diff --git a/base/network.c b/base/network.c index 63e6205..4bedf3d 100644 --- a/base/network.c +++ b/base/network.c @@ -78,7 +78,7 @@ int network_handler_create(mod,handlerp) if(!(handler=(n_handler *)malloc(sizeof(n_handler)))) ABORT(R_NO_MEMORY); if(mod->vtbl->create_ctx){ - if(r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)) + if((r=mod->vtbl->create_ctx(mod->handle,&handler->ctx))) ABORT(r); } handler->mod=mod; @@ -147,7 +147,7 @@ int network_process_packet(handler,timestamp,data,length) switch(p.ip->ip_p){ case IPPROTO_TCP: - if(r=process_tcp_packet(handler->mod,handler->ctx,&p)) + if((r=process_tcp_packet(handler->mod,handler->ctx,&p))) ERETURN(r); break; } diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c index fe60c39..73e1ef8 100644 --- a/base/pcap-snoop.c +++ b/base/pcap-snoop.c @@ -244,7 +244,7 @@ void pcap_cb(ptr,hdr,data) if(packet_cnt == conn_freq) { packet_cnt = 0; memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval)); - if(cleaned_conn = clean_old_conn()) + if((cleaned_conn = clean_old_conn())) printf("%d inactive connection(s) cleaned from connection pool\n", cleaned_conn); } else { packet_cnt++; @@ -453,7 +453,7 @@ int main(argc,argv) if(NET_print_flags & NET_PRINT_TYPESET) printf("\n.nf\n.ps -2\n"); - if(r=network_handler_create(mod,&n)) + if((r=network_handler_create(mod,&n))) err_exit("Couldn't create network handler",r); pcap_loop(p,-1,pcap_cb,(u_char *)n); diff --git a/base/proto_mod.c b/base/proto_mod.c index 6153768..0c31808 100644 --- a/base/proto_mod.c +++ b/base/proto_mod.c @@ -60,8 +60,8 @@ int create_proto_handler(mod,ctx,handlerp,conn,first_packet) if(!(handler=(proto_handler *)calloc(1,sizeof(proto_handler)))) ABORT(R_NO_MEMORY); handler->vtbl=mod->vtbl; - if(r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj, - &conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet)) + if((r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj, + &conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet))) ABORT(r); *handlerp=handler; diff --git a/base/tcpconn.c b/base/tcpconn.c index 04755cf..cee0e9f 100644 --- a/base/tcpconn.c +++ b/base/tcpconn.c @@ -70,13 +70,8 @@ static int zero_conn(conn) return(0); } -int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport) - tcp_conn **connp; - int *directionp; - struct in_addr *saddr; - u_short sport; - struct in_addr *daddr; - u_short dport; +int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr, + u_short sport, struct in_addr *daddr, u_short dport) { conn_struct *conn; @@ -106,12 +101,8 @@ int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport) return(R_NOT_FOUND); } -int tcp_create_conn(connp,i_addr,i_port,r_addr,r_port) - tcp_conn **connp; - struct in_addr *i_addr; - u_short i_port; - struct in_addr *r_addr; - u_short r_port; +int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr, + u_short i_port, struct in_addr *r_addr, u_short r_port) { conn_struct *conn=0; @@ -189,8 +180,7 @@ int clean_old_conn() { } int destroy_all_conn() { - conn_struct *conn; - int i = 0,r; + int i = 0; while(first_conn) { i++; tcp_destroy_conn(&first_conn->conn); @@ -225,7 +215,7 @@ int copy_tcp_segment_queue(out,in) ABORT(R_NO_MEMORY); if(!base) base=*out; - if(r=packet_copy(in->p,&(*out)->p)) + if((r=packet_copy(in->p,&(*out)->p))) ABORT(r); out=&(*out)->next; /* Move the pointer we're assigning to */ } diff --git a/base/tcppack.c b/base/tcppack.c index d053798..45eea9c 100644 --- a/base/tcppack.c +++ b/base/tcppack.c @@ -85,8 +85,8 @@ int process_tcp_packet(handler,ctx,p) print_tcp_packet(p); - if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, - ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){ + if((r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, + ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport)))){ if(r!