the toolkit build files of this module directory +# +# ci: +# perform an RCS check-in of this module directory +# +# clean: +# remove the compiled files +# +# clean_public: +# remove the public header files that have been copied +# to a public build directory +# +# objects: +# build the object files (this dependency is used for +# building the toolkit library) +# +# private: +# build only the private API header files +# +# public: +# build only the public API header files +# +default: $(ANALYZE_SSL_LIBNAME) +default: $(ANALYZE_SSL_PROGRAMS) + +all: $(ANALYZE_SSL_PUBLIC) +all: $(ANALYZE_SSL_OBJECTS) +all: $(ANALYZE_SSL_LIBNAME) +all: $(ANALYZE_SSL_PROGRAMS) +build: $(ANALYZE_SSL_PUBLIC) +build: $(ANALYZE_SSL_OBJECTS) +ci: analyze_ssl_ci +clean: analyze_ssl_clean +clean_public: analyze_ssl_clean_public +objects: $(ANALYZE_SSL_OBJECTS) +private: $(ANALYZE_SSL_PRIVATE) +public: $(ANALYZE_SSL_PUBLIC) + + + +# +# LOCAL UTILITY DEPENDENCIES +# +# utility dependencies are necessary because of some +# make-isms having to do with dependencies +# + +analyze_ssl_ci: + $(CI) $(CIFLAGS) $(ANALYZE_SSL_USED) + +analyze_ssl_clean: + $(RM) $(RMFLAGS) $(ANALYZE_SSL_OBJECTS) $(ANALYZE_SSL_LIBNAME) $(ANALYZE_SSL_PROGRAMS) + +analyze_ssl_clean_public: + $(RM) $(RMFLAGS) $(ANALYZE_SSL_PUBLIC) + +analyze_ssl_objects: $(ANALYZE_SSL_OBJECTS) + +analyze_ssl_programs: $(ANALYZE_SSL_PROGRAMS) + +analyze_ssl_public: $(ANALYZE_SSL_PUBLIC) + + + +# +# BUILD DEPENDENCIES +# +# build dependencies invoke the rule used to build each +# class of file +# + +$(ANALYZE_SSL_LIBNAME): + $(AR) $(ARFLAGS) $@ $? + $(RANLIB) $@ + +$(ANALYZE_SSL_OBJECTS): + $(COMPILE.c) $(ANALYZE_SSL_SRCDIR)$(@:%.o=%.c) $(DEFINES) $(INCLUDES) $(ANALYZE_SSL_LOCALFLAGS) + +$(ANALYZE_SSL_PUBLIC): + $(CP) $(CPFLAGS) $(ANALYZE_SSL_SRCDIR)$@ $@ + +$(ANALYZE_SSL_PROGRAMS): + $(LINK.c) $@.$(OBJSUFFIX) $(LDLIBS) $(LIBS) $(LIBRARIES) $(LIBPATHS) +#LIBS above is obsolete (use LIBARARIES instead) + + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +ciphersuites.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ciphersuites.c + +ssl.enums.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl.enums.h +ssl.enums.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl.enums.c + +ssl_analyze.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl_analyze.h +ssl_analyze.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl_analyze.c + +ssl_rec.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssl_rec.c + +ssldecode.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssldecode.h +ssldecode.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)ssldecode.c + +sslprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslprint.h +sslprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslprint.c + +sslxprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslxprint.h +sslxprint.$(OBJSUFFIX): $(ANALYZE_SSL_SRCDIR)sslxprint.c + +$(ANALYZE_SSL_LIBNAME): $(ANALYZE_SSL_OBJECTS) diff --git a/ssl/y.output b/ssl/y.output new file mode 100644 index 0000000..1be3a37 --- /dev/null +++ b/ssl/y.output @@ -0,0 +1,526 @@ + + +Terminals which are not used: + + DOT_DOT_ + STRUCT_ + OPAQUE_ + ENUM_ + DIGITALLY_SIGNED_ + COMMENT_START_ + COMMENT_END_ + CASE_ + + + +Grammar +rule 1 module -> typelist +rule 2 typelist -> /* empty */ +rule 3 typelist -> definition typelist +rule 4 definition -> selecttype +rule 5 definition -> constant_type +rule 6 selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' NAME_ ';' +rule 7 selecterateds -> selecterateds ',' selecterated +rule 8 selecterateds -> selecterated +rule 9 selectmax -> '(' NUM_ ')' +rule 10 selecterated -> selecterated_no_code +rule 11 selecterated -> selecterated_code +rule 12 selecterated_code -> NAME_ '(' NUM_ ')' CODE_ +rule 13 selecterated_no_code -> NAME_ '(' NUM_ ')' +rule 14 constant_type -> CONSTANT_ '{' constants '}' NAME_ ';' +rule 15 constants -> constants constant +rule 16 constants -> constant +rule 17 constant -> NAME_ NAME_ '=' '{' constval '}' ';' +rule 18 constval -> NUM_ ',' NUM_ ',' NUM_ +rule 19 constval -> NUM_ ',' NUM_ +rule 20 constval -> NUM_ + +Terminals, with rules where they appear + +$ (-1) +'(' (40) 9 12 13 +')' (41) 9 12 13 +',' (44) 6 7 18 19 +';' (59) 6 14 17 +'=' (61) 17 +'{' (123) 6 14 17 +'}' (125) 6 14 17 +error (256) +NAME_ (257) 6 12 13 14 17 +NUM_ (258) 9 12 13 18 19 20 +DOT_DOT_ (259) +STRUCT_ (260) +SELECT_ (261) 6 +OPAQUE_ (262) +ENUM_ (263) +DIGITALLY_SIGNED_ (264) +COMMENT_START_ (265) +CODE_ (266) 12 +COMMENT_END_ (267) +CASE_ (268) +CONSTANT_ (269) 14 + +Nonterminals, with rules where they appear + +module (23) + on left: 1 +typelist (24) + on left: 2 3, on right: 1 3 +definition (25) + on left: 4 5, on right: 3 +selecttype (26) + on left: 6, on right: 4 +selecterateds (27) + on left: 7 8, on right: 6 7 +selectmax (28) + on left: 9, on right: 6 +selecterated (29) + on left: 10 11, on right: 7 8 +selecterated_code (30) + on left: 12, on right: 11 +selecterated_no_code (31) + on left: 13, on right: 10 +constant_type (32) + on left: 14, on right: 5 +constants (33) + on left: 15 16, on right: 14 15 +constant (34) + on left: 17, on right: 15 16 +constval (35) + on left: 18 19 20, on right: 17 + + +state 0 + + SELECT_ shift, and go to state 1 + CONSTANT_ shift, and go to state 2 + + $default reduce using rule 2 (typelist) + + module go to state 46 + typelist go to state 3 + definition go to state 4 + selecttype go to state 5 + constant_type go to state 6 + + + +state 1 + + selecttype -> SELECT_ . '{' selecterateds ',' selectmax '}' NAME_ ';' (rule 6) + + '{' shift, and go to state 7 + + + +state 2 + + constant_type -> CONSTANT_ . '{' constants '}' NAME_ ';' (rule 14) + + '{' shift, and go to state 8 + + + +state 3 + + module -> typelist . (rule 1) + + $default reduce using rule 1 (module) + + + +state 4 + + typelist -> definition . typelist (rule 3) + + SELECT_ shift, and go to state 1 + CONSTANT_ shift, and go to state 2 + + $default reduce using rule 2 (typelist) + + typelist go to state 9 + definition go to state 4 + selecttype go to state 5 + constant_type go to state 6 + + + +state 5 + + definition -> selecttype . (rule 4) + + $default reduce using rule 4 (definition) + + + +state 6 + + definition -> constant_type . (rule 5) + + $default reduce using rule 5 (definition) + + + +state 7 + + selecttype -> SELECT_ '{' . selecterateds ',' selectmax '}' NAME_ ';' (rule 6) + + NAME_ shift, and go to state 10 + + selecterateds go to state 11 + selecterated go to state 12 + selecterated_code go to state 13 + selecterated_no_code go to state 14 + + + +state 8 + + constant_type -> CONSTANT_ '{' . constants '}' NAME_ ';' (rule 14) + + NAME_ shift, and go to state 15 + + constants go to state 16 + constant go to state 17 + + + +state 9 + + typelist -> definition typelist . (rule 3) + + $default reduce using rule 3 (typelist) + + + +state 10 + + selecterated_code -> NAME_ . '(' NUM_ ')' CODE_ (rule 12) + selecterated_no_code -> NAME_ . '(' NUM_ ')' (rule 13) + + '(' shift, and go to state 18 + + + +state 11 + + selecttype -> SELECT_ '{' selecterateds . ',' selectmax '}' NAME_ ';' (rule 6) + selecterateds -> selecterateds . ',' selecterated (rule 7) + + ',' shift, and go to state 19 + + + +state 12 + + selecterateds -> selecterated . (rule 8) + + $default reduce using rule 8 (selecterateds) + + + +state 13 + + selecterated -> selecterated_code . (rule 11) + + $default reduce using rule 11 (selecterated) + + + +state 14 + + selecterated -> selecterated_no_code . (rule 10) + + $default reduce using rule 10 (selecterated) + + + +state 15 + + constant -> NAME_ . NAME_ '=' '{' constval '}' ';' (rule 17) + + NAME_ shift, and go to state 20 + + + +state 16 + + constant_type -> CONSTANT_ '{' constants . '}' NAME_ ';' (rule 14) + constants -> constants . constant (rule 15) + + NAME_ shift, and go to state 15 + '}' shift, and go to state 21 + + constant go to state 22 + + + +state 17 + + constants -> constant . (rule 16) + + $default reduce using rule 16 (constants) + + + +state 18 + + selecterated_code -> NAME_ '(' . NUM_ ')' CODE_ (rule 12) + selecterated_no_code -> NAME_ '(' . NUM_ ')' (rule 13) + + NUM_ shift, and go to state 23 + + + +state 19 + + selecttype -> SELECT_ '{' selecterateds ',' . selectmax '}' NAME_ ';' (rule 6) + selecterateds -> selecterateds ',' . selecterated (rule 7) + + NAME_ shift, and go to state 10 + '(' shift, and go to state 24 + + selectmax go to state 25 + selecterated go to state 26 + selecterated_code go to state 13 + selecterated_no_code go to state 14 + + + +state 20 + + constant -> NAME_ NAME_ . '=' '{' constval '}' ';' (rule 17) + + '=' shift, and go to state 27 + + + +state 21 + + constant_type -> CONSTANT_ '{' constants '}' . NAME_ ';' (rule 14) + + NAME_ shift, and go to state 28 + + + +state 22 + + constants -> constants constant . (rule 15) + + $default reduce using rule 15 (constants) + + + +state 23 + + selecterated_code -> NAME_ '(' NUM_ . ')' CODE_ (rule 12) + selecterated_no_code -> NAME_ '(' NUM_ . ')' (rule 13) + + ')' shift, and go to state 29 + + + +state 24 + + selectmax -> '(' . NUM_ ')' (rule 9) + + NUM_ shift, and go to state 30 + + + +state 25 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax . '}' NAME_ ';' (rule 6) + + '}' shift, and go to state 31 + + + +state 26 + + selecterateds -> selecterateds ',' selecterated . (rule 7) + + $default reduce using rule 7 (selecterateds) + + + +state 27 + + constant -> NAME_ NAME_ '=' . '{' constval '}' ';' (rule 17) + + '{' shift, and go to state 32 + + + +state 28 + + constant_type -> CONSTANT_ '{' constants '}' NAME_ . ';' (rule 14) + + ';' shift, and go to state 33 + + + +state 29 + + selecterated_code -> NAME_ '(' NUM_ ')' . CODE_ (rule 12) + selecterated_no_code -> NAME_ '(' NUM_ ')' . (rule 13) + + CODE_ shift, and go to state 34 + + $default reduce using rule 13 (selecterated_no_code) + + + +state 30 + + selectmax -> '(' NUM_ . ')' (rule 9) + + ')' shift, and go to state 35 + + + +state 31 