Merge pull request #38 from wllm-rbnt/warnings

Code cleanup
This commit is contained in:
Alexandre Dulaunoy 2020-10-07 08:06:29 +02:00 committed by GitHub
commit 7505cc1808
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 167 additions and 195 deletions

View file

@ -78,7 +78,7 @@ int network_handler_create(mod,handlerp)
if(!(handler=(n_handler *)malloc(sizeof(n_handler)))) if(!(handler=(n_handler *)malloc(sizeof(n_handler))))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
if(mod->vtbl->create_ctx){ if(mod->vtbl->create_ctx){
if(r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)) if((r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)))
ABORT(r); ABORT(r);
} }
handler->mod=mod; handler->mod=mod;
@ -147,7 +147,7 @@ int network_process_packet(handler,timestamp,data,length)
switch(p.ip->ip_p){ switch(p.ip->ip_p){
case IPPROTO_TCP: case IPPROTO_TCP:
if(r=process_tcp_packet(handler->mod,handler->ctx,&p)) if((r=process_tcp_packet(handler->mod,handler->ctx,&p)))
ERETURN(r); ERETURN(r);
break; break;
} }

View file

@ -244,7 +244,7 @@ void pcap_cb(ptr,hdr,data)
if(packet_cnt == conn_freq) { if(packet_cnt == conn_freq) {
packet_cnt = 0; packet_cnt = 0;
memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval)); memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval));
if(cleaned_conn = clean_old_conn()) if((cleaned_conn = clean_old_conn()))
printf("%d inactive connection(s) cleaned from connection pool\n", cleaned_conn); printf("%d inactive connection(s) cleaned from connection pool\n", cleaned_conn);
} else { } else {
packet_cnt++; packet_cnt++;
@ -453,7 +453,7 @@ int main(argc,argv)
if(NET_print_flags & NET_PRINT_TYPESET) if(NET_print_flags & NET_PRINT_TYPESET)
printf("\n.nf\n.ps -2\n"); printf("\n.nf\n.ps -2\n");
if(r=network_handler_create(mod,&n)) if((r=network_handler_create(mod,&n)))
err_exit("Couldn't create network handler",r); err_exit("Couldn't create network handler",r);
pcap_loop(p,-1,pcap_cb,(u_char *)n); pcap_loop(p,-1,pcap_cb,(u_char *)n);

View file

@ -60,8 +60,8 @@ int create_proto_handler(mod,ctx,handlerp,conn,first_packet)
if(!(handler=(proto_handler *)calloc(1,sizeof(proto_handler)))) if(!(handler=(proto_handler *)calloc(1,sizeof(proto_handler))))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
handler->vtbl=mod->vtbl; handler->vtbl=mod->vtbl;
if(r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj, if((r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj,
&conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet)) &conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet)))
ABORT(r); ABORT(r);
*handlerp=handler; *handlerp=handler;

View file

@ -70,13 +70,8 @@ static int zero_conn(conn)
return(0); return(0);
} }
int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport) int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr,
tcp_conn **connp; u_short sport, struct in_addr *daddr, u_short dport)
int *directionp;
struct in_addr *saddr;
u_short sport;
struct in_addr *daddr;
u_short dport;
{ {
conn_struct *conn; conn_struct *conn;
@ -106,12 +101,8 @@ int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport)
return(R_NOT_FOUND); return(R_NOT_FOUND);
} }
int tcp_create_conn(connp,i_addr,i_port,r_addr,r_port) int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr,
tcp_conn **connp; u_short i_port, struct in_addr *r_addr, u_short r_port)
struct in_addr *i_addr;
u_short i_port;
struct in_addr *r_addr;
u_short r_port;
{ {
conn_struct *conn=0; conn_struct *conn=0;
@ -189,8 +180,7 @@ int clean_old_conn() {
} }
int destroy_all_conn() { int destroy_all_conn() {
conn_struct *conn; int i = 0;
int i = 0,r;
while(first_conn) { while(first_conn) {
i++; i++;
tcp_destroy_conn(&first_conn->conn); tcp_destroy_conn(&first_conn->conn);
@ -225,7 +215,7 @@ int copy_tcp_segment_queue(out,in)
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
if(!base) base=*out; if(!base) base=*out;
if(r=packet_copy(in->p,&(*out)->p)) if((r=packet_copy(in->p,&(*out)->p)))
ABORT(r); ABORT(r);
out=&(*out)->next; /* Move the pointer we're assigning to */ out=&(*out)->next; /* Move the pointer we're assigning to */
} }