=R_NOT_FOUND) ABORT(r); @@ -95,7 +95,7 @@ int process_tcp_packet(handler,ctx,p) return(0); } - if(r=new_connection(handler,ctx,p,&conn)) + if((r=new_connection(handler,ctx,p,&conn))) ABORT(r); return(0); } @@ -146,12 +146,9 @@ int process_tcp_packet(handler,ctx,p) case TCP_STATE_ESTABLISHED: case TCP_STATE_FIN1: { - UINT4 length; - if(p->tcp->th_flags & TH_SYN) break; - length=p->len - (p->tcp->th_off * 4); - if(r=process_data_segment(conn,handler,p,stream,direction)) + if((r=process_data_segment(conn,handler,p,stream,direction))) ABORT(r); } break; @@ -179,16 +176,16 @@ static int new_connection(handler,ctx,p,connp) tcp_conn *conn=0; if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) { - if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), - &p->ip->ip_dst,ntohs(p->tcp->th_dport))) + if((r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), + &p->ip->ip_dst,ntohs(p->tcp->th_dport)))) ABORT(r); DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq))); conn->i2r.seq=ntohl(p->tcp->th_seq)+1; conn->i2r.ack=ntohl(p->tcp->th_ack)+1; conn->state=TCP_STATE_SYN1; } else { // SYN&ACK comes first somehow - if(r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport), - &p->ip->ip_src,ntohs(p->tcp->th_sport))) + if((r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport), + &p->ip->ip_src,ntohs(p->tcp->th_sport)))) ABORT(r); DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq))); conn->r2i.seq=ntohl(p->tcp->th_seq)+1; @@ -197,7 +194,7 @@ static int new_connection(handler,ctx,p,connp) } memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval)); - if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)) + if((r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts))) ABORT(r); *connp=conn; @@ -269,7 +266,7 @@ static int process_data_segment(conn,handler,p,stream,direction) if(acked && !l){ /* - if(r=timestamp_diff(&p->ts,&conn->start_time,&dt)) + if((r=timestamp_diff(&p->ts,&conn->start_time,&dt))) ERETURN(r); printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); if(direction == DIR_R2I) @@ -302,7 +299,7 @@ static int process_data_segment(conn,handler,p,stream,direction) if(!(nseg=(segment *)calloc(1,sizeof(segment)))) ABORT(R_NO_MEMORY); - if(r=packet_copy(p,&nseg->p)) + if((r=packet_copy(p,&nseg->p))) ABORT(r); nseg->s_seq=seq; @@ -370,7 +367,7 @@ static int process_data_segment(conn,handler,p,stream,direction) stream->seq=seg->s_seq + seg->len; DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); - if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) { + if((r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction))) { DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); ABORT(r); } @@ -378,7 +375,7 @@ static int process_data_segment(conn,handler,p,stream,direction) if(stream->close){ DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); - if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) { + if((r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction))) { DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); ABORT(r); } diff --git a/common/lib/r_assoc.c b/common/lib/r_assoc.c index 0154c64..6a2393d 100644 --- a/common/lib/r_assoc.c +++ b/common/lib/r_assoc.c @@ -173,7 +173,7 @@ static int copy_assoc_chain(newp,old) ptr->copy=old->copy; if(old->copy){ - if(r=old->copy(&ptr->data,old->data)) + if((r=old->copy(&ptr->data,old->data))) ABORT(r); } else @@ -224,7 +224,7 @@ int r_assoc_fetch(assoc,key,len,datap) r_assoc_el *bucket; int r; - if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ + if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){ if(r!=R_NOT_FOUND) ERETURN(r); return(r); @@ -246,7 +246,7 @@ int r_assoc_insert(assoc,key,len,data,copy,destroy,how) r_assoc_el *bucket,*new_bucket=0; int r,_status; - if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ + if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){ /*Note that we compute the hash value twice*/ UINT4 hash_value; @@ -304,7 +304,7 @@ int r_assoc_copy(newp,old) if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size))) ABORT(R_NO_MEMORY); for(i=0;isize;i++){ - if(r=copy_assoc_chain(new->chains+i,old->chains[i])) + if((r=copy_assoc_chain(new->chains+i,old->chains[i]))) ABORT(R_NO_MEMORY); } *newp=new; diff --git a/null/null_analyze.c b/null/null_analyze.c index fa84d38..f12a6af 100644 --- a/null/null_analyze.c +++ b/null/null_analyze.c @@ -59,17 +59,9 @@ static int create_null_analyzer PROTO_LIST((void *handle, struct in_addr *i_addr,u_short i_port, struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); -static int create_null_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port, - base_time) - void *handle; - proto_ctx *ctx; - tcp_conn *conn; - proto_obj **objp; - struct in_addr *i_addr; - u_short i_port; - struct in_addr *r_addr; - u_short