Linux arm64 support

CHANGELOG

@@ -1,6 +1,13 @@
 tls-scan -- History of changes.
 Bug numbers referenced in this log correspond to bug numbers at our issue tracker,
 
+Version 1.5.2 (2023-09-24)
++-----------------------------------
+* Build bug fix: https://github.com/prbinu/tls-scan/issues/59
+* Updated gzip and libevent package versions
+* Add build-from-source support for Linux ARM architecture
+* Tag: https://github.com/prbinu/tls-scan/releases/tag/1.5.2
+
 Version 1.5.1 (2023-04-23)
 +-----------------------------------
 * Critial bug fix: https://github.com/prbinu/tls-scan/issues/54

Makefile.am

@@ -4,13 +4,19 @@ tls_scan_SOURCES = main.c common.c cert-parser.c gnutls13.c proto-adapters.c
 TS_VERSION = $(shell grep -m 1  Version $(top_srcdir)/CHANGELOG | awk '{print $$2}')
 TS_BUILD_DATE = $(shell date '+%Y-%m-%d')
 TS_OS = $(shell uname -s)
+TS_ARCH = $(shell uname -p)
 
 AM_CPPFLAGS = -I$(top_srcdir)/include -I build-root/include -I build-root/include -Wall -Wundef -Wshadow -Wunreachable-code -Wswitch-default -Wcast-align -pedantic -g -std=c99 -D_GNU_SOURCE -DTS_VERSION=\"$(TS_VERSION)\" -DTS_BUILD_DATE=\"$(TS_BUILD_DATE)\" -DTS_OS=\"$(TS_OS)\"
 
 if LINUX
-LDADD =  build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib64/libhogweed.a build-root/lib64/libnettle.a build-root/lib/libz.a -ldl -lrt 
+
+if [ "${TS_ARCH}" == "x86_64" ]; then
+LDADD =  build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib64/libhogweed.a build-root/lib64/libnettle.a build-root/lib/libz.a -ldl -lrt
+else
+LDADD =  build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib/libhogweed.a build-root/lib/libnettle.a build-root/lib/libz.a -ldl -lrt
 endif
 
+endif
 if DARWIN
 LDADD =  build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib/libhogweed.a build-root/lib/libnettle.a -ldl
 AM_LDFLAGS = -lz -framework Security -framework CoreFoundation

README.md

@@ -28,13 +28,13 @@ This tool is primarily for collecting TLS cipher and X.509 certificate data. The
 
 You may either use pre-built binary package or build from the source.
 
-### Pre-built Binary
+### Pre-built Binary (x86_64)
 
 Linux and OSX: [https://github.com/prbinu/tls-scan/releases/latest](https://github.com/prbinu/tls-scan/releases/latest)
 
 ### Build From Source
 
-All you need is [`build-x86-64.sh`](https://github.com/prbinu/tls-scan/blob/master/build-x86-64.sh). This script pulls dependent packages - PeterMosmans [`openssl`](https://github.com/PeterMosmans/openssl), [`libevent`](https://github.com/libevent/libevent) and [GnuTLS](https://gitlab.com/gnutls/gnutls/), and build those from the scratch. Since the openssl we use is different from stock openssl, it is linked statically to tls-scan program. The build can take approximately twenty minutes to complete.
+All you need is [`build-x86-64.sh`](https://github.com/prbinu/tls-scan/blob/master/build-x86-64.sh) (or `build-arm64.sh` for Linux Arm arch). This script pulls dependent packages - PeterMosmans [`openssl`](https://github.com/PeterMosmans/openssl), [`libevent`](https://github.com/libevent/libevent) and [GnuTLS](https://gitlab.com/gnutls/gnutls/), and build those from the scratch. Since the openssl we use is different from stock openssl, it is linked statically to tls-scan program. The build can take approximately twenty minutes to complete.
 
