From 19af845c7a891163f5657d38d37cfb5bc8916908 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=A1=8C=E6=97=85=E9=80=94?= <xliilQwQ@outlook.com>
Date: Fri, 8 Nov 2024 13:10:10 +0800
Subject: [PATCH] feat(user/module): add ossl version 3.4.0 support (#660)

fix  #656
---
 kern/openssl_3_4_0_kern.c        | 80 ++++++++++++++++++++++++++++++++
 user/module/probe_openssl_lib.go |  7 +++
 utils/openssl_3_2_0_offset.c     |  1 +
 utils/openssl_offset_3.4.sh      | 79 +++++++++++++++++++++++++++++++
 variables.mk                     |  1 +
 5 files changed, 168 insertions(+)
 create mode 100644 kern/openssl_3_4_0_kern.c
 create mode 100755 utils/openssl_offset_3.4.sh

diff --git a/kern/openssl_3_4_0_kern.c b/kern/openssl_3_4_0_kern.c
new file mode 100644
index 000000000..5ed667789
--- /dev/null
+++ b/kern/openssl_3_4_0_kern.c
@@ -0,0 +1,80 @@
+#ifndef ECAPTURE_OPENSSL_3_4_0_KERN_H
+#define ECAPTURE_OPENSSL_3_4_0_KERN_H
+
+/* OPENSSL_VERSION_TEXT: OpenSSL 3.4.0 22 Oct 2024 */
+/* OPENSSL_VERSION_NUMBER: 809500672 */
+
+// ssl_st->type
+#define SSL_ST_TYPE 0x0
+
+// ssl_connection_st->version
+#define SSL_CONNECTION_ST_VERSION 0x40
+
+// ssl_connection_st->session
+#define SSL_CONNECTION_ST_SESSION 0x880
+
+// ssl_connection_st->s3
+#define SSL_CONNECTION_ST_S3 0x118
+
+// ssl_connection_st->rbio
+#define SSL_CONNECTION_ST_RBIO 0x48
+
+// ssl_connection_st->wbio
+#define SSL_CONNECTION_ST_WBIO 0x50
+
+// ssl_connection_st->server
+#define SSL_CONNECTION_ST_SERVER 0x70
+
+// ssl_session_st->master_key
+#define SSL_SESSION_ST_MASTER_KEY 0x50
+
+// ssl_connection_st->s3.client_random
+#define SSL_CONNECTION_ST_S3_CLIENT_RANDOM 0x140
+
+// ssl_session_st->cipher
+#define SSL_SESSION_ST_CIPHER 0x2f8
+
+// ssl_session_st->cipher_id
+#define SSL_SESSION_ST_CIPHER_ID 0x300
+
+// ssl_cipher_st->id
+#define SSL_CIPHER_ST_ID 0x18
+
+// ssl_connection_st->handshake_secret
+#define SSL_CONNECTION_ST_HANDSHAKE_SECRET 0x53c
+
+// ssl_connection_st->handshake_traffic_hash
+#define SSL_CONNECTION_ST_HANDSHAKE_TRAFFIC_HASH 0x6bc
+
+// ssl_connection_st->client_app_traffic_secret
+#define SSL_CONNECTION_ST_CLIENT_APP_TRAFFIC_SECRET 0x6fc
+
+// ssl_connection_st->server_app_traffic_secret
+#define SSL_CONNECTION_ST_SERVER_APP_TRAFFIC_SECRET 0x73c
+
+// ssl_connection_st->exporter_master_secret
+#define SSL_CONNECTION_ST_EXPORTER_MASTER_SECRET 0x77c
+
+// bio_st->num
+#define BIO_ST_NUM 0x38
+
+// bio_st->method
+#define BIO_ST_METHOD 0x8
+
+// bio_method_st->type
+#define BIO_METHOD_ST_TYPE 0x0
+
+// quic_conn_st->tls
+#define QUIC_CONN_ST_TLS 0x40
+
+#define SSL_ST_VERSION SSL_CONNECTION_ST_VERSION
+
+#define SSL_ST_WBIO SSL_CONNECTION_ST_WBIO
+
+#define SSL_ST_RBIO SSL_CONNECTION_ST_RBIO
+
+
+#include "openssl.h"
+#include "openssl_masterkey_3.2.h"
+
+#endif
diff --git a/user/module/probe_openssl_lib.go b/user/module/probe_openssl_lib.go
index 32ea228d2..5a035ca8a 100644
--- a/user/module/probe_openssl_lib.go
+++ b/user/module/probe_openssl_lib.go
@@ -31,6 +31,7 @@ const (
 	Linuxdefaulefilename31  = "linux_default_3_0"
 	Linuxdefaulefilename320 = "linux_default_3_2"
 	Linuxdefaulefilename330 = "linux_default_3_3"
+	Linuxdefaulefilename340 = "linux_default_3_4"
 	AndroidDefauleFilename  = "android_default"
 
 	OpenSslVersionLen = 30 // openssl version string length
@@ -46,6 +47,7 @@ const (
 	MaxSupportedOpenSSL32Version  = 3 // openssl 3.2.3 ~ newer
 	SupportedOpenSSL33Version1    = 1 // openssl 3.3.0 ~ 3.3.1
 	MaxSupportedOpenSSL33Version  = 2 // openssl 3.3.2
+	SupportedOpenSSL34Version0    = 0 // openssl 3.4.0
 )
 
