mirror of
https://github.com/adulau/ssldump.git
synced 2024-09-18 08:46:25 +00:00
GitHub
commit
7505cc1808
16 changed files with 167 additions and 195 deletions
|
|
@ -78,7 +78,7 @@ int network_handler_create(mod,handlerp)
|
||||||
if(!(handler=(n_handler *)malloc(sizeof(n_handler))))
|
if(!(handler=(n_handler *)malloc(sizeof(n_handler))))
|
||||||
ABORT(R_NO_MEMORY);
|
ABORT(R_NO_MEMORY);
|
||||||
if(mod->vtbl->create_ctx){
|
if(mod->vtbl->create_ctx){
|
||||||
if(r=mod->vtbl->create_ctx(mod->handle,&handler->ctx))
|
if((r=mod->vtbl->create_ctx(mod->handle,&handler->ctx)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
handler->mod=mod;
|
handler->mod=mod;
|
||||||
|
|
@ -147,7 +147,7 @@ int network_process_packet(handler,timestamp,data,length)
|
||||||
|
|
||||||
switch(p.ip->ip_p){
|
switch(p.ip->ip_p){
|
||||||
case IPPROTO_TCP:
|
case IPPROTO_TCP:
|
||||||
if(r=process_tcp_packet(handler->mod,handler->ctx,&p))
|
if((r=process_tcp_packet(handler->mod,handler->ctx,&p)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -244,7 +244,7 @@ void pcap_cb(ptr,hdr,data)
|
||||||
if(packet_cnt == conn_freq) {
|
if(packet_cnt == conn_freq) {
|
||||||
packet_cnt = 0;
|
packet_cnt = 0;
|
||||||
memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval));
|
memcpy(&last_packet_seen_time,&hdr->ts,sizeof(struct timeval));
|
||||||
if(cleaned_conn = clean_old_conn())
|
if((cleaned_conn = clean_old_conn()))
|
||||||
printf("%d inactive connection(s) cleaned from connection pool\n", cleaned_conn);
|
printf("%d inactive connection(s) cleaned from connection pool\n", cleaned_conn);
|
||||||
} else {
|
} else {
|
||||||
packet_cnt++;
|
packet_cnt++;
|
||||||
|
|
@ -453,7 +453,7 @@ int main(argc,argv)
|
||||||
if(NET_print_flags & NET_PRINT_TYPESET)
|
if(NET_print_flags & NET_PRINT_TYPESET)
|
||||||
printf("\n.nf\n.ps -2\n");
|
printf("\n.nf\n.ps -2\n");
|
||||||
|
|
||||||
if(r=network_handler_create(mod,&n))
|
if((r=network_handler_create(mod,&n)))
|
||||||
err_exit("Couldn't create network handler",r);
|
err_exit("Couldn't create network handler",r);
|
||||||
|
|
||||||
pcap_loop(p,-1,pcap_cb,(u_char *)n);
|
pcap_loop(p,-1,pcap_cb,(u_char *)n);
|
||||||
|
|
|
||||||
|
|
@ -60,8 +60,8 @@ int create_proto_handler(mod,ctx,handlerp,conn,first_packet)
|
||||||
if(!(handler=(proto_handler *)calloc(1,sizeof(proto_handler))))
|
if(!(handler=(proto_handler *)calloc(1,sizeof(proto_handler))))
|
||||||
ABORT(R_NO_MEMORY);
|
ABORT(R_NO_MEMORY);
|
||||||
handler->vtbl=mod->vtbl;
|
handler->vtbl=mod->vtbl;
|
||||||
if(r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj,
|
if((r=mod->vtbl->create(mod->handle,ctx,conn,&handler->obj,
|
||||||
&conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet))
|
&conn->i_addr,conn->i_port,&conn->r_addr,conn->r_port,first_packet)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
*handlerp=handler;
|
*handlerp=handler;
|
||||||
|
|
|
||||||
|
|
@ -70,13 +70,8 @@ static int zero_conn(conn)
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport)
|
int tcp_find_conn(tcp_conn **connp, int *directionp,struct in_addr *saddr,
|
||||||
tcp_conn **connp;
|
u_short sport, struct in_addr *daddr, u_short dport)
|
||||||
int *directionp;
|
|
||||||
struct in_addr *saddr;
|
|
||||||
u_short sport;
|
|
||||||
struct in_addr *daddr;
|
|
||||||
u_short dport;
|
|
||||||
{
|
{
|
||||||
conn_struct *conn;
|
conn_struct *conn;
|
||||||
|
|
||||||
|
|
@ -106,12 +101,8 @@ int tcp_find_conn(connp,directionp,saddr,sport,daddr,dport)
|
||||||
return(R_NOT_FOUND);
|
return(R_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
int tcp_create_conn(connp,i_addr,i_port,r_addr,r_port)
|
int tcp_create_conn(tcp_conn **connp,struct in_addr *i_addr,
|
||||||
tcp_conn **connp;
|
u_short i_port, struct in_addr *r_addr, u_short r_port)
|
||||||
struct in_addr *i_addr;
|
|
||||||
u_short i_port;
|
|
||||||
struct in_addr *r_addr;
|
|
||||||
u_short r_port;
|
|
||||||
{
|
{
|
||||||
conn_struct *conn=0;
|
conn_struct *conn=0;
|
||||||
|
|
||||||
|
|
@ -189,8 +180,7 @@ int clean_old_conn() {
|
||||||
}
|
}
|
||||||
|
|
||||||
int destroy_all_conn() {
|
int destroy_all_conn() {
|
||||||
conn_struct *conn;
|
int i = 0;
|
||||||
int i = 0,r;
|
|
||||||
while(first_conn) {
|
while(first_conn) {
|
||||||
i++;
|
i++;
|
||||||
tcp_destroy_conn(&first_conn->conn);
|
tcp_destroy_conn(&first_conn->conn);
|
||||||
|
|
@ -225,7 +215,7 @@ int copy_tcp_segment_queue(out,in)
|
||||||
ABORT(R_NO_MEMORY);
|
ABORT(R_NO_MEMORY);
|
||||||
if(!base) base=*out;
|
if(!base) base=*out;
|
||||||
|
|
||||||
if(r=packet_copy(in->p,&(*out)->p))
|
if((r=packet_copy(in->p,&(*out)->p)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
out=&(*out)->next; /* Move the pointer we're assigning to */
|
out=&(*out)->next; /* Move the pointer we're assigning to */
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -85,8 +85,8 @@ int process_tcp_packet(handler,ctx,p)
|
||||||
|
|
||||||
print_tcp_packet(p);
|
print_tcp_packet(p);
|
||||||
|
|
||||||
if(r=tcp_find_conn(&conn,&direction,&p->ip->ip_src,
|
if((r=tcp_find_conn(&conn,&direction,&p->ip->ip_src,
|
||||||
ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport))){
|
ntohs(p->tcp->th_sport),&p->ip->ip_dst,ntohs(p->tcp->th_dport)))){
|
||||||
if(r!=R_NOT_FOUND)
|
if(r!=R_NOT_FOUND)
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
|
|
@ -95,7 +95,7 @@ int process_tcp_packet(handler,ctx,p)
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(r=new_connection(handler,ctx,p,&conn))
|
if((r=new_connection(handler,ctx,p,&conn)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
@ -146,12 +146,9 @@ int process_tcp_packet(handler,ctx,p)