r_port; - struct timeval *base_time; +static int create_null_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, + proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, + u_short r_port, struct timeval *base_time) { null_analyzer *obj=0; static int ctr; diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index d95b929..53ff52c 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -433,7 +433,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) int r; printf("\n"); ssl_update_handshake_messages(ssl,data); - SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); + SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-((1<<15)-1),P_HL,data,0); return(0); } @@ -455,7 +455,7 @@ static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data) case KEX_RSA: if(ssl->version > 768) { - SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1), + SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-((1<<15)-1), P_ND,data,&pms); } @@ -2521,8 +2521,8 @@ static int decode_extension_server_name(ssl,dir,seg,data) segment *seg; Data *data; { - UINT4 t; - int l,r,p; + UINT4 t,l; + int r,p; extern decoder server_name_type_decoder[]; @@ -2557,7 +2557,8 @@ static int decode_extension_encrypt_then_mac(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r,*etm; + int r,*etm; + UINT4 l; etm=&ssl->extensions->encrypt_then_mac; @@ -2574,7 +2575,8 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r,*ems; + int r,*ems; + UINT4 l; ems=&ssl->extensions->extended_master_secret; @@ -2591,7 +2593,8 @@ static int decode_extension(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r; + int r; + UINT4 l; SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); data->len-=l; data->data+=l; @@ -2670,7 +2673,8 @@ static int decode_server_name_type_host_name(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r; + int r; + UINT4 l; SSL_DECODE_UINT16(ssl,"server name length",0,data,&l); printf(": %.*s",l,data->data); @@ -2697,7 +2701,8 @@ static int decode_server_name(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r; + int r; + UINT4 l; SSL_DECODE_UINT16(ssl,"server name length",0,data,&l); data->len-=l; data->data+=l; diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c index b8c5b48..e8a1d07 100644 --- a/ssl/ssl_analyze.c +++ b/ssl/ssl_analyze.c @@ -187,7 +187,7 @@ static int parse_ssl_flags(str) y=str; - while(x=strtok(y,",")){ + while((x=strtok(y,","))){ y=0; if(*x=='!'){ @@ -218,7 +218,7 @@ static int create_ssl_ctx(handle,ctxp) ssl_decode_ctx *ctx=0; int r,_status; - if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile)) + if((r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile))) ABORT(r); *ctxp=(proto_ctx *)ctx; @@ -227,16 +227,9 @@ static int create_ssl_ctx(handle,ctxp) return(_status); } -static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,base_time) - void *handle; - proto_ctx *ctx; - tcp_conn *conn; - proto_obj **objp; - struct in_addr *i_addr; - u_short i_port; - struct in_addr *r_addr; - u_short r_port; - struct timeval *base_time; +static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn, + proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr, + u_short r_port, struct timeval *base_time) { int r,_status; ssl_obj *obj=0; @@ -247,9 +240,9 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port, obj->ssl_ctx=(ssl_decode_ctx *)ctx; obj->conn=conn; - if(r=create_r_queue(&obj->r2i_queue)) + if((r=create_r_queue(&obj->r2i_queue))) ABORT(r); - if(r=create_r_queue(&obj->i2r_queue)) + if((r=create_r_queue(&obj->i2r_queue))) ABORT(r); lookuphostname(i_addr,&obj->client_name); @@ -263,7 +256,7 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port, memcpy(&obj->time_start,base_time,sizeof(struct timeval)); memcpy(&obj->time_last,base_time,sizeof(struct timeval)); - if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)) + if((r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx))) ABORT(r); if (!