diff --git a/CHANGELOG b/CHANGELOG index fedeac1..67d8e44 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,13 @@ tls-scan -- History of changes. Bug numbers referenced in this log correspond to bug numbers at our issue tracker, +Version 1.5.2 (2023-09-24) ++----------------------------------- +* Build bug fix: https://github.com/prbinu/tls-scan/issues/59 +* Updated gzip and libevent package versions +* Add build-from-source support for Linux ARM architecture +* Tag: https://github.com/prbinu/tls-scan/releases/tag/1.5.2 + Version 1.5.1 (2023-04-23) +----------------------------------- * Critial bug fix: https://github.com/prbinu/tls-scan/issues/54 diff --git a/Makefile.am b/Makefile.am index 67fb256..cf657a5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,13 +4,19 @@ tls_scan_SOURCES = main.c common.c cert-parser.c gnutls13.c proto-adapters.c TS_VERSION = $(shell grep -m 1 Version $(top_srcdir)/CHANGELOG | awk '{print $$2}') TS_BUILD_DATE = $(shell date '+%Y-%m-%d') TS_OS = $(shell uname -s) +TS_ARCH = $(shell uname -p) AM_CPPFLAGS = -I$(top_srcdir)/include -I build-root/include -I build-root/include -Wall -Wundef -Wshadow -Wunreachable-code -Wswitch-default -Wcast-align -pedantic -g -std=c99 -D_GNU_SOURCE -DTS_VERSION=\"$(TS_VERSION)\" -DTS_BUILD_DATE=\"$(TS_BUILD_DATE)\" -DTS_OS=\"$(TS_OS)\" if LINUX -LDADD = build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib64/libhogweed.a build-root/lib64/libnettle.a build-root/lib/libz.a -ldl -lrt + +if [ "${TS_ARCH}" == "x86_64" ]; then +LDADD = build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib64/libhogweed.a build-root/lib64/libnettle.a build-root/lib/libz.a -ldl -lrt +else +LDADD = build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib/libhogweed.a build-root/lib/libnettle.a build-root/lib/libz.a -ldl -lrt endif +endif if DARWIN LDADD = build-root/lib/libssl.a build-root/lib/libcrypto.a build-root/lib/libevent.a build-root/lib/libevent_openssl.a build-root/lib/libgnutls.a build-root/lib/libhogweed.a build-root/lib/libnettle.a -ldl AM_LDFLAGS = -lz -framework Security -framework CoreFoundation diff --git a/README.md b/README.md index 6f8aa12..baf3e5f 100644 --- a/README.md +++ b/README.md @@ -28,13 +28,13 @@ This tool is primarily for collecting TLS cipher and X.509 certificate data. The You may either use pre-built binary package or build from the source. -### Pre-built Binary +### Pre-built Binary (x86_64) Linux and OSX: [https://github.com/prbinu/tls-scan/releases/latest](https://github.com/prbinu/tls-scan/releases/latest) ### Build From Source -All you need is [`build-x86-64.sh`](https://github.com/prbinu/tls-scan/blob/master/build-x86-64.sh). This script pulls dependent packages - PeterMosmans [`openssl`](https://github.com/PeterMosmans/openssl), [`libevent`](https://github.com/libevent/libevent) and [GnuTLS](https://gitlab.com/gnutls/gnutls/), and build those from the scratch. Since the openssl we use is different from stock openssl, it is linked statically to tls-scan program. The build can take approximately twenty minutes to complete. +All you need is [`build-x86-64.sh`](https://github.com/prbinu/tls-scan/blob/master/build-x86-64.sh) (or `build-arm64.sh` for Linux Arm