 // initOpensslOffset initial BpfMap
@@ -128,6 +130,11 @@ func (m *MOpenSSLProbe) initOpensslOffset() {
 		m.sslVersionBpfMap[fmt.Sprintf("openssl 3.3.%d", ch)] = "openssl_3_3_2_kern.o"
 	}
 
+	// openssl 3.4.0
+	for ch := 0; ch <= SupportedOpenSSL34Version0; ch++ {
+		m.sslVersionBpfMap[fmt.Sprintf("openssl 3.4.%d", ch)] = "openssl_3_4_0_kern.o"
+	}
+
 	// openssl 1.1.0a - 1.1.0l
 	for ch := 'a'; ch <= MaxSupportedOpenSSL110Version; ch++ {
 		m.sslVersionBpfMap["openssl 1.1.0"+string(ch)] = "openssl_1_1_0a_kern.o"
diff --git a/utils/openssl_3_2_0_offset.c b/utils/openssl_3_2_0_offset.c
index 3e44b864a..cce9625a3 100644
--- a/utils/openssl_3_2_0_offset.c
+++ b/utils/openssl_3_2_0_offset.c
@@ -4,6 +4,7 @@
 #include <ssl/ssl_local.h>
 #include <stddef.h>
 #include <stdio.h>
+#include <ctype.h>
 
 #define SSL_STRUCT_OFFSETS                          \
     X(ssl_st, type)                                 \
diff --git a/utils/openssl_offset_3.4.sh b/utils/openssl_offset_3.4.sh
new file mode 100755
index 000000000..bd965a89c
--- /dev/null
+++ b/utils/openssl_offset_3.4.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+set -e
+
+PROJECT_ROOT_DIR=$(pwd)
+OPENSSL_DIR="${PROJECT_ROOT_DIR}/deps/openssl"
+OUTPUT_DIR="${PROJECT_ROOT_DIR}/kern"
+
+if [[ ! -f "go.mod" ]]; then
+  echo "Run the script from the project root directory"
+  exit 1
+fi
+
+echo "check file exists: ${OPENSSL_DIR}/.git"
+# skip cloning if the header file of the max supported version is already generated
+if [[ ! -f "${OPENSSL_DIR}/.git" ]]; then
+  echo "check directory exists: ${OPENSSL_DIR}"
+  # skip cloning if the openssl directory already exists
+  if [[ ! -d "${OPENSSL_DIR}" ]]; then
+    echo "git clone openssl to ${OPENSSL_DIR}"
+    git clone https://github.com/openssl/openssl.git ${OPENSSL_DIR}
+  fi
+fi
+
+# openssl 3.3.*/3.4.* 跟 3.2.* 的offset一致。
+function run() {
+  git fetch --tags
+  cp -f ${PROJECT_ROOT_DIR}/utils/openssl_3_2_0_offset.c ${OPENSSL_DIR}/offset.c
+  declare -A sslVerMap=()
+  sslVerMap["0"]="0"
+#  sslVerMap["1"]="0"
+#  sslVerMap["2"]="2"
+
+  # shellcheck disable=SC2068
+  for ver in ${!sslVerMap[@]}; do
+    tag="openssl-3.4.${ver}"
+    val=${sslVerMap[$ver]}
+    header_file="${OUTPUT_DIR}/openssl_3_4_${val}_kern.c"
+    header_define="OPENSSL_3_4_$(echo ${val} | tr "[:lower:]" "[:upper:]")_KERN_H"
+
+    if [[ -f ${header_file} ]]; then
+      echo "Skip ${header_file}"
+      continue
+    fi
+    echo "git checkout ${tag}"
+    git checkout ${tag}
+    echo "Generating ${header_file}"
+
+
+    # ./Configure and make openssl/opensslconf.h
+    ./Configure
+    make clean
+    make build_generated
+
+
+    clang -I /usr/include -I include/ -I . offset.c -o offset
+
+    echo -e "#ifndef ECAPTURE_${header_define}" >${header_file}
+    echo -e "#define ECAPTURE_${header_define}\n" >>${header_file}
+    ./offset >>${header_file}
+    echo -e "#define SSL_ST_VERSION SSL_CONNECTION_ST_VERSION\n" >>${header_file}
+    echo -e "#define SSL_ST_WBIO SSL_CONNECTION_ST_WBIO\n" >>${header_file}
+    echo -e "#define SSL_ST_RBIO SSL_CONNECTION_ST_RBIO\n" >>${header_file}
+    echo -e "\n#include \"openssl.h\"" >>${header_file}
+    echo -e "#include \"openssl_masterkey_3.2.h\"" >>${header_file}
+    echo -e "\n#endif" >>${header_file}
+
+    # clean up
+    make clean
+
+  done
+
+  rm offset.c
+}
+
+# TODO Check if the directory for OpenSSL exists
+pushd ${OPENSSL_DIR}
+(run)
+[[ "$?" != 0 ]] && popd
+popd
diff --git a/variables.mk b/variables.mk
index 2fa62f383..524539427 100644
--- a/variables.mk
+++ b/variables.mk
@@ -200,6 +200,7 @@ TARGETS += kern/openssl_3_2_0
 TARGETS += kern/openssl_3_2_3
 TARGETS += kern/openssl_3_3_0
 TARGETS += kern/openssl_3_3_2
+TARGETS += kern/openssl_3_4_0
 TARGETS += kern/gotls
 
 ifeq ($(ANDROID),0)