(obj->extensions=malloc(sizeof(ssl_extensions)))) @@ -354,7 +347,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp) if (SSL_HEADER_SIZElen) ABORT(-1); q->read_left=SSL_HEADER_SIZE-q->len; - if(r=read_data(q,seg,offset,&last,&offset)) + if((r=read_data(q,seg,offset,&last,&offset))) ABORT(r); q->state=SSL_READ_HEADER; @@ -386,7 +379,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp) q->read_left=rec_len; case SSL_READ_HEADER: - if(r=read_data(q,last,offset,&last,&offset)) + if((r=read_data(q,last,offset,&last,&offset))) ABORT(r); break; default: @@ -436,7 +429,7 @@ static int read_data(q,seg,offset,lastp,offsetp) }; if(q->read_left){ - if(r=copy_tcp_segment_queue(&q->q,seg)) + if((r=copy_tcp_segment_queue(&q->q,seg))) ABORT(r); return(SSL_NO_DATA); } @@ -513,7 +506,7 @@ static int data_ssl_analyzer(_obj,seg,direction) ssl->direction=direction; - if(r=print_ssl_record(ssl,direction,assembled,q->data,q->len)) + if((r=print_ssl_record(ssl,direction,assembled,q->data,q->len))) ABORT(r); /*Now reset things, so we can read another record*/ @@ -545,9 +538,7 @@ static int print_ssl_header(obj,direction,q,data,len) int len; { int ct=0; - int r; segment *s; - struct timeval dt; ssl_print_record_num(obj); @@ -576,7 +567,7 @@ static int print_ssl_record(obj,direction,q,data,len) { int r; - if(r=print_ssl_header(obj,direction,q,data,len)) + if((r=print_ssl_header(obj,direction,q,data,len))) ERETURN(r); ssl_expand_record(obj,q,direction,data,len); diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index 4a64ede..526fcf8 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -77,7 +77,7 @@ typedef struct ssl_obj_ { int r_state; int i_state; int version; - int cipher_suite; + UINT4 cipher_suite; char *client_name; int client_port; diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c index d1d40fd..9e4f4c7 100644 --- a/ssl/ssl_rec.c +++ b/ssl/ssl_rec.c @@ -127,14 +127,14 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv) dec->cs=cs; - if(r=r_data_alloc(&dec->mac_key,cs->dig_len)) + if((r=r_data_alloc(&dec->mac_key,cs->dig_len))) ABORT(r); - if(r=r_data_alloc(&dec->implicit_iv,cs->block)) + if((r=r_data_alloc(&dec->implicit_iv,cs->block))) ABORT(r); memcpy(dec->implicit_iv->data,iv,cs->block); - if(r=r_data_create(&dec->write_key,sk,cs->eff_bits/8)) + if((r=r_data_create(&dec->write_key,sk,cs->eff_bits/8))) ABORT(r); /* @@ -203,7 +203,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) #ifdef OPENSSL int pad; int r,encpadl,x; - UCHAR *mac,*iv,aead_tag[13],aead_nonce[12]; + UCHAR *mac,aead_tag[13],aead_nonce[12]; CRDUMP("Ciphertext",in,inl); if(IS_AEAD_CIPHER(d->cs)){ @@ -273,12 +273,12 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) ERETURN(SSL_BAD_MAC); } - if(r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac)) + if((r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac))) ERETURN(r); } else - if(r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac)) + if((r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac))) ERETURN(r); } @@ -302,7 +302,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) /* Now check the MAC */ if(ssl->version==0x300){ - if(r=ssl3_check_mac(d,ct,version,out,*outl,mac)) + if((r=ssl3_check_mac(d,ct,version,out,*outl,mac))) ERETURN(r); } else{ @@ -319,7 +319,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) ERETURN(SSL_BAD_MAC); } } - if(r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac)) + if((r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac))) ERETURN(r); } } @@ -363,7 +363,7 @@ static int tls_check_mac(d,ct,ver,data,datalen,iv,ivlen,mac) UCHAR buf[128]; md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); - HMAC_Init(hm,d->mac_key->data,d->mac_key->len,md); + HMAC_Init_ex(hm,d->mac_key->data,d->mac_key->len,md,NULL); fmt_seq(d->seq,buf); d->seq++; diff --git a/ssl/ssl_rec.h b/ssl/ssl_rec.h index fa91b00..101ec86 100644 --- a/ssl/ssl_rec.h +++ b/ssl/ssl_rec.h @@ -55,6 +55,9 @@ int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp, int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d, int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); +int ssl3_check_mac(ssl_rec_decoder *d, int ct, int ver, UCHAR *data, + UINT4 datalen, UCHAR *mac); + #define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c) #endif diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 49b6e1d..f243307 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -141,7 +141,7 @@ int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile) { #ifdef OPENSSL ssl_decode_ctx *d=0; - int r,_status; + int _status; SSL_library_init(); OpenSSL_add_all_algorithms(); @@ -249,7 +249,7 @@ int ssl_set_client_random(d,msg,len) #ifdef OPENSSL