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' . NAME_ ';' (rule 6) + + NAME_ shift, and go to state 36 + + + +state 32 + + constant -> NAME_ NAME_ '=' '{' . constval '}' ';' (rule 17) + + NUM_ shift, and go to state 37 + + constval go to state 38 + + + +state 33 + + constant_type -> CONSTANT_ '{' constants '}' NAME_ ';' . (rule 14) + + $default reduce using rule 14 (constant_type) + + + +state 34 + + selecterated_code -> NAME_ '(' NUM_ ')' CODE_ . (rule 12) + + $default reduce using rule 12 (selecterated_code) + + + +state 35 + + selectmax -> '(' NUM_ ')' . (rule 9) + + $default reduce using rule 9 (selectmax) + + + +state 36 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' NAME_ . ';' (rule 6) + + ';' shift, and go to state 39 + + + +state 37 + + constval -> NUM_ . ',' NUM_ ',' NUM_ (rule 18) + constval -> NUM_ . ',' NUM_ (rule 19) + constval -> NUM_ . (rule 20) + + ',' shift, and go to state 40 + + $default reduce using rule 20 (constval) + + + +state 38 + + constant -> NAME_ NAME_ '=' '{' constval . '}' ';' (rule 17) + + '}' shift, and go to state 41 + + + +state 39 + + selecttype -> SELECT_ '{' selecterateds ',' selectmax '}' NAME_ ';' . (rule 6) + + $default reduce using rule 6 (selecttype) + + + +state 40 + + constval -> NUM_ ',' . NUM_ ',' NUM_ (rule 18) + constval -> NUM_ ',' . NUM_ (rule 19) + + NUM_ shift, and go to state 42 + + + +state 41 + + constant -> NAME_ NAME_ '=' '{' constval '}' . ';' (rule 17) + + ';' shift, and go to state 43 + + + +state 42 + + constval -> NUM_ ',' NUM_ . ',' NUM_ (rule 18) + constval -> NUM_ ',' NUM_ . (rule 19) + + ',' shift, and go to state 44 + + $default reduce using rule 19 (constval) + + + +state 43 + + constant -> NAME_ NAME_ '=' '{' constval '}' ';' . (rule 17) + + $default reduce using rule 17 (constant) + + + +state 44 + + constval -> NUM_ ',' NUM_ ',' . NUM_ (rule 18) + + NUM_ shift, and go to state 45 + + + +state 45 + + constval -> NUM_ ',' NUM_ ',' NUM_ . (rule 18) + + $default reduce using rule 18 (constval) + + + +state 46 + + $ go to state 47 + + + +state 47 + + $ go to state 48 + + + +state 48 + + $default accept diff --git a/ssl/y.tab.c b/ssl/y.tab.c new file mode 100644 index 0000000..67ada3f --- /dev/null +++ b/ssl/y.tab.c @@ -0,0 +1,1124 @@ + +/* A Bison parser, made from ssl.y + by GNU Bison version 1.28 */ + +#define YYBISON 1 /* Identify Bison output. */ + +#define NAME_ 257 +#define NUM_ 258 +#define DOT_DOT_ 259 +#define STRUCT_ 260 +#define SELECT_ 261 +#define OPAQUE_ 262 +#define ENUM_ 263 +#define DIGITALLY_SIGNED_ 264 +#define COMMENT_START_ 265 +#define CODE_ 266 +#define COMMENT_END_ 267 +#define CASE_ 268 +#define CONSTANT_ 269 + +#line 11 "ssl.y" + + +typedef struct select_st_ { + char *name; + char *code; + int val; + struct select_st_ *next; +} select_st; + + +select_st *select_base; +select_st *select_ptr; + +select_st *constant_base; +select_st *constant_ptr; + +#include + +extern FILE *dotc; +extern FILE *doth; + + +#line 33 "ssl.y" +typedef union { + int val; + unsigned char str[8192]; +} YYSTYPE; +#include + +#ifndef __cplusplus +#ifndef __STDC__ +#define const +#endif +#endif + + + +#define YYFINAL 48 +#define YYFLAG -32768 +#define YYNTBASE 23 + +#define YYTRANSLATE(x) ((unsigned)(x) <= 269 ? yytranslate[x] : 36) + +static const char yytranslate[] = { 0, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 20, + 21, 2, 2, 17, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 19, 2, + 22, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 16, 2, 18, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 1, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15 +}; + +#if YYDEBUG != 0 +static const short yyprhs[] = { 0, + 0, 2, 3, 6, 8, 10, 19, 23, 25, 29, + 31, 33, 39, 44, 51, 54, 56, 64, 70, 74 +}; + +static const short yyrhs[] = { 24, + 0, 0, 25, 24, 0, 26, 0, 32, 0, 7, + 16, 27, 17, 28, 18, 3, 19, 0, 27, 17, + 29, 0, 29, 0, 20, 4, 21, 0, 31, 0, + 30, 0, 3, 20, 4, 21, 12, 0, 3, 20, + 4, 21, 0, 15, 16, 33, 18, 3, 19, 0, + 33, 34, 0, 34, 0, 3, 3, 22, 16, 35, + 18, 19, 0, 4, 17, 4, 17, 4, 0, 4, + 17, 4, 0, 4, 0 +}; + +#endif + +#if YYDEBUG != 0 +static const short yyrline[] = { 0, + 67, 69, 70, 76, 77, 80, 124, 125, 130, 133, + 134, 138, 160, 181, 202, 203, 208, 228, 232, 236 +}; +#endif + + +#if YYDEBUG != 0 || defined (YYERROR_VERBOSE) + +static const char * const yytname[] = { "$","error","$undefined.","NAME_", +"NUM_","DOT_DOT_","STRUCT_","SELECT_","OPAQUE_","ENUM_","DIGITALLY_SIGNED_", +"COMMENT_START_","CODE_","COMMENT_END_","CASE_","CONSTANT_","'{'","','","'}'", +"';'","'('","')'","'='","module","typelist","definition","selecttype","selecterateds", +"selectmax","selecterated","selecterated_code","selecterated_no_code","constant_type", +"constants","constant","constval", NULL +}; +#endif + +static const short yyr1[] = { 0, + 23, 24, 24, 25, 25, 26, 27, 27, 28, 29, + 29, 30, 31, 32, 33, 33, 34, 35, 35, 35 +}; + +static const short yyr2[] = { 0, + 1, 0, 2, 1, 1, 8, 3, 1, 3, 1, + 1, 5, 4, 6, 2, 1, 7, 5, 3, 1 +}; + +static const short yydefact[] = { 2, + 0, 0, 1, 2, 4, 5, 0, 0, 3, 0, + 0, 8, 11, 10, 0, 0, 16, 0, 0, 0, + 0, 15, 0, 0, 0, 7, 0, 0, 13, 0, + 0, 0, 14, 12, 9, 0, 20, 0, 6, 0, + 0, 19, 17, 0, 18, 0, 0, 0 +}; + +static const short yydefgoto[] = { 46, + 3, 4, 5, 11, 25, 12, 13, 14, 6, 16, + 17, 38 +}; + +static const short yypact[] = { -5, + -13, -12,-32768, -5,-32768,-32768, 2, 3,-32768, -11, + -10,-32768,-32768,-32768, 5, -2,-32768, 7, -3, -9, + 9,-32768, -7, 11, 0,-32768, 4, 6, 10, 8, + 16, 17,-32768,-32768,-32768, 12, 13, 14,-32768, 19, + 15, 18,-32768, 20,-32768, 26, 27,-32768 +}; + +static const short yypgoto[] = {-32768, + 24,-32768,-32768,-32768,-32768, 21,-32768,-32768,-32768,-32768, + 22,-32768 +}; + + +#define YYLAST 40 + + +static const short yytable[] = { 10, + 15, 1, 7, 8, 10, 15, 19, 20, 18, 2, + 23, 28, 27, 29, 30, 21, 24, 31, 36, 32, + 37, 34, 42, 45, 33, 47, 48, 9, 35, 40, + 39, 41, 0, 43, 44, 0, 0, 22, 0, 26 +}; + +static const short yycheck[] = { 3, + 3, 7, 16, 16, 3, 3, 17, 3, 20, 15, + 4, 3, 22, 21, 4, 18, 20, 18, 3, 16, + 4, 12, 4, 4, 19, 0, 0, 4, 21, 17, + 19, 18, -1, 19, 17, -1, -1, 16, -1, 19 +}; +/* -*-C-*- Note some compilers choke on comments on `#line' lines. */ +#line 3 "/usr/local/share/bison.simple" +/* This file comes from bison-1.28. */ + +/* Skeleton output parser for bison, + Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* This is the parser code that is written into each bison parser + when the %semantic_parser declaration is not specified in the grammar. + It was written by Richard Stallman by simplifying the hairy parser + used when %semantic_parser is specified. */ + +#ifndef YYSTACK_USE_ALLOCA +#ifdef alloca +#define YYSTACK_USE_ALLOCA +#else /* alloca not defined */ +#ifdef __GNUC__ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#else /* not GNU C. */ +#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi) || (defined (__sun) && defined (__i386)) +#define YYSTACK_USE_ALLOCA +#include +#else /* not sparc */ +/* We think this test detects Watcom and Microsoft C. */ +/* This used to test MSDOS, but that is a bad idea + since that symbol is in the user namespace. */ +#if (defined (_MSDOS) || defined (_MSDOS_)) && !defined (__TURBOC__) +#if 0 /* No need for malloc.h, which pollutes the namespace; + instead, just don't use alloca. */ +#include +#endif +#else /* not MSDOS, or __TURBOC__ */ +#if defined(_AIX) +/* I don't know what this was needed for, but it pollutes the namespace. + So I turned it off. rms, 2 May 1997. */ +/* #include */ + #pragma alloca +#define YYSTACK_USE_ALLOCA +#else /* not MSDOS, or __TURBOC__, or _AIX */ +#if 0 +#ifdef __hpux /* haible@ilog.fr says this works for HPUX 9.05 and up, + and on HPUX 10. Eventually we can turn this on. */ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#endif /* __hpux */ +#endif +#endif /* not _AIX */ +#endif /* not MSDOS, or __TURBOC__ */ +#endif /* not sparc */ +#endif /* not GNU C */ +#endif /* alloca not defined */ +#endif /* YYSTACK_USE_ALLOCA not defined */ + +#ifdef YYSTACK_USE_ALLOCA +#define YYSTACK_ALLOC alloca +#else +#define YYSTACK_ALLOC malloc +#endif + +/* Note: there must be only one dollar sign in this file. + It is replaced by the list of actions, each action + as one case of the switch. */ + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY -2 +#define YYEOF 0 +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrlab1 +/* Like YYERROR except do call yyerror. + This remains here temporarily to ease the + transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ +#define YYFAIL goto yyerrlab +#define YYRECOVERING() (!!yyerrstatus) +#define YYBACKUP(token, value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { yychar = (token), yylval = (value); \ + yychar1 = YYTRANSLATE (yychar); \ + YYPOPSTACK; \ + goto yybackup; \ + } \ + else \ + { yyerror ("syntax error: cannot back up"); YYERROR; } \ +while (0) + +#define YYTERROR 1 +#define YYERRCODE 256 + +#ifndef YYPURE +#define YYLEX yylex() +#endif + +#ifdef YYPURE +#ifdef YYLSP_NEEDED +#ifdef YYLEX_PARAM +#define YYLEX yylex(&yylval, &yylloc, YYLEX_PARAM) +#else +#define YYLEX yylex(&yylval, &yylloc) +#endif +#else /* not YYLSP_NEEDED */ +#ifdef YYLEX_PARAM +#define YYLEX yylex(&yylval, YYLEX_PARAM) +#else +#define YYLEX yylex(&yylval) +#endif +#endif /* not YYLSP_NEEDED */ +#endif + +/* If nonreentrant, generate the variables here */ + +#ifndef YYPURE + +int yychar; /* the lookahead symbol */ +YYSTYPE yylval; /* the semantic value of the */ + /* lookahead symbol */ + +#ifdef YYLSP_NEEDED +YYLTYPE yylloc; /* location data for the lookahead */ + /* symbol */ +#endif + +int yynerrs; /* number of parse errors so far */ +#endif /* not YYPURE */ + +#if YYDEBUG != 0 +int yydebug; /* nonzero means print parse trace */ +/* Since this is uninitialized, it does not stop multiple parsers + from coexisting. */ +#endif + +/* YYINITDEPTH indicates the initial size of the parser's stacks */ + +#ifndef YYINITDEPTH +#define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH is the maximum size the stacks can grow to + (effective only if the built-in stack extension method is used). */ + +#if YYMAXDEPTH == 0 +#undef YYMAXDEPTH +#endif + +#ifndef YYMAXDEPTH +#define YYMAXDEPTH 10000 +#endif + +/* Define __yy_memcpy. Note that the size argument + should be passed with type unsigned int, because that is what the non-GCC + definitions require. With GCC, __builtin_memcpy takes an arg + of type size_t, but it can handle unsigned int. */ + +#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */ +#define __yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) +#else /* not GNU C or C++ */ +#ifndef __cplusplus + +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ +static void +__yy_memcpy (to, from, count) + char *to; + char *from; + unsigned int count; +{ + register char *f = from; + register char *t = to; + register int i = count; + + while (i-- > 0) + *t++ = *f++; +} + +#else /* __cplusplus */ + +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ +static void +__yy_memcpy (char *to, char *from, unsigned int count) +{ + register char *t = to; + register char *f = from; + register int i = count; + + while (i-- > 0) + *t++ = *f++; +} + +#endif +#endif + +#line 217 "/usr/local/share/bison.simple" + +/* The user can define YYPARSE_PARAM as the name of an argument to be passed + into yyparse. The argument should have type void *. + It should actually point to an object. + Grammar actions can access the variable by casting it + to the proper pointer type. */ + +#ifdef YYPARSE_PARAM +#ifdef __cplusplus +#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM +#define YYPARSE_PARAM_DECL +#else /* not __cplusplus */ +#define YYPARSE_PARAM_ARG YYPARSE_PARAM +#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM; +#endif /* not __cplusplus */ +#else /* not YYPARSE_PARAM */ +#define YYPARSE_PARAM_ARG +#define YYPARSE_PARAM_DECL +#endif /* not YYPARSE_PARAM */ + +/* Prevent warning if -Wstrict-prototypes. */ +#ifdef __GNUC__ +#ifdef YYPARSE_PARAM +int yyparse (void *); +#else +int yyparse (void); +#endif +#endif + +int +yyparse(YYPARSE_PARAM_ARG) + YYPARSE_PARAM_DECL +{ + register int yystate; + register int yyn; + register short *yyssp; + register YYSTYPE *yyvsp; + int yyerrstatus; /* number of tokens to shift before error messages enabled */ + int yychar1 = 0; /* lookahead token as an internal (translated) token number */ + + short yyssa[YYINITDEPTH]; /* the state stack */ + YYSTYPE yyvsa[YYINITDEPTH]; /* the semantic value stack */ + + short *yyss = yyssa; /* refer to the stacks thru separate pointers */ + YYSTYPE *yyvs = yyvsa; /* to allow yyoverflow to reallocate them elsewhere */ + +#ifdef YYLSP_NEEDED + YYLTYPE yylsa[YYINITDEPTH]; /* the location stack */ + YYLTYPE *yyls = yylsa; + YYLTYPE *yylsp; + +#define YYPOPSTACK (yyvsp--, yyssp--, yylsp--) +#else +#define YYPOPSTACK (yyvsp--, yyssp--) +#endif + + int yystacksize = YYINITDEPTH; + int yyfree_stacks = 0; + +#ifdef YYPURE + int yychar; + YYSTYPE yylval; + int yynerrs; +#ifdef YYLSP_NEEDED + YYLTYPE yylloc; +#endif +#endif + + YYSTYPE yyval; /* the variable used to return */ + /* semantic values from the action */ + /* routines */ + + int yylen; + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Starting parse\n"); +#endif + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + + yyssp = yyss - 1; + yyvsp = yyvs; +#ifdef YYLSP_NEEDED + yylsp = yyls; +#endif + +/* Push a new state, which is found in yystate . */ +/* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. */ +yynewstate: + + *++yyssp = yystate; + + if (yyssp >= yyss + yystacksize - 1) + { + /* Give user a chance to reallocate the stack */ + /* Use copies of these so that the &'s don't force the real ones into memory. */ + YYSTYPE *yyvs1 = yyvs; + short *yyss1 = yyss; +#ifdef YYLSP_NEEDED + YYLTYPE *yyls1 = yyls; +#endif + + /* Get the current used size of the three stacks, in elements. */ + int size = yyssp - yyss + 1; + +#ifdef yyoverflow + /* Each stack pointer address is followed by the size of + the data in use in that stack, in bytes. */ +#ifdef YYLSP_NEEDED + /* This used to be a conditional around just the two extra args, + but that might be undefined if yyoverflow is a macro. */ + yyoverflow("parser stack overflow", + &yyss1, size * sizeof (*yyssp), + &yyvs1, size * sizeof (*yyvsp), + &yyls1, size * sizeof (*yylsp), + &yystacksize); +#else + yyoverflow("parser stack overflow", + &yyss1, size * sizeof (*yyssp), + &yyvs1, size * sizeof (*yyvsp), + &yystacksize); +#endif + + yyss = yyss1; yyvs = yyvs1; +#ifdef YYLSP_NEEDED + yyls = yyls1; +#endif +#else /* no yyoverflow */ + /* Extend the stack our own way. */ + if (yystacksize >= YYMAXDEPTH) + { + yyerror("parser stack overflow"); + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); +#endif + } + return 2; + } + yystacksize *= 2; + if (yystacksize > YYMAXDEPTH) + yystacksize = YYMAXDEPTH; +#ifndef YYSTACK_USE_ALLOCA + yyfree_stacks = 1; +#endif + yyss = (short *) YYSTACK_ALLOC (yystacksize * sizeof (*yyssp)); + __yy_memcpy ((char *)yyss, (char *)yyss1, + size * (unsigned int) sizeof (*yyssp)); + yyvs = (YYSTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yyvsp)); + __yy_memcpy ((char *)yyvs, (char *)yyvs1, + size * (unsigned int) sizeof (*yyvsp)); +#ifdef YYLSP_NEEDED + yyls = (YYLTYPE *) YYSTACK_ALLOC (yystacksize * sizeof (*yylsp)); + __yy_memcpy ((char *)yyls, (char *)yyls1, + size * (unsigned int) sizeof (*yylsp)); +#endif +#endif /* no yyoverflow */ + + yyssp = yyss + size - 1; + yyvsp = yyvs + size - 1; +#ifdef YYLSP_NEEDED + yylsp = yyls + size - 1; +#endif + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Stack size increased to %d\n", yystacksize); +#endif + + if (yyssp >= yyss + yystacksize - 1) + YYABORT; + } + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Entering state %d\n", yystate); +#endif + + goto yybackup; + yybackup: + +/* Do appropriate processing given the current state. */ +/* Read a lookahead token if we need one and don't already have one. */ +/* yyresume: */ + + /* First try to decide what to do without reference to lookahead token. */ + + yyn = yypact[yystate]; + if (yyn == YYFLAG) + goto yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* yychar is either YYEMPTY or YYEOF + or a valid token in external form. */ + + if (yychar == YYEMPTY) + { +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Reading a token: "); +#endif + yychar = YYLEX; + } + + /* Convert token to internal form (in yychar1) for indexing tables with */ + + if (yychar <= 0) /* This means end of input. */ + { + yychar1 = 0; + yychar = YYEOF; /* Don't call YYLEX any more */ + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Now at end of input.\n"); +#endif + } + else + { + yychar1 = YYTRANSLATE(yychar); + +#if YYDEBUG != 0 + if (yydebug) + { + fprintf (stderr, "Next token is %d (%s", yychar, yytname[yychar1]); + /* Give the individual parser a way to print the precise meaning + of a token, for further debugging info. */ +#ifdef YYPRINT + YYPRINT (stderr, yychar, yylval); +#endif + fprintf (stderr, ")\n"); + } +#endif + } + + yyn += yychar1; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != yychar1) + goto yydefault; + + yyn = yytable[yyn]; + + /* yyn is what to do for this token type in this state. + Negative => reduce, -yyn is rule number. + Positive => shift, yyn is new state. + New state is final state => don't bother to shift, + just return success. + 0, or most negative number => error. */ + + if (yyn < 0) + { + if (yyn == YYFLAG) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + else if (yyn == 0) + goto yyerrlab; + + if (yyn == YYFINAL) + YYACCEPT; + + /* Shift the lookahead token. */ + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Shifting token %d (%s), ", yychar, yytname[yychar1]); +#endif + + /* Discard the token being shifted unless it is eof. */ + if (yychar != YYEOF) + yychar = YYEMPTY; + + *++yyvsp = yylval; +#ifdef YYLSP_NEEDED + *++yylsp = yylloc; +#endif + + /* count tokens shifted since error; after three, turn off error status. */ + if (yyerrstatus) yyerrstatus--; + + yystate = yyn; + goto yynewstate; + +/* Do the default action for the current state. */ +yydefault: + + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + +/* Do a reduction. yyn is the number of a rule to reduce with. */ +yyreduce: + yylen = yyr2[yyn]; + if (yylen > 0) + yyval = yyvsp[1-yylen]; /* implement default value of the action */ + +#if YYDEBUG != 0 + if (yydebug) + { + int i; + + fprintf (stderr, "Reducing via rule %d (line %d), ", + yyn, yyrline[yyn]); + + /* Print the symbols being reduced, and their result. */ + for (i = yyprhs[yyn]; yyrhs[i] > 0; i++) + fprintf (stderr, "%s ", yytname[yyrhs[i]]); + fprintf (stderr, " -> %s\n", yytname[yyr1[yyn]]); + } +#endif + + + switch (yyn) { + +case 2: +#line 69 "ssl.y" +{yyval.val=1; + break;} +case 3: +#line 71 "ssl.y" +{ + yyval.val=1; + ; + break;} +case 6: +#line 81 "ssl.y" +{ + select_st *en; + char filename[100]; + + for(en=select_base;en;en=en->next){ + fprintf(dotc,"static int decode_%s_%s(ssl,dir,seg,data)\n", + yyvsp[-1].str,en->name); + fprintf(dotc," ssl_obj *ssl;\n"); + fprintf(dotc," int dir;\n"); + fprintf(dotc," segment *seg;\n"); + fprintf(dotc," Data *data;\n"); + fprintf(dotc," {\n"); + if(en->code){ + en->code+=2; + en->code[strlen(en->code)-2]=0; + fprintf(dotc,"\n%s\n",en->code); + } + else{ +/* fprintf(dotc," fprintf(dotc,\"Decoding %s...