Browse Source

Unified runner

new-scoring
aeris 1 month ago
parent
commit
33e84e4762
4 changed files with 55 additions and 69 deletions
  1. 13
    58
      Makefile
  2. 25
    0
      bin/cryptcheck
  3. 1
    0
      cryptcheck.gemspec
  4. 16
    11
      lib/cryptcheck/tls/host.rb

+ 13
- 58
Makefile View File

@@ -5,11 +5,7 @@ OPENSSL_NAME = openssl-$(OPENSSL_VERSION)
OPENSSL_DIR = build/$(OPENSSL_NAME)
RUBY_MAJOR_VERSION = 2.3
RUBY_VERSION = $(RUBY_MAJOR_VERSION).8
RUBY_NAME = ruby-$(RUBY_VERSION)
RUBY_DIR = build/$(RUBY_NAME)
RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl
RBENV_DIR = $(RBENV_ROOT)/versions/$(RUBY_VERSION)-cryptcheck
RUBY_LIB_DIR = $(RBENV_DIR)/lib/ruby/$(RUBY_MAJOR_VERSION).0
RBENV_ROOT ?= ~/.rbenv
export LIBRARY_PATH ?= $(PWD)/lib
export C_INCLUDE_PATH ?= $(PWD)/build/openssl/include
@@ -18,19 +14,14 @@ export LD_LIBRARY_PATH ?= $(PWD)/lib
.SECONDARY:
.SUFFIXES:

all: libs ext
all: libs rbenv

clean: clean-libs clean-ext
clean: clean-libs
clean-libs:
[ -d "build/openssl/" ] \
&& find "build/openssl/" \( -name "*.o" -o -name "*.so" \) -delete \
|| true
rm -f lib/libcrypto.so* lib/libssl.so* "build/openssl//Makefile"
clean-ext:
[ -d "$(RUBY_OPENSSL_EXT_DIR)" ] \
&& find "$(RUBY_OPENSSL_EXT_DIR)" \( -name "*.o" -o -name "*.so" \) -delete \
|| true
rm -f lib/openssl.so
mr-proper:
rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so build

@@ -49,20 +40,15 @@ build/openssl/: | $(OPENSSL_DIR)/
$(OPENSSL_DIR)/: build/$(OPENSSL_NAME).tar.gz build/chacha-poly.patch
tar -C build -xf "build/$(OPENSSL_NAME).tar.gz"
patch -d "$(OPENSSL_DIR)" -p1 < build/chacha-poly.patch
patch -d "$(OPENSSL_DIR)" -p1 < patches/openssl/00_disable_digest_check.patch
for p in patches/openssl/*.patch; do patch -d "$@" -p1 < "$$p"; done

build/openssl/Makefile: | build/openssl/
#cd $(OPENSSL_DIR) && ./Configure enable-ssl2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib enable-rc5 enable-rc2 enable-gost enable-md2 enable-mdc2 enable-shared linux-x86_64
#cd $(OPENSSL_DIR) && ./config enable-ssl2 enable-ssl3 enable-md2 enable-rc5 enable-weak-ssl-ciphers shared
cd build/openssl/ && ./config enable-ssl2 enable-ssl3 enable-ssl3-method enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared

build/openssl/libssl.so \
build/openssl/libcrypto.so: build/openssl/Makefile
$(MAKE) -C build/openssl/

install-openssl: build/openssl/Makefile
$(MAKE) -C build/openssl/ install

LIBS = lib/libssl.so lib/libcrypto.so lib/libssl.so.$(OPENSSL_LIB_VERSION) lib/libcrypto.so.$(OPENSSL_LIB_VERSION)
lib/%.so: build/openssl/%.so
cp "$<" "$@"
@@ -79,53 +65,22 @@ $(RBENV_ROOT)/plugins/ruby-build/: | $(RBENV_ROOT)/
$(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION): | $(RBENV_ROOT)/plugins/ruby-build/

build/$(RUBY_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION)
cp "$<" "$@"
cp $< $@

install-rbenv: build/$(RUBY_VERSION)-cryptcheck

install-rbenv-cryptcheck: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | build/openssl/
rbenv: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | $(OPENSSL_DIR)/
cat patches/ruby/*.patch | \
RUBY_BUILD_CACHE_PATH="$(PWD)/build" \
RUBY_BUILD_DEFINITIONS="$(PWD)/build" \
rbenv install -fp "$(RUBY_VERSION)-cryptcheck"
rbenv local "$(RUBY_VERSION)-cryptcheck"
gem update --system
RUBY_BUILD_CACHE_PATH=$(PWD)/build \
RUBY_BUILD_DEFINITIONS=$(PWD)/build \
MAKE_OPTS="-j $(shell nproc)" rbenv install -fp $(RUBY_VERSION)-cryptcheck
# rbenv sequester $(RUBY_VERSION)-cryptcheck
rbenv local $(RUBY_VERSION)-cryptcheck
gem install bundler
# bundle install --without test development