 *Build Pre-requisites* :
 
@@ -43,31 +43,38 @@ All you need is [`build-x86-64.sh`](https://github.com/prbinu/tls-scan/blob/mast
 * [libtool](http://ftpmirror.gnu.org/libtool)
 * [pkg-config](https://pkg-config.freedesktop.org/releases/?C=M;O=D)
 * [gcc](http://railsapps.github.io/xcode-command-line-tools.html)
+* make
 
 On Ubuntu:
 
 ```sh
-% sudo apt-get update
-% sudo apt-get install autoconf automake libtool pkg-config gcc unzip -y
+sudo apt-get update
+sudo apt-get install make autoconf automake libtool pkg-config gcc unzip -y
 ```
 
 ### Linux
 
-*Build* :
-
 ```sh
-% git clone https://github.com/prbinu/tls-scan.git
-% cd tls-scan
-% ./build-x86-64.sh
+git clone https://github.com/prbinu/tls-scan.git
+cd tls-scan
 ```
 
+*x84_64*
+```sh
+./build-x86-64.sh
+```
 The newly built tls-scan binary can be found at `./build-root/bin`. build-x86-64.sh is a wrapper script that calls `./bootstrap.sh` to build all dependent packages. bootstrap.sh also executes the `autoreconf -i` command to generate `configure` file. Subsequently it calles the standard `./configure`, `make && make install`.
 
+*arm64*
+```sh
+./build-arm64.sh
+```
+
 *Test* :
 
 ```sh
-% cd build-root/bin
-% ./tls-scan --connect=yahoo.com --cacert=../etc/tls-scan/ca-bundle.crt --pretty
+cd build-root/bin
+./tls-scan --connect=yahoo.com --cacert=../etc/tls-scan/ca-bundle.crt --pretty
 ```
 
 ### OSX
@@ -76,16 +83,18 @@ If you do not have the pre-requisite packages, you can easily install those pack
 * [xcode-command-line-tools](http://railsapps.github.io/xcode-command-line-tools.html)
 * [how-to-install-autoconf-automake-and-related-tools-on-mac-os-x-from-source](http://superuser.com/questions/383580/how-to-install-autoconf-automake-and-related-tools-on-mac-os-x-from-source)
 
-*Build* :
-
 ```sh
-% git clone https://github.com/prbinu/tls-scan.git
-% cd tls-scan
-% ./build-x86-64.sh
+git clone https://github.com/prbinu/tls-scan.git
+cd tls-scan
+./build-x86-64.sh
 ```
 
 The tls-scan binary can be found at `./build-root/bin`. Another (easy) option is to use our Docker image to build and run `tls-scan` on OSX.
 
+**Running `tls-scan` on Mac Apple Silicon (Arm/M1/M2)**:
+
+Currently no native build support, however you may run `tls-scan` binary using [Rosetta2](https://support.apple.com/en-us/HT211861)
+
 ### Docker
 
 *Pre-requisite* : [Docker](https://docs.docker.com/engine/installation/)
@@ -94,19 +103,19 @@ The tls-scan binary can be found at `./build-root/bin`. Another (easy) option is
 Copy the [Dockerfile](https://github.com/prbinu/tls-scan/blob/master/Dockerfile) to your machine, and run it:
 
 ```sh
-% docker build -t tls-scan .
+docker build -t tls-scan .
 ```
 
 *Test* :
 
 ```sh
-% docker run --rm tls-scan --connect=example.com:443 --all --pretty
+docker run --rm tls-scan --connect=example.com:443 --all --pretty
 ```
 
