adulau/ssldump
1
0
Fork 0
mirror of https://github.com/adulau/ssldump.git synced 2024-09-18 08:46:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #38 from wllm-rbnt/warnings

Browse source 
Code cleanup
This commit is contained in:
Alexandre Dulaunoy 2020-10-07 08:06:29 +02:00 committed by GitHub
commit 7505cc1808
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 167 additions and 195 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
base/network.c
View file

@ -78,7 +78,7 @@ int network_handler_create(mod,handlerp)
if(!(handler=(n_handler *)malloc(sizeof(n_handler))))
ABORT(R_NO_MEMORY);
if(mod->vtbl->create_ctx){
if(r=mod->vtbl->create_ctx(mod->handle,&handler->ctx))
if((r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)))
ABORT(r);
}
handler->mod=mod;
@ -147,7 +147,7 @@ int network_process_packet(handler,timestamp,data,length)
switch(p.ip->ip_p){
case IPPROTO_TCP:
if(r=process_tcp_packet(handler->mod,handler->ctx,&p))
if((r=process_tcp_packet(handler->mod,handler->ctx,&p)))
ERETURN(r);
break;
}

4
base/pcap-snoop.c
View file

@ -244,7 +244,7 @@ void pcap_cb(ptr,hdr,data)
if(packet_cnt == conn_freq) {
packet_cnt = 0;
memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval));
if(cleaned_conn = clean_old_conn())
if((cleaned_conn = clean_old_conn()))
printf("%d inactive connection(s) cleaned from connection pool\n", cleaned_conn);
} else {
packet_cnt++;
@ -453,7 +453,7 @@ int main(argc,argv)
if(NET_print_flags & NET_PRINT_TYPESET)
printf("\n.nf\n.ps -2\n");
if(r=network_handler_create(mod,&n))
if((r=network_handler_create(mod,&n)))
err_exit("Couldn't create network handler",r);
pcap_loop(p,-1,pcap_cb,(u_char *)n);

4
base/proto_mod.c
View file

@ -60,8 +60,8 @@ int create_proto_handler(mod,ctx,handlerp,conn,first_packet)
if(!(handler=(proto_handler *)calloc(1,sizeof(proto_handler))))
ABORT(R_NO_MEMORY);
handler->vtbl=mod->vtbl;
if(r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj,
&conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet))
if((r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj,
&conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet)))
ABORT(r);
*handlerp=handler;

22
base/tcpconn.c
View file

@ -70,13 +70,8 @@ static int zero_conn(conn)
return(0);
}
int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport)
tcp_conn **connp;
int *directionp;
struct in_addr *saddr;
u_short sport;
struct in_addr *daddr;
u_short dport;
int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr,
u_short sport, struct in_addr *daddr, u_short dport)
{
conn_struct *conn;
@ -106,12 +101,8 @@ int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport)
return(R_NOT_FOUND);
}
int tcp_create_conn(connp,i_addr,i_port,r_addr,r_port)
tcp_conn **connp;
struct in_addr *i_addr;
u_short i_port;
struct in_addr *r_addr;
u_short r_port;
int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr,
u_short i_port, struct in_addr *r_addr, u_short r_port)
{
conn_struct *conn=0;
@ -189,8 +180,7 @@ int clean_old_conn() {
}
int destroy_all_conn() {
conn_struct *conn;
int i = 0,r;
int i = 0;
while(first_conn) {
i++;
tcp_destroy_conn(&first_conn->conn);
@ -225,7 +215,7 @@ int copy_tcp_segment_queue(out,in)
ABORT(R_NO_MEMORY);
if(!base) base=*out;
if(r=packet_copy(in->p,&(*out)->p))
if((r=packet_copy(in->p,&(*out)->p)))
ABORT(r);
out=&(*out)->next; /* Move the pointer we're assigning to */
}