arch). This script pulls dependent packages - PeterMosmans [`openssl`](https://github.com/PeterMosmans/openssl), [`libevent`](https://github.com/libevent/libevent) and [GnuTLS](https://gitlab.com/gnutls/gnutls/), and build those from the scratch. Since the openssl we use is different from stock openssl, it is linked statically to tls-scan program. The build can take approximately twenty minutes to complete. *Build Pre-requisites* : @@ -43,31 +43,38 @@ All you need is [`build-x86-64.sh`](https://github.com/prbinu/tls-scan/blob/mast * [libtool](http://ftpmirror.gnu.org/libtool) * [pkg-config](https://pkg-config.freedesktop.org/releases/?C=M;O=D) * [gcc](http://railsapps.github.io/xcode-command-line-tools.html) +* make On Ubuntu: ```sh -% sudo apt-get update -% sudo apt-get install autoconf automake libtool pkg-config gcc unzip -y +sudo apt-get update +sudo apt-get install make autoconf automake libtool pkg-config gcc unzip -y ``` ### Linux -*Build* : - ```sh -% git clone https://github.com/prbinu/tls-scan.git -% cd tls-scan -% ./build-x86-64.sh +git clone https://github.com/prbinu/tls-scan.git +cd tls-scan ``` +*x84_64* +```sh +./build-x86-64.sh +``` The newly built tls-scan binary can be found at `./build-root/bin`. build-x86-64.sh is a wrapper script that calls `./bootstrap.sh` to build all dependent packages. bootstrap.sh also executes the `autoreconf -i` command to generate `configure` file. Subsequently it calles the standard `./configure`, `make && make install`. +*arm64* +```sh +./build-arm64.sh +``` + *Test* : ```sh -% cd build-root/bin -% ./tls-scan --connect=yahoo.com --cacert=../etc/tls-scan/ca-bundle.crt --pretty +cd build-root/bin +./tls-scan --connect=yahoo.com --cacert=../etc/tls-scan/ca-bundle.crt --pretty ``` ### OSX @@ -76,16 +83,18 @@ If you do not have the pre-requisite packages, you can easily install those pack * [xcode-command-line-tools](http://railsapps.github.io/xcode-command-line-tools.html) * [how-to-install-autoconf-automake-and-related-tools-on-mac-os-x-from-source](http://superuser.com/questions/383580/how-to-install-autoconf-automake-and-related-tools-on-mac-os-x-from-source) -*Build* : - ```sh -% git clone https://github.com/prbinu/tls-scan.git -% cd tls-scan -% ./build-x86-64.sh +git clone https://github.com/prbinu/tls-scan.git +cd tls-scan +./build-x86-64.sh ``` The tls-scan binary can be found at `./build-root/bin`. Another (easy) option is to use our Docker image to build and run `tls-scan` on OSX. +**Running `tls-scan` on Mac Apple Silicon (Arm/M1/M2)**: + +Currently no native build support, however you may run `tls-scan` binary using [Rosetta2](https://support.apple.com/en-us/HT211861) + ### Docker *Pre-requisite* : [Docker](https://docs.docker.com/engine/installation/) @@ -94,19 +103,19 @@ The tls-scan binary can be found at `./build-root/bin`. Another (easy) option is Copy the [Dockerfile](https://github.com/prbinu/tls-scan/blob/master/Dockerfile) to your machine, and run it: ```sh -% docker build -t tls-scan . +docker build -t tls-scan . ``` *Test* : ```sh -% docker run --rm tls-scan --connect=example.com:443 --all --pretty +docker run --rm tls-scan --connect=example.com:443 --all --pretty ``` ## Example ```sh -% ./tls-scan -c search.yahoo.com --all --pretty +./tls-scan -c search.yahoo.com --all --pretty ``` ```json @@ -267,3 +276,4 @@ To support old, insecure cipher scans, we are using an old openssl version that ## Contributions Collaborators and pull requests are welcome! + diff --git a/bootstrap-arm64.sh b/bootstrap-arm64.sh new file mode 100755 index 0000000..defad7c --- /dev/null +++ b/bootstrap-arm64.