Compare commits

...

26 commits

Author SHA1 Message Date
wllm-rbnt
d212450f58
Merge branch 'adulau:master' into openssl3.x 2024-09-09 08:28:28 +02:00
0282281a4b
Merge pull request #114 from adulau/dependabot/github_actions/actions/upload-artifact-4.4.0
Bump actions/upload-artifact from 4.3.6 to 4.4.0
2024-09-02 09:35:49 +02:00
dependabot[bot]
c47ce6998c
Bump actions/upload-artifact from 4.3.6 to 4.4.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](834a144ee9...50769540e7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-02 04:46:21 +00:00
61e0071572
Merge pull request #112 from adulau/dependabot/github_actions/actions/upload-artifact-4.3.6
Bump actions/upload-artifact from 4.3.4 to 4.3.6
2024-08-21 14:12:52 +02:00
b31ef76274
Merge pull request #108 from adulau/dependabot/github_actions/ossf/scorecard-action-2.4.0
Bump ossf/scorecard-action from 2.3.3 to 2.4.0
2024-08-21 14:12:37 +02:00
d70855020e
Merge pull request #111 from 1div0/ECH
ECH
2024-08-21 14:11:46 +02:00
dependabot[bot]
c339dda2f7
Bump actions/upload-artifact from 4.3.4 to 4.3.6
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.4 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](0b2256b8c0...834a144ee9)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-12 04:33:03 +00:00
Peter Kovář
00171e1bf9 Add ECH
Signed-off-by: Peter Kovář <peter.kovar@reflexion.tv>
2024-08-10 20:29:32 +02:00
Peter Kovář
5c20a7401b Add TLS Version 1.3 Handling
Signed-off-by: Peter Kovář <peter.kovar@reflexion.tv>
2024-08-10 20:26:32 +02:00
dependabot[bot]
ad330211e2
Bump ossf/scorecard-action from 2.3.3 to 2.4.0
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](dc50aa9510...62b2cac7ed)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-29 04:49:26 +00:00
f24cf1476c
Merge pull request #107 from adulau/dependabot/github_actions/actions/upload-artifact-4.3.4
Bump actions/upload-artifact from 4.3.3 to 4.3.4
2024-07-23 06:01:22 +02:00
dependabot[bot]
0ac964a418
Bump actions/upload-artifact from 4.3.3 to 4.3.4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65462800fd...0b2256b8c0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-08 04:26:09 +00:00
de20cad354
Merge pull request #106 from adulau/dependabot/github_actions/ossf/scorecard-action-2.3.3
Bump ossf/scorecard-action from 2.3.1 to 2.3.3
2024-05-13 16:13:21 +02:00
dependabot[bot]
ec6c02d028
Bump ossf/scorecard-action from 2.3.1 to 2.3.3
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...dc50aa9510)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-13 05:00:58 +00:00
c755079045
Merge pull request #104 from adulau/dependabot/github_actions/actions/upload-artifact-4.3.3
Bump actions/upload-artifact from 4.3.2 to 4.3.3
2024-04-29 08:25:48 +02:00
dependabot[bot]
c8b51f3f59
Bump actions/upload-artifact from 4.3.2 to 4.3.3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](1746f4ab65...65462800fd)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-29 04:45:31 +00:00
d02412720b
Merge pull request #102 from the-real-tokai/fix-fdatasync-osx
Fix problematic fdatasync() call on macOS
2024-04-23 17:15:07 +02:00
7d56234008
Merge pull request #103 from adulau/dependabot/github_actions/actions/upload-artifact-4.3.2
Bump actions/upload-artifact from 3.pre.node20 to 4.3.2
2024-04-22 06:33:11 +02:00
dependabot[bot]
50225a3b72
Bump actions/upload-artifact from 3.pre.node20 to 4.3.2
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.pre.node20 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](97a0fba137...1746f4ab65)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 04:19:12 +00:00
Christian Rosentreter
e5f2916b65
Fix problematic fdatasync() call on macOS
The fdatasync call generates a "implicit declaration of function 'fdatasync' is invalid in C99" warning when building for macOS (it's nowhere to be found in the system includes), but linking will eventually work fine because there is an unrelated syscall by the same name (different prototype), so it's not doing what it should. So lets not use it.
2024-04-16 17:49:06 +02:00
89ed604ddc
Update README.md 2024-04-01 16:14:19 +02:00
b2d3cf387a
Update README.md 2024-04-01 16:11:06 +02:00
a43257ce50
Update README.md 2024-04-01 16:10:05 +02:00
e0f787da52
Create scorecard.yml 2024-04-01 16:09:06 +02:00
2774e51db6
Merge pull request #98 from adulau/dependabot/github_actions/github/codeql-action-3
Bump github/codeql-action from 2 to 3
2023-12-18 23:05:18 +01:00
dependabot[bot]
72d9e2b35f
Bump github/codeql-action from 2 to 3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-18 04:31:31 +00:00
6 changed files with 85 additions and 4 deletions

