Merge branch 'master' of https://github.com/avast/retdec

CHANGELOG.md

@@ -28,6 +28,7 @@
 * Enhancement: Added support for new ELF UPX unpacking stubs (versions 3.93 - 3.96) ([#929](https://github.com/avast/retdec/pull/929)).
 * Enhancement: Improved YARA rules for detection of the SHA-512 algorithm ([#935](https://github.com/avast/retdec/pull/935)).
 * Enhancement: Improved PE Authenticode parsing ([#902](https://github.com/avast/retdec/pull/902), [#380](https://github.com/avast/retdec/issues/380)).
+* Fix: Add OpenSSL 3.0 support ([#1040](https://github.com/avast/retdec/issues/1040), [#1041](https://github.com/avast/retdec/pull/1041)).
 * Fix: `ImageLoader::Save()` properly saves PE's Rich Header and section data ([#1028](https://github.com/avast/retdec/issues/1028), [#1029](https://github.com/avast/retdec/pull/1029)).  
 * Fix: Check if data is not empty in .NET integer decoding functions ([#1030](https://github.com/avast/retdec/pull/1030)).
 * Fix: Stricter validation of PE signatures - they need to be outside of the image to be considered valid ([#972](https://github.com/avast/retdec/issues/972), [#986](https://github.com/avast/retdec/pull/986), [regression tests #108](https://github.com/avast/retdec-regression-tests/pull/108)).

CMakeLists.txt

@@ -1,5 +1,5 @@
 
-cmake_minimum_required(VERSION 3.8)
+cmake_minimum_required(VERSION 3.13)
 
 project(retdec
 	LANGUAGES C CXX

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:bionic
+FROM ubuntu:focal
 
 RUN useradd -m retdec
 WORKDIR /home/retdec

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM ubuntu:bionic
+FROM ubuntu:focal
 
 RUN useradd -m retdec
 WORKDIR /home/retdec

deps/authenticode-parser/CMakeLists.txt

@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.14)
+cmake_minimum_required(VERSION 3.13)
 
 project(authenticode_parser VERSION 1.0.0 LANGUAGES C)
 

deps/authenticode-parser/src/authenticode.c

@@ -581,7 +581,11 @@ AuthenticodeArray* parse_authenticode(const uint8_t* pe_data, long pe_len)
             continue;
         }
 
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+        int mdlen = EVP_MD_get_size(md);
+#else
         int mdlen = EVP_MD_size(md);
+#endif
         sig->file_digest.len = mdlen;
         sig->file_digest.data = (uint8_t*)malloc(mdlen);
         if (!sig->file_digest.data)

deps/authenticode-parser/src/certificate.c

@@ -287,7 +287,11 @@ Certificate* certificate_new(X509* x509)
     EVP_PKEY* pkey = X509_get0_pubkey(x509);
     if (pkey) {
         result->key = pubkey_to_pem(pkey);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+        result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_get_base_id(pkey)));
+#else
         result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_base_id(pkey)));
+#endif
     }
 
     return result;

deps/authenticode-parser/src/countersignature.c

@@ -137,7 +137,11 @@ Countersignature* pkcs9_countersig_new(
      * but other times it is just purely and I didn't find another way to  distinguish it but only
      * based on the length of data we get. Found mention of this in openssl mailing list:
      * https://mta.openssl.org/pipermail/openssl-users/2015-September/002054.html */
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    size_t mdLen = EVP_MD_get_size(md);
+#else
     size_t mdLen = EVP_MD_size(md);
+#endif
     if (mdLen == decLen) {
         isValid = !memcmp(calc_digest, decData, mdLen);
     } else {
@@ -238,7 +242,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
 
     uint8_t calc_digest[EVP_MAX_MD_SIZE];
     calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    int mdLen = EVP_MD_get_size(md);
+#else
     int mdLen = EVP_MD_size(md);
+#endif
 
     if (digestLen != mdLen || memcmp(calc_digest, digestData, mdLen) != 0) {
         result->verify_flags = COUNTERSIGNATURE_VFY_DOESNT_MATCH_SIGNATURE;
@@ -251,7 +259,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
 