View file

@ -85,8 +85,8 @@ int process_tcp_packet(handler,ctx,p)
print_tcp_packet(p); print_tcp_packet(p);
if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src, if((r=tcp_find_conn(&conn,&direction,&p->ip->ip_src,
ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){ ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport)))){
if(r!=R_NOT_FOUND) if(r!=R_NOT_FOUND)
ABORT(r); ABORT(r);
@ -95,7 +95,7 @@ int process_tcp_packet(handler,ctx,p)
return(0); return(0);
} }
if(r=new_connection(handler,ctx,p,&conn)) if((r=new_connection(handler,ctx,p,&conn)))
ABORT(r); ABORT(r);
return(0); return(0);
} }
@ -146,12 +146,9 @@ int process_tcp_packet(handler,ctx,p)
case TCP_STATE_ESTABLISHED: case TCP_STATE_ESTABLISHED:
case TCP_STATE_FIN1: case TCP_STATE_FIN1:
{ {
UINT4 length;
if(p->tcp->th_flags & TH_SYN) if(p->tcp->th_flags & TH_SYN)
break; break;
length=p->len - (p->tcp->th_off * 4); if((r=process_data_segment(conn,handler,p,stream,direction)))
if(r=process_data_segment(conn,handler,p,stream,direction))
ABORT(r); ABORT(r);
} }
break; break;
@ -179,16 +176,16 @@ static int new_connection(handler,ctx,p,connp)
tcp_conn *conn=0; tcp_conn *conn=0;
if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) { if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) {
if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport), if((r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport),
&p->ip->ip_dst,ntohs(p->tcp->th_dport))) &p->ip->ip_dst,ntohs(p->tcp->th_dport))))
ABORT(r); ABORT(r);
DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq))); DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
conn->i2r.seq=ntohl(p->tcp->th_seq)+1; conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
conn->i2r.ack=ntohl(p->tcp->th_ack)+1; conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
conn->state=TCP_STATE_SYN1; conn->state=TCP_STATE_SYN1;
} else { // SYN&ACK comes first somehow } else { // SYN&ACK comes first somehow
if(r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport), if((r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport),
&p->ip->ip_src,ntohs(p->tcp->th_sport))) &p->ip->ip_src,ntohs(p->tcp->th_sport))))
ABORT(r); ABORT(r);
DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq))); DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
conn->r2i.seq=ntohl(p->tcp->th_seq)+1; conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
@ -197,7 +194,7 @@ static int new_connection(handler,ctx,p,connp)
} }
memcpy(&conn->start_time,&p->ts,sizeof(struct timeval)); memcpy(&conn->start_time,&p->ts,sizeof(struct timeval));
memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval)); memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval));
if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)) if((r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)))
ABORT(r); ABORT(r);
*connp=conn; *connp=conn;
@ -269,7 +266,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
if(acked && !l){ if(acked && !l){
/* /*
if(r=timestamp_diff(&p->ts,&conn->start_time,&dt)) if((r=timestamp_diff(&p->ts,&conn->start_time,&dt)))
ERETURN(r); ERETURN(r);
printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
if(direction == DIR_R2I) if(direction == DIR_R2I)
@ -302,7 +299,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
if(!(nseg=(segment *)calloc(1,sizeof(segment)))) if(!(nseg=(segment *)calloc(1,sizeof(segment))))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
if(r=packet_copy(p,&nseg->p)) if((r=packet_copy(p,&nseg->p)))
ABORT(r); ABORT(r);
nseg->s_seq=seq; nseg->s_seq=seq;
@ -370,7 +367,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
stream->seq=seg->s_seq + seg->len; stream->seq=seg->s_seq + seg->len;
DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) { if((r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction))) {
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len)); DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
ABORT(r); ABORT(r);
} }
@ -378,7 +375,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
if(stream->close){ if(stream->close){
DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) { if((r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction))) {
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len)); DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
ABORT(r); ABORT(r);
} }

View file

@ -173,7 +173,7 @@ static int copy_assoc_chain(newp,old)
ptr->copy=old->copy; ptr->copy=old->copy;
if(old->copy){ if(old->copy){
if(r=old->copy(&ptr->data,old->data)) if((r=old->copy(&ptr->data,old->data)))
ABORT(r); ABORT(r);
} }
else else
@ -224,7 +224,7 @@ int r_assoc_fetch(assoc,key,len,datap)
r_assoc_el *bucket; r_assoc_el *bucket;
int r; int r;
if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){
if(r!=R_NOT_FOUND) if(r!=R_NOT_FOUND)
ERETURN(r); ERETURN(r);
return(r); return(r);
@ -246,7 +246,7 @@ int r_assoc_insert(assoc,key,len,data,copy,destroy,how)
r_assoc_el *bucket,*new_bucket=0; r_assoc_el *bucket,*new_bucket=0;
int r,_status; int r,_status;
if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){ if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){
/*Note that we compute the hash value twice*/ /*Note that we compute the hash value twice*/
UINT4 hash_value; UINT4 hash_value;
@ -304,7 +304,7 @@ int r_assoc_copy(newp,old)
if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size))) if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size)))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
for(i=0;i<new->size;i++){ for(i=0;i<new->size;i++){
if(r=copy_assoc_chain(new->chains+i,old->chains[i])) if((r=copy_assoc_chain(new->chains+i,old->chains[i])))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
} }
*newp=new; *newp=new;

View file

@ -59,17 +59,9 @@ static int create_null_analyzer PROTO_LIST((void *handle,
struct in_addr *i_addr,u_short i_port, struct in_addr *i_addr,u_short i_port,
struct in_addr *r_addr,u_short r_port, struct timeval *base_time)); struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
static int create_null_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port, static int create_null_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
base_time) proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
void *handle; u_short r_port, struct timeval *base_time)
proto_ctx *ctx;
tcp_conn *conn;
proto_obj **objp;
struct in_addr *i_addr;
u_short i_port;
struct in_addr *r_addr;
u_short r_port;
struct timeval *base_time;
{ {
null_analyzer *obj=0; null_analyzer *obj=0;
static int ctr; static int ctr;

View file

@ -433,7 +433,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
int r; int r;
printf("\n"); printf("\n");
ssl_update_handshake_messages(ssl,data); ssl_update_handshake_messages(ssl,data);
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-((1<<15)-1),P_HL,data,0);
return(0); return(0);
} }
@ -455,7 +455,7 @@ static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data)
case KEX_RSA: case KEX_RSA:
if(ssl->version > 768) { if(ssl->version > 768) {
SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1), SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-((1<<15)-1),
P_ND,data,&pms); P_ND,data,&pms);
} }
@ -2521,8 +2521,8 @@ static int decode_extension_server_name(ssl,dir,seg,data)
segment *seg; segment *seg;
Data *data; Data *data;
{ {
UINT4 t; UINT4 t,l;
int l,r,p; int r,p;
extern decoder server_name_type_decoder[]; extern decoder server_name_type_decoder[];
@ -2557,7 +2557,8 @@ static int decode_extension_encrypt_then_mac(ssl,dir,seg,data)
segment *seg; segment *seg;
Data *data; Data *data;
{ {
int l,r,*etm; int r,*etm;
UINT4 l;
etm=&ssl->extensions->encrypt_then_mac; etm=&ssl->extensions->encrypt_then_mac;
@ -2574,7 +2575,8 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data)
segment *seg; segment *seg;
Data *data; Data *data;
{ {
int l,r,*ems; int r,*ems;
UINT4 l;
ems=&ssl->extensions->extended_master_secret; ems=&ssl->extensions->extended_master_secret;
@ -2591,7 +2593,8 @@ static int decode_extension(ssl,dir,seg,data)
segment *seg; segment *seg;
Data *data; Data *data;
{ {
int l,r; int r;
UINT4 l;
SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
data->len-=l; data->len-=l;
data->data+=l; data->data+=l;
@ -2670,7 +2673,8 @@ static int decode_server_name_type_host_name(ssl,dir,seg,data)
segment *seg; segment *seg;
Data *data; Data *data;
{ {
int l,r; int r;
UINT4 l;
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l); SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
printf(": %.*s",l,data->data); printf(": %.*s",l,data->data);
@ -2697,7 +2701,8 @@ static int decode_server_name(ssl,dir,seg,data)
segment *seg; segment *seg;
Data *data; Data *data;
{ {
int l,r; int r;
UINT4 l;
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l); SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
data->len-=l; data->len-=l;
data->data+=l; data->data+=l;