29
base/tcppack.c
View file

@ -85,8 +85,8 @@ int process_tcp_packet(handler,ctx,p)
print_tcp_packet(p);
if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src,
ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){
if((r=tcp_find_conn(&conn,&direction,&p->ip->ip_src,
ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport)))){
if(r!=R_NOT_FOUND)
ABORT(r);
@ -95,7 +95,7 @@ int process_tcp_packet(handler,ctx,p)
return(0);
}
if(r=new_connection(handler,ctx,p,&conn))
if((r=new_connection(handler,ctx,p,&conn)))
ABORT(r);
return(0);
}
@ -146,12 +146,9 @@ int process_tcp_packet(handler,ctx,p)
case TCP_STATE_ESTABLISHED:
case TCP_STATE_FIN1:
{
UINT4 length;
if(p->tcp->th_flags & TH_SYN)
break;
length=p->len - (p->tcp->th_off * 4);
if(r=process_data_segment(conn,handler,p,stream,direction))
if((r=process_data_segment(conn,handler,p,stream,direction)))
ABORT(r);
}
break;
@ -179,16 +176,16 @@ static int new_connection(handler,ctx,p,connp)
tcp_conn *conn=0;
if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) {
if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport),
&p->ip->ip_dst,ntohs(p->tcp->th_dport)))
if((r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport),
&p->ip->ip_dst,ntohs(p->tcp->th_dport))))
ABORT(r);
DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
conn->state=TCP_STATE_SYN1;
} else { // SYN&ACK comes first somehow
if(r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport),
&p->ip->ip_src,ntohs(p->tcp->th_sport)))
if((r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport),
&p->ip->ip_src,ntohs(p->tcp->th_sport))))
ABORT(r);
DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
@ -197,7 +194,7 @@ static int new_connection(handler,ctx,p,connp)
}
memcpy(&conn->start_time,&p->ts,sizeof(struct timeval));
memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval));
if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts))
if((r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)))
ABORT(r);
*connp=conn;
@ -269,7 +266,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
if(acked && !l){
/*
if(r=timestamp_diff(&p->ts,&conn->start_time,&dt))
if((r=timestamp_diff(&p->ts,&conn->start_time,&dt)))
ERETURN(r);
printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
if(direction == DIR_R2I)
@ -302,7 +299,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
if(!(nseg=(segment *)calloc(1,sizeof(segment))))
ABORT(R_NO_MEMORY);
if(r=packet_copy(p,&nseg->p))
if((r=packet_copy(p,&nseg->p)))
ABORT(r);
nseg->s_seq=seq;
@ -370,7 +367,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
stream->seq=seg->s_seq + seg->len;
DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) {
if((r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction))) {
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
ABORT(r);
}
@ -378,7 +375,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
if(stream->close){
DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) {
if((r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction))) {
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
ABORT(r);
}

8
common/lib/r_assoc.c
View file

@ -173,7 +173,7 @@ static int copy_assoc_chain(newp,old)
ptr->copy=old->copy;
if(old->copy){
if(r=old->copy(&ptr->data,old->data))
if((r=old->copy(&ptr->data,old->data)))
ABORT(r);
}
else
@ -224,7 +224,7 @@ int r_assoc_fetch(assoc,key,len,datap)
r_assoc_el *bucket;
int r;
if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){
if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){
if(r!=R_NOT_FOUND)
ERETURN(r);
return(r);
@ -246,7 +246,7 @@ int r_assoc_insert(assoc,key,len,data,copy,destroy,how)
r_assoc_el *bucket,*new_bucket=0;
int r,_status;
if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){
if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){
/*Note that we compute the hash value twice*/
UINT4 hash_value;
@ -304,7 +304,7 @@ int r_assoc_copy(newp,old)
if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size)))
ABORT(R_NO_MEMORY);
for(i=0;i<new->size;i++){
if(r=copy_assoc_chain(new->chains+i,old->chains[i]))
if((r=copy_assoc_chain(new->chains+i,old->chains[i])))
ABORT(R_NO_MEMORY);
}
*newp=new;

14
null/null_analyze.c
View file

@ -59,17 +59,9 @@ static int create_null_analyzer PROTO_LIST((void *handle,
struct in_addr *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
static int create_null_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
base_time)
void *handle;
proto_ctx *ctx;
tcp_conn *conn;
proto_obj **objp;
struct in_addr *i_addr;
u_short i_port;
struct in_addr *r_addr;
u_short r_port;
struct timeval *base_time;
static int create_null_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
u_short r_port, struct timeval *base_time)
{
null_analyzer *obj=0;
static int ctr;