|
||||||
case TCP_STATE_ESTABLISHED:
|
case TCP_STATE_ESTABLISHED:
|
||||||
case TCP_STATE_FIN1:
|
case TCP_STATE_FIN1:
|
||||||
{
|
{
|
||||||
UINT4 length;
|
|
||||||
|
|
||||||
if(p->tcp->th_flags & TH_SYN)
|
if(p->tcp->th_flags & TH_SYN)
|
||||||
break;
|
break;
|
||||||
length=p->len - (p->tcp->th_off * 4);
|
if((r=process_data_segment(conn,handler,p,stream,direction)))
|
||||||
if(r=process_data_segment(conn,handler,p,stream,direction))
|
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
@ -179,16 +176,16 @@ static int new_connection(handler,ctx,p,connp)
|
||||||
tcp_conn *conn=0;
|
tcp_conn *conn=0;
|
||||||
|
|
||||||
if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) {
|
if ((p->tcp->th_flags & (TH_SYN|TH_ACK))==TH_SYN) {
|
||||||
if(r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport),
|
if((r=tcp_create_conn(&conn,&p->ip->ip_src,ntohs(p->tcp->th_sport),
|
||||||
&p->ip->ip_dst,ntohs(p->tcp->th_dport)))
|
&p->ip->ip_dst,ntohs(p->tcp->th_dport))))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
|
DBG((0,"SYN1 seq: %u",ntohl(p->tcp->th_seq)));
|
||||||
conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
|
conn->i2r.seq=ntohl(p->tcp->th_seq)+1;
|
||||||
conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
|
conn->i2r.ack=ntohl(p->tcp->th_ack)+1;
|
||||||
conn->state=TCP_STATE_SYN1;
|
conn->state=TCP_STATE_SYN1;
|
||||||
} else { // SYN&ACK comes first somehow
|
} else { // SYN&ACK comes first somehow
|
||||||
if(r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport),
|
if((r=tcp_create_conn(&conn,&p->ip->ip_dst,ntohs(p->tcp->th_dport),
|
||||||
&p->ip->ip_src,ntohs(p->tcp->th_sport)))
|
&p->ip->ip_src,ntohs(p->tcp->th_sport))))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
|
DBG((0,"SYN2 seq: %u",ntohl(p->tcp->th_seq)));
|
||||||
conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
|
conn->r2i.seq=ntohl(p->tcp->th_seq)+1;
|
||||||
|
|
@ -197,7 +194,7 @@ static int new_connection(handler,ctx,p,connp)
|
||||||
}
|
}
|
||||||
memcpy(&conn->start_time,&p->ts,sizeof(struct timeval));
|
memcpy(&conn->start_time,&p->ts,sizeof(struct timeval));
|
||||||
memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval));
|
memcpy(&conn->last_seen_time,&p->ts,sizeof(struct timeval));
|
||||||
if(r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts))
|
if((r=create_proto_handler(handler,ctx,&conn->analyzer,conn,&p->ts)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
*connp=conn;
|
*connp=conn;
|
||||||
|
|
@ -269,7 +266,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
|
||||||
|
|
||||||
if(acked && !l){
|
if(acked && !l){
|
||||||
/*
|
/*
|
||||||
if(r=timestamp_diff(&p->ts,&conn->start_time,&dt))
|
if((r=timestamp_diff(&p->ts,&conn->start_time,&dt)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
|
printf("%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
|
||||||
if(direction == DIR_R2I)
|
if(direction == DIR_R2I)
|
||||||
|
|
@ -302,7 +299,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
|
||||||
|
|
||||||
if(!(nseg=(segment *)calloc(1,sizeof(segment))))
|
if(!(nseg=(segment *)calloc(1,sizeof(segment))))
|
||||||
ABORT(R_NO_MEMORY);
|
ABORT(R_NO_MEMORY);
|
||||||
if(r=packet_copy(p,&nseg->p))
|
if((r=packet_copy(p,&nseg->p)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
nseg->s_seq=seq;
|
nseg->s_seq=seq;
|
||||||
|
|
||||||
|
|
@ -370,7 +367,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
|
||||||
stream->seq=seg->s_seq + seg->len;
|
stream->seq=seg->s_seq + seg->len;
|
||||||
|
|
||||||
DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
|
DBG((0,"Analyzing segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
|
||||||
if(r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction)) {
|
if((r=conn->analyzer->vtbl->data(conn->analyzer->obj,&_seg,direction))) {
|
||||||
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
|
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, seg->s_seq+seg->len, seg->len));
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
|
|
@ -378,7 +375,7 @@ static int process_data_segment(conn,handler,p,stream,direction)
|
||||||
|
|
||||||
if(stream->close){
|
if(stream->close){
|
||||||
DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
|
DBG((0,"Closing with segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
|
||||||
if(r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction)) {
|
if((r=conn->analyzer->vtbl->close(conn->analyzer->obj,p,direction))) {
|
||||||
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
|
DBG((0,"ABORT due to segment: %u:%u(%u)", seg->s_seq, stream->seq, seg->len));
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -173,7 +173,7 @@ static int copy_assoc_chain(newp,old)
|
||||||
ptr->copy=old->copy;
|
ptr->copy=old->copy;
|
||||||
|
|
||||||
if(old->copy){
|
if(old->copy){
|
||||||
if(r=old->copy(&ptr->data,old->data))
|
if((r=old->copy(&ptr->data,old->data)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -224,7 +224,7 @@ int r_assoc_fetch(assoc,key,len,datap)
|
||||||
r_assoc_el *bucket;
|
r_assoc_el *bucket;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){
|
if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){
|
||||||
if(r!=R_NOT_FOUND)
|
if(r!=R_NOT_FOUND)
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
return(r);
|
return(r);
|
||||||
|
|
@ -246,7 +246,7 @@ int r_assoc_insert(assoc,key,len,data,copy,destroy,how)
|
||||||
r_assoc_el *bucket,*new_bucket=0;
|
r_assoc_el *bucket,*new_bucket=0;
|
||||||
int r,_status;
|
int r,_status;
|
||||||
|
|
||||||
if(r=r_assoc_fetch_bucket(assoc,key,len,&bucket)){
|
if((r=r_assoc_fetch_bucket(assoc,key,len,&bucket))){
|