View file

@ -187,7 +187,7 @@ static int parse_ssl_flags(str)
y=str; y=str;
while(x=strtok(y,",")){ while((x=strtok(y,","))){
y=0; y=0;
if(*x=='!'){ if(*x=='!'){
@ -218,7 +218,7 @@ static int create_ssl_ctx(handle,ctxp)
ssl_decode_ctx *ctx=0; ssl_decode_ctx *ctx=0;
int r,_status; int r,_status;
if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile)) if((r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile)))
ABORT(r); ABORT(r);
*ctxp=(proto_ctx *)ctx; *ctxp=(proto_ctx *)ctx;
@ -227,16 +227,9 @@ static int create_ssl_ctx(handle,ctxp)
return(_status); return(_status);
} }
static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,base_time) static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
void *handle; proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
proto_ctx *ctx; u_short r_port, struct timeval *base_time)
tcp_conn *conn;
proto_obj **objp;
struct in_addr *i_addr;
u_short i_port;
struct in_addr *r_addr;
u_short r_port;
struct timeval *base_time;
{ {
int r,_status; int r,_status;
ssl_obj *obj=0; ssl_obj *obj=0;
@ -247,9 +240,9 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
obj->ssl_ctx=(ssl_decode_ctx *)ctx; obj->ssl_ctx=(ssl_decode_ctx *)ctx;
obj->conn=conn; obj->conn=conn;
if(r=create_r_queue(&obj->r2i_queue)) if((r=create_r_queue(&obj->r2i_queue)))
ABORT(r); ABORT(r);
if(r=create_r_queue(&obj->i2r_queue)) if((r=create_r_queue(&obj->i2r_queue)))
ABORT(r); ABORT(r);
lookuphostname(i_addr,&obj->client_name); lookuphostname(i_addr,&obj->client_name);
@ -263,7 +256,7 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
memcpy(&obj->time_start,base_time,sizeof(struct timeval)); memcpy(&obj->time_start,base_time,sizeof(struct timeval));
memcpy(&obj->time_last,base_time,sizeof(struct timeval)); memcpy(&obj->time_last,base_time,sizeof(struct timeval));
if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)) if((r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)))
ABORT(r); ABORT(r);
if (!(obj->extensions=malloc(sizeof(ssl_extensions)))) if (!(obj->extensions=malloc(sizeof(ssl_extensions))))
@ -354,7 +347,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp)
if (SSL_HEADER_SIZE<q->len) if (SSL_HEADER_SIZE<q->len)
ABORT(-1); ABORT(-1);
q->read_left=SSL_HEADER_SIZE-q->len; q->read_left=SSL_HEADER_SIZE-q->len;
if(r=read_data(q,seg,offset,&last,&offset)) if((r=read_data(q,seg,offset,&last,&offset)))
ABORT(r); ABORT(r);
q->state=SSL_READ_HEADER; q->state=SSL_READ_HEADER;
@ -386,7 +379,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp)
q->read_left=rec_len; q->read_left=rec_len;
case SSL_READ_HEADER: case SSL_READ_HEADER:
if(r=read_data(q,last,offset,&last,&offset)) if((r=read_data(q,last,offset,&last,&offset)))
ABORT(r); ABORT(r);
break; break;
default: default:
@ -436,7 +429,7 @@ static int read_data(q,seg,offset,lastp,offsetp)
}; };
if(q->read_left){ if(q->read_left){
if(r=copy_tcp_segment_queue(&q->q,seg)) if((r=copy_tcp_segment_queue(&q->q,seg)))
ABORT(r); ABORT(r);
return(SSL_NO_DATA); return(SSL_NO_DATA);
} }
@ -513,7 +506,7 @@ static int data_ssl_analyzer(_obj,seg,direction)
ssl->direction=direction; ssl->direction=direction;
if(r=print_ssl_record(ssl,direction,assembled,q->data,q->len)) if((r=print_ssl_record(ssl,direction,assembled,q->data,q->len)))
ABORT(r); ABORT(r);
/*Now reset things, so we can read another record*/ /*Now reset things, so we can read another record*/
@ -545,9 +538,7 @@ static int print_ssl_header(obj,direction,q,data,len)
int len; int len;
{ {
int ct=0; int ct=0;
int r;
segment *s; segment *s;
struct timeval dt;
ssl_print_record_num(obj); ssl_print_record_num(obj);
@ -576,7 +567,7 @@ static int print_ssl_record(obj,direction,q,data,len)
{ {
int r; int r;
if(r=print_ssl_header(obj,direction,q,data,len)) if((r=print_ssl_header(obj,direction,q,data,len)))
ERETURN(r); ERETURN(r);
ssl_expand_record(obj,q,direction,data,len); ssl_expand_record(obj,q,direction,data,len);

View file

@ -77,7 +77,7 @@ typedef struct ssl_obj_ {
int r_state; int r_state;
int i_state; int i_state;
int version; int version;
int cipher_suite; UINT4 cipher_suite;
char *client_name; char *client_name;
int client_port; int client_port;