23
ssl/ssl.enums.c
View file

@ -433,7 +433,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
int r;
printf("\n");
ssl_update_handshake_messages(ssl,data);
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0);
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-((1<<15)-1),P_HL,data,0);
return(0);
}
@ -455,7 +455,7 @@ static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data)
case KEX_RSA:
if(ssl->version > 768) {
SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1),
SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-((1<<15)-1),
P_ND,data,&pms);
}
@ -2521,8 +2521,8 @@ static int decode_extension_server_name(ssl,dir,seg,data)
segment *seg;
Data *data;
{
UINT4 t;
int l,r,p;
UINT4 t,l;
int r,p;
extern decoder server_name_type_decoder[];
@ -2557,7 +2557,8 @@ static int decode_extension_encrypt_then_mac(ssl,dir,seg,data)
segment *seg;
Data *data;
{
int l,r,*etm;
int r,*etm;
UINT4 l;
etm=&ssl->extensions->encrypt_then_mac;
@ -2574,7 +2575,8 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data)
segment *seg;
Data *data;
{
int l,r,*ems;
int r,*ems;
UINT4 l;
ems=&ssl->extensions->extended_master_secret;
@ -2591,7 +2593,8 @@ static int decode_extension(ssl,dir,seg,data)
segment *seg;
Data *data;
{
int l,r;
int r;
UINT4 l;
SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
data->len-=l;
data->data+=l;
@ -2670,7 +2673,8 @@ static int decode_server_name_type_host_name(ssl,dir,seg,data)
segment *seg;
Data *data;
{
int l,r;
int r;
UINT4 l;
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
printf(": %.*s",l,data->data);
@ -2697,7 +2701,8 @@ static int decode_server_name(ssl,dir,seg,data)
segment *seg;
Data *data;
{
int l,r;
int r;
UINT4 l;
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
data->len-=l;
data->data+=l;

35
ssl/ssl_analyze.c
View file

@ -187,7 +187,7 @@ static int parse_ssl_flags(str)
y=str;
while(x=strtok(y,",")){
while((x=strtok(y,","))){
y=0;
if(*x=='!'){
@ -218,7 +218,7 @@ static int create_ssl_ctx(handle,ctxp)
ssl_decode_ctx *ctx=0;
int r,_status;
if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile))
if((r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile)))
ABORT(r);
*ctxp=(proto_ctx *)ctx;
@ -227,16 +227,9 @@ static int create_ssl_ctx(handle,ctxp)
return(_status);
}
static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,base_time)
void *handle;
proto_ctx *ctx;
tcp_conn *conn;
proto_obj **objp;
struct in_addr *i_addr;
u_short i_port;
struct in_addr *r_addr;
u_short r_port;
struct timeval *base_time;
static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
u_short r_port, struct timeval *base_time)
{
int r,_status;
ssl_obj *obj=0;
@ -247,9 +240,9 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
obj->ssl_ctx=(ssl_decode_ctx *)ctx;
obj->conn=conn;
if(r=create_r_queue(&obj->r2i_queue))
if((r=create_r_queue(&obj->r2i_queue)))
ABORT(r);
if(r=create_r_queue(&obj->i2r_queue))
if((r=create_r_queue(&obj->i2r_queue)))
ABORT(r);
lookuphostname(i_addr,&obj->client_name);
@ -263,7 +256,7 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
memcpy(&obj->time_start,base_time,sizeof(struct timeval));
memcpy(&obj->time_last,base_time,sizeof(struct timeval));
if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx))
if((r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)))
ABORT(r);
if (!(obj->extensions=malloc(sizeof(ssl_extensions))))
@ -354,7 +347,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp)
if (SSL_HEADER_SIZE<q->len)
ABORT(-1);
q->read_left=SSL_HEADER_SIZE-q->len;
if(r=read_data(q,seg,offset,&last,&offset))
if((r=read_data(q,seg,offset,&last,&offset)))
ABORT(r);
q->state=SSL_READ_HEADER;
@ -386,7 +379,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp)
q->read_left=rec_len;
case SSL_READ_HEADER:
if(r=read_data(q,last,offset,&last,&offset))
if((r=read_data(q,last,offset,&last,&offset)))
ABORT(r);
break;
default:
@ -436,7 +429,7 @@ static int read_data(q,seg,offset,lastp,offsetp)
};
if(q->read_left){
if(r=copy_tcp_segment_queue(&q->q,seg))
if((r=copy_tcp_segment_queue(&q->q,seg)))
ABORT(r);
return(SSL_NO_DATA);
}
@ -513,7 +506,7 @@ static int data_ssl_analyzer(_obj,seg,direction)
ssl->direction=direction;
if(r=print_ssl_record(ssl,direction,assembled,q->data,q->len))
if((r=print_ssl_record(ssl,direction,assembled,q->data,q->len)))
ABORT(r);
/*Now reset things, so we can read another record*/
@ -545,9 +538,7 @@ static int print_ssl_header(obj,direction,q,data,len)
int len;
{
int ct=0;
int r;
segment *s;
struct timeval dt;
ssl_print_record_num(obj);
@ -576,7 +567,7 @@ static int print_ssl_record(obj,direction,q,data,len)
{
int r;
if(r=print_ssl_header(obj,direction,q,data,len))
if((r=print_ssl_header(obj,direction,q,data,len)))
ERETURN(r);
ssl_expand_record(obj,q,direction,data,len);

2
ssl/ssl_h.h
View file

@ -77,7 +77,7 @@ typedef struct ssl_obj_ {
int r_state;
int i_state;
int version;
int cipher_suite;
UINT4 cipher_suite;
char *client_name;
int client_port;