     TS_VERIFY_CTX_set_flags(ctx, TS_VFY_VERSION | TS_VFY_IMPRINT);
     TS_VERIFY_CTX_set_store(ctx, store);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    TS_VERIFY_CTX_set_store(ctx, p7->d.sign->cert);
+#else
     TS_VERIFY_CTS_set_certs(ctx, p7->d.sign->cert);
+#endif
     TS_VERIFY_CTX_set_imprint(ctx, calc_digest, mdLen);
 
     bool isValid = TS_RESP_verify_token(ctx, p7) == 1;

doc/doxygen/CMakeLists.txt

@@ -12,7 +12,10 @@ set(DOXYGEN_WARNINGS "YES")
 set(DOXYGEN_EXTRACT_PRIVATE "YES")
 set(DOXYGEN_EXTRACT_LOCAL_CLASSES "YES")
 set(DOXYGEN_INTERNAL_DOCS "YES")
-set(DOXYGEN_EXCLUDE_PATTERNS "")
+set(DOXYGEN_EXCLUDE "")
+set(DOXYGEN_EXCLUDE_PATTERNS
+	"*/symbolic_tree_match.h" # Doxygen is not dealing with this.
+)
 set(DOXYGEN_EXCLUDE_SYMBOLS "")
 set(DOXYGEN_ENABLED_SECTIONS "internal")
 set(DOXYGEN_INCLUDE_GRAPH "NO")

doc/doxygen/doxygen.cfg.in

@@ -9,6 +9,7 @@
 ##   EXTRACT_LOCAL_CLASSES  = @DOXYGEN_EXTRACT_LOCAL_CLASSES@
 ##   INTERNAL_DOCS          = @DOXYGEN_INTERNAL_DOCS@
 ##   ENABLED_SECTIONS       = @DOXYGEN_ENABLED_SECTIONS@
+##   EXCLUDE                = @DOXYGEN_EXCLUDE@
 ##   EXCLUDE_PATTERNS       = @DOXYGEN_EXCLUDE_PATTERNS@
 ##   EXCLUDE_SYMBOLS        = @DOXYGEN_EXCLUDE_SYMBOLS@
 ##   INCLUDE_GRAPH          = @DOXYGEN_INCLUDE_GRAPH@
@@ -909,7 +910,7 @@ RECURSIVE              = YES
 # Note that relative paths are relative to the directory from which doxygen is
 # run.
 
-EXCLUDE                =
+EXCLUDE                = @DOXYGEN_EXCLUDE@
 
 # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
 # directories that are symbolic links (a Unix file system feature) are excluded
@@ -2458,7 +2459,7 @@ PLANTUML_INCLUDE_PATH  =
 # Minimum value: 0, maximum value: 10000, default value: 50.
 # This tag requires that the tag HAVE_DOT is set to YES.
 
-DOT_GRAPH_MAX_NODES    = 50
+DOT_GRAPH_MAX_NODES    = 80
 
 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the graphs
 # generated by dot. A depth value of 3 means that only nodes reachable from the

include/retdec/fileformat/types/pe_timestamps/pe_timestamps.h

@@ -1,5 +1,5 @@
 /**
- * @file src/fileinfo/fileformat/file_information_types/pe_timestamps.h
+ * @file include/retdec/fileformat/types/pe_timestamps/pe_timestamps.h
  * @brief PE timestamps.
  * @copyright (c) 2017 Avast Software, licensed under the MIT license
  */

src/config/config.cpp

@@ -163,7 +163,7 @@ std::string Config::generateJsonString() const
 }
 
 /**
- * Reads string containig JSON representation of configuration.
+ * Reads string containing JSON representation of configuration.
  * If file can not be parsed, an instance of @c ParseException is thrown.
  * @param json JSON string.
  */

src/llvmir2hll/utils/ir.cpp

@@ -87,19 +87,16 @@ ShPtr<Expression> skipUnaryExpr(ShPtr<Expression> expr) {
 
 } // anonymous namespace
 
+namespace retdec {
+namespace llvmir2hll {
+
 /**
 * @brief Sorts the given vector by the name of its elements (case-insensitively).
-* @note This one function is defined outside the namespace below with explicit
-*       namespace declarations to help Doxygen and prevent it from generating
-*       "no matching file member found for" warnings.
 */
-void retdec::llvmir2hll::sortByName(retdec::llvmir2hll::FuncVector &vec) {
+void sortByName(FuncVector &vec) {
 	std::sort(vec.begin(), vec.end(), compareFuncs);
 }
 
-namespace retdec {
-namespace llvmir2hll {
-
 /**
 * @brief Sorts the given vector by the name of its elements (case-insensitively).
 */

src/pelib/ConfigDirectory.cpp

@@ -8,9 +8,8 @@
 
 namespace PeLib {
 /**
-	* @param inStream Input stream.
-	* @param imageLoader A valid image loader reference which is necessary because some RVA calculations need to be done.
-	**/
+ * @param imageLoader A valid image loader reference which is necessary because some RVA calculations need to be done.
+ **/
 
 int ConfigDirectory::read(ImageLoader& imageLoader)
 {