%cn\");\n",en->name,'\\');*/ + fprintf(dotc," return(0);\n"); + } + fprintf(dotc," }\n"); + } + + fprintf(dotc,"decoder %s_decoder[]={\n",yyvsp[-1].str); + fprintf(doth,"extern decoder %s_decoder[];\n",yyvsp[-1].str); + for(en=select_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," decode_%s_%s\n",yyvsp[-1].str,en->name); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + + + + select_base=0; + ; + break;} +case 8: +#line 126 "ssl.y" +{; +; + break;} +case 9: +#line 131 "ssl.y" +{yyval.val=1;; + break;} +case 12: +#line 139 "ssl.y" +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=yyvsp[-2].val; + en->name=strdup(yyvsp[-4].str); + en->code=strdup(yyvsp[0].str); + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +; + break;} +case 13: +#line 161 "ssl.y" +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=yyvsp[-1].val; + en->name=strdup(yyvsp[-3].str); + en->code=0; + + if(!select_base){ + select_base=en; + select_ptr=en; + } + else{ + select_ptr->next=en; + select_ptr=en; + } +; + break;} +case 14: +#line 182 "ssl.y" +{ + select_st *en; + + fprintf(dotc,"decoder %s_decoder[]={\n",yyvsp[-1].str); + fprintf(doth,"extern decoder %s_decoder[];\n",yyvsp[-1].str); + + for(en=constant_base;en;en=en->next){ + fprintf(dotc," {\n"); + fprintf(dotc," %d,\n",en->val); + fprintf(dotc," \"%s\",\n",en->name); + fprintf(dotc," 0"); + fprintf(dotc," },\n"); + } + + fprintf(dotc,"{-1}\n"); + fprintf(dotc,"};\n\n"); + constant_ptr=0; + constant_base=0; + ; + break;} +case 16: +#line 204 "ssl.y" +{; +; + break;} +case 17: +#line 209 "ssl.y" +{ + select_st *en; + + en=malloc(sizeof(select_st)); + + en->next=0; + en->val=yyvsp[-2].val; + en->name=strdup(yyvsp[-5].str); + + if(!constant_base){ + constant_base=en; + constant_ptr=en; + } + else{ + constant_ptr->next=en; + constant_ptr=en; + } +; + break;} +case 18: +#line 229 "ssl.y" +{ + yyval.val=(yyvsp[-4].val << 16) | (yyvsp[-2].val << 8) | yyvsp[0].val; + ; + break;} +case 19: +#line 233 "ssl.y" +{ + yyval.val=(yyvsp[-2].val << 8) | yyvsp[0].val; + ; + break;} +case 20: +#line 237 "ssl.y" +{ + yyval.val=yyvsp[0].val; + ; + break;} +} + /* the action file gets copied in in place of this dollarsign */ +#line 543 "/usr/local/share/bison.simple" + + yyvsp -= yylen; + yyssp -= yylen; +#ifdef YYLSP_NEEDED + yylsp -= yylen; +#endif + +#if YYDEBUG != 0 + if (yydebug) + { + short *ssp1 = yyss - 1; + fprintf (stderr, "state stack now"); + while (ssp1 != yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif + + *++yyvsp = yyval; + +#ifdef YYLSP_NEEDED + yylsp++; + if (yylen == 0) + { + yylsp->first_line = yylloc.first_line; + yylsp->first_column = yylloc.first_column; + yylsp->last_line = (yylsp-1)->last_line; + yylsp->last_column = (yylsp-1)->last_column; + yylsp->text = 0; + } + else + { + yylsp->last_line = (yylsp+yylen-1)->last_line; + yylsp->last_column = (yylsp+yylen-1)->last_column; + } +#endif + + /* Now "shift" the result of the reduction. + Determine what state that goes to, + based on the state we popped back to + and the rule number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTBASE] + *yyssp; + if (yystate >= 0 && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTBASE]; + + goto yynewstate; + +yyerrlab: /* here on detecting error */ + + if (! yyerrstatus) + /* If not already recovering from an error, report this error. */ + { + ++yynerrs; + +#ifdef YYERROR_VERBOSE + yyn = yypact[yystate]; + + if (yyn > YYFLAG && yyn < YYLAST) + { + int size = 0; + char *msg; + int x, count; + + count = 0; + /* Start X at -yyn if nec to avoid negative indexes in yycheck. */ + for (x = (yyn < 0 ? -yyn : 0); + x < (sizeof(yytname) / sizeof(char *)); x++) + if (yycheck[x + yyn] == x) + size += strlen(yytname[x]) + 15, count++; + msg = (char *) malloc(size + 15); + if (msg != 0) + { + strcpy(msg, "parse error"); + + if (count < 5) + { + count = 0; + for (x = (yyn < 0 ? -yyn : 0); + x < (sizeof(yytname) / sizeof(char *)); x++) + if (yycheck[x + yyn] == x) + { + strcat(msg, count == 0 ? ", expecting `" : " or `"); + strcat(msg, yytname[x]); + strcat(msg, "'"); + count++; + } + } + yyerror(msg); + free(msg); + } + else + yyerror ("parse error; also virtual memory exceeded"); + } + else +#endif /* YYERROR_VERBOSE */ + yyerror("parse error"); + } + + goto yyerrlab1; +yyerrlab1: /* here on error raised explicitly by an action */ + + if (yyerrstatus == 3) + { + /* if just tried and failed to reuse lookahead token after an error, discard it. */ + + /* return failure if at end of input */ + if (yychar == YYEOF) + YYABORT; + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Discarding token %d (%s).\n", yychar, yytname[yychar1]); +#endif + + yychar = YYEMPTY; + } + + /* Else will try to reuse lookahead token + after shifting the error token. */ + + yyerrstatus = 3; /* Each real token shifted decrements this */ + + goto yyerrhandle; + +yyerrdefault: /* current state does not do anything special for the error token. */ + +#if 0 + /* This is wrong; only states that explicitly want error tokens + should shift them. */ + yyn = yydefact[yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ + if (yyn) goto yydefault; +#endif + +yyerrpop: /* pop the current state because it cannot handle the error token */ + + if (yyssp == yyss) YYABORT; + yyvsp--; + yystate = *--yyssp; +#ifdef YYLSP_NEEDED + yylsp--; +#endif + +#if YYDEBUG != 0 + if (yydebug) + { + short *ssp1 = yyss - 1; + fprintf (stderr, "Error: state stack now"); + while (ssp1 != yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif + +yyerrhandle: + + yyn = yypact[yystate]; + if (yyn == YYFLAG) + goto yyerrdefault; + + yyn += YYTERROR; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != YYTERROR) + goto yyerrdefault; + + yyn = yytable[yyn]; + if (yyn < 0) + { + if (yyn == YYFLAG) + goto yyerrpop; + yyn = -yyn; + goto yyreduce; + } + else if (yyn == 0) + goto yyerrpop; + + if (yyn == YYFINAL) + YYACCEPT; + +#if YYDEBUG != 0 + if (yydebug) + fprintf(stderr, "Shifting error token, "); +#endif + + *++yyvsp = yylval; +#ifdef YYLSP_NEEDED + *++yylsp = yylloc; +#endif + + yystate = yyn; + goto yynewstate; + + yyacceptlab: + /* YYACCEPT comes here. */ + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); +#endif + } + return 0; + + yyabortlab: + /* YYABORT comes here. */ + if (yyfree_stacks) + { + free (yyss); + free (yyvs); +#ifdef YYLSP_NEEDED + free (yyls); +#endif + } + return 1; +} +#line 242 "ssl.y" diff --git a/ssl/y.tab.h b/ssl/y.tab.h new file mode 100644 index 0000000..13309c6 --- /dev/null +++ b/ssl/y.tab.h @@ -0,0 +1,20 @@ +typedef union { + int val; + unsigned char str[8192]; +} YYSTYPE; +#define NAME_ 257 +#define NUM_ 258 +#define DOT_DOT_ 259 +#define STRUCT_ 260 +#define SELECT_ 261 +#define OPAQUE_ 262 +#define ENUM_ 263 +#define DIGITALLY_SIGNED_ 264 +#define COMMENT_START_ 265 +#define CODE_ 266 +#define COMMENT_END_ 267 +#define CASE_ 268 +#define CONSTANT_ 269 + + +extern YYSTYPE yylval; diff --git a/ssldump.1 b/ssldump.1 new file mode 100644 index 0000000..25e21f1 --- /dev/null +++ b/ssldump.1 @@ -0,0 +1,516 @@ +.\" This file contains sections of the tcpdump man page, to which the +.\" following copyright applies --EKR +.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.\" Copyright (C) 1999-2000 RTFM, Inc. +.\" All Rights Reserved +.\" +.\" This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +.\" and licensed by RTFM, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" +.\" This product includes software developed by Eric Rescorla for +.\" RTFM, Inc. +.\" +.\" 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +.\" used to endorse or promote products derived from this +.\" software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +.TH SSLDUMP 1 "28 September 2001" +.SH NAME +ssldump \- dump SSL traffic on a network +.SH SYNOPSIS +.na +.B ssldump +[ +.B \-vtaTnsAxXhHVNdq +] [ +.B \-r +.I dumpfile +] +[ +.B \-i +.I interface +] +.br +.ti +8 +[ +.B \-k +.I keyfile +] +[ +.B \-p +.I password +] +[ +.I expression +] +.br +.ad +.SH DESCRIPTION +.LP +\fIssldump\fP is an SSL/TLS network protocol analyzer. It identifies +TCP connections on the chosen network interface and attempts to +interpret them as SSL/TLS traffic. When it identifies SSL/TLS +traffic, it decodes the records and displays them in a textual +form to stdout. If provided with the appropriate keying material, +it will also decrypt the connections and display the application +data traffic. +.LP +ssldump has been tested on FreeBSD, Linux, Solaris, and HP/UX. Since +it's based on PCAP, it should work on most platforms. However, unlike +tcpdump, ssldump needs to be able to see both sides of the data +transmission so you may have trouble using it with network taps such +as SunOS nit that don't permit you to see transmitted data. +.B Under SunOS with nit or bpf: +To run +.I tcpdump +you must have read access to +.I /dev/nit +or +.IR /dev/bpf* . +.B Under Solaris with dlpi: +You must have read access to the network pseudo device, e.g. +.IR /dev/le . +.B Under HP-UX with dlpi: +You must be root or it must be installed setuid to root. +.B Under IRIX with snoop: +You must be root or it must be installed setuid to root. +.B Under Linux: +You must be root or it must be installed setuid to root. +.B Under Ultrix and Digital UNIX: +Once the super-user has enabled promiscuous-mode operation using +.IR pfconfig (8), +any user may run +.BR ssldump +.B Under BSD: +You must have read access to +.IR /dev/bpf* . +.SH OPTIONS +.B \-a +Print bare TCP ACKs (useful for observing Nagle behavior) +.TP +.B \-A +Print all record fields (by default ssldump chooses +the most interesting fields) +.TP +.B \-d +Display the application data traffic. This usually means +decrypting it, but when -d is used ssldump will also decode +application data traffic _before_ the SSL session initiates. +This allows you to see HTTPS CONNECT behavior as well as +SMTP STARTTLS. As a side effect, since ssldump can't tell +whether plaintext is traffic before the initiation of an +SSL connection or just a regular TCP connection, this allows +you to use ssldump to sniff any TCP connection. +ssldump will automatically detect ASCII data and display it +directly to the screen. non-ASCII data is displayed as hex +dumps. See also -X. +.TP +.B \-e +Print absolute timestamps instead of relative timestamps +.TP +.B \-r +Read data from \fIfile\fP instead of from the network. +The old -f option still works but is deprecated and will +probably be removed with the next