18
ssl/ssl_rec.c
View file

@ -127,14 +127,14 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv)
dec->cs=cs;
if(r=r_data_alloc(&dec->mac_key,cs->dig_len))
if((r=r_data_alloc(&dec->mac_key,cs->dig_len)))
ABORT(r);
if(r=r_data_alloc(&dec->implicit_iv,cs->block))
if((r=r_data_alloc(&dec->implicit_iv,cs->block)))
ABORT(r);
memcpy(dec->implicit_iv->data,iv,cs->block);
if(r=r_data_create(&dec->write_key,sk,cs->eff_bits/8))
if((r=r_data_create(&dec->write_key,sk,cs->eff_bits/8)))
ABORT(r);
/*
@ -203,7 +203,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
#ifdef OPENSSL
int pad;
int r,encpadl,x;
UCHAR *mac,*iv,aead_tag[13],aead_nonce[12];
UCHAR *mac,aead_tag[13],aead_nonce[12];
CRDUMP("Ciphertext",in,inl);
if(IS_AEAD_CIPHER(d->cs)){
@ -273,12 +273,12 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
ERETURN(SSL_BAD_MAC);
}
if(r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac))
if((r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac)))
ERETURN(r);
}
else
if(r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac))
if((r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac)))
ERETURN(r);
}
@ -302,7 +302,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
/* Now check the MAC */
if(ssl->version==0x300){
if(r=ssl3_check_mac(d,ct,version,out,*outl,mac))
if((r=ssl3_check_mac(d,ct,version,out,*outl,mac)))
ERETURN(r);
}
else{
@ -319,7 +319,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
ERETURN(SSL_BAD_MAC);
}
}
if(r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac))
if((r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac)))
ERETURN(r);
}
}
@ -363,7 +363,7 @@ static int tls_check_mac(d,ct,ver,data,datalen,iv,ivlen,mac)
UCHAR buf[128];
md=EVP_get_digestbyname(digests[d->cs->dig-0x40]);
HMAC_Init(hm,d->mac_key->data,d->mac_key->len,md);
HMAC_Init_ex(hm,d->mac_key->data,d->mac_key->len,md,NULL);
fmt_seq(d->seq,buf);
d->seq++;

3
ssl/ssl_rec.h
View file

@ -55,6 +55,9 @@ int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp,
int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d,
int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl));
int ssl3_check_mac(ssl_rec_decoder *d, int ct, int ver, UCHAR *data,
UINT4 datalen, UCHAR *mac);
#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c)
#endif