$(RUBY_LIB_DIR)/openssl/ssl.rb: $(RUBY_OPENSSL_EXT_DIR)/lib/openssl/ssl.rb
cp "$<" "$@"

$(RUBY_LIB_DIR)/x86_64-linux/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
cp "$<" "$@"

sync-ruby: $(RUBY_LIB_DIR)/openssl/ssl.rb $(RUBY_LIB_DIR)/x86_64-linux/openssl.so

build/$(RUBY_NAME).tar.xz: | build/
wget "http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_NAME).tar.xz" -O "$@"

$(RUBY_DIR)/: build/$(RUBY_NAME).tar.xz
tar -C build -xf "$<"
for p in patches/ruby/*.patch; do patch -d "$@" -p1 < $i; done

$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs | $(RUBY_DIR)/
cd "$(RUBY_OPENSSL_EXT_DIR)" && ruby extconf.rb

$(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(LIBS) $(RUBY_OPENSSL_EXT_DIR)/Makefile
top_srcdir=../.. $(MAKE) -C "$(RUBY_OPENSSL_EXT_DIR)"

lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
cp "$<" "$@"

ext: lib/openssl.so

install-ruby: $(RUBY_DIR)/
cd "$(RUBY_DIR)/" && ./configure --enable-shared --disable-install-rdoc && make install
bundle install

spec/faketime/libfaketime.so: spec/faketime/faketime.c spec/faketime/faketime.h
$(CC) "$^" -o "$@" -shared -fPIC -ldl -std=c99 -Werror -Wall
$(CC) $^ -o $@ -shared -fPIC -ldl -std=c99 -Werror -Wall
lib/libfaketime.so: spec/faketime/libfaketime.so
ln -fs "../$<" "$@"
ln -fs ../$< $@
faketime: lib/libfaketime.so

test-material:

+ 25
- 0
bin/cryptcheck View File

@@ -0,0 +1,25 @@
#!/usr/bin/env ruby
require 'rubygems'
require 'bundler/setup'
require 'thor'
require 'awesome_print'
require 'cryptcheck'

class CLI < Thor
option :'no-ipv4', type: :boolean, default: false, aliases: :'4'
option :'no-ipv6', type: :boolean, default: false, aliases: :'6'
option :json, type: :boolean, default: false, aliases: :j
option :quiet, type: :boolean, default: false, aliases: :q

desc 'https HOST [PORT]', 'Analyze HTTPS configuration for HOST:PORT'

def https(host, port = 443)
ENV['DISABLE_IPv4'] = 'true' if options[:'no-ipv4']
ENV['DISABLE_IPv6'] = 'true' if options[:'no-ipv6']
::CryptCheck::Logger.level = options[:quiet] ? :none : :info
result = ::CryptCheck::Tls::Https.analyze host, port
$stdout.isatty ? ap(result) : puts(JSON.pretty_generate(result)) if options[:json]
end
end

CLI.start ARGV

+ 1
- 0
cryptcheck.gemspec View File

@@ -40,4 +40,5 @@ Gem::Specification.new do |spec|
spec.add_dependency 'ruby-progressbar'
spec.add_dependency 'colorize'
spec.add_dependency 'awesome_print'
spec.add_dependency 'thor'
end

+ 16
- 11
lib/cryptcheck/tls/host.rb View File

@@ -78,12 +78,12 @@ module CryptCheck
port: port
}
case server
when Server
host[:handshakes] = server.to_h
host[:states] = server.states
host[:grade] = server.grade
else
host[:error] = server.to_s
when Server
host[:handshakes] = server.to_h
host[:states] = server.states
host[:grade] = server.grade
else
host[:error] = server.to_s
end
host
end
@@ -95,12 +95,17 @@ module CryptCheck

def resolve
begin
ip = IPAddr.new @hostname
return [[nil, ip.to_s, ip.family, @port]]
rescue IPAddr::InvalidAddressError
begin
ip = IPAddr.new @hostname
return [[nil, ip.to_s, ip.family, @port]]
rescue IPAddr::InvalidAddressError
end
::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM)
.collect { |a| [@hostname, a.ip_address, a.afamily, @port] }
end.reject do |family, *_|
(ENV['DISABLE_IPv6'] && family == Socket::AF_INET6) ||
(ENV['DISABLE_IPv4'] && family == Socket::AF_INET)
end
::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM)
.collect { |a| [@hostname, a.ip_address, a.afamily, @port] }
end

def server(*args)

Loading…
Cancel
Save