version. +.B \-H +Print the full SSL packet header. +.TP +.B \-k +Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format) +Previous versions of ssldump automatically looked in ./server.pem. +Now you must specify your keyfile every time. +.TP +.B \-n +Don't try to resolve host names from IP addresses +.TP +.B \-N +Attempt to parse ASN.1 when it appears, such as in +certificates and DNs. +.TP +.B \-p +Use \fIpassword\fP as the SSL keyfile password. +.TP +.B \-P +Don't put the interface into promiscuous mode. +.TP +.B \-q +Don't decode any record fields beyond a single summary line. (quiet mode). +.TP +.B \-x +Print each record in hex, as well as decoding it. +.TP +.B \-X +When the -d option is used, binary data is automatically printed +in two columns with a hex dump on the left and the printable characters +on the right. -X suppresses the display of the printable characters, +thus making it easier to cut and paste the hext data into some other +program. +.B \-y +Decorate the output for processing with troff. Not very +useful for the average user. +.TP +.IP "\fI expression\fP" +.RS +Selects what packets ssldump will examine. Technically speaking, +ssldump supports the full expression syntax from PCAP and tcpdump. +In fact, the description here is cribbed from the tcpdump man +page. However, since ssldump needs to examine full TCP streams, +most of the tcpdump expressions will select traffic mixes +that ssldump will simply ignore. Only the expressions which +don't result in incomplete TCP streams are listed here. +.LP +The \fIexpression\fP consists of one or more +.I primitives. +Primitives usually consist of an +.I id +(name or number) preceded by one or more qualifiers. There are three +different kinds of qualifier: +.IP \fItype\fP +qualifiers say what kind of thing the id name or number refers to. +Possible types are +.BR host , +.B net +and +.BR port . +E.g., `host foo', `net 128.3', `port 20'. If there is no type +qualifier, +.B host +is assumed. +.IP \fIdir\fP +qualifiers specify a particular transfer direction to and/or from +.I id. +Possible directions are +.BR src , +.BR dst , +.B "src or dst" +and +.B "src and" +.BR dst . +E.g., `src foo', `dst net 128.3', `src or dst port ftp-data'. If +there is no dir qualifier, +.B "src or dst" +is assumed. +For `null' link layers (i.e. point to point protocols such as slip) the +.B inbound +and +.B outbound +qualifiers can be used to specify a desired direction. +.LP +More complex filter expressions are built up by using the words +.BR and , +.B or +and +.B not +to combine primitives. E.g., `host foo and not port ftp and not port ftp-data'. +To save typing, identical qualifier lists can be omitted. E.g., +`tcp dst port ftp or ftp-data or domain' is exactly the same as +`tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'. +.LP +Allowable primitives are: +.IP "\fBdst host \fIhost\fR" +True if the IPv4/v6 destination field of the packet is \fIhost\fP, +which may be either an address or a name. +.IP "\fBsrc host \fIhost\fR" +True if the IPv4/v6 source field of the packet is \fIhost\fP. +.IP "\fBhost \fIhost\fP +True if either the IPv4/v6 source or destination of the packet is \fIhost\fP. +Any of the above host expressions can be prepended with the keywords, +\fBip\fP, \fBarp\fP, \fBrarp\fP, or \fBip6\fP as in: +.in +.5i +.nf +\fBip host \fIhost\fR +.fi +.in -.5i +which is equivalent to: +.in +.5i +.nf +\fBether proto \fI\\ip\fB and host \fIhost\fR +.fi +.in -.5i +If \fIhost\fR is a name with multiple IP addresses, each address will +be checked for a match. +.IP "\fBether dst \fIehost\fP +True if the ethernet destination address is \fIehost\fP. \fIEhost\fP +may be either a name from /etc/ethers or a number (see +.IR ethers (3N) +for numeric format). +.IP "\fBether src \fIehost\fP +True if the ethernet source address is \fIehost\fP. +.IP "\fBether host \fIehost\fP +True if either the ethernet source or destination address is \fIehost\fP. +.IP "\fBgateway\fP \fIhost\fP +True if the packet used \fIhost\fP as a gateway. I.e., the ethernet +source or destination address was \fIhost\fP but neither the IP source +nor the IP destination was \fIhost\fP. \fIHost\fP must be a name and +must be found in both /etc/hosts and /etc/ethers. (An equivalent +expression is +.in +.5i +.nf +\fBether host \fIehost \fBand not host \fIhost\fR +.fi +.in -.5i +which can be used with either names or numbers for \fIhost / ehost\fP.) +This syntax does not work in IPv6-enabled configuration at this moment. +.IP "\fBdst net \fInet\fR" +True if the IPv4/v6 destination address of the packet has a network +number of \fInet\fP. \fINet\fP may be either a name from /etc/networks +or a network number (see \fInetworks(4)\fP for details). +.IP "\fBsrc net \fInet\fR" +True if the IPv4/v6 source address of the packet has a network +number of \fInet\fP. +.IP "\fBnet \fInet\fR" +True if either the IPv4/v6 source or destination address of the packet has a network +number of \fInet\fP. +.IP "\fBnet \fInet\fR \fBmask \fImask\fR" +True if the IP address matches \fInet\fR with the specific netmask. +May be qualified with \fBsrc\fR or \fBdst\fR. +Note that this syntax is not valid for IPv6 \fInet\fR. +.IP "\fBnet \fInet\fR/\fIlen\fR" +True if the IPv4/v6 address matches \fInet\fR a netmask \fIlen\fR bits wide. +May be qualified with \fBsrc\fR or \fBdst\fR. +.IP "\fBdst port \fIport\fR" +True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a +destination port value of \fIport\fP. +The \fIport\fP can be a number or a name used in /etc/services (see +.IR tcp (4P) +and +.IR udp (4P)). +If a name is used, both the port +number and protocol are checked. If a number or ambiguous name is used, +only the port number is checked (e.g., \fBdst port 513\fR will print both +tcp/login traffic and udp/who traffic, and \fBport domain\fR will print +both tcp/domain and udp/domain traffic). +.IP "\fBsrc port \fIport\fR" +True if the packet has a source port value of \fIport\fP. +.IP "\fBport \fIport\fR" +True if either the source or destination port of the packet is \fIport\fP. +Any of the above port expressions can be prepended with the keywords, +\fBtcp\fP or \fBudp\fP, as in: +.in +.5i +.nf +\fBtcp src port \fIport\fR +.fi +.in -.5i +which matches only tcp packets whose source port is \fIport\fP. +.LP +Primitives may be combined using: +.IP +A parenthesized group of primitives and operators +(parentheses are special to the Shell and must be escaped). +.IP +Negation (`\fB!\fP' or `\fBnot\fP'). +.IP +Concatenation (`\fB&&\fP' or `\fBand\fP'). +.IP +Alternation (`\fB||\fP' or `\fBor\fP'). +.LP +Negation has highest precedence. +Alternation and concatenation have equal precedence and associate +left to right. Note that explicit \fBand\fR tokens, not juxtaposition, +are now required for concatenation. +.LP +If an identifier is given without a keyword, the most recent keyword +is assumed. +For example, +.in +.5i +.nf +\fBnot host vs and ace\fR +.fi +.in -.5i +is short for +.in +.5i +.nf +\fBnot host vs and host ace\fR +.fi +.in -.5i +which should not be confused with +.in +.5i +.nf +\fBnot ( host vs or ace )\fR +.fi +.in -.5i +.LP +Expression arguments can be passed to ssldump as either a single argument +or as multiple arguments, whichever is more convenient. +Generally, if the expression contains Shell metacharacters, it is +easier to pass it as a single, quoted argument. +Multiple arguments are concatenated with spaces before being parsed. +.SH EXAMPLES +.LP +To listen to traffic on interface \fIle0\fP port \fI443\fP +.RS +.nf +\fBssldump -i le0 port 443\fP +.fi +.RE +.LP +To listen to traffic to the server \fIromeo\fP on port \fI443\fP. +.RS +.nf +\fBssldump -i le0 port 443 and host romeo\fP +.fi +.RE +.LP +To decrypt traffic to to host \fIromeo\fR +\fIserver.pem\fR and the password \fIfoobar\fR +.RS +.nf +\fBssldump -Ad -k ~/server.pem -p foobar -i le0 host romeo +.fi +.RE +.SH OUTPUT FORMAT +.LP +All output is printed to standard out. +.LP +ssldump prints an indication of every new TCP connection using a line +like the following +.nf +.LP +\fBNew TCP connection #2: iromeo.rtfm.com(2302) <-> sr1.rtfm.com(4433)\fP +.LP +.fi +The host which send the first SYN is printed on the left and the host +which responded is printed on the right. Ordinarily, this means that +the SSL client will be printed on the left with the SSL server on the +right. In this case we have a connection from \fIiromeo.rtfm.com\fR (port \fI2303\fR) +to \fIsr1.rtfm.com\fR (port \fI4433\fR). To allow the user to disentangle +traffic from different connections, each connection is numbered. This is +connection \fI2\fR. +.LP +The printout of each SSL record begins with a record line. This +line contains the connection and record number, a timestamp, and the +record type, as in the following: +.LP +.nf +\fB2 3 0.2001 (0.0749) S>C Handshake Certificate\fR +.fi +.LP +This is record \fI3\fR on connection \fI2\fR. The first timestamp +is the time since the beginning of the connection. The second is +the time since the previous record. Both are in seconds. +.LP +The next field in the record line is the direction that the record +was going. \fIC>S\fR indicates records transmitted from client to +server and \fIS>C\fR indicates records transmitted from server to client. +ssldump assumes that the host to transmit the first SYN +is the SSL client (this is nearly always correct). +.LP +The next field is the record type, one of \fIHandshake\fR, \fIIAlert\fR, +\fIChangeCipherSpec\fR, or \fIapplication_data\fR. Finally, ssldump +may print record-specific data on the rest of the line. For \fIHandshake\fR +records, it prints the handshake message. Thus, this record is +a \fICertificate\fR message. +.LP +ssldump chooses certain record types for further decoding. These +are the ones that have proven to be most useful for debugging: +.LP +.nf +\fIClientHello\fR \- version, offered cipher suites, session id + if provided) +\fIServerHello\fR \- version, session_id, chosen