int r; - if(r=r_data_create(&d->client_random,msg,len)) + if((r=r_data_create(&d->client_random,msg,len))) ERETURN(r); #endif return(0); @@ -263,7 +263,7 @@ int ssl_set_server_random(d,msg,len) #ifdef OPENSSL int r; - if(r=r_data_create(&d->server_random,msg,len)) + if((r=r_data_create(&d->server_random,msg,len))) ERETURN(r); #endif return(0); @@ -278,7 +278,7 @@ int ssl_set_client_session_id(d,msg,len) int r; if(len>0) - if(r=r_data_create(&d->session_id,msg,len)) + if((r=r_data_create(&d->session_id,msg,len))) ERETURN(r); #endif return(0); @@ -300,13 +300,13 @@ int ssl_process_server_session_id(ssl,d,msg,len) /* First check to see if the client tried to restore */ if(d->session_id){ /* Now check to see if we restored */ - if(r_data_compare(&idd,d->session_id)) - goto abort; + if((r=r_data_compare(&idd,d->session_id))) + ABORT(r); /* Now try to look up the session. We may not be able to find it if, for instance, the original session was initiated with something other than static RSA */ - if(r=ssl_restore_session(ssl,d)) + if((r=ssl_restore_session(ssl,d))) ABORT(r); restored=1; @@ -420,7 +420,7 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d) if(!(out=(UCHAR *)malloc(d->len))) ABORT(R_NO_MEMORY); - if(r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl)){ + if((r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl))){ ABORT(r); } @@ -459,7 +459,7 @@ int ssl_update_handshake_messages(ssl,data) hms->len+=l; } else{ - if(r=r_data_create(&hms,d,l)) + if((r=r_data_create(&hms,d,l))) ERETURN(r); ssl->decoder->handshake_messages=hms; } @@ -477,7 +477,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl) { UCHAR *key=0; UINT4 l; - int r,_status; + int _status; l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */ @@ -490,7 +490,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl) key+=idlen; snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port); - *keyl+=strlen(key); + *keyl+=strlen((char *)key); _status=0; abort: @@ -509,15 +509,15 @@ int ssl_restore_session(ssl,d) int lookup_key_len; int r,_status; #ifdef OPENSSL - if(r=ssl_create_session_lookup_key(ssl, + if((r=ssl_create_session_lookup_key(ssl, d->session_id->data,d->session_id->len,&lookup_key, - &lookup_key_len)) + (UINT4 *) &lookup_key_len))) ABORT(r); - if(r=r_assoc_fetch(d->ctx->session_cache,lookup_key,lookup_key_len, - &msv)) + if((r=r_assoc_fetch(d->ctx->session_cache,(char *) lookup_key,lookup_key_len, + &msv))) ABORT(r); msd=(Data *)msv; - if(r=r_data_create(&d->MS,msd->data,msd->len)) + if((r=r_data_create(&d->MS,msd->data,msd->len))) ABORT(r); CRDUMPD("Restored MS",d->MS); @@ -526,7 +526,7 @@ int ssl_restore_session(ssl,d) case TLSV1_VERSION: case TLSV11_VERSION: case TLSV12_VERSION: - if(r=ssl_generate_keying_material(ssl,d)) + if((r=ssl_generate_keying_material(ssl,d))) ABORT(r); break; default: @@ -550,20 +550,19 @@ int ssl_save_session(ssl,d) { #ifdef OPENSSL UCHAR *lookup_key=0; - void *msv; Data *msd=0; int lookup_key_len; int r,_status; - if(r=ssl_create_session_lookup_key(ssl,d->session_id->data, + if((r=ssl_create_session_lookup_key(ssl,d->session_id->data, d->session_id->len,&lookup_key, - &lookup_key_len)) + (UINT4 *) &lookup_key_len))) ABORT(r); - if(r=r_data_create(&msd,d->MS->data,d->MS->len)) + if((r=r_data_create(&msd,d->MS->data,d->MS->len))) ABORT(r); - if(r=r_assoc_insert(d->ctx->session_cache,lookup_key,lookup_key_len, + if((r=r_assoc_insert(d->ctx->session_cache,(char *)lookup_key,lookup_key_len, (void *)msd,0,(int (*)(void *))r_data_zfree, - R_ASSOC_NEW | R_ASSOC_REPLACE)) + R_ASSOC_NEW | R_ASSOC_REPLACE))) ABORT(r); _status=0; @@ -614,7 +613,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) return(-1); RSA_get0_key(EVP_PKEY_get0_RSA(pk), &n, NULL, NULL); - if(r=r_data_alloc(&d->PMS,BN_num_bytes(n))) + if((r=r_data_alloc(&d->PMS,BN_num_bytes(n)))) ABORT(r); i=RSA_private_decrypt(len,msg,d->PMS->data, @@ -633,7 +632,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) case TLSV1_VERSION: case TLSV11_VERSION: case TLSV12_VERSION: - if(r=ssl_generate_keying_material(ssl,d)) + if((r=ssl_generate_keying_material(ssl,d))) ABORT(r); break; default: @@ -642,7 +641,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) /* Now store the data in the session cache */ - if(r=ssl_save_session(ssl,d)) + if((r=ssl_save_session(ssl,d))) ABORT(r); _status=0; @@ -678,12 +677,12 @@ static int tls_P_hash(ssl,secret,seed,md,out) A_l=seed->len; while(left){ - HMAC_Init(hm,secret->data,secret->len,md); + HMAC_Init_ex(hm,secret->data,secret->len,md,NULL); HMAC_Update(hm,A,A_l); HMAC_Final(hm,_A,&A_l); A=_A; - HMAC_Init(hm,secret->data,secret->len,md); + HMAC_Init_ex(hm,secret->data,secret->len,md,NULL); HMAC_Update(hm,A,A_l); HMAC_Update(hm,seed->data,seed->len); HMAC_Final(hm,tmp,&tmp_l); @@ -716,11 +715,11 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out) Data *S1=0,*S2=0; int i,S_l; - if(r=r_data_alloc(&md5_out,MAX(out->len,16))) + if((r=r_data_alloc(&md5_out,MAX(out->len,16)))) ABORT(r); - if(r=r_data_alloc(&sha_out,MAX(out->len,20))) + if((r=r_data_alloc(&sha_out,MAX(out->len,20)))) ABORT(r); - if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) + if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len))) ABORT(r); ptr=seed->data; memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); @@ -729,18 +728,18 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out) S_l=secret->len/2 + secret->len%2; - if(r=r_data_alloc(&S1,S_l)) + if((r=r_data_alloc(&S1,S_l))) ABORT(r); - if(r=r_data_alloc(&S2,S_l)) + if((r=r_data_alloc(&S2,S_l))) ABORT(r); memcpy(S1->data,secret->data,S_l); memcpy(S2->data,secret->data + (secret->len - S_l),S_l); - if(r=tls_P_hash - (ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out)) + if((r=tls_P_hash + (ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out))) ABORT(r); - if(r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out)) + if((r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out))) ABORT(r); @@ -775,9 +774,9 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out) UCHAR *ptr; int i, dgi; - if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */ + if((r=r_data_alloc(&sha_out,MAX(out->len,64)))) /* assume max SHA512 */ ABORT(r); - if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) + if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len))) ABORT(r); ptr=seed->data; memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); @@ -792,7 +791,7 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out) digests[dgi])); ERETURN(SSL_BAD_MAC); } - if(r=tls_P_hash(ssl,secret,seed,md,sha_out)) + if((r=tls_P_hash(ssl,secret,seed,md,sha_out))) ABORT(r); for(i=0;ilen;i++) @@ -886,10 +885,10 @@ static int ssl3_prf(ssl,secret,usage,r1,r2,out) MD5_Update(&md5,secret->data,secret->len); MD5_Update(&md5,buf,20); - MD5_Final(outbuf,&md5); + MD5_Final((unsigned char *)outbuf,&md5); tocpy=MIN(out->len-off,16); memcpy(out->data+off,outbuf,tocpy); - CRDUMP("MD5 out",outbuf,16); + CRDUMP("MD5 out",(UCHAR *)outbuf,16); MD5_Init(&md5); } @@ -909,21 +908,21 @@ static int ssl_generate_keying_material(ssl,d) UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL; if(!d->MS){ - if(r=r_data_alloc(&d->MS,48)) + if((r=r_data_alloc(&d->MS,48))) ABORT(r); if (ssl->extensions->extended_master_secret==2) { - if(r=ssl_generate_session_hash(ssl,d)) + if((r=ssl_generate_session_hash(ssl,d))) ABORT(r); temp.len=0; - if(r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp, - d->MS)) + if((r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp, + d->MS))) ABORT(r); } else - if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, - d->MS)) + if((r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, + d->MS))) ABORT(r); CRDUMPD("MS",d->MS); @@ -937,10 +936,10 @@ static int ssl_generate_keying_material(ssl,d) if(ssl->cs->block>1) needed+=ssl->cs->block*2; - if(r=r_data_alloc(&key_block,needed)) + if((r=r_data_alloc(&key_block,needed))) ABORT(r); - if(r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random, - key_block)) + if((r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random, + key_block))) ABORT(r); ptr=key_block->data; @@ -960,7 +959,6 @@ static int ssl_generate_keying_material(ssl,d) if(ssl->cs->export){ Data iv_c,iv_s; - Data c_iv_d,s_iv_d; Data key_c,key_s; Data k; @@ -969,11 +967,11 @@ static int ssl_generate_keying_material(ssl,d) ATTACH_DATA(iv_s,_iv_s); if(ssl->version==SSLV3_VERSION){ - if(r=ssl3_generate_export_iv(ssl,d->client_random, - d->server_random,&iv_c)) + if((r=ssl3_generate_export_iv(ssl,d->client_random, + d->server_random,&iv_c))) ABORT(r); - if(r=ssl3_generate_export_iv(ssl,d->server_random, - d->client_random,&iv_s)) + if((r=ssl3_generate_export_iv(ssl,d->server_random, + d->client_random,&iv_s))) ABORT(r); } else{ @@ -991,8 +989,8 @@ static int ssl_generate_keying_material(ssl,d) ATTACH_DATA(iv_block,_iv_block); - if(r=PRF(ssl,&key_null,"IV block",d->client_random, - d->server_random,&iv_block)) + if((r=PRF(ssl,&key_null,"IV block",d->client_random, + d->server_random,&iv_block))) ABORT(r); memcpy(_iv_c,iv_block.data,8); @@ -1024,13 +1022,13 @@ static int ssl_generate_keying_material(ssl,d) ATTACH_DATA(key_c,_key_c); ATTACH_DATA(key_s,_key_s); INIT_DATA(k,c_wk,ssl->cs->eff_bits/8); - if(r=PRF(ssl,&k,"client write key",d->client_random,d->server_random, - &key_c)) + if((r=PRF(ssl,&k,"client write key",d->client_random,d->server_random, + &key_c))) ABORT(r); c_wk=_key_c; INIT_DATA(k,s_wk,ssl->cs->eff_bits/8); - if(r=PRF(ssl,&k,"server write key",d->client_random,d->server_random, - &key_s)) + if((r=PRF(ssl,&k,"server write key",d->client_random,d->server_random, + &key_s))) ABORT(r); s_wk=_key_s; } @@ -1046,11 +1044,11 @@ static int ssl_generate_keying_material(ssl,d) CRDUMP("Server Write IV",s_iv,ssl->cs->block); } - if(r=ssl_create_rec_decoder(&d->c_to_s_n, - ssl->cs,c_mk,c_wk,c_iv)) + if((r=ssl_create_rec_decoder(&d->c_to_s_n, + ssl->cs,c_mk,c_wk,c_iv))) ABORT(r); - if(r=ssl_create_rec_decoder(&d->s_to_c_n, - ssl->cs,s_mk,s_wk,s_iv)) + if((r=ssl_create_rec_decoder(&d->s_to_c_n, + ssl->cs,s_mk,s_wk,s_iv))) ABORT(r); @@ -1070,9 +1068,9 @@ static int ssl_generate_session_hash(ssl,d) int r,_status,dgi; unsigned int len; const EVP_MD *md; - HMAC_CTX *dgictx = HMAC_CTX_new(); + EVP_MD_CTX *dgictx = EVP_MD_CTX_create(); - if(r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE)) + if((r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE))) ABORT(r); switch(ssl->version){ @@ -1086,7 +1084,7 @@ static int ssl_generate_session_hash(ssl,d) EVP_DigestInit(dgictx,md); EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len); - EVP_DigestFinal(dgictx,d->session_hash->data,&d->session_hash->len); + EVP_DigestFinal(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len); break; case SSLV3_VERSION: @@ -1094,7 +1092,7 @@ static int ssl_generate_session_hash(ssl,d) case TLSV11_VERSION: EVP_DigestInit(dgictx,EVP_get_digestbyname("MD5")); EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len); - EVP_DigestFinal_ex(dgictx,d->session_hash->data,&d->session_hash->len); + EVP_DigestFinal_ex(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len); EVP_DigestInit(dgictx,EVP_get_digestbyname("SHA1")); EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len); @@ -1114,7 +1112,7 @@ static int ssl_generate_session_hash(ssl,d) static int ssl_read_key_log_file(d) ssl_decoder *d; { - int r,_status,dgi,n,i; + int r,_status,n,i; unsigned int t; size_t l=0; char *line,*label_data; @@ -1133,7 +1131,7 @@ static int ssl_read_key_log_file(d) if(STRNICMP(line+14,label_data,64)) continue; - if(r=r_data_alloc(&d->MS,48)) + if((r=r_data_alloc(&d->MS,48))) ABORT(r); for(i=0; i < d->MS->len; i++) { diff --git a/ssl/sslprint.c b/ssl/sslprint.c index 04a7d7a..2aec627 100644 --- a/ssl/sslprint.c +++ b/ssl/sslprint.c @@ -65,8 +65,6 @@ int process_beginning_plaintext(ssl,seg,direction) int direction; { Data d; - int r; - struct timeval dt; if(seg->len==0) return(SSL_NO_DATA); @@ -95,14 +93,13 @@ int process_v2_hello(ssl,seg) { int r; int rec_len; - int cs_len; - int sid_len; - int chall_len; - int ver; + UINT4 cs_len; + UINT4 sid_len; + UINT4 chall_len; + UINT4 ver; Data d; Data chall; - char random[32]; - struct timeval dt; + UCHAR random[32]; if(seg->len==0) return(SSL_NO_DATA); @@ -157,7 +154,6 @@ int process_v2_hello(ssl,seg) for(;cs_len;cs_len-=3){ UINT4 val; - char *str; SSL_DECODE_UINT24(ssl,0,0,&d,&val); ssl_print_cipher_suite(ssl,ver,P_HL,val); @@ -266,14 +262,14 @@ int ssl_expand_record(ssl,q,direction,data,len) } if(r){ - if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) { + if((r=ssl_print_enum(ssl,0,ContentType_decoder,ct))) { printf(" unknown record type: %d\n", ct); ERETURN(r); } printf("\n"); } else{ - if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) { + if((r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d))) { printf(" unknown record