View file

@ -127,14 +127,14 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv)
dec->cs=cs; dec->cs=cs;
if(r=r_data_alloc(&dec->mac_key,cs->dig_len)) if((r=r_data_alloc(&dec->mac_key,cs->dig_len)))
ABORT(r); ABORT(r);
if(r=r_data_alloc(&dec->implicit_iv,cs->block)) if((r=r_data_alloc(&dec->implicit_iv,cs->block)))
ABORT(r); ABORT(r);
memcpy(dec->implicit_iv->data,iv,cs->block); memcpy(dec->implicit_iv->data,iv,cs->block);
if(r=r_data_create(&dec->write_key,sk,cs->eff_bits/8)) if((r=r_data_create(&dec->write_key,sk,cs->eff_bits/8)))
ABORT(r); ABORT(r);
/* /*
@ -203,7 +203,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
#ifdef OPENSSL #ifdef OPENSSL
int pad; int pad;
int r,encpadl,x; int r,encpadl,x;
UCHAR *mac,*iv,aead_tag[13],aead_nonce[12]; UCHAR *mac,aead_tag[13],aead_nonce[12];
CRDUMP("Ciphertext",in,inl); CRDUMP("Ciphertext",in,inl);
if(IS_AEAD_CIPHER(d->cs)){ if(IS_AEAD_CIPHER(d->cs)){
@ -273,12 +273,12 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
ERETURN(SSL_BAD_MAC); ERETURN(SSL_BAD_MAC);
} }
if(r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac)) if((r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac)))
ERETURN(r); ERETURN(r);
} }
else else
if(r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac)) if((r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac)))
ERETURN(r); ERETURN(r);
} }
@ -302,7 +302,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
/* Now check the MAC */ /* Now check the MAC */
if(ssl->version==0x300){ if(ssl->version==0x300){
if(r=ssl3_check_mac(d,ct,version,out,*outl,mac)) if((r=ssl3_check_mac(d,ct,version,out,*outl,mac)))
ERETURN(r); ERETURN(r);
} }
else{ else{
@ -319,7 +319,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
ERETURN(SSL_BAD_MAC); ERETURN(SSL_BAD_MAC);
} }
} }
if(r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac)) if((r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac)))
ERETURN(r); ERETURN(r);
} }
} }
@ -363,7 +363,7 @@ static int tls_check_mac(d,ct,ver,data,datalen,iv,ivlen,mac)
UCHAR buf[128]; UCHAR buf[128];
md=EVP_get_digestbyname(digests[d->cs->dig-0x40]); md=EVP_get_digestbyname(digests[d->cs->dig-0x40]);
HMAC_Init(hm,d->mac_key->data,d->mac_key->len,md); HMAC_Init_ex(hm,d->mac_key->data,d->mac_key->len,md,NULL);
fmt_seq(d->seq,buf); fmt_seq(d->seq,buf);
d->seq++; d->seq++;

View file

@ -55,6 +55,9 @@ int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp,
int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d, int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d,
int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl)); int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl));
int ssl3_check_mac(ssl_rec_decoder *d, int ct, int ver, UCHAR *data,
UINT4 datalen, UCHAR *mac);
#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c) #define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c)
#endif #endif