140
ssl/ssldecode.c
View file

@ -141,7 +141,7 @@ int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile)
{
#ifdef OPENSSL
ssl_decode_ctx *d=0;
int r,_status;
int _status;
SSL_library_init();
OpenSSL_add_all_algorithms();
@ -249,7 +249,7 @@ int ssl_set_client_random(d,msg,len)
#ifdef OPENSSL
int r;
if(r=r_data_create(&d->client_random,msg,len))
if((r=r_data_create(&d->client_random,msg,len)))
ERETURN(r);
#endif
return(0);
@ -263,7 +263,7 @@ int ssl_set_server_random(d,msg,len)
#ifdef OPENSSL
int r;
if(r=r_data_create(&d->server_random,msg,len))
if((r=r_data_create(&d->server_random,msg,len)))
ERETURN(r);
#endif
return(0);
@ -278,7 +278,7 @@ int ssl_set_client_session_id(d,msg,len)
int r;
if(len>0)
if(r=r_data_create(&d->session_id,msg,len))
if((r=r_data_create(&d->session_id,msg,len)))
ERETURN(r);
#endif
return(0);
@ -300,13 +300,13 @@ int ssl_process_server_session_id(ssl,d,msg,len)
/* First check to see if the client tried to restore */
if(d->session_id){
/* Now check to see if we restored */
if(r_data_compare(&idd,d->session_id))
goto abort;
if((r=r_data_compare(&idd,d->session_id)))
ABORT(r);
/* Now try to look up the session. We may not be able
to find it if, for instance, the original session
was initiated with something other than static RSA */
if(r=ssl_restore_session(ssl,d))
if((r=ssl_restore_session(ssl,d)))
ABORT(r);
restored=1;
@ -420,7 +420,7 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d)
if(!(out=(UCHAR *)malloc(d->len)))
ABORT(R_NO_MEMORY);
if(r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl)){
if((r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl))){
ABORT(r);
}
@ -459,7 +459,7 @@ int ssl_update_handshake_messages(ssl,data)
hms->len+=l;
}
else{
if(r=r_data_create(&hms,d,l))
if((r=r_data_create(&hms,d,l)))
ERETURN(r);
ssl->decoder->handshake_messages=hms;
}
@ -477,7 +477,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
{
UCHAR *key=0;
UINT4 l;
int r,_status;
int _status;
l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */
@ -490,7 +490,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
key+=idlen;
snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port);
*keyl+=strlen(key);
*keyl+=strlen((char *)key);
_status=0;
abort:
@ -509,15 +509,15 @@ int ssl_restore_session(ssl,d)
int lookup_key_len;
int r,_status;
#ifdef OPENSSL
if(r=ssl_create_session_lookup_key(ssl,
if((r=ssl_create_session_lookup_key(ssl,
d->session_id->data,d->session_id->len,&lookup_key,
&lookup_key_len))
(UINT4 *) &lookup_key_len)))
ABORT(r);
if(r=r_assoc_fetch(d->ctx->session_cache,lookup_key,lookup_key_len,
&msv))
if((r=r_assoc_fetch(d->ctx->session_cache,(char *) lookup_key,lookup_key_len,
&msv)))
ABORT(r);
msd=(Data *)msv;
if(r=r_data_create(&d->MS,msd->data,msd->len))
if((r=r_data_create(&d->MS,msd->data,msd->len)))
ABORT(r);
CRDUMPD("Restored MS",d->MS);
@ -526,7 +526,7 @@ int ssl_restore_session(ssl,d)
case TLSV1_VERSION:
case TLSV11_VERSION:
case TLSV12_VERSION:
if(r=ssl_generate_keying_material(ssl,d))
if((r=ssl_generate_keying_material(ssl,d)))
ABORT(r);
break;
default:
@ -550,20 +550,19 @@ int ssl_save_session(ssl,d)
{
#ifdef OPENSSL
UCHAR *lookup_key=0;
void *msv;
Data *msd=0;
int lookup_key_len;
int r,_status;
if(r=ssl_create_session_lookup_key(ssl,d->session_id->data,
if((r=ssl_create_session_lookup_key(ssl,d->session_id->data,
d->session_id->len,&lookup_key,
&lookup_key_len))
(UINT4 *) &lookup_key_len)))
ABORT(r);
if(r=r_data_create(&msd,d->MS->data,d->MS->len))
if((r=r_data_create(&msd,d->MS->data,d->MS->len)))
ABORT(r);
if(r=r_assoc_insert(d->ctx->session_cache,lookup_key,lookup_key_len,
if((r=r_assoc_insert(d->ctx->session_cache,(char *)lookup_key,lookup_key_len,
(void *)msd,0,(int (*)(void *))r_data_zfree,
R_ASSOC_NEW | R_ASSOC_REPLACE))
R_ASSOC_NEW | R_ASSOC_REPLACE)))
ABORT(r);
_status=0;
@ -614,7 +613,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
return(-1);