type: %d\n", ct); ERETURN(r); } @@ -332,7 +328,7 @@ int ssl_decode_opaque_array(ssl,name,size,p,data,x) sprintf(n,"%s (length)",name?name:""); if(size<0){ size*=-1; - if(r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len)) + if((r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len))) ERETURN(r); } else{ @@ -388,11 +384,11 @@ int ssl_decode_enum(ssl,name,size,dtable,p,data,x) if(!x) x=&_x; - if(r=ssl_decode_uintX(ssl,name,size,0,data,x)) + if((r=ssl_decode_uintX(ssl,name,size,0,data,x))) ERETURN(r); P_(p){ - if(r=ssl_print_enum(ssl,name,dtable,*x)) + if((r=ssl_print_enum(ssl,name,dtable,*x))) ERETURN(r); } @@ -476,7 +472,7 @@ int combodump(ssl,name,data) char *name; Data *data; { - char *ptr=data->data; + UCHAR *ptr=data->data; int len=data->len; if(name){ @@ -620,12 +616,12 @@ int ssl_print_timestamp(ssl,ts) explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100); } else{ - if(r=timestamp_diff(ts,&ssl->time_start,&dt)) + if((r=timestamp_diff(ts,&ssl->time_start,&dt))) ERETURN(r); explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); } - if(r=timestamp_diff(ts,&ssl->time_last,&dt)){ + if((r=timestamp_diff(ts,&ssl->time_last,&dt))){ ERETURN(r); } explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100); @@ -664,7 +660,7 @@ int ssl_print_cipher_suite(ssl,version,p,val) int r; P_(p){ - if(r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str)){ + if((r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str))){ explain(ssl,"Unknown value 0x%x",val); return(0); } diff --git a/ssl/sslprint.h b/ssl/sslprint.h index 217dbb8..2d44f02 100644 --- a/ssl/sslprint.h +++ b/ssl/sslprint.h @@ -79,12 +79,12 @@ int explain PROTO_LIST((ssl_obj *ssl,char *format,...)); int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data)); -#define SSL_DECODE_UINT8(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,1,b,c,d)) ERETURN(r) -#define SSL_DECODE_UINT16(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,2,b,c,d)) ERETURN(r) -#define SSL_DECODE_UINT24(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,3,b,c,d)) ERETURN(r) -#define SSL_DECODE_UINT32(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,4,b,c,d)) ERETURN(r) -#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if(r=ssl_decode_opaque_array(a,n,b,c,d,e)) ERETURN(r) -#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if(r=ssl_decode_enum(a,b,c,d,e,f,g)) ERETURN(r) +#define SSL_DECODE_UINT8(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,1,b,c,d))) ERETURN(r) +#define SSL_DECODE_UINT16(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,2,b,c,d))) ERETURN(r) +#define SSL_DECODE_UINT24(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,3,b,c,d))) ERETURN(r) +#define SSL_DECODE_UINT32(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,4,b,c,d))) ERETURN(r) +#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if((r=ssl_decode_opaque_array(a,n,b,c,d,e))) ERETURN(r) +#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if((r=ssl_decode_enum(a,b,c,d,e,f,g))) ERETURN(r) #define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags)) #define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0) diff --git a/ssl/sslxprint.c b/ssl/sslxprint.c index 588186f..0ae18d3 100644 --- a/ssl/sslxprint.c +++ b/ssl/sslxprint.c @@ -81,7 +81,7 @@ int sslx_print_certificate(ssl,data,pf) d=data->data; - if(!(x=d2i_X509(0,&d,data->len))){ + if(!(x=d2i_X509(0,(const unsigned char **) &d,data->len))){ explain(ssl,"Bad certificate"); ABORT(R_BAD_DATA); } @@ -114,7 +114,7 @@ int sslx_print_certificate(ssl,data,pf) ex=X509_get_ext(x,i); obj=X509_EXTENSION_get_object(ex); - i2t_ASN1_OBJECT(buf,sizeof(buf),obj); + i2t_ASN1_OBJECT((char *)buf,sizeof(buf),obj); explain(ssl,"Extension: %s\n",buf); j=X509_EXTENSION_get_critical(ex); @@ -173,10 +173,10 @@ int sslx_print_dn(ssl,data,pf) P_(pf){ #ifdef OPENSSL P_(P_ASN){ - if(!(n=d2i_X509_NAME(0,&d,data->len))) + if(!(n=d2i_X509_NAME(0,(const unsigned char **) &d,data->len))) ABORT(R_BAD_DATA); - X509_NAME_oneline(n,buf,BUFSIZE); - sslx__print_dn(ssl,buf); + X509_NAME_oneline(n,(char *)buf,BUFSIZE); + sslx__print_dn(ssl,(char *)buf); } else{ #endif @@ -203,7 +203,7 @@ static int sslx__print_dn(ssl,x) if(*x=='/') x++; while (x){ - if(slash=strchr(x,'/')){ + if((slash=strchr(x,'/'))){ *slash=0; }