||||||
/*Note that we compute the hash value twice*/
|
/*Note that we compute the hash value twice*/
|
||||||
UINT4 hash_value;
|
UINT4 hash_value;
|
||||||
|
|
||||||
|
|
@ -304,7 +304,7 @@ int r_assoc_copy(newp,old)
|
||||||
if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size)))
|
if(!(new->chains=(r_assoc_el **)calloc(sizeof(r_assoc_el),old->size)))
|
||||||
ABORT(R_NO_MEMORY);
|
ABORT(R_NO_MEMORY);
|
||||||
for(i=0;i<new->size;i++){
|
for(i=0;i<new->size;i++){
|
||||||
if(r=copy_assoc_chain(new->chains+i,old->chains[i]))
|
if((r=copy_assoc_chain(new->chains+i,old->chains[i])))
|
||||||
ABORT(R_NO_MEMORY);
|
ABORT(R_NO_MEMORY);
|
||||||
}
|
}
|
||||||
*newp=new;
|
*newp=new;
|
||||||
|
|
|
||||||
|
|
@ -59,17 +59,9 @@ static int create_null_analyzer PROTO_LIST((void *handle,
|
||||||
struct in_addr *i_addr,u_short i_port,
|
struct in_addr *i_addr,u_short i_port,
|
||||||
struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
|
struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
|
||||||
|
|
||||||
static int create_null_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
|
static int create_null_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
|
||||||
base_time)
|
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
|
||||||
void *handle;
|
u_short r_port, struct timeval *base_time)
|
||||||
proto_ctx *ctx;
|
|
||||||
tcp_conn *conn;
|
|
||||||
proto_obj **objp;
|
|
||||||
struct in_addr *i_addr;
|
|
||||||
u_short i_port;
|
|
||||||
struct in_addr *r_addr;
|
|
||||||
u_short r_port;
|
|
||||||
struct timeval *base_time;
|
|
||||||
{
|
{
|
||||||
null_analyzer *obj=0;
|
null_analyzer *obj=0;
|
||||||
static int ctr;
|
static int ctr;
|
||||||
|
|
|
||||||
|
|
@ -433,7 +433,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
|
||||||
int r;
|
int r;
|
||||||
printf("\n");
|
printf("\n");
|
||||||
ssl_update_handshake_messages(ssl,data);
|
ssl_update_handshake_messages(ssl,data);
|
||||||
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0);
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-((1<<15)-1),P_HL,data,0);
|
||||||
return(0);
|
return(0);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -455,7 +455,7 @@ static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data)
|
||||||
|
|
||||||
case KEX_RSA:
|
case KEX_RSA:
|
||||||
if(ssl->version > 768) {
|
if(ssl->version > 768) {
|
||||||
SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1),
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-((1<<15)-1),
|
||||||
P_ND,data,&pms);
|
P_ND,data,&pms);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -2521,8 +2521,8 @@ static int decode_extension_server_name(ssl,dir,seg,data)
|
||||||
segment *seg;
|
segment *seg;
|
||||||
Data *data;
|
Data *data;
|
||||||
{
|
{
|
||||||
UINT4 t;
|
UINT4 t,l;
|
||||||
int l,r,p;
|
int r,p;
|
||||||
|
|
||||||
extern decoder server_name_type_decoder[];
|
extern decoder server_name_type_decoder[];
|
||||||
|
|
||||||
|
|
@ -2557,7 +2557,8 @@ static int decode_extension_encrypt_then_mac(ssl,dir,seg,data)
|
||||||
segment *seg;
|
segment *seg;
|
||||||
Data *data;
|
Data *data;
|
||||||
{
|
{
|
||||||
int l,r,*etm;
|
int r,*etm;
|
||||||
|
UINT4 l;
|
||||||
|
|
||||||
etm=&ssl->extensions->encrypt_then_mac;
|
etm=&ssl->extensions->encrypt_then_mac;
|
||||||
|
|
||||||
|
|
@ -2574,7 +2575,8 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data)
|
||||||
segment *seg;
|
segment *seg;
|
||||||
Data *data;
|
Data *data;
|
||||||
{
|
{
|
||||||
int l,r,*ems;
|
int r,*ems;
|
||||||
|
UINT4 l;
|
||||||
|
|
||||||
ems=&ssl->extensions->extended_master_secret;
|
ems=&ssl->extensions->extended_master_secret;
|
||||||
|
|
||||||
|
|
@ -2591,7 +2593,8 @@ static int decode_extension(ssl,dir,seg,data)
|
||||||
segment *seg;
|
segment *seg;
|
||||||
Data *data;
|
Data *data;
|
||||||
{
|
{
|
||||||
int l,r;
|
int r;
|
||||||
|
UINT4 l;
|
||||||
SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
|
SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
|
||||||
data->len-=l;
|
data->len-=l;
|
||||||
data->data+=l;
|
data->data+=l;
|
||||||
|
|
@ -2670,7 +2673,8 @@ static int decode_server_name_type_host_name(ssl,dir,seg,data)
|
||||||
segment *seg;
|
segment *seg;
|
||||||
Data *data;
|
Data *data;
|
||||||
{
|
{
|
||||||
int l,r;
|
int r;
|
||||||
|
UINT4 l;
|
||||||
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
|
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
|
||||||
printf(": %.*s",l,data->data);
|
printf(": %.*s",l,data->data);
|
||||||
|
|
||||||
|
|
@ -2697,7 +2701,8 @@ static int decode_server_name(ssl,dir,seg,data)
|
||||||
segment *seg;
|
segment *seg;
|
||||||
Data *data;
|
Data *data;
|
||||||
{
|
{
|
||||||
int l,r;
|
int r;
|
||||||
|
UINT4 l;
|
||||||
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
|
SSL_DECODE_UINT16(ssl,"server name length",0,data,&l);
|
||||||
data->len-=l;
|
data->len-=l;
|
||||||
data->data+=l;
|
data->data+=l;
|
||||||
|
|
|
||||||
|
|
@ -187,7 +187,7 @@ static int parse_ssl_flags(str)
|
||||||
|
|
||||||
y=str;
|
y=str;
|
||||||
|
|
||||||
while(x=strtok(y,",")){
|
while((x=strtok(y,","))){
|
||||||
y=0;
|
y=0;
|
||||||
|
|
||||||
if(*x=='!'){
|
if(*x=='!'){
|
||||||
|
|
@ -218,7 +218,7 @@ static int create_ssl_ctx(handle,ctxp)
|
||||||
ssl_decode_ctx *ctx=0;
|
ssl_decode_ctx *ctx=0;
|
||||||
int r,_status;
|
int r,_status;
|
||||||
|
|
||||||
if(r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile))
|
if((r=ssl_decode_ctx_create(&ctx,SSL_keyfile,SSL_password,SSL_keylogfile)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
*ctxp=(proto_ctx *)ctx;
|
*ctxp=(proto_ctx *)ctx;
|
||||||
|
|
