Skip to content

feat: add support for OpenSSL 3.3.3 and 3.4.1, update version mappings #769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 3, 2025
Merged

feat: add support for OpenSSL 3.3.3 and 3.4.1, update version mappings #769

merged 3 commits into from
May 3, 2025

Conversation

cfc4n
Copy link
Member

@cfc4n cfc4n commented Apr 24, 2025

This pull request includes updates to dependencies, support for new OpenSSL versions, and adjustments to related logic and scripts. The most significant changes involve upgrading Go module dependencies, adding support for OpenSSL versions 3.3.3 and 3.4.1, and updating scripts to reflect these new versions.

Dependency Updates:

  • Updated Go module dependencies in go.mod, including golang.org/x/arch, golang.org/x/crypto, golang.org/x/net, golang.org/x/sys, and others to their latest versions. [1] [2] [3]

OpenSSL Version Support:

  • Added new header files kern/openssl_3_3_3_kern.c and kern/openssl_3_4_1_kern.c with constants and offsets for OpenSSL 3.3.3 and 3.4.1, respectively. [1] [2]
  • Updated user/module/probe_openssl_lib.go to include logic for handling OpenSSL 3.3.3 and 3.4.1 in the initOpensslOffset function. [1] [2] [3]

Script Adjustments:

  • Modified utils/openssl_offset_3.3.sh and utils/openssl_offset_3.4.sh scripts to include mappings for OpenSSL 3.3.3 and 3.4.1. [1] [2]

BugFix

fix: #767

@cfc4n cfc4n added 🐞 bug Something isn't working enhancement New feature or request labels Apr 24, 2025
@cfc4n cfc4n requested a review from Copilot April 24, 2025 14:27
Copilot
Copilot AI reviewed Apr 24, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for OpenSSL 3.3.3 and 3.4.1 by updating version constants, mapping logic in the probe module, and including new kernel header files for the new versions.

  • Updates version constants and mapping loops in user/module/probe_openssl_lib.go.
  • Adds new kernel files kern/openssl_3_3_3_kern.c and kern/openssl_3_4_1_kern.c.
  • Adjusts script mappings for the new OpenSSL versions.

Reviewed Changes

Copilot reviewed 4 out of 7 changed files in this pull request and generated no comments.

File Description
user/module/probe_openssl_lib.go Updates constants and mapping loops to support OpenSSL 3.3.3/3.4.1.
kern/openssl_3_4_1_kern.c New file containing kernel offsets for OpenSSL 3.4.1.
kern/openssl_3_3_3_kern.c New file containing kernel offsets for OpenSSL 3.3.3.
Files not reviewed (3)
  • go.mod: Language not supported
  • utils/openssl_offset_3.3.sh: Language not supported
  • utils/openssl_offset_3.4.sh: Language not supported
Comments suppressed due to low confidence (1)

user/module/probe_openssl_lib.go:51

  • [nitpick] The constant name 'SupportedOpenSSL33Version2' may be unclear when juxtaposed with 'MaxSupportedOpenSSL33Version'. Consider renaming these constants (e.g., to 'MinSupportedOpenSSL33VersionForMapping' and 'MaxSupportedOpenSSL33Version') to clearly indicate their intended use in version mapping.
SupportedOpenSSL33Version2    = 2 // openssl 3.3.2

@github-actions GitHub Actions
Copy link

Failed to generate code suggestions for PR

@dosubot dosubot bot added the dependencies Pull requests that update a dependency file label Apr 24, 2025
@cfc4n cfc4n mentioned this pull request Apr 24, 2025
Closed
@rohitcoder
Copy link

I raised #770

#769 Won't generate .o bytecode files.

@cfc4n
Copy link
Member Author

cfc4n commented Apr 25, 2025
edited
Loading

Did PR #769 and #770 fix your issue #767?

@rohitcoder
Copy link

Hi @cfc4n

No, i am still facing same issue, i got a positive log like this

2025-04-26T15:47:17Z INF non-TLSv1.3 cipher suite found CLientRandom=86b542a06b702ad7cd2911c21a29773ebb1b8d476085dedbbd9d00f5a507edea CipherId=0
2025-04-26T15:47:17Z INF non-TLSv1.3 cipher suite found CLientRandom=86b542a06b702ad7cd2911c21a29773ebb1b8d476085dedbbd9d00f5a507edea CipherId=0
2025-04-26T15:47:17Z INF packets flushed count=36
2025-04-26T15:47:17Z INF CLIENT_RANDOM save success CLientRandom=86b542a06b702ad7cd2911c21a29773ebb1b8d476085dedbbd9d00f5a507edea TlsVersion=TLS1_3_VERSION bytes=938

Whenever i am sending curl https request but rquest/response aren't visible in pcapng file, i am attaching a sample pcapng file here

sample.pcapng.zip

I ran ecapture like this

command: ["/ecapture"]
args:
  - "tls"
  - "-m"
  - "pcapng"
  - "-i"
  - "eth0"
  - "-w"
  - "/data/abcd.pcapng"
  - "--ssl_version"
  - "openssl 3.3.3"

And in wireshark i can see plaintext response of curl lpu.in but for below request, i am not able to see in request and response in plaintext. However i see logs like 2025-04-26T15:47:17Z INF non-TLSv1.3 cipher suite found which wasn't happening before.

curl -X POST https://example.com/api \
  -H "Content-Type: application/json" \
  -d '{"name": "Alice", "email": "alice@example.com"}'

@cfc4n
Copy link
Member Author

cfc4n commented Apr 27, 2025
edited
Loading

Whenever i am sending curl https request but rquest/response aren't visible in pcapng file, i am attaching a sample pcapng file here

It looks like you may have misconfigured the network interface?

PS: I will merge the content of PR #770 here, but I will give you a co-author. Please provide your email address.

@rohitcoder
Copy link

Hi @cfc4n,

If the network interface was misconfigured, I believe ecapture wouldn’t have shown any logs or HTTPS SNIs at all, right? Also, I noticed that curl HTTP requests are getting captured — only the plaintext of HTTPS requests isn’t showing up.

Also, just curious — why do you need the email address for this PR contribution? I thought the GitHub profile would be sufficient.

@cfc4n
Copy link
Member Author

cfc4n commented Apr 28, 2025
edited
Loading

I couldn't find the key 86b542a06b702ad7cd2911c21a29773ebb1b8d476085dedbbd9d00f5a507edea in the provided sample.pcapng.zip. Therefore, this sample is incomplete, which makes troubleshooting much more challenging for me.

Also, please ensure that eCaptured is started before the HTTPS connection is established.

About co-authors, please refer to https://docs.github.com/en/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-with-multiple-authors

@cfc4n cfc4n mentioned this pull request Apr 30, 2025
Closed
@cfc4n
feat: add support for OpenSSL 3.3.3 and 3.4.1 in variables.mk
d831e49 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n cfc4n mentioned this pull request May 3, 2025
Closed
@cfc4n
feat: add support for OpenSSL 3.2.4 in kernel files and update versio…
ea46594 
…n mappings

fix: #771
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n cfc4n merged commit f57d3c0 into master May 3, 2025
5 checks passed
@cfc4n cfc4n deleted the support-openssl-3.3.3-and-3.4.1 branch May 3, 2025 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
🐞 bug Something isn't working dependencies Pull requests that update a dependency file enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Traffic not getting captured
2 participants
@cfc4n @rohitcoder