cipher suite, + compression method +\fIAlert\fR \- type and level (if obtainable) +.fi +.LP +Fuller decoding of the various records can be obtained by using the +.B \-A +, +.B \-d +, +.B \-k +and +.B \-p +flags. +.LP +.SH DECRYPTION +.LP +ssldump can decrypt traffic between two hosts if the following two +conditions are met: +.RS +.nf +1. ssldump has the keys. +2. Static RSA was used. +.fi +.RE +In any other case, once encryption starts, +ssldump will only be able to determine the +record type. Consider the following section of a trace. +.LP +.nf +\fB1 5 0.4129 (0.1983) C>S Handshake ClientKeyExchange +1 6 0.4129 (0.0000) C>S ChangeCipherSpec +1 7 0.4129 (0.0000) C>S Handshake +1 8 0.5585 (0.1456) S>C ChangeCipherSpec +1 9 0.6135 (0.0550) S>C Handshake +1 10 2.3121 (1.6986) C>S application_data +1 11 2.5336 (0.2214) C>S application_data +1 12 2.5545 (0.0209) S>C application_data +1 13 2.5592 (0.0046) S>C application_data +1 14 2.5592 (0.0000) S>C Alert\fP +.fi +.LP +Note that the \fIClientKeyExchange\fR message type is printed +but the rest of the \fIHandshake\fR messages do not have +types. These are the \fIFinished\fR messages, but because they +are encrypted ssldump only knows that they are of type \fIHandshake\fR. +Similarly, had the \fIAlert\fR in record 14 happened during the handshake, +it's type and level would have been printed. However, since it +is encrypted we can only tell that it is an alert. +.LP +.SH BUGS +.LP +Please send bug reports to ssldump@rtfm.com. +.LP +The TCP reassembler is not perfect. No attempt is made to reassemble IP +fragments and the 3-way handshake and close handshake are imperfectly +implemented. In practice, this turns out not to be much of a problem. +.LP +Support is provided for only for Ethernet and loopback interfaces +because that's all that I have. If you have another kind of network +you will need to modify pcap_cb in base/pcap-snoop.c. If you have +direct experience with ssldump on other networks, please send me patches. +.LP +ssldump doesn't implement session caching and therefore can't decrypt +resumed sessions. + + diff --git a/win32/Ssldump.html b/win32/Ssldump.html new file mode 100644 index 0000000..38403dc --- /dev/null +++ b/win32/Ssldump.html @@ -0,0 +1,394 @@ + + +
+

+       ssldump - dump SSL traffic on a network
+
+
+
+

SYNOPSIS

+       ssldump [ -vtaTnsAxXhHVNdq ] [ -r dumpfile ] 
       [ -i interface ] [ -k keyfile ] [ -p password ] [ expression ]
+
+
+
+

DESCRIPTION

+       ssldump is an SSL/TLS network protocol analyzer. It  iden-
+       tifies TCP connections on the chosen network interface and
+       attempts to interpret them as  SSL/TLS  traffic.  When  it
+       identifies  SSL/TLS  traffic,  it  decodes the records and
+       displays them in a textual form  to  stdout.  If  provided
+       with the appropriate keying material, it will also decrypt
+       the connections and display the application data  traffic.
+
+       ssldump  has  been  tested on FreeBSD, Linux, Solaris, and
+       HP/UX.  Since it's based on PCAP, it should work  on  most
+       platforms.  However,  unlike  tcpdump, ssldump needs to be
+       able to see both sides of the data transmission so you may
+       have  trouble using it with network taps such as SunOS nit
+       that don't permit you  to  see  transmitted  data.   Under
+       SunOS  with  nit or bpf: To run tcpdump you must have read
+       access to /dev/nit or /dev/bpf*.  Under Solaris with dlpi:
+       You  must  have  read access to the network pseudo device,
+       e.g.  /dev/le.  Under HP-UX with dlpi: You must be root or
+       it  must  be  installed  setuid  to root.  Under IRIX with
+       snoop: You must be root or it must be installed setuid  to
+       root.   Under  Linux:  You  must  be  root  or  it must be
+       installed setuid to root.  Under Ultrix and Digital  UNIX:
+       Once the super-user has enabled promiscuous-mode operation
+       using pfconfig(8), any user may run ssldump Under BSD: You
+       must have read access to /dev/bpf*.
+
+
+
+

OPTIONS

+       -a     Print bare TCP ACKs (useful for observing Nagle behav-
+              ior)
+
+       -A     Print all record fields (by default ssldump chooses
+              the most interesting fields)
+
+       -d     Display  the application data traffic. This usually
+              means decrypting it, but when -d  is  used  ssldump
+              will  also decode application data traffic _before_
+              the SSL session initiates.  This allows you to  see
+              HTTPS CONNECT behavior as well as SMTP STARTTLS. As
+              a side effect, since  ssldump  can't  tell  whether
+              plaintext  is  traffic  before the initiation of an
+              SSL connection or just a  regular  TCP  connection,
+              this  allows  you  to  use ssldump to sniff any TCP
+              connection.   ssldump  will  automatically   detect
+              ASCII  data  and display it directly to the screen.
+
+       -e     Print   absolute  timestamps  instead  of  relative
+              timestamps
+
+       -r     Read data from file instead of  from  the  network.
+              The old -f option still works but is deprecated and
+              will probably be removed with the next version.
              
       -H
+              Print the full SSL packet header.
+
+       -k     Use  keyfile  as  the  location  of the SSL keyfile
+              (OpenSSL format)  ssldump  automatically  looks  in
+              ./server.pem.
+
+       -n     Don't try to resolve host names from IP addresses
+
+       -N     Attempt  to parse ASN.1 when it appears, such as in
+              certificates and DNs.
+
+       -p     Use password as the SSL keyfile password default is
+              "password".
+
+       -q     Don't decode any record fields beyond a single sum-
+              mary line. (quiet mode).
+
+       -x     Print each record in hex, as well as decoding it.
+
+       -X     When the -d option is used, binary data is automat-
+              ically  printed  in  two columns with a hex dump on
+              the left and the printable characters on the right.
+              -X  suppresses the display of the printable charac-
+              ters, thus making it easier to cut  and  paste  the
+              hext data into some other program.  -y Decorate the
+              output for processing with troff. Not  very  useful
+              for the average user.
+
+
+        expression
+              Selects  what packets ssldump will examine. Techni-
+              cally speaking, ssldump supports the  full  expres-
+              sion  syntax  from  PCAP and tcpdump.  In fact, the
+              description here is cribbed from  the  tcpdump  man
+              page.  However, since ssldump needs to examine full
+              TCP streams, most of the tcpdump  expressions  will
+              select  traffic  mixes  that  ssldump  will  simply
+              ignore. Only the expressions which don't result  in
+              incomplete TCP streams are listed here.
+
+              The  expression consists of one or more primitives.
+              Primitives usually consist of an id (name  or  num-
+              ber) preceded by one or more qualifiers.  There are
+              three different kinds of qualifier:
+
+                     are host, net and port.  E.g.,  `host  foo',
+                     `net 128.3', `port 20'.  If there is no type
+                     qualifier, host is assumed.
+
+              dir    qualifiers  specify  a  particular  transfer
+                     direction   to  and/or  from  id.   Possible
+                     directions are src, dst, src or dst and  src
+                     and  dst.  E.g., `src foo', `dst net 128.3',
+                     `src or dst port ftp-data'.  If there is  no
+                     dir  qualifier,  src or dst is assumed.  For
+                     `null' link layers (i.e. point to point pro-
+                     tocols  such  as  slip) the inbound and out-
+                     bound qualifiers can be used  to  specify  a
+                     desired direction.
+
+              More  complex  filter  expressions  are built up by
+              using the words and, or and not to  combine  primi-
+              tives.   E.g.,  `host  foo and not port ftp and not
+              port ftp-data'.  To save typing,  identical  quali-
+              fier lists can be omitted.  E.g., `tcp dst port ftp
+              or ftp-data or domain' is exactly the same as  `tcp
+              dst  port  ftp  or tcp dst port ftp-data or tcp dst
+              port domain'.
+
+              Allowable primitives are:
+
+              dst host host
+                     True if the IPv4/v6 destination field of the
+                     packet  is  host,  which  may  be  either an
+                     address or a name.
+
+              src host host
+                     True if the  IPv4/v6  source  field  of  the
+                     packet is host.
+
+              host host
+                     True  if either the IPv4/v6 source or desti-
+                     nation of the packet is host.   Any  of  the
+                     above host expressions can be prepended with
+                     the keywords, ip, arp, rarp, or ip6 as in:
+                          ip host host
+                     which is equivalent to:
+                          ether proto \ip and host host
+                     If  host  is  a  name   with   multiple   IP
+                     addresses,  each address will be checked for
+                     a match.
+
+              ether dst ehost
+                     True if the ethernet destination address  is
+                     ehost.   Ehost  may  be  either  a name from
+                     /etc/ethers or a number (see ethers(3N)  for
+                     numeric format).