@ -227,16 +227,9 @@ static int create_ssl_ctx(handle,ctxp)
|
||||||
return(_status);
|
return(_status);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,base_time)
|
static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
|
||||||
void *handle;
|
proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
|
||||||
proto_ctx *ctx;
|
u_short r_port, struct timeval *base_time)
|
||||||
tcp_conn *conn;
|
|
||||||
proto_obj **objp;
|
|
||||||
struct in_addr *i_addr;
|
|
||||||
u_short i_port;
|
|
||||||
struct in_addr *r_addr;
|
|
||||||
u_short r_port;
|
|
||||||
struct timeval *base_time;
|
|
||||||
{
|
{
|
||||||
int r,_status;
|
int r,_status;
|
||||||
ssl_obj *obj=0;
|
ssl_obj *obj=0;
|
||||||
|
|
@ -247,9 +240,9 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
|
||||||
obj->ssl_ctx=(ssl_decode_ctx *)ctx;
|
obj->ssl_ctx=(ssl_decode_ctx *)ctx;
|
||||||
obj->conn=conn;
|
obj->conn=conn;
|
||||||
|
|
||||||
if(r=create_r_queue(&obj->r2i_queue))
|
if((r=create_r_queue(&obj->r2i_queue)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=create_r_queue(&obj->i2r_queue))
|
if((r=create_r_queue(&obj->i2r_queue)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
lookuphostname(i_addr,&obj->client_name);
|
lookuphostname(i_addr,&obj->client_name);
|
||||||
|
|
@ -263,7 +256,7 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port,
|
||||||
memcpy(&obj->time_start,base_time,sizeof(struct timeval));
|
memcpy(&obj->time_start,base_time,sizeof(struct timeval));
|
||||||
memcpy(&obj->time_last,base_time,sizeof(struct timeval));
|
memcpy(&obj->time_last,base_time,sizeof(struct timeval));
|
||||||
|
|
||||||
if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx))
|
if((r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
if (!(obj->extensions=malloc(sizeof(ssl_extensions))))
|
if (!(obj->extensions=malloc(sizeof(ssl_extensions))))
|
||||||
|
|
@ -354,7 +347,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp)
|
||||||
if (SSL_HEADER_SIZE<q->len)
|
if (SSL_HEADER_SIZE<q->len)
|
||||||
ABORT(-1);
|
ABORT(-1);
|
||||||
q->read_left=SSL_HEADER_SIZE-q->len;
|
q->read_left=SSL_HEADER_SIZE-q->len;
|
||||||
if(r=read_data(q,seg,offset,&last,&offset))
|
if((r=read_data(q,seg,offset,&last,&offset)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
q->state=SSL_READ_HEADER;
|
q->state=SSL_READ_HEADER;
|
||||||
|
|
@ -386,7 +379,7 @@ static int read_ssl_record(obj,q,seg,offset,lastp,offsetp)
|
||||||
q->read_left=rec_len;
|
q->read_left=rec_len;
|
||||||
|
|
||||||
case SSL_READ_HEADER:
|
case SSL_READ_HEADER:
|
||||||
if(r=read_data(q,last,offset,&last,&offset))
|
if((r=read_data(q,last,offset,&last,&offset)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
@ -436,7 +429,7 @@ static int read_data(q,seg,offset,lastp,offsetp)
|
||||||
};
|
};
|
||||||
|
|
||||||
if(q->read_left){
|
if(q->read_left){
|
||||||
if(r=copy_tcp_segment_queue(&q->q,seg))
|
if((r=copy_tcp_segment_queue(&q->q,seg)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
return(SSL_NO_DATA);
|
return(SSL_NO_DATA);
|
||||||
}
|
}
|
||||||
|
|
@ -513,7 +506,7 @@ static int data_ssl_analyzer(_obj,seg,direction)
|
||||||
|
|
||||||
ssl->direction=direction;
|
ssl->direction=direction;
|
||||||
|
|
||||||
if(r=print_ssl_record(ssl,direction,assembled,q->data,q->len))
|
if((r=print_ssl_record(ssl,direction,assembled,q->data,q->len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
/*Now reset things, so we can read another record*/
|
/*Now reset things, so we can read another record*/
|
||||||
|
|
@ -545,9 +538,7 @@ static int print_ssl_header(obj,direction,q,data,len)
|
||||||
int len;
|
int len;
|
||||||
{
|
{
|
||||||
int ct=0;
|
int ct=0;
|
||||||
int r;
|
|
||||||
segment *s;
|
segment *s;
|
||||||
struct timeval dt;
|
|
||||||
|
|
||||||
ssl_print_record_num(obj);
|
ssl_print_record_num(obj);
|
||||||
|
|
||||||
|
|
@ -576,7 +567,7 @@ static int print_ssl_record(obj,direction,q,data,len)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if(r=print_ssl_header(obj,direction,q,data,len))
|
if((r=print_ssl_header(obj,direction,q,data,len)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
|
|
||||||
ssl_expand_record(obj,q,direction,data,len);
|
ssl_expand_record(obj,q,direction,data,len);
|
||||||
|
|
|
||||||
|
|
@ -77,7 +77,7 @@ typedef struct ssl_obj_ {
|
||||||
int r_state;
|
int r_state;
|
||||||
int i_state;
|
int i_state;
|
||||||
int version;
|
int version;
|
||||||
int cipher_suite;
|
UINT4 cipher_suite;
|
||||||
|
|
||||||
char *client_name;
|
char *client_name;
|
||||||
int client_port;
|
int client_port;
|
||||||
|
|
|
||||||
|
|
@ -127,14 +127,14 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,iv)
|
||||||
|
|
||||||
dec->cs=cs;
|
dec->cs=cs;
|
||||||
|
|
||||||
if(r=r_data_alloc(&dec->mac_key,cs->dig_len))
|
if((r=r_data_alloc(&dec->mac_key,cs->dig_len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
if(r=r_data_alloc(&dec->implicit_iv,cs->block))
|
if((r=r_data_alloc(&dec->implicit_iv,cs->block)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
memcpy(dec->implicit_iv->data,iv,cs->block);
|
memcpy(dec->implicit_iv->data,iv,cs->block);
|
||||||
|
|
||||||
if(r=r_data_create(&dec->write_key,sk,cs->eff_bits/8))
|
if((r=r_data_create(&dec->write_key,sk,cs->eff_bits/8)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -203,7 +203,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
|
||||||
#ifdef OPENSSL
|
#ifdef OPENSSL
|
||||||
int pad;
|
int pad;
|
||||||
int r,encpadl,x;
|
int r,encpadl,x;
|
||||||
UCHAR *mac,*iv,aead_tag[13],aead_nonce[12];
|
UCHAR *mac,aead_tag[13],aead_nonce[12];
|
||||||
|
|
||||||
CRDUMP("Ciphertext",in,inl);
|
CRDUMP("Ciphertext",in,inl);
|