 ## Example
 
 ```sh
-% ./tls-scan -c search.yahoo.com --all --pretty
+./tls-scan -c search.yahoo.com --all --pretty
 ```
 
 ```json
@@ -267,3 +276,4 @@ To support old, insecure cipher scans, we are using an old openssl version that
 
 ## Contributions
 Collaborators and pull requests are welcome!
+

bootstrap-arm64.sh

@@ -0,0 +1,131 @@
+#!/bin/bash
+# Environment variables
+#  TS_BUILDROOT : Build root directory. Default to current working directory
+#  TS_INSTALLDIR : Installation directory. Default to ${TS_BUILDROOT}
+#
+echo " "
+echo "  IMPORTANT NOTICE"
+echo "  Build Pre-requisites :"
+echo " "
+echo "    gcc"
+echo "    autoconf"
+echo "    automake"
+echo "    libtool"
+echo "    pkg-config"
+echo "Make sure you have these packages installed before you proceed with tls-scan build"
+echo "continue in a moment ..."
+sleep 10
+
+set -e
+CD=`pwd`
+OS=`uname`
+
+if [ "${OS}" != "Linux" ]; then
+  echo "Error: ${OS} is not a currently supported platform for ARM64 builds."
+  exit 1
+fi
+
+[[ -z "${TS_BUILDROOT}" ]] && BUILDDIR="${CD}" || BUILDDIR="${TS_BUILDROOT}"
+
+echo ">>> Build DIR: ${BUILDDIR}"
+BUILDDIR=${BUILDDIR}/build-root
+
+# remove build dirs
+test -d ${BUILDDIR}/build && rm -rf ${BUILDDIR}/build/*
+
+
+test -z ${BUILDDIR} || /bin/mkdir -p ${BUILDDIR}
+test -z ${BUILDDIR}/downloads || /bin/mkdir -p ${BUILDDIR}/downloads
+test -z ${BUILDDIR}/build || /bin/mkdir -p ${BUILDDIR}/build
+
+[[ -z "${TS_INSTALLDIR}" ]] && OUTDIR="${BUILDDIR}" || OUTDIR="${TS_INSTALLDIR}"
+
+echo ">>> Install DIR: ${OUTDIR}"
+export PKG_CONFIG_PATH=${OUTDIR}/lib/pkgconfig
+
+OPENSSL_VERSION="1.0.2-chacha"
+LIBEVENT_VERSION="2.1.10-stable"
+ZLIB_VERSION="zlib-1.3"
+
+FILE="${BUILDDIR}/downloads/${OPENSSL_VERSION}.zip"
+if [ ! -f $FILE ]; then
+  echo "Downloading $FILE.."
+  cd ${BUILDDIR}/downloads
+  curl -OL https://github.com/prbinu/PeterMosmans-openssl/archive/refs/heads/${OPENSSL_VERSION}.zip
+fi
+
+cd ${BUILDDIR}/build
+unzip ${BUILDDIR}/downloads/${OPENSSL_VERSION}.zip
+mv PeterMosmans-openssl-${OPENSSL_VERSION} openssl-arm64
+
+cd openssl-arm64
+
+cd ${BUILDDIR}/downloads
+curl -OL https://www.zlib.net/${ZLIB_VERSION}.tar.gz
+
+cd ${BUILDDIR}/build
+tar -zxvf ${BUILDDIR}/downloads/${ZLIB_VERSION}.tar.gz
+mv ${ZLIB_VERSION} zlib-arm64
+cd zlib-arm64
+
+./configure  --prefix=${OUTDIR} --static
+make
+make install
+
+echo ">>> ZLIB complete"
+cd ${BUILDDIR}/build/openssl-arm64
+./config enable-static-engine enable-ec_nistp_64_gcc_128 enable-gost enable-idea enable-md2 enable-rc2 enable-rc5 enable-rfc3779 enable-ssl-trace enable-ssl2 enable-ssl3 enable-zlib experimental-jpake --prefix=${OUTDIR} --openssldir=${OUTDIR}/ssl -I${OUTDIR}/include -L${OUTDIR}/lib --with-zlib-lib=${OUTDIR}/lib --with-zlib-include=${OUTDIR}/include
+
+
+make
+make install prefix=${OUTDIR}
+
+FILE="${BUILDDIR}/downloads/libevent-${LIBEVENT_VERSION}.tar.gz"
+if [ ! -f $FILE ]; then
+  echo "Downloading $FILE.."
+  cd ${BUILDDIR}/downloads
+  curl -OL https://github.com/libevent/libevent/releases/download/release-${LIBEVENT_VERSION}/libevent-${LIBEVENT_VERSION}.tar.gz