View file

@ -141,7 +141,7 @@ int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile)
{ {
#ifdef OPENSSL #ifdef OPENSSL
ssl_decode_ctx *d=0; ssl_decode_ctx *d=0;
int r,_status; int _status;
SSL_library_init(); SSL_library_init();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
@ -249,7 +249,7 @@ int ssl_set_client_random(d,msg,len)
#ifdef OPENSSL #ifdef OPENSSL
int r; int r;
if(r=r_data_create(&d->client_random,msg,len)) if((r=r_data_create(&d->client_random,msg,len)))
ERETURN(r); ERETURN(r);
#endif #endif
return(0); return(0);
@ -263,7 +263,7 @@ int ssl_set_server_random(d,msg,len)
#ifdef OPENSSL #ifdef OPENSSL
int r; int r;
if(r=r_data_create(&d->server_random,msg,len)) if((r=r_data_create(&d->server_random,msg,len)))
ERETURN(r); ERETURN(r);
#endif #endif
return(0); return(0);
@ -278,7 +278,7 @@ int ssl_set_client_session_id(d,msg,len)
int r; int r;
if(len>0) if(len>0)
if(r=r_data_create(&d->session_id,msg,len)) if((r=r_data_create(&d->session_id,msg,len)))
ERETURN(r); ERETURN(r);
#endif #endif
return(0); return(0);
@ -300,13 +300,13 @@ int ssl_process_server_session_id(ssl,d,msg,len)
/* First check to see if the client tried to restore */ /* First check to see if the client tried to restore */
if(d->session_id){ if(d->session_id){
/* Now check to see if we restored */ /* Now check to see if we restored */
if(r_data_compare(&idd,d->session_id)) if((r=r_data_compare(&idd,d->session_id)))
goto abort; ABORT(r);
/* Now try to look up the session. We may not be able /* Now try to look up the session. We may not be able
to find it if, for instance, the original session to find it if, for instance, the original session
was initiated with something other than static RSA */ was initiated with something other than static RSA */
if(r=ssl_restore_session(ssl,d)) if((r=ssl_restore_session(ssl,d)))
ABORT(r); ABORT(r);
restored=1; restored=1;
@ -420,7 +420,7 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d)
if(!(out=(UCHAR *)malloc(d->len))) if(!(out=(UCHAR *)malloc(d->len)))
ABORT(R_NO_MEMORY); ABORT(R_NO_MEMORY);
if(r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl)){ if((r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl))){
ABORT(r); ABORT(r);
} }
@ -459,7 +459,7 @@ int ssl_update_handshake_messages(ssl,data)
hms->len+=l; hms->len+=l;
} }
else{ else{
if(r=r_data_create(&hms,d,l)) if((r=r_data_create(&hms,d,l)))
ERETURN(r); ERETURN(r);
ssl->decoder->handshake_messages=hms; ssl->decoder->handshake_messages=hms;
} }
@ -477,7 +477,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
{ {
UCHAR *key=0; UCHAR *key=0;
UINT4 l; UINT4 l;
int r,_status; int _status;
l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */ l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */
@ -490,7 +490,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
key+=idlen; key+=idlen;
snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port); snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port);
*keyl+=strlen(key); *keyl+=strlen((char *)key);
_status=0; _status=0;
abort: abort:
@ -509,15 +509,15 @@ int ssl_restore_session(ssl,d)
int lookup_key_len; int lookup_key_len;
int r,_status; int r,_status;
#ifdef OPENSSL #ifdef OPENSSL
if(r=ssl_create_session_lookup_key(ssl, if((r=ssl_create_session_lookup_key(ssl,
d->session_id->data,d->session_id->len,&lookup_key, d->session_id->data,d->session_id->len,&lookup_key,
&lookup_key_len)) (UINT4 *) &lookup_key_len)))
ABORT(r); ABORT(r);
if(r=r_assoc_fetch(d->ctx->session_cache,lookup_key,lookup_key_len, if((r=r_assoc_fetch(d->ctx->session_cache,(char *) lookup_key,lookup_key_len,
&msv)) &msv)))
ABORT(r); ABORT(r);
msd=(Data *)msv; msd=(Data *)msv;
if(r=r_data_create(&d->MS,msd->data,msd->len)) if((r=r_data_create(&d->MS,msd->data,msd->len)))
ABORT(r); ABORT(r);
CRDUMPD("Restored MS",d->MS); CRDUMPD("Restored MS",d->MS);
@ -526,7 +526,7 @@ int ssl_restore_session(ssl,d)
case TLSV1_VERSION: case TLSV1_VERSION:
case TLSV11_VERSION: case TLSV11_VERSION:
case TLSV12_VERSION: case TLSV12_VERSION:
if(r=ssl_generate_keying_material(ssl,d)) if((r=ssl_generate_keying_material(ssl,d)))
ABORT(r); ABORT(r);
break; break;
default: default:
@ -550,20 +550,19 @@ int ssl_save_session(ssl,d)
{ {
#ifdef OPENSSL #ifdef OPENSSL
UCHAR *lookup_key=0; UCHAR *lookup_key=0;
void *msv;
Data *msd=0; Data *msd=0;
int lookup_key_len; int lookup_key_len;
int r,_status; int r,_status;
if(r=ssl_create_session_lookup_key(ssl,d->session_id->data, if((r=ssl_create_session_lookup_key(ssl,d->session_id->data,
d->session_id->len,&lookup_key, d->session_id->len,&lookup_key,
&lookup_key_len)) (UINT4 *) &lookup_key_len)))
ABORT(r); ABORT(r);
if(r=r_data_create(&msd,d->MS->data,d->MS->len)) if((r=r_data_create(&msd,d->MS->data,d->MS->len)))
ABORT(r); ABORT(r);
if(r=r_assoc_insert(d->ctx->session_cache,lookup_key,lookup_key_len, if((r=r_assoc_insert(d->ctx->session_cache,(char *)lookup_key,lookup_key_len,
(void *)msd,0,(int (*)(void *))r_data_zfree, (void *)msd,0,(int (*)(void *))r_data_zfree,
R_ASSOC_NEW | R_ASSOC_REPLACE)) R_ASSOC_NEW | R_ASSOC_REPLACE)))
ABORT(r); ABORT(r);
_status=0; _status=0;