+                     True  if  the  ethernet  source  address  is
+                     ehost.
+
+              ether host ehost
+                     True if either the ethernet source or desti-
+                     nation address is ehost.
+
+              gateway host
+                     True  if  the packet used host as a gateway.
+                     I.e., the  ethernet  source  or  destination
+                     address  was  host but neither the IP source
+                     nor the IP destination was host.  Host  must
+                     be   a  name  and  must  be  found  in  both
+                     /etc/hosts and /etc/ethers.  (An  equivalent
+                     expression is
+                          ether host ehost and not host host
+                     which  can be used with either names or num-
+                     bers for host / ehost.)   This  syntax  does
+                     not  work  in  IPv6-enabled configuration at
+                     this moment.
+
+              dst net net
+                     True if the IPv4/v6 destination  address  of
+                     the  packet has a network number of net. Net
+                     may be either a name from /etc/networks or a
+                     network    number   (see   networks(4)   for
+                     details).
+
+              src net net
+                     True if the IPv4/v6 source  address  of  the
+                     packet has a network number of net.
+
+              net net
+                     True  if either the IPv4/v6 source or desti-
+                     nation address of the packet has  a  network
+                     number of net.
+
+              net net mask mask
+                     True  if the IP address matches net with the
+                     specific netmask.  May be qualified with src
+                     or  dst.  Note that this syntax is not valid
+                     for IPv6 net.
+
+              net net/len
+                     True if the IPv4/v6 address  matches  net  a
+                     netmask  len  bits  wide.   May be qualified
+                     with src or dst.
+
+              dst port port
+                     True  if  the  packet  is  ip/tcp,   ip/udp,
+                     ip6/tcp  or  ip6/udp  and  has a destination
+                     port value of port.  The port can be a  num-
+                     both   the  port  number  and  protocol  are
+                     checked.  If a number or ambiguous  name  is
+                     used, only the port number is checked (e.g.,
+                     dst port 513 will print both tcp/login traf-
+                     fic  and  udp/who  traffic,  and port domain
+                     will print both  tcp/domain  and  udp/domain
+                     traffic).
+
+              src port port
+                     True  if  the packet has a source port value
+                     of port.
+
+              port port
+                     True if either  the  source  or  destination
+                     port  of  the  packet  is  port.  Any of the
+                     above port expressions can be prepended with
+                     the keywords, tcp or udp, as in:
+                          tcp src port port
+                     which  matches only tcp packets whose source
+                     port is port.
+
+              Primitives may be combined using:
+
+                     A  parenthesized  group  of  primitives  and
+                     operators  (parentheses  are  special to the
+                     Shell and must be escaped).
+
+                     Negation (`!' or `not').
+
+                     Concatenation (`&&' or `and').
+
+                     Alternation (`||' or `or').
+
+              Negation has highest precedence.   Alternation  and
+              concatenation  have  equal precedence and associate
+              left to right.  Note that explicit and tokens,  not
+              juxtaposition,  are now required for concatenation.
+
+              If an identifier is given without  a  keyword,  the
+              most recent keyword is assumed.  For example,
+                   not host vs and ace
+              is short for
+                   not host vs and host ace
+              which should not be confused with
+                   not ( host vs or ace )
+
+              Expression  arguments  can  be passed to ssldump as
+              either a single argument or as multiple  arguments,
+              whichever  is  more  convenient.  Generally, if the
+              expression contains  Shell  metacharacters,  it  is
+              easier  to  pass  it  as a single, quoted argument.
+              Multiple arguments  are  concatenated  with  spaces
+
+       To listen to traffic on interface le0 port 443
+              ssldump -i le0 port 443
+
+       To listen to traffic to the server romeo on port 443.
+              ssldump -i le0 port 443 and host romeo
+
+       To  decrypt  traffic  to  to host romeo server.pem and the
+       password foobar
+              ssldump -Ad -k ~/server.pem -p foobar -i le0 host romeo
+
+
+
+

OUTPUT FORMAT

+       All output is printed to standard out.
+
+       ssldump prints an indication of every new  TCP  connection
+       using a line like the following
+
+       New TCP connection #2: iromeo.rtfm.com(2302) <-> sr1.rtfm.com(4433)
+
+       The  host  which send the first SYN is printed on the left
+       and the host which responded  is  printed  on  the  right.
+       Ordinarily, this means that the SSL client will be printed
+       on the left with the SSL server on the right. In this case
+       we  have  a connection from iromeo.rtfm.com (port 2303) to
+       sr1.rtfm.com (port 4433). To allow the user to disentangle
+       traffic  from  different  connections,  each connection is
+       numbered. This is connection 2.
+
+       The printout of each SSL record begins with a record line.
+       This  line  contains  the  connection and record number, a
+       timestamp, and the record type, as in the following:
+
+       2 3  0.2001 (0.0749)  S>C  Handshake      Certificate
+
+       This is record 3 on connection 2. The first  timestamp  is
+       the time since the beginning of the connection. The second
+       is the time since the previous record. Both  are  in  sec-
+       onds.
+
+       The  next  field  in the record line is the direction that
+       the record was going. C>S  indicates  records  transmitted
+       from  client to server and S>C indicates records transmit-
+       ted from server to client.  ssldump assumes that the  host
+       to  transmit  the  first  SYN  is  the SSL client (this is
+       nearly always correct).
+
+       The next field is  the  record  type,  one  of  Handshake,
+       IAlert,  ChangeCipherSpec,  or  application_data. Finally,
+       ssldump may print record-specific data on the rest of  the
+       line.  For Handshake records, it prints the handshake mes-
+       sage. Thus, this record is a Certificate message.
+
+       ssldump chooses certain record types for further decoding.
+
+       ClientHello - version, offered cipher suites, session id
+                            if provided)
+       ServerHello - version, session_id, chosen cipher suite,
+                      compression method
+       Alert - type and level (if obtainable)
+
+       Fuller decoding of the various records can be obtained  by
+       using the -A , -d , -k and -p flags.
+
+
+
+
+

DECRYPTION

+       ssldump  can decrypt traffic between two hosts if the fol-
+       lowing two conditions are met:
+              1. ssldump has the keys.
+              2. Static RSA was used.
+       In any other case, once encryption  starts,  ssldump  will
+       only  be  able  to determine the record type. Consider the
+       following section of a trace.
+
+       1 5  0.4129 (0.1983)  C>S  Handshake      ClientKeyExchange
+       1 6  0.4129 (0.0000)  C>S  ChangeCipherSpec
+       1 7  0.4129 (0.0000)  C>S  Handshake
+       1 8  0.5585 (0.1456)  S>C  ChangeCipherSpec
+       1 9  0.6135 (0.0550)  S>C  Handshake
+       1 10 2.3121 (1.6986)  C>S  application_data
+       1 11 2.5336 (0.2214)  C>S  application_data
+       1 12 2.5545 (0.0209)  S>C  application_data
+       1 13 2.5592 (0.0046)  S>C  application_data
+       1 14 2.5592 (0.0000)  S>C  Alert
+
+       Note that the ClientKeyExchange message  type  is  printed
+       but  the rest of the Handshake messages do not have types.
+       These are the Finished  messages,  but  because  they  are
+       encrypted  ssldump  only knows that they are of type Hand-
+       shake.  Similarly, had the Alert  in  record  14  happened
+       during  the handshake, it's type and level would have been
+       printed. However, since it is encrypted we can  only  tell
+       that it is an alert.
+
+
+
+
+

BUGS

+       Please send bug reports to ssldump@rtfm.com.
+
+       The  TCP reassembler is not perfect. No attempt is made to
+       reassemble IP fragments and the 3-way handshake and  close
+       handshake  are  imperfectly implemented. In practice, this
+       turns out not to be much of a problem.
+
+       Support is provided for only  for  Ethernet  and  loopback
+       interfaces  because  that's  all  that I have. If you have
+       another kind of network you will need to modify pcap_cb in
+       base/pcap-snoop.c. If you have direct experience with ssldump
+       on other networks, please send me patches.
+
+       ssldump doesn't implement session  caching  and  therefore
+       can't decrypt resumed sessions.