RSA_get0_key(EVP_PKEY_get0_RSA(pk), &n, NULL, NULL);
if(r=r_data_alloc(&d->PMS,BN_num_bytes(n)))
if((r=r_data_alloc(&d->PMS,BN_num_bytes(n))))
ABORT(r);
i=RSA_private_decrypt(len,msg,d->PMS->data,
@ -633,7 +632,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
case TLSV1_VERSION:
case TLSV11_VERSION:
case TLSV12_VERSION:
if(r=ssl_generate_keying_material(ssl,d))
if((r=ssl_generate_keying_material(ssl,d)))
ABORT(r);
break;
default:
@ -642,7 +641,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
/* Now store the data in the session cache */
if(r=ssl_save_session(ssl,d))
if((r=ssl_save_session(ssl,d)))
ABORT(r);
_status=0;
@ -678,12 +677,12 @@ static int tls_P_hash(ssl,secret,seed,md,out)
A_l=seed->len;
while(left){
HMAC_Init(hm,secret->data,secret->len,md);
HMAC_Init_ex(hm,secret->data,secret->len,md,NULL);
HMAC_Update(hm,A,A_l);
HMAC_Final(hm,_A,&A_l);
A=_A;
HMAC_Init(hm,secret->data,secret->len,md);
HMAC_Init_ex(hm,secret->data,secret->len,md,NULL);
HMAC_Update(hm,A,A_l);
HMAC_Update(hm,seed->data,seed->len);
HMAC_Final(hm,tmp,&tmp_l);
@ -716,11 +715,11 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out)
Data *S1=0,*S2=0;
int i,S_l;
if(r=r_data_alloc(&md5_out,MAX(out->len,16)))
if((r=r_data_alloc(&md5_out,MAX(out->len,16))))
ABORT(r);
if(r=r_data_alloc(&sha_out,MAX(out->len,20)))
if((r=r_data_alloc(&sha_out,MAX(out->len,20))))
ABORT(r);
if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len))
if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)))
ABORT(r);
ptr=seed->data;
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
@ -729,18 +728,18 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out)
S_l=secret->len/2 + secret->len%2;
if(r=r_data_alloc(&S1,S_l))
if((r=r_data_alloc(&S1,S_l)))
ABORT(r);
if(r=r_data_alloc(&S2,S_l))
if((r=r_data_alloc(&S2,S_l)))
ABORT(r);
memcpy(S1->data,secret->data,S_l);
memcpy(S2->data,secret->data + (secret->len - S_l),S_l);
if(r=tls_P_hash
(ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out))
if((r=tls_P_hash
(ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out)))
ABORT(r);
if(r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out))
if((r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out)))
ABORT(r);
@ -775,9 +774,9 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
UCHAR *ptr;
int i, dgi;
if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */
if((r=r_data_alloc(&sha_out,MAX(out->len,64)))) /* assume max SHA512 */
ABORT(r);
if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len))
if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)))
ABORT(r);
ptr=seed->data;
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
@ -792,7 +791,7 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
digests[dgi]));
ERETURN(SSL_BAD_MAC);
}
if(r=tls_P_hash(ssl,secret,seed,md,sha_out))
if((r=tls_P_hash(ssl,secret,seed,md,sha_out)))
ABORT(r);
for(i=0;i<out->len;i++)
@ -886,10 +885,10 @@ static int ssl3_prf(ssl,secret,usage,r1,r2,out)
MD5_Update(&md5,secret->data,secret->len);
MD5_Update(&md5,buf,20);
MD5_Final(outbuf,&md5);
MD5_Final((unsigned char *)outbuf,&md5);
tocpy=MIN(out->len-off,16);
memcpy(out->data+off,outbuf,tocpy);
CRDUMP("MD5 out",outbuf,16);
CRDUMP("MD5 out",(UCHAR *)outbuf,16);
MD5_Init(&md5);
}
@ -909,21 +908,21 @@ static int ssl_generate_keying_material(ssl,d)
UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL;
if(!d->MS){
if(r=r_data_alloc(&d->MS,48))
if((r=r_data_alloc(&d->MS,48)))
ABORT(r);
if (ssl->extensions->extended_master_secret==2) {
if(r=ssl_generate_session_hash(ssl,d))
if((r=ssl_generate_session_hash(ssl,d)))
ABORT(r);
temp.len=0;
if(r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp,
d->MS))
if((r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp,
d->MS)))
ABORT(r);
}
else
if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random,
d->MS))
if((r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random,