@ -614,7 +613,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
return(-1); return(-1);
RSA_get0_key(EVP_PKEY_get0_RSA(pk), &n, NULL, NULL); RSA_get0_key(EVP_PKEY_get0_RSA(pk), &n, NULL, NULL);
if(r=r_data_alloc(&d->PMS,BN_num_bytes(n))) if((r=r_data_alloc(&d->PMS,BN_num_bytes(n))))
ABORT(r); ABORT(r);
i=RSA_private_decrypt(len,msg,d->PMS->data, i=RSA_private_decrypt(len,msg,d->PMS->data,
@ -633,7 +632,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
case TLSV1_VERSION: case TLSV1_VERSION:
case TLSV11_VERSION: case TLSV11_VERSION:
case TLSV12_VERSION: case TLSV12_VERSION:
if(r=ssl_generate_keying_material(ssl,d)) if((r=ssl_generate_keying_material(ssl,d)))
ABORT(r); ABORT(r);
break; break;
default: default:
@ -642,7 +641,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
/* Now store the data in the session cache */ /* Now store the data in the session cache */
if(r=ssl_save_session(ssl,d)) if((r=ssl_save_session(ssl,d)))
ABORT(r); ABORT(r);
_status=0; _status=0;
@ -678,12 +677,12 @@ static int tls_P_hash(ssl,secret,seed,md,out)
A_l=seed->len; A_l=seed->len;
while(left){ while(left){
HMAC_Init(hm,secret->data,secret->len,md); HMAC_Init_ex(hm,secret->data,secret->len,md,NULL);
HMAC_Update(hm,A,A_l); HMAC_Update(hm,A,A_l);
HMAC_Final(hm,_A,&A_l); HMAC_Final(hm,_A,&A_l);
A=_A; A=_A;
HMAC_Init(hm,secret->data,secret->len,md); HMAC_Init_ex(hm,secret->data,secret->len,md,NULL);
HMAC_Update(hm,A,A_l); HMAC_Update(hm,A,A_l);
HMAC_Update(hm,seed->data,seed->len); HMAC_Update(hm,seed->data,seed->len);
HMAC_Final(hm,tmp,&tmp_l); HMAC_Final(hm,tmp,&tmp_l);
@ -716,11 +715,11 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out)
Data *S1=0,*S2=0; Data *S1=0,*S2=0;
int i,S_l; int i,S_l;
if(r=r_data_alloc(&md5_out,MAX(out->len,16))) if((r=r_data_alloc(&md5_out,MAX(out->len,16))))
ABORT(r); ABORT(r);
if(r=r_data_alloc(&sha_out,MAX(out->len,20))) if((r=r_data_alloc(&sha_out,MAX(out->len,20))))
ABORT(r); ABORT(r);
if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)))
ABORT(r); ABORT(r);
ptr=seed->data; ptr=seed->data;
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
@ -729,18 +728,18 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out)
S_l=secret->len/2 + secret->len%2; S_l=secret->len/2 + secret->len%2;
if(r=r_data_alloc(&S1,S_l)) if((r=r_data_alloc(&S1,S_l)))
ABORT(r); ABORT(r);
if(r=r_data_alloc(&S2,S_l)) if((r=r_data_alloc(&S2,S_l)))
ABORT(r); ABORT(r);
memcpy(S1->data,secret->data,S_l); memcpy(S1->data,secret->data,S_l);
memcpy(S2->data,secret->data + (secret->len - S_l),S_l); memcpy(S2->data,secret->data + (secret->len - S_l),S_l);
if(r=tls_P_hash if((r=tls_P_hash
(ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out)) (ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out)))
ABORT(r); ABORT(r);
if(r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out)) if((r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out)))
ABORT(r); ABORT(r);
@ -775,9 +774,9 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
UCHAR *ptr; UCHAR *ptr;
int i, dgi; int i, dgi;
if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */ if((r=r_data_alloc(&sha_out,MAX(out->len,64)))) /* assume max SHA512 */
ABORT(r); ABORT(r);
if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)) if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)))
ABORT(r); ABORT(r);
ptr=seed->data; ptr=seed->data;
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage); memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
@ -792,7 +791,7 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
digests[dgi])); digests[dgi]));
ERETURN(SSL_BAD_MAC); ERETURN(SSL_BAD_MAC);
} }
if(r=tls_P_hash(ssl,secret,seed,md,sha_out)) if((r=tls_P_hash(ssl,secret,seed,md,sha_out)))
ABORT(r); ABORT(r);
for(i=0;i<out->len;i++) for(i=0;i<out->len;i++)
@ -886,10 +885,10 @@ static int ssl3_prf(ssl,secret,usage,r1,r2,out)
MD5_Update(&md5,secret->data,secret->len); MD5_Update(&md5,secret->data,secret->len);
MD5_Update(&md5,buf,20); MD5_Update(&md5,buf,20);
MD5_Final(outbuf,&md5); MD5_Final((unsigned char *)outbuf,&md5);
tocpy=MIN(out->len-off,16); tocpy=MIN(out->len-off,16);
memcpy(out->data+off,outbuf,tocpy); memcpy(out->data+off,outbuf,tocpy);
CRDUMP("MD5 out",outbuf,16); CRDUMP("MD5 out",(UCHAR *)outbuf,16);
MD5_Init(&md5); MD5_Init(&md5);
} }
@ -909,21 +908,21 @@ static int ssl_generate_keying_material(ssl,d)
UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL; UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL;
if(!d->MS){ if(!d->MS){
if(r=r_data_alloc(&d->MS,48)) if((r=r_data_alloc(&d->MS,48)))
ABORT(r); ABORT(r);
if (ssl->extensions->extended_master_secret==2) { if (ssl->extensions->extended_master_secret==2) {
if(r=ssl_generate_session_hash(ssl,d)) if((r=ssl_generate_session_hash(ssl,d)))
ABORT(r); ABORT(r);
temp.len=0; temp.len=0;
if(r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp, if((r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp,
d->MS)) d->MS)))
ABORT(r); ABORT(r);
} }
else else
if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, if((r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random,
d->MS)) d->MS)))