||||||
if(IS_AEAD_CIPHER(d->cs)){
|
if(IS_AEAD_CIPHER(d->cs)){
|
||||||
|
|
@ -273,12 +273,12 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
|
||||||
ERETURN(SSL_BAD_MAC);
|
ERETURN(SSL_BAD_MAC);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac))
|
if((r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if(r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac))
|
if((r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -302,7 +302,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
|
||||||
|
|
||||||
/* Now check the MAC */
|
/* Now check the MAC */
|
||||||
if(ssl->version==0x300){
|
if(ssl->version==0x300){
|
||||||
if(r=ssl3_check_mac(d,ct,version,out,*outl,mac))
|
if((r=ssl3_check_mac(d,ct,version,out,*outl,mac)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
|
|
@ -319,7 +319,7 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
|
||||||
ERETURN(SSL_BAD_MAC);
|
ERETURN(SSL_BAD_MAC);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac))
|
if((r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -363,7 +363,7 @@ static int tls_check_mac(d,ct,ver,data,datalen,iv,ivlen,mac)
|
||||||
UCHAR buf[128];
|
UCHAR buf[128];
|
||||||
|
|
||||||
md=EVP_get_digestbyname(digests[d->cs->dig-0x40]);
|
md=EVP_get_digestbyname(digests[d->cs->dig-0x40]);
|
||||||
HMAC_Init(hm,d->mac_key->data,d->mac_key->len,md);
|
HMAC_Init_ex(hm,d->mac_key->data,d->mac_key->len,md,NULL);
|
||||||
|
|
||||||
fmt_seq(d->seq,buf);
|
fmt_seq(d->seq,buf);
|
||||||
d->seq++;
|
d->seq++;
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,9 @@ int ssl_create_rec_decoder PROTO_LIST((ssl_rec_decoder **dp,
|
||||||
int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d,
|
int ssl_decode_rec_data PROTO_LIST((ssl_obj *ssl,ssl_rec_decoder *d,
|
||||||
int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl));
|
int ct,int version,UCHAR *in,int inl,UCHAR *out,int *outl));
|
||||||
|
|
||||||
|
int ssl3_check_mac(ssl_rec_decoder *d, int ct, int ver, UCHAR *data,
|
||||||
|
UINT4 datalen, UCHAR *mac);
|
||||||
|
|
||||||
#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c)
|
#define IS_AEAD_CIPHER(cs) (cs->enc==0x3b||cs->enc==0x3c)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
||||||
140
ssl/ssldecode.c
140
ssl/ssldecode.c
|
|
@ -141,7 +141,7 @@ int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL
|
#ifdef OPENSSL
|
||||||
ssl_decode_ctx *d=0;
|
ssl_decode_ctx *d=0;
|
||||||
int r,_status;
|
int _status;
|
||||||
|
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
OpenSSL_add_all_algorithms();
|
OpenSSL_add_all_algorithms();
|
||||||
|
|
@ -249,7 +249,7 @@ int ssl_set_client_random(d,msg,len)
|
||||||
#ifdef OPENSSL
|
#ifdef OPENSSL
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if(r=r_data_create(&d->client_random,msg,len))
|
if((r=r_data_create(&d->client_random,msg,len)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
#endif
|
#endif
|
||||||
return(0);
|
return(0);
|
||||||
|
|
@ -263,7 +263,7 @@ int ssl_set_server_random(d,msg,len)
|
||||||
#ifdef OPENSSL
|
#ifdef OPENSSL
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if(r=r_data_create(&d->server_random,msg,len))
|
if((r=r_data_create(&d->server_random,msg,len)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
#endif
|
#endif
|
||||||
return(0);
|
return(0);
|
||||||
|
|
@ -278,7 +278,7 @@ int ssl_set_client_session_id(d,msg,len)
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if(len>0)
|
if(len>0)
|
||||||
if(r=r_data_create(&d->session_id,msg,len))
|
if((r=r_data_create(&d->session_id,msg,len)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
#endif
|
#endif
|
||||||
return(0);
|
return(0);
|
||||||
|
|
@ -300,13 +300,13 @@ int ssl_process_server_session_id(ssl,d,msg,len)
|
||||||
/* First check to see if the client tried to restore */
|
/* First check to see if the client tried to restore */
|
||||||
if(d->session_id){
|
if(d->session_id){
|
||||||
/* Now check to see if we restored */
|
/* Now check to see if we restored */
|
||||||
if(r_data_compare(&idd,d->session_id))
|
if((r=r_data_compare(&idd,d->session_id)))
|
||||||
goto abort;
|
ABORT(r);
|
||||||
|
|
||||||
/* Now try to look up the session. We may not be able
|
/* Now try to look up the session. We may not be able
|
||||||
to find it if, for instance, the original session
|
to find it if, for instance, the original session
|
||||||
was initiated with something other than static RSA */
|
was initiated with something other than static RSA */
|
||||||
if(r=ssl_restore_session(ssl,d))
|
if((r=ssl_restore_session(ssl,d)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
restored=1;
|
restored=1;
|
||||||
|
|
@ -420,7 +420,7 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d)
|
||||||
if(!(out=(UCHAR *)malloc(d->len)))
|
if(!(out=(UCHAR *)malloc(d->len)))
|
||||||
ABORT(R_NO_MEMORY);
|
ABORT(R_NO_MEMORY);
|
||||||
|
|
||||||
if(r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl)){
|
if((r=ssl_decode_rec_data(ssl,rd,ct,version,d->data,d->len,out,&outl))){
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -459,7 +459,7 @@ int ssl_update_handshake_messages(ssl,data)
|
||||||
hms->len+=l;
|
hms->len+=l;
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
if(r=r_data_create(&hms,d,l))
|
if((r=r_data_create(&hms,d,l)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
ssl->decoder->handshake_messages=hms;
|
ssl->decoder->handshake_messages=hms;
|
||||||
}
|
}
|
||||||
|
|
@ -477,7 +477,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
|
||||||
{
|
{
|
||||||
UCHAR *key=0;
|
UCHAR *key=0;
|
||||||
UINT4 l;
|
UINT4 l;
|
||||||
int r,_status;
|
int _status;
|
||||||
|
|
||||||
