0

I am working on a research project that requests me to generate program dependency graphs of OpenSSL user data entry points(main files with connected function calls). I'm using frama-c because of ease of use. Ideally, I would like to mainly run, for example, frama-c -pdg -pdg-dot graph -pdg-print some_function_with_main.c but I get errors because of missing files and functions generated when created while running "make install". I downloaded the source and I can "make install" OpenSSL successfully on Ubuntu 16.04.1 LTS but a lot of operations are occurring in the "make install" operation. Is there a way I can just generate a compile-able c version of OpenSSL without having the reverse engineer the make file and source files?

-- More Information --

I figured out by looking a the "make" echoed out statements the approiprate .I files. An example is shown below

gcc  -I. -Icrypto/include -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/openssl\"" -DENGINESDIR="\"/usr/local/openssl/lib/engines-1.1\"" -Wall -O3 -pthread -m64 -DL_ENDIAN  -Wa,--noexecstack -fPIC -MMD -MF crypto/aes/aes_cfb.d.tmp -MT crypto/aes/aes_cfb.o -c -o crypto/aes/aes_cfb.o crypto/aes/aes_cfb.c

However, when trying to generate the pdg graphs with frama-c for aes_cfb.c, I get the error below.

[kernel] warning: no input file.
[kernel] Parsing FRAMAC_SHARE/libc/__fc_builtin_for_normalization.i (no preprocessing)
[kernel] user error: cannot find entry point `main'.
                 Please use option `-main' for specifying a valid entry point.
[kernel] Frama-C aborted: invalid user input

Of course, when I look at some of the c files. I noticed some of the main functions behind some lovely #ifdef statments which means when frama-c compiles the c file, there is no main. From a research stand point, I think it is unethical to modify the original c file. so I tried running command

frama-c -pdg -pdg-dot graph -pdg-print -cpp-command "gcc -c -I. -Icrypto/include -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/openssl\"" -DENGINESDIR="\"/usr/local/openssl/lib/engines-1.1\"" -Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack -fPIC -MMD -MF crypto/asn1/ameth_lib.d.tmp -MT crypto/asn1/ameth_lib.o -c -o crypto/asn1/ameth_lib.o crypto/asn1/ameth_lib.c"

and 

frama-c -pdg -pdg-dot graph -pdg-print -cpp-command "gcc -nostartfiles -I. -Icrypto/include -Iinclude -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/openssl\"" -DENGINESDIR="\"/usr/local/openssl/lib/engines-1.1\"" -Wall -O3 -pthread -m64 -DL_ENDIAN -Wa,--noexecstack -fPIC -MMD -MF crypto/asn1/ameth_lib.d.tmp -MT crypto/asn1/ameth_lib.o -c -o crypto/asn1/ameth_lib.o crypto/asn1/ameth_lib.c"

but I got the same issue. The key argument added above are -c and -nostartfiles.

Quentin Mayo
  • 390
  • 4
  • 11
  • Approaching from the OpenSSL side of things, you probably need to provide more information. How did you configure? Did you experience errors or warnings during `make`? What is the exact error during `make install`? – jww Oct 16 '16 at 21:25
  • There's not enough information here to provide a real answer, but generally speaking you should use Frama-C in the source directory of openssl. Once the program has been compiled once, the main issue is usually to collect all relevant `-I` and `-D` pre-processing options for each C file or generate `.i` pre-processed files with `gcc` and feed those `.i` files to Frama-C instead of `.c`. – Virgile Oct 17 '16 at 00:31
  • @Virgile I'm going to try your solution tonight – Quentin Mayo Oct 17 '16 at 01:38
  • @Virgile , I might be missing something but when I run glob2.glob('./openssl/**/*.i') , it returns 0. this means there is no ".i" files in the development source after running make. Did you mean a different file extension? – Quentin Mayo Oct 17 '16 at 01:44
  • No, I mean tweaking the Makefile to have it produce those `.i` files instead of normal compilation process. There is no bullet-proof method to do that, although adding a command along the lines of `$(CC) -C -E $(CFLAGS) -o $*.i $<` to an existing `%.o: %.c` might be a good first step. – Virgile Oct 17 '16 at 08:59

0 Answers0