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# Environment variables +# TS_BUILDROOT : Build root directory. Default to current working directory +# TS_INSTALLDIR : Installation directory. Default to ${TS_BUILDROOT} +# +echo " " +echo " IMPORTANT NOTICE" +echo " Build Pre-requisites :" +echo " " +echo " gcc" +echo " autoconf" +echo " automake" +echo " libtool" +echo " pkg-config" +echo "Make sure you have these packages installed before you proceed with tls-scan build" +echo "continue in a moment ..." +sleep 10 + +set -e +CD=`pwd` +OS=`uname` + +if [ "${OS}" != "Linux" ]; then + echo "Error: ${OS} is not a currently supported platform for ARM64 builds." + exit 1 +fi + +[[ -z "${TS_BUILDROOT}" ]] && BUILDDIR="${CD}" || BUILDDIR="${TS_BUILDROOT}" + +echo ">>> Build DIR: ${BUILDDIR}" +BUILDDIR=${BUILDDIR}/build-root + +# remove build dirs +test -d ${BUILDDIR}/build && rm -rf ${BUILDDIR}/build/* + + +test -z ${BUILDDIR} || /bin/mkdir -p ${BUILDDIR} +test -z ${BUILDDIR}/downloads || /bin/mkdir -p ${BUILDDIR}/downloads +test -z ${BUILDDIR}/build || /bin/mkdir -p ${BUILDDIR}/build + +[[ -z "${TS_INSTALLDIR}" ]] && OUTDIR="${BUILDDIR}" || OUTDIR="${TS_INSTALLDIR}" + +echo ">>> Install DIR: ${OUTDIR}" +export PKG_CONFIG_PATH=${OUTDIR}/lib/pkgconfig + +OPENSSL_VERSION="1.0.2-chacha" +LIBEVENT_VERSION="2.1.10-stable" +ZLIB_VERSION="zlib-1.3" + +FILE="${BUILDDIR}/downloads/${OPENSSL_VERSION}.zip" +if [ ! -f $FILE ]; then + echo "Downloading $FILE.." + cd ${BUILDDIR}/downloads + curl -OL https://github.com/prbinu/PeterMosmans-openssl/archive/refs/heads/${OPENSSL_VERSION}.zip +fi + +cd ${BUILDDIR}/build +unzip ${BUILDDIR}/downloads/${OPENSSL_VERSION}.zip +mv PeterMosmans-openssl-${OPENSSL_VERSION} openssl-arm64 + +cd openssl-arm64 + +cd ${BUILDDIR}/downloads +curl -OL https://www.zlib.net/${ZLIB_VERSION}.tar.gz + +cd ${BUILDDIR}/build +tar -zxvf ${BUILDDIR}/downloads/${ZLIB_VERSION}.tar.gz +mv ${ZLIB_VERSION} zlib-arm64 +cd zlib-arm64 + +./configure --prefix=${OUTDIR} --static +make +make install + +echo ">>> ZLIB complete" +cd ${BUILDDIR}/build/openssl-arm64 +./config enable-static-engine enable-ec_nistp_64_gcc_128 enable-gost enable-idea enable-md2 enable-rc2 enable-rc5 enable-rfc3779 enable-ssl-trace enable-ssl2 enable-ssl3 enable-zlib experimental-jpake --prefix=${OUTDIR} --openssldir=${OUTDIR}/ssl -I${OUTDIR}/include -L${OUTDIR}/lib --with-zlib-lib=${OUTDIR}/lib --with-zlib-include=${OUTDIR}/include + + +make +make install prefix=${OUTDIR} + +FILE="${BUILDDIR}/downloads/libevent-${LIBEVENT_VERSION}.tar.gz" +if [ ! -f $FILE ]; then + echo "Downloading $FILE.." + cd ${BUILDDIR}/downloads + curl -OL https://github.com/libevent/libevent/releases/download/release-${LIBEVENT_VERSION}/libevent-${LIBEVENT_VERSION}.tar.gz +fi + +cd ${BUILDDIR}/build +tar -zxvf ${BUILDDIR}/downloads/libevent-${LIBEVENT_VERSION}.tar.gz +mv libevent-${LIBEVENT_VERSION} libevent-arm64 + +cd libevent-arm64 +./autogen.sh + +./configure --enable-shared=no OPENSSL_CFLAGS=-I${OUTDIR}/include OPENSSL_LIBS="-L${OUTDIR}/lib -lssl -L${OUTDIR}/lib -lcrypto" CFLAGS="-I${OUTDIR}/include" LIBS="-L${OUTDIR}/lib -ldl -lz" + +make +make install prefix=${OUTDIR} + +echo "Downloading nettle_3.5.1." +cd ${BUILDDIR}/downloads +curl -OL https://ftp.gnu.org/gnu/nettle/nettle-3.5.1.tar.gz + +cd ${BUILDDIR}/build +tar -zxvf ${BUILDDIR}/downloads/nettle-3.5.1.tar.gz +cd nettle-3.5.1 + +./.bootstrap +./configure --enable-static --enable-mini-gmp --disable-openssl --disable-shared --disable-documentation LDFLAGS="-L${OUTDIR}/lib" +make && make install prefix=${OUTDIR} + +echo "Downloading gnutls_3.6.10." +cd ${BUILDDIR}/downloads +curl -OL https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.10.tar.xz + +cd ${BUILDDIR}/build +tar -xvf ${BUILDDIR}/downloads/gnutls-3.6.10.tar.xz +cd gnutls-3.6.10 + +./configure --enable-static --disable-openssl-compatibility --disable-libdane --without-p11-kit --without-tpm --without-idn --disable-tests --disable-doc --disable-full-test-suite --disable-libdane --disable-nls --enable-shared=no --with-included-libtasn1 --with-included-unistring --with-nettle-mini --enable-guile=no --prefix=$OUTDIR LDFLAGS="-L${OUTDIR}/lib" NETTLE_CFLAGS="-I${OUTDIR}/include" NETTLE_LIBS="-L${OUTDIR}/lib -lnettle" HOGWEED_CFLAGS="-I${OUTDIR}/include" HOGWEED_LIBS="-L${OUTDIR}/lib -lhogweed" LIBS="${OUTDIR}/lib/libhogweed.a ${OUTDIR}/lib/libnettle.a" + +make && make install prefix=${OUTDIR} + +echo ">>> Running autoreconf -i" +cd ${CD} +autoreconf -i + +echo ">>> Bootstrap complete" + diff --git a/bootstrap.sh b/bootstrap.sh index 1cb8210..a68c5ca 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -44,8 +44,8 @@ echo ">>> Install DIR: ${OUTDIR}" export PKG_CONFIG_PATH=${OUTDIR}/lib/pkgconfig OPENSSL_VERSION="1.0.2-chacha" -LIBEVENT_VERSION="2.1.8-stable" -ZLIB_VERSION="zlib-1.2.13" +LIBEVENT_VERSION="2.1.10-stable" +ZLIB_VERSION="zlib-1.3" FILE="${BUILDDIR}/downloads/${OPENSSL_VERSION}.zip" if [ ! -f $FILE ]; then @@ -64,14 +64,14 @@ if [ "${OS}" == "Darwin" ]; then ./Configure darwin64-x86_64-cc enable-static-engine enable-ec_nistp_64_gcc_128 enable-gost enable-idea enable-md2 enable-rc2 enable-rc5 enable-rfc3779 enable-ssl-trace enable-ssl2 enable-ssl3 enable-zlib experimental-jpake --prefix=${OUTDIR} --openssldir=${OUTDIR}/ssl else cd ${BUILDDIR}/downloads - curl -OL http://www.zlib.net/${ZLIB_VERSION}.tar.gz + curl -OL https://www.zlib.net/${ZLIB_VERSION}.tar.gz cd ${BUILDDIR}/build tar -zxvf ${BUILDDIR}/downloads/${ZLIB_VERSION}.tar.gz mv ${ZLIB_VERSION} zlib-x86_64 cd zlib-x86_64 - ./configure --prefix=${OUTDIR} --static -64 + ./configure --prefix=${OUTDIR} --static make make install diff --git a/build-arm64.sh b/build-arm64.sh new file mode 100755 index 0000000..a73b14a --- /dev/null +++ b/build-arm64.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# download and build all dependent packages +./bootstrap-arm64.sh + +# configure tls-scan +./configure --prefix=${PWD}/build-root + +# make +make +make install + +echo '>>> Complete'