l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */
|
l=idlen+strlen(ssl->server_name)+idlen+15; /* HOST + PORT + id */
|
||||||
|
|
||||||
|
|
@ -490,7 +490,7 @@ static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl)
|
||||||
key+=idlen;
|
key+=idlen;
|
||||||
|
|
||||||
snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port);
|
snprintf((char *)key,l,"%s:%d",ssl->server_name,ssl->server_port);
|
||||||
*keyl+=strlen(key);
|
*keyl+=strlen((char *)key);
|
||||||
|
|
||||||
_status=0;
|
_status=0;
|
||||||
abort:
|
abort:
|
||||||
|
|
@ -509,15 +509,15 @@ int ssl_restore_session(ssl,d)
|
||||||
int lookup_key_len;
|
int lookup_key_len;
|
||||||
int r,_status;
|
int r,_status;
|
||||||
#ifdef OPENSSL
|
#ifdef OPENSSL
|
||||||
if(r=ssl_create_session_lookup_key(ssl,
|
if((r=ssl_create_session_lookup_key(ssl,
|
||||||
d->session_id->data,d->session_id->len,&lookup_key,
|
d->session_id->data,d->session_id->len,&lookup_key,
|
||||||
&lookup_key_len))
|
(UINT4 *) &lookup_key_len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=r_assoc_fetch(d->ctx->session_cache,lookup_key,lookup_key_len,
|
if((r=r_assoc_fetch(d->ctx->session_cache,(char *) lookup_key,lookup_key_len,
|
||||||
&msv))
|
&msv)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
msd=(Data *)msv;
|
msd=(Data *)msv;
|
||||||
if(r=r_data_create(&d->MS,msd->data,msd->len))
|
if((r=r_data_create(&d->MS,msd->data,msd->len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
CRDUMPD("Restored MS",d->MS);
|
CRDUMPD("Restored MS",d->MS);
|
||||||
|
|
||||||
|
|
@ -526,7 +526,7 @@ int ssl_restore_session(ssl,d)
|
||||||
case TLSV1_VERSION:
|
case TLSV1_VERSION:
|
||||||
case TLSV11_VERSION:
|
case TLSV11_VERSION:
|
||||||
case TLSV12_VERSION:
|
case TLSV12_VERSION:
|
||||||
if(r=ssl_generate_keying_material(ssl,d))
|
if((r=ssl_generate_keying_material(ssl,d)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
@ -550,20 +550,19 @@ int ssl_save_session(ssl,d)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL
|
#ifdef OPENSSL
|
||||||
UCHAR *lookup_key=0;
|
UCHAR *lookup_key=0;
|
||||||
void *msv;
|
|
||||||
Data *msd=0;
|
Data *msd=0;
|
||||||
int lookup_key_len;
|
int lookup_key_len;
|
||||||
int r,_status;
|
int r,_status;
|
||||||
|
|
||||||
if(r=ssl_create_session_lookup_key(ssl,d->session_id->data,
|
if((r=ssl_create_session_lookup_key(ssl,d->session_id->data,
|
||||||
d->session_id->len,&lookup_key,
|
d->session_id->len,&lookup_key,
|
||||||
&lookup_key_len))
|
(UINT4 *) &lookup_key_len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=r_data_create(&msd,d->MS->data,d->MS->len))
|
if((r=r_data_create(&msd,d->MS->data,d->MS->len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=r_assoc_insert(d->ctx->session_cache,lookup_key,lookup_key_len,
|
if((r=r_assoc_insert(d->ctx->session_cache,(char *)lookup_key,lookup_key_len,
|
||||||
(void *)msd,0,(int (*)(void *))r_data_zfree,
|
(void *)msd,0,(int (*)(void *))r_data_zfree,
|
||||||
R_ASSOC_NEW | R_ASSOC_REPLACE))
|
R_ASSOC_NEW | R_ASSOC_REPLACE)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
_status=0;
|
_status=0;
|
||||||
|
|
@ -614,7 +613,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
|
||||||
return(-1);
|
return(-1);
|
||||||
|
|
||||||
RSA_get0_key(EVP_PKEY_get0_RSA(pk), &n, NULL, NULL);
|
RSA_get0_key(EVP_PKEY_get0_RSA(pk), &n, NULL, NULL);
|
||||||
if(r=r_data_alloc(&d->PMS,BN_num_bytes(n)))
|
if((r=r_data_alloc(&d->PMS,BN_num_bytes(n))))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
i=RSA_private_decrypt(len,msg,d->PMS->data,
|
i=RSA_private_decrypt(len,msg,d->PMS->data,
|
||||||
|
|
@ -633,7 +632,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
|
||||||
case TLSV1_VERSION:
|
case TLSV1_VERSION:
|
||||||
case TLSV11_VERSION:
|
case TLSV11_VERSION:
|
||||||
case TLSV12_VERSION:
|
case TLSV12_VERSION:
|
||||||
if(r=ssl_generate_keying_material(ssl,d))
|
if((r=ssl_generate_keying_material(ssl,d)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
@ -642,7 +641,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
|
||||||
|
|
||||||
|
|
||||||
/* Now store the data in the session cache */
|
/* Now store the data in the session cache */
|
||||||
if(r=ssl_save_session(ssl,d))
|
if((r=ssl_save_session(ssl,d)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
_status=0;
|
_status=0;
|
||||||
|
|
@ -678,12 +677,12 @@ static int tls_P_hash(ssl,secret,seed,md,out)
|
||||||
A_l=seed->len;
|
A_l=seed->len;
|
||||||
|
|
||||||
while(left){
|
while(left){
|
||||||
HMAC_Init(hm,secret->data,secret->len,md);
|
HMAC_Init_ex(hm,secret->data,secret->len,md,NULL);
|
||||||
HMAC_Update(hm,A,A_l);
|
HMAC_Update(hm,A,A_l);
|
||||||
HMAC_Final(hm,_A,&A_l);
|
HMAC_Final(hm,_A,&A_l);
|
||||||
A=_A;
|
A=_A;
|
||||||
|
|
||||||
HMAC_Init(hm,secret->data,secret->len,md);
|
HMAC_Init_ex(hm,secret->data,secret->len,md,NULL);
|
||||||
HMAC_Update(hm,A,A_l);
|
HMAC_Update(hm,A,A_l);
|
||||||
HMAC_Update(hm,seed->data,seed->len);
|
HMAC_Update(hm,seed->data,seed->len);
|
||||||
HMAC_Final(hm,tmp,&tmp_l);
|
HMAC_Final(hm,tmp,&tmp_l);
|
||||||
|
|
@ -716,11 +715,11 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out)
|
||||||
Data *S1=0,*S2=0;
|
Data *S1=0,*S2=0;
|
||||||
int i,S_l;
|
int i,S_l;
|
||||||
|
|
||||||
if(r=r_data_alloc(&md5_out,MAX(out->len,16)))
|
if((r=r_data_alloc(&md5_out,MAX(out->len,16))))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=r_data_alloc(&sha_out,MAX(out->len,20)))
|
if((r=r_data_alloc(&sha_out,MAX(out->len,20))))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len))
|
if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
ptr=seed->data;
|
ptr=seed->data;
|
||||||