ABORT(r); ABORT(r);
CRDUMPD("MS",d->MS); CRDUMPD("MS",d->MS);
@ -937,10 +936,10 @@ static int ssl_generate_keying_material(ssl,d)
if(ssl->cs->block>1) needed+=ssl->cs->block*2; if(ssl->cs->block>1) needed+=ssl->cs->block*2;
if(r=r_data_alloc(&key_block,needed)) if((r=r_data_alloc(&key_block,needed)))
ABORT(r); ABORT(r);
if(r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random, if((r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random,
key_block)) key_block)))
ABORT(r); ABORT(r);
ptr=key_block->data; ptr=key_block->data;
@ -960,7 +959,6 @@ static int ssl_generate_keying_material(ssl,d)
if(ssl->cs->export){ if(ssl->cs->export){
Data iv_c,iv_s; Data iv_c,iv_s;
Data c_iv_d,s_iv_d;
Data key_c,key_s; Data key_c,key_s;
Data k; Data k;
@ -969,11 +967,11 @@ static int ssl_generate_keying_material(ssl,d)
ATTACH_DATA(iv_s,_iv_s); ATTACH_DATA(iv_s,_iv_s);
if(ssl->version==SSLV3_VERSION){ if(ssl->version==SSLV3_VERSION){
if(r=ssl3_generate_export_iv(ssl,d->client_random, if((r=ssl3_generate_export_iv(ssl,d->client_random,
d->server_random,&iv_c)) d->server_random,&iv_c)))
ABORT(r); ABORT(r);
if(r=ssl3_generate_export_iv(ssl,d->server_random, if((r=ssl3_generate_export_iv(ssl,d->server_random,
d->client_random,&iv_s)) d->client_random,&iv_s)))
ABORT(r); ABORT(r);
} }
else{ else{
@ -991,8 +989,8 @@ static int ssl_generate_keying_material(ssl,d)
ATTACH_DATA(iv_block,_iv_block); ATTACH_DATA(iv_block,_iv_block);
if(r=PRF(ssl,&key_null,"IV block",d->client_random, if((r=PRF(ssl,&key_null,"IV block",d->client_random,
d->server_random,&iv_block)) d->server_random,&iv_block)))
ABORT(r); ABORT(r);
memcpy(_iv_c,iv_block.data,8); memcpy(_iv_c,iv_block.data,8);
@ -1024,13 +1022,13 @@ static int ssl_generate_keying_material(ssl,d)
ATTACH_DATA(key_c,_key_c); ATTACH_DATA(key_c,_key_c);
ATTACH_DATA(key_s,_key_s); ATTACH_DATA(key_s,_key_s);
INIT_DATA(k,c_wk,ssl->cs->eff_bits/8); INIT_DATA(k,c_wk,ssl->cs->eff_bits/8);
if(r=PRF(ssl,&k,"client write key",d->client_random,d->server_random, if((r=PRF(ssl,&k,"client write key",d->client_random,d->server_random,
&key_c)) &key_c)))
ABORT(r); ABORT(r);
c_wk=_key_c; c_wk=_key_c;
INIT_DATA(k,s_wk,ssl->cs->eff_bits/8); INIT_DATA(k,s_wk,ssl->cs->eff_bits/8);
if(r=PRF(ssl,&k,"server write key",d->client_random,d->server_random, if((r=PRF(ssl,&k,"server write key",d->client_random,d->server_random,
&key_s)) &key_s)))
ABORT(r); ABORT(r);
s_wk=_key_s; s_wk=_key_s;
} }
@ -1046,11 +1044,11 @@ static int ssl_generate_keying_material(ssl,d)
CRDUMP("Server Write IV",s_iv,ssl->cs->block); CRDUMP("Server Write IV",s_iv,ssl->cs->block);
} }
if(r=ssl_create_rec_decoder(&d->c_to_s_n, if((r=ssl_create_rec_decoder(&d->c_to_s_n,
ssl->cs,c_mk,c_wk,c_iv)) ssl->cs,c_mk,c_wk,c_iv)))
ABORT(r); ABORT(r);
if(r=ssl_create_rec_decoder(&d->s_to_c_n, if((r=ssl_create_rec_decoder(&d->s_to_c_n,
ssl->cs,s_mk,s_wk,s_iv)) ssl->cs,s_mk,s_wk,s_iv)))
ABORT(r); ABORT(r);
@ -1070,9 +1068,9 @@ static int ssl_generate_session_hash(ssl,d)
int r,_status,dgi; int r,_status,dgi;
unsigned int len; unsigned int len;
const EVP_MD *md; const EVP_MD *md;
HMAC_CTX *dgictx = HMAC_CTX_new(); EVP_MD_CTX *dgictx = EVP_MD_CTX_create();
if(r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE)) if((r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE)))
ABORT(r); ABORT(r);
switch(ssl->version){ switch(ssl->version){
@ -1086,7 +1084,7 @@ static int ssl_generate_session_hash(ssl,d)
EVP_DigestInit(dgictx,md); EVP_DigestInit(dgictx,md);
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len); EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
EVP_DigestFinal(dgictx,d->session_hash->data,&d->session_hash->len); EVP_DigestFinal(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len);
break; break;
case SSLV3_VERSION: case SSLV3_VERSION:
@ -1094,7 +1092,7 @@ static int ssl_generate_session_hash(ssl,d)
case TLSV11_VERSION: case TLSV11_VERSION:
EVP_DigestInit(dgictx,EVP_get_digestbyname("MD5")); EVP_DigestInit(dgictx,EVP_get_digestbyname("MD5"));
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len); EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
EVP_DigestFinal_ex(dgictx,d->session_hash->data,&d->session_hash->len); EVP_DigestFinal_ex(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len);
EVP_DigestInit(dgictx,EVP_get_digestbyname("SHA1")); EVP_DigestInit(dgictx,EVP_get_digestbyname("SHA1"));
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len); EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
@ -1114,7 +1112,7 @@ static int ssl_generate_session_hash(ssl,d)
static int ssl_read_key_log_file(d) static int ssl_read_key_log_file(d)
ssl_decoder *d; ssl_decoder *d;
{ {
int r,_status,dgi,n,i; int r,_status,n,i;
unsigned int t; unsigned int t;
size_t l=0; size_t l=0;
char *line,*label_data; char *line,*label_data;
@ -1133,7 +1131,7 @@ static int ssl_read_key_log_file(d)
if(STRNICMP(line+14,label_data,64)) if(STRNICMP(line+14,label_data,64))
continue; continue;
if(r=r_data_alloc(&d->MS,48)) if((r=r_data_alloc(&d->MS,48)))
ABORT(r); ABORT(r);
for(i=0; i < d->MS->len; i++) { for(i=0; i < d->MS->len; i++) {