d->MS)))
ABORT(r);
CRDUMPD("MS",d->MS);
@ -937,10 +936,10 @@ static int ssl_generate_keying_material(ssl,d)
if(ssl->cs->block>1) needed+=ssl->cs->block*2;
if(r=r_data_alloc(&key_block,needed))
if((r=r_data_alloc(&key_block,needed)))
ABORT(r);
if(r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random,
key_block))
if((r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random,
key_block)))
ABORT(r);
ptr=key_block->data;
@ -960,7 +959,6 @@ static int ssl_generate_keying_material(ssl,d)
if(ssl->cs->export){
Data iv_c,iv_s;
Data c_iv_d,s_iv_d;
Data key_c,key_s;
Data k;
@ -969,11 +967,11 @@ static int ssl_generate_keying_material(ssl,d)
ATTACH_DATA(iv_s,_iv_s);
if(ssl->version==SSLV3_VERSION){
if(r=ssl3_generate_export_iv(ssl,d->client_random,
d->server_random,&iv_c))
if((r=ssl3_generate_export_iv(ssl,d->client_random,
d->server_random,&iv_c)))
ABORT(r);
if(r=ssl3_generate_export_iv(ssl,d->server_random,
d->client_random,&iv_s))
if((r=ssl3_generate_export_iv(ssl,d->server_random,
d->client_random,&iv_s)))
ABORT(r);
}
else{
@ -991,8 +989,8 @@ static int ssl_generate_keying_material(ssl,d)
ATTACH_DATA(iv_block,_iv_block);
if(r=PRF(ssl,&key_null,"IV block",d->client_random,
d->server_random,&iv_block))
if((r=PRF(ssl,&key_null,"IV block",d->client_random,
d->server_random,&iv_block)))
ABORT(r);
memcpy(_iv_c,iv_block.data,8);
@ -1024,13 +1022,13 @@ static int ssl_generate_keying_material(ssl,d)
ATTACH_DATA(key_c,_key_c);
ATTACH_DATA(key_s,_key_s);
INIT_DATA(k,c_wk,ssl->cs->eff_bits/8);
if(r=PRF(ssl,&k,"client write key",d->client_random,d->server_random,
&key_c))
if((r=PRF(ssl,&k,"client write key",d->client_random,d->server_random,
&key_c)))
ABORT(r);
c_wk=_key_c;
INIT_DATA(k,s_wk,ssl->cs->eff_bits/8);
if(r=PRF(ssl,&k,"server write key",d->client_random,d->server_random,
&key_s))
if((r=PRF(ssl,&k,"server write key",d->client_random,d->server_random,
&key_s)))
ABORT(r);
s_wk=_key_s;
}
@ -1046,11 +1044,11 @@ static int ssl_generate_keying_material(ssl,d)
CRDUMP("Server Write IV",s_iv,ssl->cs->block);
}
if(r=ssl_create_rec_decoder(&d->c_to_s_n,
ssl->cs,c_mk,c_wk,c_iv))
if((r=ssl_create_rec_decoder(&d->c_to_s_n,
ssl->cs,c_mk,c_wk,c_iv)))
ABORT(r);
if(r=ssl_create_rec_decoder(&d->s_to_c_n,
ssl->cs,s_mk,s_wk,s_iv))
if((r=ssl_create_rec_decoder(&d->s_to_c_n,
ssl->cs,s_mk,s_wk,s_iv)))
ABORT(r);
@ -1070,9 +1068,9 @@ static int ssl_generate_session_hash(ssl,d)
int r,_status,dgi;
unsigned int len;
const EVP_MD *md;
HMAC_CTX *dgictx = HMAC_CTX_new();
EVP_MD_CTX *dgictx = EVP_MD_CTX_create();
if(r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE))
if((r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE)))
ABORT(r);
switch(ssl->version){
@ -1086,7 +1084,7 @@ static int ssl_generate_session_hash(ssl,d)
EVP_DigestInit(dgictx,md);
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
EVP_DigestFinal(dgictx,d->session_hash->data,&d->session_hash->len);
EVP_DigestFinal(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len);
break;
case SSLV3_VERSION:
@ -1094,7 +1092,7 @@ static int ssl_generate_session_hash(ssl,d)
case TLSV11_VERSION:
EVP_DigestInit(dgictx,EVP_get_digestbyname("MD5"));
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
EVP_DigestFinal_ex(dgictx,d->session_hash->data,&d->session_hash->len);
EVP_DigestFinal_ex(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len);
EVP_DigestInit(dgictx,EVP_get_digestbyname("SHA1"));
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
@ -1114,7 +1112,7 @@ static int ssl_generate_session_hash(ssl,d)
static int ssl_read_key_log_file(d)
ssl_decoder *d;
{
int r,_status,dgi,n,i;
int r,_status,n,i;
unsigned int t;
size_t l=0;
char *line,*label_data;
@ -1133,7 +1131,7 @@ static int ssl_read_key_log_file(d)
if(STRNICMP(line+14,label_data,64))
continue;
if(r=r_data_alloc(&d->MS,48))
if((r=r_data_alloc(&d->MS,48)))
ABORT(r);
for(i=0; i < d->MS->len; i++) {