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
|
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
|
||||||
|
|
@ -729,18 +728,18 @@ static int tls_prf(ssl,secret,usage,rnd1,rnd2,out)
|
||||||
|
|
||||||
S_l=secret->len/2 + secret->len%2;
|
S_l=secret->len/2 + secret->len%2;
|
||||||
|
|
||||||
if(r=r_data_alloc(&S1,S_l))
|
if((r=r_data_alloc(&S1,S_l)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=r_data_alloc(&S2,S_l))
|
if((r=r_data_alloc(&S2,S_l)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
memcpy(S1->data,secret->data,S_l);
|
memcpy(S1->data,secret->data,S_l);
|
||||||
memcpy(S2->data,secret->data + (secret->len - S_l),S_l);
|
memcpy(S2->data,secret->data + (secret->len - S_l),S_l);
|
||||||
|
|
||||||
if(r=tls_P_hash
|
if((r=tls_P_hash
|
||||||
(ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out))
|
(ssl,S1,seed,EVP_get_digestbyname("MD5"),md5_out)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out))
|
if((r=tls_P_hash(ssl,S2,seed,EVP_get_digestbyname("SHA1"),sha_out)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -775,9 +774,9 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
|
||||||
UCHAR *ptr;
|
UCHAR *ptr;
|
||||||
int i, dgi;
|
int i, dgi;
|
||||||
|
|
||||||
if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */
|
if((r=r_data_alloc(&sha_out,MAX(out->len,64)))) /* assume max SHA512 */
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len))
|
if((r=r_data_alloc(&seed,strlen(usage)+rnd1->len+rnd2->len)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
ptr=seed->data;
|
ptr=seed->data;
|
||||||
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
|
memcpy(ptr,usage,strlen(usage)); ptr+=strlen(usage);
|
||||||
|
|
@ -792,7 +791,7 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
|
||||||
digests[dgi]));
|
digests[dgi]));
|
||||||
ERETURN(SSL_BAD_MAC);
|
ERETURN(SSL_BAD_MAC);
|
||||||
}
|
}
|
||||||
if(r=tls_P_hash(ssl,secret,seed,md,sha_out))
|
if((r=tls_P_hash(ssl,secret,seed,md,sha_out)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
for(i=0;i<out->len;i++)
|
for(i=0;i<out->len;i++)
|
||||||
|
|
@ -886,10 +885,10 @@ static int ssl3_prf(ssl,secret,usage,r1,r2,out)
|
||||||
|
|
||||||
MD5_Update(&md5,secret->data,secret->len);
|
MD5_Update(&md5,secret->data,secret->len);
|
||||||
MD5_Update(&md5,buf,20);
|
MD5_Update(&md5,buf,20);
|
||||||
MD5_Final(outbuf,&md5);
|
MD5_Final((unsigned char *)outbuf,&md5);
|
||||||
tocpy=MIN(out->len-off,16);
|
tocpy=MIN(out->len-off,16);
|
||||||
memcpy(out->data+off,outbuf,tocpy);
|
memcpy(out->data+off,outbuf,tocpy);
|
||||||
CRDUMP("MD5 out",outbuf,16);
|
CRDUMP("MD5 out",(UCHAR *)outbuf,16);
|
||||||
|
|
||||||
MD5_Init(&md5);
|
MD5_Init(&md5);
|
||||||
}
|
}
|
||||||
|
|
@ -909,21 +908,21 @@ static int ssl_generate_keying_material(ssl,d)
|
||||||
UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL;
|
UCHAR *ptr,*c_wk,*s_wk,*c_mk=NULL,*s_mk=NULL,*c_iv=NULL,*s_iv=NULL;
|
||||||
|
|
||||||
if(!d->MS){
|
if(!d->MS){
|
||||||
if(r=r_data_alloc(&d->MS,48))
|
if((r=r_data_alloc(&d->MS,48)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
if (ssl->extensions->extended_master_secret==2) {
|
if (ssl->extensions->extended_master_secret==2) {
|
||||||
if(r=ssl_generate_session_hash(ssl,d))
|
if((r=ssl_generate_session_hash(ssl,d)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
temp.len=0;
|
temp.len=0;
|
||||||
if(r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp,
|
if((r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp,
|
||||||
d->MS))
|
d->MS)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random,
|
if((r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random,
|
||||||
d->MS))
|
d->MS)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
CRDUMPD("MS",d->MS);
|
CRDUMPD("MS",d->MS);
|
||||||
|
|
@ -937,10 +936,10 @@ static int ssl_generate_keying_material(ssl,d)
|
||||||
if(ssl->cs->block>1) needed+=ssl->cs->block*2;
|
if(ssl->cs->block>1) needed+=ssl->cs->block*2;
|
||||||
|
|
||||||
|
|
||||||
if(r=r_data_alloc(&key_block,needed))
|
if((r=r_data_alloc(&key_block,needed)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random,
|
if((r=PRF(ssl,d->MS,"key expansion",d->server_random,d->client_random,
|
||||||
key_block))
|
key_block)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
ptr=key_block->data;
|
ptr=key_block->data;
|
||||||
|
|
@ -960,7 +959,6 @@ static int ssl_generate_keying_material(ssl,d)
|
||||||
|
|
||||||
if(ssl->cs->export){
|
if(ssl->cs->export){
|
||||||
Data iv_c,iv_s;
|
Data iv_c,iv_s;
|
||||||
Data c_iv_d,s_iv_d;
|
|
||||||
Data key_c,key_s;
|
Data key_c,key_s;
|
||||||
Data k;
|
Data k;
|
||||||
|
|
||||||
|
|
@ -969,11 +967,11 @@ static int ssl_generate_keying_material(ssl,d)
|
||||||
ATTACH_DATA(iv_s,_iv_s);
|
ATTACH_DATA(iv_s,_iv_s);
|
||||||
|
|
||||||
if(ssl->version==SSLV3_VERSION){
|
if(ssl->version==SSLV3_VERSION){
|
||||||
if(r=ssl3_generate_export_iv(ssl,d->client_random,
|
if((r=ssl3_generate_export_iv(ssl,d->client_random,
|
||||||
d->server_random,&iv_c))
|
d->server_random,&iv_c)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=ssl3_generate_export_iv(ssl,d->server_random,
|
if((r=ssl3_generate_export_iv(ssl,d->server_random,
|
||||||
d->client_random,&iv_s))
|
d->client_random,&iv_s)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
|
|
@ -991,8 +989,8 @@ static int ssl_generate_keying_material(ssl,d)
|
||||||
|
|
||||||
ATTACH_DATA(iv_block,_iv_block);
|
ATTACH_DATA(iv_block,_iv_block);
|
||||||
|
|
||||||
if(r=PRF(ssl,&key_null,"IV block",d->client_random,
|
if((r=PRF(ssl,&key_null,"IV block",d->client_random,
|
||||||
d->server_random,&iv_block))
|