View file

@ -26,7 +26,7 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Build Application using script
@ -35,6 +35,6 @@ jobs:
cmake -B ${{github.workspace}}/build -G Ninja
ninja -C ${{github.workspace}}/build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

73
.github/workflows/scorecard.yml vendored Normal file
View file

@ -0,0 +1,73 @@
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '33 14 * * 6'
push:
branches: [ "master" ]
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
with:
sarif_file: results.sarif

View file

@ -2,6 +2,7 @@
[![Build CI](https://github.com/adulau/ssldump/actions/workflows/build.yml/badge.svg)](https://github.com/adulau/ssldump/actions/workflows/build.yml)
[![CodeQL analysis](https://github.com/adulau/ssldump/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/adulau/ssldump/actions/workflows/codeql-analysis.yml)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/adulau/ssldump/badge)](https://securityscorecards.dev/viewer/?uri=github.com/adulau/ssldump)
# Release and tagging

View file

@ -54,7 +54,11 @@ static int init_pcap_logger(void *data) {
}
static int deinit_pcap_logger(void) {
fdatasync(pcap_fd);
#if defined(_POSIX_SYNCHRONIZED_IO) && (_POSIX_SYNCHRONIZED_IO > 0)
fdatasync(pcap_fd);
#else
fsync(pcap_fd);
#endif
close(pcap_fd);
return 0;
}

View file

@ -244,7 +244,7 @@ static int decode_HandshakeType_ClientHello(ssl_obj *ssl,
SSL_DECODE_UINT16(ssl, "extensions len", 0, data, &exlen);
if(exlen) {
explain(ssl, "extensions\n");
while(data->len) {
while(data->len > 0) {
SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
if(!ja3_ex_str)
ja3_ex_str = calloc(7, 1);
@ -1714,6 +1714,7 @@ decoder extension_decoder[] = {
{55, "external_id_hash", decode_extension},
{56, "external_session_id", decode_extension},
{13172, "next_protocol_negotiation", decode_extension},
{0xfe0d, "encrypted_client_hello", decode_extension},
{0xff01, "renegotiation_info", decode_extension},
{-1}};

View file

@ -555,6 +555,7 @@ int ssl_restore_session(ssl_obj *ssl, ssl_decoder *d) {
case TLSV1_VERSION:
case TLSV11_VERSION:
case TLSV12_VERSION:
case TLSV13_VERSION:
if((r = ssl_generate_keying_material(ssl, d)))
ABORT(r);
break;
@ -658,6 +659,7 @@ int ssl_process_client_key_exchange(ssl_obj *ssl,
case TLSV1_VERSION:
case TLSV11_VERSION:
case TLSV12_VERSION:
case TLSV13_VERSION:
if((r = ssl_generate_keying_material(ssl, d)))
ABORT(r);
break;