Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix Clang 19 deprecation failure

Browse source 
Fixes #3994

Clang 19 with libc++ started failing to compile because the default
implementation of `std::char_traits` was removed, making uses of
`std::char_traits<unsigned char>` invalid. This was more of used for
convenience before, but it should be roughly the same behavior with
`char`.

See relevant LLVM commits:

aeecef08c3

08a0faf4cd
This commit is contained in:
Evan Typanski 2024-10-29 09:48:04 -04:00
parent 681fd37a6d
commit 985f4f7c72
3 changed files with 23 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/DFA.cc
View file

@ -265,9 +265,9 @@ DFA_State_Cache::~DFA_State_Cache() {
DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest) { DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest) {
// We assume that state ID's don't exceed 10 digits, plus // We assume that state ID's don't exceed 10 digits, plus
// we allow one more character for the delimiter. // we allow one more character for the delimiter.
auto id_tag_buf = std::make_unique<u_char[]>(nfas.length() * 11 + 1); auto id_tag_buf = std::make_unique<char[]>(nfas.length() * 11 + 1);
auto id_tag = id_tag_buf.get(); auto id_tag = id_tag_buf.get();
u_char* p = id_tag; char* p = id_tag;
for ( int i = 0; i < nfas.length(); ++i ) { for ( int i = 0; i < nfas.length(); ++i ) {
NFA_State* n = nfas[i]; NFA_State* n = nfas[i];
@ -287,7 +287,7 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest
// HashKey because the data is copied into the key. // HashKey because the data is copied into the key.
hash128_t hash; hash128_t hash;
KeyedHash::Hash128(id_tag, p - id_tag, &hash); KeyedHash::Hash128(id_tag, p - id_tag, &hash);
*digest = DigestStr(reinterpret_cast<const unsigned char*>(hash), 16); *digest = DigestStr(reinterpret_cast<const char*>(hash), 16);
auto entry = states.find(*digest); auto entry = states.find(*digest);
if ( entry == states.end() ) { if ( entry == states.end() ) {

4
src/DFA.h
View file

@ -2,7 +2,7 @@
#pragma once #pragma once
#include <sys/types.h> // for u_char #include <sys/types.h>
#include <cassert> #include <cassert>
#include <map> #include <map>
#include <string> #include <string>
@ -67,7 +67,7 @@ protected:
DFA_State* mark; DFA_State* mark;
}; };
using DigestStr = std::basic_string<u_char>; using DigestStr = std::string;
struct DFA_State_Cache_Stats { struct DFA_State_Cache_Stats {
// Sum of all NFA states // Sum of all NFA states

31
src/analyzer/protocol/ssl/SSL.cc
View file

@ -3,6 +3,7 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#include <vector>
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/analyzer/Manager.h" #include "zeek/analyzer/Manager.h"
@ -22,6 +23,8 @@
namespace zeek::analyzer::ssl { namespace zeek::analyzer::ssl {
using byte_buffer = std::vector<u_char>;
template<typename T> template<typename T>
static inline T MSB(const T a) { static inline T MSB(const T a) {
return ((a >> 8) & 0xff); return ((a >> 8) & 0xff);
@ -32,12 +35,13 @@ static inline T LSB(const T a) {
return (a & 0xff); return (a & 0xff);
} }
static std::basic_string<unsigned char> fmt_seq(uint32_t num) { static byte_buffer fmt_seq(uint32_t num) {
std::basic_string<unsigned char> out(4, '\0'); byte_buffer out(4, '\0');
out.reserve(13); out.reserve(13);
uint32_t netnum = htonl(num); uint32_t netnum = htonl(num);
out.append(reinterpret_cast<u_char*>(&netnum), 4); uint8_t* p = reinterpret_cast<uint8_t*>(&netnum);
out.append(5, '\0'); out.insert(out.end(), p, p + 4);
out.insert(out.end(), 5, '\0');
return out; return out;
} }
@ -271,7 +275,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
const u_char* s_iv = keys.data() + 68; const u_char* s_iv = keys.data() + 68;
// FIXME: should we change types here? // FIXME: should we change types here?
u_char* encrypted = (u_char*)data; const u_char* encrypted = data;
size_t encrypted_len = len; size_t encrypted_len = len;
if ( is_orig ) if ( is_orig )
@ -280,14 +284,15 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
s_seq++; s_seq++;
// AEAD nonce, length 12 // AEAD nonce, length 12
std::basic_string<unsigned char> s_aead_nonce; byte_buffer s_aead_nonce;
s_aead_nonce.reserve(12);
if ( is_orig ) if ( is_orig )
s_aead_nonce.assign(c_iv, 4); s_aead_nonce.insert(s_aead_nonce.end(), c_iv, c_iv + 4);
else else
s_aead_nonce.assign(s_iv, 4); s_aead_nonce.insert(s_aead_nonce.end(), s_iv, s_iv + 4);
// this should be the explicit counter // this should be the explicit counter
s_aead_nonce.append(encrypted, 8); s_aead_nonce.insert(s_aead_nonce.end(), encrypted, encrypted + 8);
assert(s_aead_nonce.size() == 12); assert(s_aead_nonce.size() == 12);
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
@ -310,28 +315,28 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
else else
EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, s_aead_nonce.data()); EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, s_aead_nonce.data());
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, encrypted + encrypted_len); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, const_cast<u_char*>(encrypted + encrypted_len));
// AEAD tag // AEAD tag
std::basic_string<unsigned char> s_aead_tag; byte_buffer s_aead_tag;
if ( is_orig ) if ( is_orig )
s_aead_tag = fmt_seq(c_seq); s_aead_tag = fmt_seq(c_seq);
else else
s_aead_tag = fmt_seq(s_seq); s_aead_tag = fmt_seq(s_seq);
assert(s_aead_tag.size() == 13);
s_aead_tag[8] = content_type; s_aead_tag[8] = content_type;
s_aead_tag[9] = MSB(raw_tls_version); s_aead_tag[9] = MSB(raw_tls_version);
s_aead_tag[10] = LSB(raw_tls_version); s_aead_tag[10] = LSB(raw_tls_version);
s_aead_tag[11] = MSB(encrypted_len); s_aead_tag[11] = MSB(encrypted_len);
s_aead_tag[12] = LSB(encrypted_len); s_aead_tag[12] = LSB(encrypted_len);
assert(s_aead_tag.size() == 13);
auto decrypted = std::vector<u_char>(encrypted_len + auto decrypted = std::vector<u_char>(encrypted_len +
16); // see OpenSSL manpage - 16 is the block size for the supported cipher 16); // see OpenSSL manpage - 16 is the block size for the supported cipher
int decrypted_len = 0; int decrypted_len = 0;
EVP_DecryptUpdate(ctx, NULL, &decrypted_len, s_aead_tag.data(), s_aead_tag.size()); EVP_DecryptUpdate(ctx, NULL, &decrypted_len, s_aead_tag.data(), s_aead_tag.size());
EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, (const u_char*)encrypted, encrypted_len); EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, encrypted, encrypted_len);
assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size()); assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size());
decrypted.resize(decrypted_len); decrypted.resize(decrypted_len);