View file

@ -65,8 +65,6 @@ int process_beginning_plaintext(ssl,seg,direction)
int direction; int direction;
{ {
Data d; Data d;
int r;
struct timeval dt;
if(seg->len==0) if(seg->len==0)
return(SSL_NO_DATA); return(SSL_NO_DATA);
@ -95,14 +93,13 @@ int process_v2_hello(ssl,seg)
{ {
int r; int r;
int rec_len; int rec_len;
int cs_len; UINT4 cs_len;
int sid_len; UINT4 sid_len;
int chall_len; UINT4 chall_len;
int ver; UINT4 ver;
Data d; Data d;
Data chall; Data chall;
char random[32]; UCHAR random[32];
struct timeval dt;
if(seg->len==0) if(seg->len==0)
return(SSL_NO_DATA); return(SSL_NO_DATA);
@ -157,7 +154,6 @@ int process_v2_hello(ssl,seg)
for(;cs_len;cs_len-=3){ for(;cs_len;cs_len-=3){
UINT4 val; UINT4 val;
char *str;
SSL_DECODE_UINT24(ssl,0,0,&d,&val); SSL_DECODE_UINT24(ssl,0,0,&d,&val);
ssl_print_cipher_suite(ssl,ver,P_HL,val); ssl_print_cipher_suite(ssl,ver,P_HL,val);
@ -266,14 +262,14 @@ int ssl_expand_record(ssl,q,direction,data,len)
} }
if(r){ if(r){
if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) { if((r=ssl_print_enum(ssl,0,ContentType_decoder,ct))) {
printf(" unknown record type: %d\n", ct); printf(" unknown record type: %d\n", ct);
ERETURN(r); ERETURN(r);
} }
printf("\n"); printf("\n");
} }
else{ else{
if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) { if((r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d))) {
printf(" unknown record type: %d\n", ct); printf(" unknown record type: %d\n", ct);
ERETURN(r); ERETURN(r);
} }
@ -332,7 +328,7 @@ int ssl_decode_opaque_array(ssl,name,size,p,data,x)
sprintf(n,"%s (length)",name?name:"<unknown>"); sprintf(n,"%s (length)",name?name:"<unknown>");
if(size<0){ if(size<0){
size*=-1; size*=-1;
if(r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len)) if((r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len)))
ERETURN(r); ERETURN(r);
} }
else{ else{
@ -388,11 +384,11 @@ int ssl_decode_enum(ssl,name,size,dtable,p,data,x)
if(!x) x=&_x; if(!x) x=&_x;
if(r=ssl_decode_uintX(ssl,name,size,0,data,x)) if((r=ssl_decode_uintX(ssl,name,size,0,data,x)))
ERETURN(r); ERETURN(r);
P_(p){ P_(p){
if(r=ssl_print_enum(ssl,name,dtable,*x)) if((r=ssl_print_enum(ssl,name,dtable,*x)))
ERETURN(r); ERETURN(r);
} }
@ -476,7 +472,7 @@ int combodump(ssl,name,data)
char *name; char *name;
Data *data; Data *data;
{ {
char *ptr=data->data; UCHAR *ptr=data->data;
int len=data->len; int len=data->len;
if(name){ if(name){
@ -620,12 +616,12 @@ int ssl_print_timestamp(ssl,ts)
explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100); explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100);
} }
else{ else{
if(r=timestamp_diff(ts,&ssl->time_start,&dt)) if((r=timestamp_diff(ts,&ssl->time_start,&dt)))
ERETURN(r); ERETURN(r);
explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100); explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
} }
if(r=timestamp_diff(ts,&ssl->time_last,&dt)){ if((r=timestamp_diff(ts,&ssl->time_last,&dt))){
ERETURN(r); ERETURN(r);
} }
explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100); explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100);
@ -664,7 +660,7 @@ int ssl_print_cipher_suite(ssl,version,p,val)
int r; int r;
P_(p){ P_(p){
if(r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str)){ if((r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str))){
explain(ssl,"Unknown value 0x%x",val); explain(ssl,"Unknown value 0x%x",val);
return(0); return(0);
} }

View file

@ -79,12 +79,12 @@ int explain PROTO_LIST((ssl_obj *ssl,char *format,...));
int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data)); int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data));
#define SSL_DECODE_UINT8(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,1,b,c,d)) ERETURN(r) #define SSL_DECODE_UINT8(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,1,b,c,d))) ERETURN(r)
#define SSL_DECODE_UINT16(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,2,b,c,d)) ERETURN(r) #define SSL_DECODE_UINT16(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,2,b,c,d))) ERETURN(r)
#define SSL_DECODE_UINT24(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,3,b,c,d)) ERETURN(r) #define SSL_DECODE_UINT24(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,3,b,c,d))) ERETURN(r)
#define SSL_DECODE_UINT32(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,4,b,c,d)) ERETURN(r) #define SSL_DECODE_UINT32(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,4,b,c,d))) ERETURN(r)
#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if(r=ssl_decode_opaque_array(a,n,b,c,d,e)) ERETURN(r) #define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if((r=ssl_decode_opaque_array(a,n,b,c,d,e))) ERETURN(r)
#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if(r=ssl_decode_enum(a,b,c,d,e,f,g)) ERETURN(r) #define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if((r=ssl_decode_enum(a,b,c,d,e,f,g))) ERETURN(r)
#define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags)) #define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags))
#define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0) #define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0)

View file

@ -81,7 +81,7 @@ int sslx_print_certificate(ssl,data,pf)
d=data->data; d=data->data;
if(!(x=d2i_X509(0,&d,data->len))){ if(!(x=d2i_X509(0,(const unsigned char **) &d,data->len))){
explain(ssl,"Bad certificate"); explain(ssl,"Bad certificate");
ABORT(R_BAD_DATA); ABORT(R_BAD_DATA);
} }
@ -114,7 +114,7 @@ int sslx_print_certificate(ssl,data,pf)
ex=X509_get_ext(x,i); ex=X509_get_ext(x,i);
obj=X509_EXTENSION_get_object(ex); obj=X509_EXTENSION_get_object(ex);
i2t_ASN1_OBJECT(buf,sizeof(buf),obj); i2t_ASN1_OBJECT((char *)buf,sizeof(buf),obj);
explain(ssl,"Extension: %s\n",buf); explain(ssl,"Extension: %s\n",buf);
j=X509_EXTENSION_get_critical(ex); j=X509_EXTENSION_get_critical(ex);
@ -173,10 +173,10 @@ int sslx_print_dn(ssl,data,pf)
P_(pf){ P_(pf){
#ifdef OPENSSL #ifdef OPENSSL
P_(P_ASN){ P_(P_ASN){
if(!(n=d2i_X509_NAME(0,&d,data->len))) if(!(n=d2i_X509_NAME(0,(const unsigned char **) &d,data->len)))
ABORT(R_BAD_DATA); ABORT(R_BAD_DATA);
X509_NAME_oneline(n,buf,BUFSIZE); X509_NAME_oneline(n,(char *)buf,BUFSIZE);
sslx__print_dn(ssl,buf); sslx__print_dn(ssl,(char *)buf);
} }
else{ else{
#endif #endif
@ -203,7 +203,7 @@ static int sslx__print_dn(ssl,x)
if(*x=='/') x++; if(*x=='/') x++;
while (x){ while (x){
if(slash=strchr(x,'/')){ if((slash=strchr(x,'/'))){
*slash=0; *slash=0;
} }