+
+
+
+
+
+Man(1) output converted with +man2html +
+ + diff --git a/win32/vcwin32.mak b/win32/vcwin32.mak new file mode 100644 index 0000000..ac7a6f6 --- /dev/null +++ b/win32/vcwin32.mak @@ -0,0 +1,305 @@ +# Copyright (C) 1999-2000 RTFM, Inc. +# All Rights Reserved + +# This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla +# and licensed by RTFM, Inc. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# +# This product includes software developed by Eric Rescorla for +# RTFM, Inc. + +# 4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be +# used to endorse or promote products derived from this +# software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH DAMAGE. +!IF "$(CFG)" == "" +CFG=release +!MESSAGE No configuration specified. Defaulting to release. +!ENDIF + +!IF "$(CFG)" != "release" && "$(CFG)" != "debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "vcwin32.mak" CFG="debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "release" +!MESSAGE "debug" +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF + + +# Directories, relative to this one + +ROOT=. +ANALYZE_SRCDIR=$(ROOT)\base +COMMONDIR=$(ROOT)\common +COMMON_LIB_SRCDIR=$(COMMONDIR)\lib +ANALYZE_NULL_SRCDIR=$(ROOT)\null +ANALYZE_SSL_SRCDIR=$(ROOT)\ssl + +WIN32_DIR=$(ROOT)\win32 +OBJ_DIR=$(ROOT)\out32 +WINPCAP_DEV_DIR=$(WIN32_DIR)\WPdpack +WINPCAP_SRC_DIR=$(WIN32_DIR)\winpcap +WINPCAP_INCLUDES=-I$(WINPCAP_DEV_DIR)\include -I$(WINPCAP_DEV_DIR)\include\net \ +-I$(WINPCAP_SRC_DIR)\wpcap\libpcap\win32\include + +# +# OpenSSL-specific stuff +# + +!IF "$(OPENSSL)" == "" +OPENSSL=no +!MESSAGE OpenSSL support defaulting to "no". +!ENDIF + +!IF "$(OPENSSL)" == "yes" + +# +# Customize the next 3 macros match your openssl development setup +# +OPENSSL_DIR=$(ROOT)\..\openssl\openssl-0.9.6g +OPENSSL_RELEASE=$(OPENSSL_DIR)\out32 +OPENSSL_DEBUG=$(OPENSSL_DIR)\out32.dbg + +OPENSSL_DEFINES=/D OPENSSL +OPENSSL_RELEASE_LIBS=$(OPENSSL_RELEASE)\libeay32.lib $(OPENSSL_RELEASE)\ssleay32.lib +OPENSSL_DEBUG_LIBS=$(OPENSSL_DEBUG)\libeay32.lib $(OPENSSL_DEBUG)\ssleay32.lib +OPENSSL_INCLUDES=-I$(OPENSSL_DIR)\inc32 + +!ELSE # no OpenSSL + +OPENSSL_DEFINES= +OPENSSL_DIR= +OPENSSL_RELEASE= +OPENSSL_RELEASE_LIBS= +OPENSSL_DEBUG= +OPENSSL_DEBUG_LIBS= +OPENSSL_INCLUDES= + +!ENDIF + + +PLATFORM=VC-WIN32 +CC=cl.exe +LINK=link.exe + +# +# Getting the C run-time flag correct is critical and difficult, sadly +# The same C run-time should be used by all the object code that comprises +# the process. This means all DLL's and static libs we link to must use the +# same C run-time, and we must match it with our flag. +# +# the wpcap.dll is linked to the static C run-time lib, so we will also +# + +C_RUNTIME_FLAG=/MT +COMMON_INCLUDES=-I$(ANALYZE_SRCDIR) -I$(COMMONDIR)\include -I$(COMMON_LIB_SRCDIR) -I$(ANALYZE_NULL_SRCDIR) \ +-I$(ANALYZE_SSL_SRCDIR) -I$(WIN32_DIR) $(WINPCAP_INCLUDES) $(OPENSSL_INCLUDES) +COMMON_DEFINES=/D STDC /D WIN32 /D _CONSOLE \ + $(OPENSSL_DEFINES) /D STDC_HEADERS /D SIZEOF_UNSIGNED_SHORT=2 /D SIZEOF_UNSIGNED_LONG=4 \ + /D RETSIGTYPE=void /D SIZEOF_CHAR=1 /D SIZEOF_SHORT=2 /D SIZEOF_INT=4 +COMMON_CFLAGS=/nologo /W3 $(COMMON_INCLUDES) $(COMMON_DEFINES) /Fp"$(OBJ_DIR)\ssldump.pch" /YX /Fd"$(OBJ_DIR)\\" /FD /c +COMMON_LIBS=gdi32.lib Wsock32.lib $(WINPCAP_DEV_DIR)\lib\wpcap.lib +COMMON_LFLAGS=/nologo /subsystem:console /machine:I386 /opt:ref /incremental:no + + + +# Set build-specific (i.e., release vs. debug) options + +!IF "$(CFG)" == "release" + +BUILD_SPECIFIC_INCLUDES= +BUILD_SPECIFIC_DEFINES=/D NDEBUG +BUILD_SPECIFIC_CFLAGS=$(C_RUNTIME_FLAG) /O2 $(BUILD_SPECIFIC_INCLUDES) $(BUILD_SPECIFIC_DEFINES) +BUILD_SPECIFIC_LIBS=$(OPENSSL_RELEASE_LIBS) +BUILD_SPECIFIC_LFLAGS= + +!ELSE # =="debug" + +BUILD_SPECIFIC_INCLUDES= +BUILD_SPECIFIC_DEFINES=/D _DEBUG +BUILD_SPECIFIC_CFLAGS=$(C_RUNTIME_FLAG)d /ZI /Od /GZ $(BUILD_SPECIFIC_INCLUDES) $(BUILD_SPECIFIC_DEFINES) +BUILD_SPECIFIC_LIBS=$(OPENSSL_DEBUG_LIBS) +BUILD_SPECIFIC_LFLAGS= + +!ENDIF + +CFLAGS=$(COMMON_CFLAGS) $(BUILD_SPECIFIC_CFLAGS) +LFLAGS=$(COMMON_LFLAGS) $(BUILD_SPECIFIC_LFLAGS) $(COMMON_LIBS) $(BUILD_SPECIFIC_LIBS) + + + +ALL : $(OBJ_DIR) "$(OBJ_DIR)\ssldump.exe" + +"$(OBJ_DIR)" : + if not exist "$(OBJ_DIR)/$(NULL)" mkdir "$(OBJ_DIR)" + + +CLEAN : + -@erase "$(OBJ_DIR)\debug.obj" + -@erase "$(OBJ_DIR)\r_assoc.obj" + -@erase "$(OBJ_DIR)\r_data.obj" + -@erase "$(OBJ_DIR)\r_errors.obj" + -@erase "$(OBJ_DIR)\r_list.obj" + -@erase "$(OBJ_DIR)\r_replace.obj" + -@erase "$(OBJ_DIR)\r_time.obj" + -@erase "$(OBJ_DIR)\network.obj" + -@erase "$(OBJ_DIR)\pcap-snoop.obj" + -@erase "$(OBJ_DIR)\proto_mod.obj" + -@erase "$(OBJ_DIR)\tcpconn.obj" + -@erase "$(OBJ_DIR)\tcppack.obj" + -@erase "$(OBJ_DIR)\null_analyze.obj" + -@erase "$(OBJ_DIR)\ciphersuites.obj" + -@erase "$(OBJ_DIR)\ssl.enums.obj" + -@erase "$(OBJ_DIR)\ssl_analyze.obj" + -@erase "$(OBJ_DIR)\ssl_rec.obj" + -@erase "$(OBJ_DIR)\ssldecode.obj" + -@erase "$(OBJ_DIR)\sslprint.obj" + -@erase "$(OBJ_DIR)\sslxprint.obj" + -@erase "$(OBJ_DIR)\ssldump.exe" + + +LINK_OBJS= \ + "$(OBJ_DIR)\debug.obj" \ + "$(OBJ_DIR)\r_assoc.obj" \ + "$(OBJ_DIR)\r_data.obj" \ + "$(OBJ_DIR)\r_errors.obj" \ + "$(OBJ_DIR)\r_list.obj" \ + "$(OBJ_DIR)\r_replace.obj" \ + "$(OBJ_DIR)\r_time.obj" \ + "$(OBJ_DIR)\network.obj" \ + "$(OBJ_DIR)\pcap-snoop.obj" \ + "$(OBJ_DIR)\proto_mod.obj" \ + "$(OBJ_DIR)\tcpconn.obj" \ + "$(OBJ_DIR)\tcppack.obj" \ + "$(OBJ_DIR)\null_analyze.obj" \ + "$(OBJ_DIR)\ciphersuites.obj" \ + "$(OBJ_DIR)\ssl.enums.obj" \ + "$(OBJ_DIR)\ssl_analyze.obj" \ + "$(OBJ_DIR)\ssl_rec.obj" \ + "$(OBJ_DIR)\ssldecode.obj" \ + "$(OBJ_DIR)\sslprint.obj" \ + "$(OBJ_DIR)\sslxprint.obj" + +"$(OBJ_DIR)\ssldump.exe": "$(OBJ_DIR)" $(LINK_OBJS) + $(LINK) @<< + /OUT:$@ $(LFLAGS) $(LINK_OBJS) +<< + + +# +# FILE DEPENDENCIES +# +# file dependencies state, for each file that is built, +# which file(s) it depends upon +# + +$(OBJ_DIR)\debug.obj: $(COMMON_LIB_SRCDIR)\debug.h +$(OBJ_DIR)\debug.obj: $(COMMON_LIB_SRCDIR)\debug.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\debug.c + +$(OBJ_DIR)\r_assoc.obj: $(COMMON_LIB_SRCDIR)\r_assoc.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_assoc.c + +$(OBJ_DIR)\r_data.obj: $(COMMON_LIB_SRCDIR)\r_data.h +$(OBJ_DIR)\r_data.obj: $(COMMON_LIB_SRCDIR)\r_data.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_data.c + +$(OBJ_DIR)\r_errors.obj: $(COMMON_LIB_SRCDIR)\r_errors.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_errors.c + +$(OBJ_DIR)\r_list.obj: $(COMMON_LIB_SRCDIR)\r_list.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_list.c + +$(OBJ_DIR)\r_replace.obj: $(COMMON_LIB_SRCDIR)\r_replace.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_replace.c + +$(OBJ_DIR)\r_time.obj: $(COMMON_LIB_SRCDIR)\r_time.c + $(CC) $(CFLAGS) /Fo$@ $(COMMON_LIB_SRCDIR)\r_time.c + + + + +$(OBJ_DIR)\network.obj: $(ANALYZE_SRCDIR)\network.h +$(OBJ_DIR)\network.obj: $(ANALYZE_SRCDIR)\network.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\network.c + +$(OBJ_DIR)\pcap-snoop.obj: $(ANALYZE_SRCDIR)\pcap-snoop.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\pcap-snoop.c + +$(OBJ_DIR)\proto_mod.obj: $(ANALYZE_SRCDIR)\proto_mod.h +$(OBJ_DIR)\proto_mod.obj: $(ANALYZE_SRCDIR)\proto_mod.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\proto_mod.c + +$(OBJ_DIR)\tcpconn.obj: $(ANALYZE_SRCDIR)\tcpconn.h +$(OBJ_DIR)\tcpconn.obj: $(ANALYZE_SRCDIR)\tcpconn.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\tcpconn.c + +$(OBJ_DIR)\tcppack.obj: $(ANALYZE_SRCDIR)\tcppack.h +$(OBJ_DIR)\tcppack.obj: $(ANALYZE_SRCDIR)\tcppack.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SRCDIR)\tcppack.c + + +$(OBJ_DIR)\null_analyze.obj: $(ANALYZE_NULL_SRCDIR)\null_analyze.h +$(OBJ_DIR)\null_analyze.obj: $(ANALYZE_NULL_SRCDIR)\null_analyze.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_NULL_SRCDIR)\null_analyze.c + + + +$(OBJ_DIR)\ciphersuites.obj: $(ANALYZE_SSL_SRCDIR)\ciphersuites.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ciphersuites.c + +$(OBJ_DIR)\ssl.enums.obj: $(ANALYZE_SSL_SRCDIR)\ssl.enums.h +$(OBJ_DIR)\ssl.enums.obj: $(ANALYZE_SSL_SRCDIR)\ssl.enums.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssl.enums.c + +$(OBJ_DIR)\ssl_analyze.obj: $(ANALYZE_SSL_SRCDIR)\ssl_analyze.h +$(OBJ_DIR)\ssl_analyze.obj: $(ANALYZE_SSL_SRCDIR)\ssl_analyze.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssl_analyze.c + +$(OBJ_DIR)\ssl_rec.obj: $(ANALYZE_SSL_SRCDIR)\ssl_rec.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssl_rec.c + +$(OBJ_DIR)\ssldecode.obj: $(ANALYZE_SSL_SRCDIR)\ssldecode.h +$(OBJ_DIR)\ssldecode.obj: $(ANALYZE_SSL_SRCDIR)\ssldecode.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\ssldecode.c + +$(OBJ_DIR)\sslprint.obj: $(ANALYZE_SSL_SRCDIR)\sslprint.h +$(OBJ_DIR)\sslprint.obj: $(ANALYZE_SSL_SRCDIR)\sslprint.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\sslprint.c + +$(OBJ_DIR)\sslxprint.obj: $(ANALYZE_SSL_SRCDIR)\sslxprint.h +$(OBJ_DIR)\sslxprint.obj: $(ANALYZE_SSL_SRCDIR)\sslxprint.c + $(CC) $(CFLAGS) /Fo$@ $(ANALYZE_SSL_SRCDIR)\sslxprint.c