32
ssl/sslprint.c
View file

@ -65,8 +65,6 @@ int process_beginning_plaintext(ssl,seg,direction)
int direction;
{
Data d;
int r;
struct timeval dt;
if(seg->len==0)
return(SSL_NO_DATA);
@ -95,14 +93,13 @@ int process_v2_hello(ssl,seg)
{
int r;
int rec_len;
int cs_len;
int sid_len;
int chall_len;
int ver;
UINT4 cs_len;
UINT4 sid_len;
UINT4 chall_len;
UINT4 ver;
Data d;
Data chall;
char random[32];
struct timeval dt;
UCHAR random[32];
if(seg->len==0)
return(SSL_NO_DATA);
@ -157,7 +154,6 @@ int process_v2_hello(ssl,seg)
for(;cs_len;cs_len-=3){
UINT4 val;
char *str;
SSL_DECODE_UINT24(ssl,0,0,&d,&val);
ssl_print_cipher_suite(ssl,ver,P_HL,val);
@ -266,14 +262,14 @@ int ssl_expand_record(ssl,q,direction,data,len)
}
if(r){
if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) {
if((r=ssl_print_enum(ssl,0,ContentType_decoder,ct))) {
printf(" unknown record type: %d\n", ct);
ERETURN(r);
}
printf("\n");
}
else{
if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) {
if((r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d))) {
printf(" unknown record type: %d\n", ct);
ERETURN(r);
}
@ -332,7 +328,7 @@ int ssl_decode_opaque_array(ssl,name,size,p,data,x)
sprintf(n,"%s (length)",name?name:"<unknown>");
if(size<0){
size*=-1;
if(r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len))
if((r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len)))
ERETURN(r);
}
else{
@ -388,11 +384,11 @@ int ssl_decode_enum(ssl,name,size,dtable,p,data,x)
if(!x) x=&_x;
if(r=ssl_decode_uintX(ssl,name,size,0,data,x))
if((r=ssl_decode_uintX(ssl,name,size,0,data,x)))
ERETURN(r);
P_(p){
if(r=ssl_print_enum(ssl,name,dtable,*x))
if((r=ssl_print_enum(ssl,name,dtable,*x)))
ERETURN(r);
}
@ -476,7 +472,7 @@ int combodump(ssl,name,data)
char *name;
Data *data;
{
char *ptr=data->data;
UCHAR *ptr=data->data;
int len=data->len;
if(name){
@ -620,12 +616,12 @@ int ssl_print_timestamp(ssl,ts)
explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100);
}
else{
if(r=timestamp_diff(ts,&ssl->time_start,&dt))
if((r=timestamp_diff(ts,&ssl->time_start,&dt)))
ERETURN(r);
explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
}
if(r=timestamp_diff(ts,&ssl->time_last,&dt)){
if((r=timestamp_diff(ts,&ssl->time_last,&dt))){
ERETURN(r);
}
explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100);
@ -664,7 +660,7 @@ int ssl_print_cipher_suite(ssl,version,p,val)
int r;
P_(p){
if(r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str)){
if((r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str))){
explain(ssl,"Unknown value 0x%x",val);
return(0);
}

12
ssl/sslprint.h
View file

@ -79,12 +79,12 @@ int explain PROTO_LIST((ssl_obj *ssl,char *format,...));
int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data));
#define SSL_DECODE_UINT8(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,1,b,c,d)) ERETURN(r)
#define SSL_DECODE_UINT16(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,2,b,c,d)) ERETURN(r)
#define SSL_DECODE_UINT24(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,3,b,c,d)) ERETURN(r)
#define SSL_DECODE_UINT32(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,4,b,c,d)) ERETURN(r)
#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if(r=ssl_decode_opaque_array(a,n,b,c,d,e)) ERETURN(r)
#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if(r=ssl_decode_enum(a,b,c,d,e,f,g)) ERETURN(r)
#define SSL_DECODE_UINT8(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,1,b,c,d))) ERETURN(r)
#define SSL_DECODE_UINT16(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,2,b,c,d))) ERETURN(r)
#define SSL_DECODE_UINT24(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,3,b,c,d))) ERETURN(r)
#define SSL_DECODE_UINT32(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,4,b,c,d))) ERETURN(r)
#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if((r=ssl_decode_opaque_array(a,n,b,c,d,e))) ERETURN(r)
#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if((r=ssl_decode_enum(a,b,c,d,e,f,g))) ERETURN(r)
#define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags))
#define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0)

12
ssl/sslxprint.c
View file

@ -81,7 +81,7 @@ int sslx_print_certificate(ssl,data,pf)
d=data->data;
if(!(x=d2i_X509(0,&d,data->len))){
if(!(x=d2i_X509(0,(const unsigned char **) &d,data->len))){
explain(ssl,"Bad certificate");
ABORT(R_BAD_DATA);
}
@ -114,7 +114,7 @@ int sslx_print_certificate(ssl,data,pf)
ex=X509_get_ext(x,i);
obj=X509_EXTENSION_get_object(ex);
i2t_ASN1_OBJECT(buf,sizeof(buf),obj);
i2t_ASN1_OBJECT((char *)buf,sizeof(buf),obj);
explain(ssl,"Extension: %s\n",buf);
j=X509_EXTENSION_get_critical(ex);
@ -173,10 +173,10 @@ int sslx_print_dn(ssl,data,pf)
P_(pf){
#ifdef OPENSSL
P_(P_ASN){
if(!(n=d2i_X509_NAME(0,&d,data->len)))
if(!(n=d2i_X509_NAME(0,(const unsigned char **) &d,data->len)))
ABORT(R_BAD_DATA);
X509_NAME_oneline(n,buf,BUFSIZE);
sslx__print_dn(ssl,buf);
X509_NAME_oneline(n,(char *)buf,BUFSIZE);
sslx__print_dn(ssl,(char *)buf);
}
else{
#endif
@ -203,7 +203,7 @@ static int sslx__print_dn(ssl,x)
if(*x=='/') x++;
while (x){
if(slash=strchr(x,'/')){
if((slash=strchr(x,'/'))){
*slash=0;
}