From 8e8cda6fe7b729ce46a7050160f7166872713cb4 Mon Sep 17 00:00:00 2001 From: Peter Matula Date: Mon, 15 Nov 2021 08:15:41 +0100 Subject: [PATCH 1/6] Fix doxygen --- doc/doxygen/CMakeLists.txt | 5 ++++- doc/doxygen/doxygen.cfg.in | 5 +++-- .../fileformat/types/pe_timestamps/pe_timestamps.h | 2 +- src/llvmir2hll/utils/ir.cpp | 11 ++++------- src/pelib/ConfigDirectory.cpp | 5 ++--- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/doc/doxygen/CMakeLists.txt b/doc/doxygen/CMakeLists.txt index a7b8bd492..81ccc7b01 100644 --- a/doc/doxygen/CMakeLists.txt +++ b/doc/doxygen/CMakeLists.txt @@ -12,7 +12,10 @@ set(DOXYGEN_WARNINGS "YES") set(DOXYGEN_EXTRACT_PRIVATE "YES") set(DOXYGEN_EXTRACT_LOCAL_CLASSES "YES") set(DOXYGEN_INTERNAL_DOCS "YES") -set(DOXYGEN_EXCLUDE_PATTERNS "") +set(DOXYGEN_EXCLUDE "") +set(DOXYGEN_EXCLUDE_PATTERNS + "*/symbolic_tree_match.h" # Doxygen is not dealing with this. +) set(DOXYGEN_EXCLUDE_SYMBOLS "") set(DOXYGEN_ENABLED_SECTIONS "internal") set(DOXYGEN_INCLUDE_GRAPH "NO") diff --git a/doc/doxygen/doxygen.cfg.in b/doc/doxygen/doxygen.cfg.in index 434b886df..fd400283f 100644 --- a/doc/doxygen/doxygen.cfg.in +++ b/doc/doxygen/doxygen.cfg.in @@ -9,6 +9,7 @@ ## EXTRACT_LOCAL_CLASSES = @DOXYGEN_EXTRACT_LOCAL_CLASSES@ ## INTERNAL_DOCS = @DOXYGEN_INTERNAL_DOCS@ ## ENABLED_SECTIONS = @DOXYGEN_ENABLED_SECTIONS@ +## EXCLUDE = @DOXYGEN_EXCLUDE@ ## EXCLUDE_PATTERNS = @DOXYGEN_EXCLUDE_PATTERNS@ ## EXCLUDE_SYMBOLS = @DOXYGEN_EXCLUDE_SYMBOLS@ ## INCLUDE_GRAPH = @DOXYGEN_INCLUDE_GRAPH@ @@ -909,7 +910,7 @@ RECURSIVE = YES # Note that relative paths are relative to the directory from which doxygen is # run. -EXCLUDE = +EXCLUDE = @DOXYGEN_EXCLUDE@ # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded @@ -2458,7 +2459,7 @@ PLANTUML_INCLUDE_PATH = # Minimum value: 0, maximum value: 10000, default value: 50. # This tag requires that the tag HAVE_DOT is set to YES. -DOT_GRAPH_MAX_NODES = 50 +DOT_GRAPH_MAX_NODES = 80 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the graphs # generated by dot. A depth value of 3 means that only nodes reachable from the diff --git a/include/retdec/fileformat/types/pe_timestamps/pe_timestamps.h b/include/retdec/fileformat/types/pe_timestamps/pe_timestamps.h index 0dafe82b9..57bc1115d 100644 --- a/include/retdec/fileformat/types/pe_timestamps/pe_timestamps.h +++ b/include/retdec/fileformat/types/pe_timestamps/pe_timestamps.h @@ -1,5 +1,5 @@ /** - * @file src/fileinfo/fileformat/file_information_types/pe_timestamps.h + * @file include/retdec/fileformat/types/pe_timestamps/pe_timestamps.h * @brief PE timestamps. * @copyright (c) 2017 Avast Software, licensed under the MIT license */ diff --git a/src/llvmir2hll/utils/ir.cpp b/src/llvmir2hll/utils/ir.cpp index 249d21924..6935506f7 100644 --- a/src/llvmir2hll/utils/ir.cpp +++ b/src/llvmir2hll/utils/ir.cpp @@ -87,19 +87,16 @@ ShPtr skipUnaryExpr(ShPtr expr) { } // anonymous namespace +namespace retdec { +namespace llvmir2hll { + /** * @brief Sorts the given vector by the name of its elements (case-insensitively). -* @note This one function is defined outside the namespace below with explicit -* namespace declarations to help Doxygen and prevent it from generating -* "no matching file member found for" warnings. */ -void retdec::llvmir2hll::sortByName(retdec::llvmir2hll::FuncVector &vec) { +void sortByName(FuncVector &vec) { std::sort(vec.begin(), vec.end(), compareFuncs); } -namespace retdec { -namespace llvmir2hll { - /** * @brief Sorts the given vector by the name of its elements (case-insensitively). */ diff --git a/src/pelib/ConfigDirectory.cpp b/src/pelib/ConfigDirectory.cpp index d559be9ae..93f45180a 100644 --- a/src/pelib/ConfigDirectory.cpp +++ b/src/pelib/ConfigDirectory.cpp @@ -8,9 +8,8 @@ namespace PeLib { /** - * @param