+fi
+
+cd ${BUILDDIR}/build
+tar -zxvf ${BUILDDIR}/downloads/libevent-${LIBEVENT_VERSION}.tar.gz
+mv libevent-${LIBEVENT_VERSION} libevent-arm64
+
+cd libevent-arm64
+./autogen.sh
+
+./configure --enable-shared=no OPENSSL_CFLAGS=-I${OUTDIR}/include OPENSSL_LIBS="-L${OUTDIR}/lib -lssl -L${OUTDIR}/lib -lcrypto"  CFLAGS="-I${OUTDIR}/include" LIBS="-L${OUTDIR}/lib -ldl -lz"
+
+make
+make install prefix=${OUTDIR}
+
+echo "Downloading nettle_3.5.1."
+cd ${BUILDDIR}/downloads
+curl -OL https://ftp.gnu.org/gnu/nettle/nettle-3.5.1.tar.gz
+
+cd ${BUILDDIR}/build
+tar -zxvf ${BUILDDIR}/downloads/nettle-3.5.1.tar.gz
+cd nettle-3.5.1
+
+./.bootstrap
+./configure --enable-static --enable-mini-gmp --disable-openssl --disable-shared --disable-documentation LDFLAGS="-L${OUTDIR}/lib"
+make && make install prefix=${OUTDIR}
+
+echo "Downloading gnutls_3.6.10."
+cd ${BUILDDIR}/downloads
+curl -OL https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.10.tar.xz
+
+cd ${BUILDDIR}/build
+tar -xvf ${BUILDDIR}/downloads/gnutls-3.6.10.tar.xz
+cd gnutls-3.6.10
+
+./configure --enable-static --disable-openssl-compatibility --disable-libdane --without-p11-kit --without-tpm --without-idn --disable-tests --disable-doc --disable-full-test-suite --disable-libdane --disable-nls --enable-shared=no --with-included-libtasn1 --with-included-unistring --with-nettle-mini --enable-guile=no --prefix=$OUTDIR LDFLAGS="-L${OUTDIR}/lib" NETTLE_CFLAGS="-I${OUTDIR}/include" NETTLE_LIBS="-L${OUTDIR}/lib -lnettle" HOGWEED_CFLAGS="-I${OUTDIR}/include" HOGWEED_LIBS="-L${OUTDIR}/lib -lhogweed" LIBS="${OUTDIR}/lib/libhogweed.a ${OUTDIR}/lib/libnettle.a"
+
+make && make install prefix=${OUTDIR}
+
+echo ">>> Running autoreconf -i"
+cd ${CD}
+autoreconf -i
+
+echo ">>> Bootstrap complete"
+

bootstrap.sh

@@ -44,8 +44,8 @@ echo ">>> Install DIR: ${OUTDIR}"
 export PKG_CONFIG_PATH=${OUTDIR}/lib/pkgconfig
 
 OPENSSL_VERSION="1.0.2-chacha"
-LIBEVENT_VERSION="2.1.8-stable"
-ZLIB_VERSION="zlib-1.2.13"
+LIBEVENT_VERSION="2.1.10-stable"
+ZLIB_VERSION="zlib-1.3"
 
 FILE="${BUILDDIR}/downloads/${OPENSSL_VERSION}.zip"
 if [ ! -f $FILE ]; then
@@ -64,14 +64,14 @@ if [ "${OS}" == "Darwin" ]; then
   ./Configure darwin64-x86_64-cc enable-static-engine enable-ec_nistp_64_gcc_128 enable-gost enable-idea enable-md2 enable-rc2 enable-rc5 enable-rfc3779 enable-ssl-trace enable-ssl2 enable-ssl3 enable-zlib experimental-jpake --prefix=${OUTDIR} --openssldir=${OUTDIR}/ssl
 else
   cd ${BUILDDIR}/downloads
-  curl -OL http://www.zlib.net/${ZLIB_VERSION}.tar.gz
+  curl -OL https://www.zlib.net/${ZLIB_VERSION}.tar.gz
 
   cd ${BUILDDIR}/build
   tar -zxvf ${BUILDDIR}/downloads/${ZLIB_VERSION}.tar.gz
   mv ${ZLIB_VERSION} zlib-x86_64
   cd zlib-x86_64
 
-  ./configure  --prefix=${OUTDIR} --static -64
+  ./configure  --prefix=${OUTDIR} --static
   make
   make install
 

build-arm64.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# download and build all dependent packages
+./bootstrap-arm64.sh
+
+# configure tls-scan
+./configure --prefix=${PWD}/build-root
+
+# make
+make
+make install
+
+echo '>>> Complete'