inStream Input stream. - * @param imageLoader A valid image loader reference which is necessary because some RVA calculations need to be done. - **/ + * @param imageLoader A valid image loader reference which is necessary because some RVA calculations need to be done. + **/ int ConfigDirectory::read(ImageLoader& imageLoader) { From fe7ce20940bc19cc9b685635f01cf004da4dd445 Mon Sep 17 00:00:00 2001 From: Peter Matula Date: Mon, 15 Nov 2021 09:37:12 +0100 Subject: [PATCH 2/6] Fix docker files and cmake --- CMakeLists.txt | 2 +- Dockerfile | 2 +- Dockerfile.dev | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index cee9928c8..26ca94b4e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ -cmake_minimum_required(VERSION 3.8) +cmake_minimum_required(VERSION 3.14) project(retdec LANGUAGES C CXX diff --git a/Dockerfile b/Dockerfile index 1d7046cd4..fde4063ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:bionic +FROM ubuntu:focal RUN useradd -m retdec WORKDIR /home/retdec diff --git a/Dockerfile.dev b/Dockerfile.dev index 79c2fb7aa..2d762e58a 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -1,4 +1,4 @@ -FROM ubuntu:bionic +FROM ubuntu:focal RUN useradd -m retdec WORKDIR /home/retdec From d35d7c19aa02bb36259f638ec59e1e20e0641c69 Mon Sep 17 00:00:00 2001 From: "Kirill A. Korinsky" Date: Mon, 8 Nov 2021 11:48:09 +0100 Subject: [PATCH 3/6] Update API for OpenSSL 3.0 Fixes: https://github.com/avast/retdec/issues/1040 --- deps/authenticode-parser/src/authenticode.c | 4 ++++ deps/authenticode-parser/src/certificate.c | 4 ++++ deps/authenticode-parser/src/countersignature.c | 12 ++++++++++++ 3 files changed, 20 insertions(+) diff --git a/deps/authenticode-parser/src/authenticode.c b/deps/authenticode-parser/src/authenticode.c index bd860fe32..724b64f9a 100644 --- a/deps/authenticode-parser/src/authenticode.c +++ b/deps/authenticode-parser/src/authenticode.c @@ -581,7 +581,11 @@ AuthenticodeArray* parse_authenticode(const uint8_t* pe_data, long pe_len) continue; } +#if OPENSSL_VERSION_NUMBER >= 0x3000000fL + int mdlen = EVP_MD_get_size(md); +#else int mdlen = EVP_MD_size(md); +#endif sig->file_digest.len = mdlen; sig->file_digest.data = (uint8_t*)malloc(mdlen); if (!sig->file_digest.data) diff --git a/deps/authenticode-parser/src/certificate.c b/deps/authenticode-parser/src/certificate.c index 7686c5161..2f1a4f0ca 100644 --- a/deps/authenticode-parser/src/certificate.c +++ b/deps/authenticode-parser/src/certificate.c @@ -287,7 +287,11 @@ Certificate* certificate_new(X509* x509) EVP_PKEY* pkey = X509_get0_pubkey(x509); if (pkey) { result->key = pubkey_to_pem(pkey); +#if OPENSSL_VERSION_NUMBER >= 0x3000000fL + result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_get_base_id(pkey))); +#else result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_base_id(pkey))); +#endif } return result; diff --git a/deps/authenticode-parser/src/countersignature.c b/deps/authenticode-parser/src/countersignature.c index 5bc2c108a..59ca8038a 100644 --- a/deps/authenticode-parser/src/countersignature.c +++ b/deps/authenticode-parser/src/countersignature.c @@ -137,7 +137,11 @@ Countersignature* pkcs9_countersig_new( * but other times it is just purely and I didn't find another way to distinguish it but only * based on the length of data we get. Found mention of this in openssl mailing list: * https://mta.openssl.org/pipermail/openssl-users/2015-September/002054.html */ +#if OPENSSL_VERSION_NUMBER >= 0x3000000fL + size_t mdLen = EVP_MD_get_size(md); +#else size_t mdLen = EVP_MD_size(md); +#endif if (mdLen == decLen) { isValid = !memcmp(calc_digest, decData, mdLen); } else { @@ -238,7 +242,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING* uint8_t calc_digest[EVP_MAX_MD_SIZE]; calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest); +#if OPENSSL_VERSION_NUMBER >= 0x3000000fL + int mdLen = EVP_MD_get_size(md); +#else int mdLen = EVP_MD_size(md); +#endif if (digestLen != mdLen || memcmp(calc_digest, digestData, mdLen) != 0) { result->verify_flags = COUNTERSIGNATURE_VFY_DOESNT_MATCH_SIGNATURE; @@ -251,7 +259,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING* TS_VERIFY_CTX_set_flags(ctx, TS_VFY_VERSION | TS_VFY_IMPRINT); TS_VERIFY_CTX_set_store(ctx, store); +#if OPENSSL_VERSION_NUMBER >= 0x3000000fL + TS_VERIFY_CTX_set_store(ctx, p7->d.sign->cert); +#else TS_VERIFY_CTS_set_certs(ctx, p7->d.sign->cert); +#endif TS_VERIFY_CTX_set_imprint(ctx, calc_digest, mdLen); bool isValid = TS_RESP_verify_token(ctx, p7) == 1; From d6dee5807ea3d24c5ec1e7f1bf759e95ba3862c7 Mon Sep 17 00:00:00 2001 From: Peter Matula Date: Mon, 15 Nov 2021 11:50:31 +0100 Subject: [PATCH 4/6] CHANGELOG.md: add entry for #1041, #1040 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 893d9778b..b4df38d34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ * Enhancement: Added support for new ELF UPX unpacking stubs (versions 3.93 - 3.96) ([#929](https://github.com/avast/retdec/pull/929)). * Enhancement: Improved YARA rules for detection of the SHA-512 algorithm ([#935](https://github.com/avast/retdec/pull/935)). * Enhancement: Improved PE Authenticode parsing ([#902](https://github.com/avast/retdec/pull/902), [#380](https://github.com/avast/retdec/issues/380)). +* Fix: Add OpenSSL 3.0 support ([#1040](https://github.com/avast/retdec/issues/1040), [#1041](https://github.com/avast/retdec/pull/1041)). * Fix: `ImageLoader::Save()` properly saves PE's Rich Header and section data ([#1028](https://github.com/avast/retdec/issues/1028), [#1029](https://github.com/avast/retdec/pull/1029)). * Fix: Check if data is not empty in .NET integer decoding functions ([#1030](https://github.com/avast/retdec/pull/1030)). * Fix: Stricter validation of PE signatures - they need to be outside of the image to be considered valid ([#972](https://github.com/avast/retdec/issues/972), [#986](https://github.com/avast/retdec/pull/986), [regression tests #108](https://github.com/avast/retdec-regression-tests/pull/108)). From 629ad83c555b776b5ed48df3421c597711fe0ddd Mon Sep 17 00:00:00 2001 From: Kisaragi <48310258+KisaragiEffective@users.noreply.github.com> Date: Tue, 28 Dec 2021 01:49:05 +0900 Subject: [PATCH 5/6] fix typo in config.cpp --- src/config/config.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/config.cpp b/src/config/config.cpp index 9d42ce206..9bdd559e2 100644 --- a/src/config/config.cpp +++ b/src/config/config.cpp @@ -163,7 +163,7 @@ std::string Config::generateJsonString() const } /** - * Reads string containig JSON representation of configuration. + * Reads string containing JSON representation of configuration. * If file can not be parsed, an instance of @c ParseException is thrown. * @param json JSON string. */ From c403441f7e17eb0e8447aecdf34e5e2dfc27080e Mon Sep 17 00:00:00 2001 From: Peter Matula Date: Tue, 4 Jan 2022 16:19:34 +0100 Subject: [PATCH 6/6] cmake: require version 3.13 instead of 3.14 so that we can use Debian Buster --- CMakeLists.txt | 2 +- deps/authenticode-parser/CMakeLists.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 26ca94b4e..ce43be4b9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ -cmake_minimum_required(VERSION 3.14) +cmake_minimum_required(VERSION 3.13) project(retdec LANGUAGES C CXX diff --git a/deps/authenticode-parser/CMakeLists.txt b/deps/authenticode-parser/CMakeLists.txt index d36a41bee..29c31c1c2 100644 --- a/deps/authenticode-parser/CMakeLists.txt +++ b/deps/authenticode-parser/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.14) +cmake_minimum_required(VERSION 3.13) project(authenticode_parser VERSION 1.0.0 LANGUAGES C)