d->server_random,&iv_block)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
memcpy(_iv_c,iv_block.data,8);
|
memcpy(_iv_c,iv_block.data,8);
|
||||||
|
|
@ -1024,13 +1022,13 @@ static int ssl_generate_keying_material(ssl,d)
|
||||||
ATTACH_DATA(key_c,_key_c);
|
ATTACH_DATA(key_c,_key_c);
|
||||||
ATTACH_DATA(key_s,_key_s);
|
ATTACH_DATA(key_s,_key_s);
|
||||||
INIT_DATA(k,c_wk,ssl->cs->eff_bits/8);
|
INIT_DATA(k,c_wk,ssl->cs->eff_bits/8);
|
||||||
if(r=PRF(ssl,&k,"client write key",d->client_random,d->server_random,
|
if((r=PRF(ssl,&k,"client write key",d->client_random,d->server_random,
|
||||||
&key_c))
|
&key_c)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
c_wk=_key_c;
|
c_wk=_key_c;
|
||||||
INIT_DATA(k,s_wk,ssl->cs->eff_bits/8);
|
INIT_DATA(k,s_wk,ssl->cs->eff_bits/8);
|
||||||
if(r=PRF(ssl,&k,"server write key",d->client_random,d->server_random,
|
if((r=PRF(ssl,&k,"server write key",d->client_random,d->server_random,
|
||||||
&key_s))
|
&key_s)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
s_wk=_key_s;
|
s_wk=_key_s;
|
||||||
}
|
}
|
||||||
|
|
@ -1046,11 +1044,11 @@ static int ssl_generate_keying_material(ssl,d)
|
||||||
CRDUMP("Server Write IV",s_iv,ssl->cs->block);
|
CRDUMP("Server Write IV",s_iv,ssl->cs->block);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(r=ssl_create_rec_decoder(&d->c_to_s_n,
|
if((r=ssl_create_rec_decoder(&d->c_to_s_n,
|
||||||
ssl->cs,c_mk,c_wk,c_iv))
|
ssl->cs,c_mk,c_wk,c_iv)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
if(r=ssl_create_rec_decoder(&d->s_to_c_n,
|
if((r=ssl_create_rec_decoder(&d->s_to_c_n,
|
||||||
ssl->cs,s_mk,s_wk,s_iv))
|
ssl->cs,s_mk,s_wk,s_iv)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1070,9 +1068,9 @@ static int ssl_generate_session_hash(ssl,d)
|
||||||
int r,_status,dgi;
|
int r,_status,dgi;
|
||||||
unsigned int len;
|
unsigned int len;
|
||||||
const EVP_MD *md;
|
const EVP_MD *md;
|
||||||
HMAC_CTX *dgictx = HMAC_CTX_new();
|
EVP_MD_CTX *dgictx = EVP_MD_CTX_create();
|
||||||
|
|
||||||
if(r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE))
|
if((r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
switch(ssl->version){
|
switch(ssl->version){
|
||||||
|
|
@ -1086,7 +1084,7 @@ static int ssl_generate_session_hash(ssl,d)
|
||||||
|
|
||||||
EVP_DigestInit(dgictx,md);
|
EVP_DigestInit(dgictx,md);
|
||||||
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
|
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
|
||||||
EVP_DigestFinal(dgictx,d->session_hash->data,&d->session_hash->len);
|
EVP_DigestFinal(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case SSLV3_VERSION:
|
case SSLV3_VERSION:
|
||||||
|
|
@ -1094,7 +1092,7 @@ static int ssl_generate_session_hash(ssl,d)
|
||||||
case TLSV11_VERSION:
|
case TLSV11_VERSION:
|
||||||
EVP_DigestInit(dgictx,EVP_get_digestbyname("MD5"));
|
EVP_DigestInit(dgictx,EVP_get_digestbyname("MD5"));
|
||||||
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
|
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
|
||||||
EVP_DigestFinal_ex(dgictx,d->session_hash->data,&d->session_hash->len);
|
EVP_DigestFinal_ex(dgictx,d->session_hash->data,(unsigned int *) &d->session_hash->len);
|
||||||
|
|
||||||
EVP_DigestInit(dgictx,EVP_get_digestbyname("SHA1"));
|
EVP_DigestInit(dgictx,EVP_get_digestbyname("SHA1"));
|
||||||
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
|
EVP_DigestUpdate(dgictx,d->handshake_messages->data,d->handshake_messages->len);
|
||||||
|
|
@ -1114,7 +1112,7 @@ static int ssl_generate_session_hash(ssl,d)
|
||||||
static int ssl_read_key_log_file(d)
|
static int ssl_read_key_log_file(d)
|
||||||
ssl_decoder *d;
|
ssl_decoder *d;
|
||||||
{
|
{
|
||||||
int r,_status,dgi,n,i;
|
int r,_status,n,i;
|
||||||
unsigned int t;
|
unsigned int t;
|
||||||
size_t l=0;
|
size_t l=0;
|
||||||
char *line,*label_data;
|
char *line,*label_data;
|
||||||
|
|
@ -1133,7 +1131,7 @@ static int ssl_read_key_log_file(d)
|
||||||
if(STRNICMP(line+14,label_data,64))
|
if(STRNICMP(line+14,label_data,64))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if(r=r_data_alloc(&d->MS,48))
|
if((r=r_data_alloc(&d->MS,48)))
|
||||||
ABORT(r);
|
ABORT(r);
|
||||||
|
|
||||||
for(i=0; i < d->MS->len; i++) {
|
for(i=0; i < d->MS->len; i++) {
|
||||||
|
|
|
||||||
|
|
@ -65,8 +65,6 @@ int process_beginning_plaintext(ssl,seg,direction)
|
||||||
int direction;
|
int direction;
|
||||||
{
|
{
|
||||||
Data d;
|
Data d;
|
||||||
int r;
|
|
||||||
struct timeval dt;
|
|
||||||
if(seg->len==0)
|
if(seg->len==0)
|
||||||
return(SSL_NO_DATA);
|
return(SSL_NO_DATA);
|
||||||
|
|
||||||
|
|
@ -95,14 +93,13 @@ int process_v2_hello(ssl,seg)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
int rec_len;
|
int rec_len;
|
||||||
int cs_len;
|
UINT4 cs_len;
|
||||||
int sid_len;
|
UINT4 sid_len;
|
||||||
int chall_len;
|
UINT4 chall_len;
|
||||||
int ver;
|
UINT4 ver;
|
||||||
Data d;
|
Data d;
|
||||||
Data chall;
|
Data chall;
|
||||||
char random[32];
|
UCHAR random[32];
|
||||||
struct timeval dt;
|
|
||||||
|
|
||||||
if(seg->len==0)
|
if(seg->len==0)
|
||||||
return(SSL_NO_DATA);
|
return(SSL_NO_DATA);
|
||||||
|
|
@ -157,7 +154,6 @@ int process_v2_hello(ssl,seg)
|
||||||
|
|
||||||
for(;cs_len;cs_len-=3){
|
for(;cs_len;cs_len-=3){
|
||||||
UINT4 val;
|
UINT4 val;
|
||||||
char *str;
|
|
||||||
|
|
||||||
SSL_DECODE_UINT24(ssl,0,0,&d,&val);
|
SSL_DECODE_UINT24(ssl,0,0,&d,&val);
|
||||||
ssl_print_cipher_suite(ssl,ver,P_HL,val);
|
ssl_print_cipher_suite(ssl,ver,P_HL,val);
|
||||||
|
|
@ -266,14 +262,14 @@ int ssl_expand_record(ssl,q,direction,data,len)
|
||||||
}
|
}
|
||||||
|
|
||||||
if(r){
|
if(r){
|
||||||
if(r=ssl_print_enum(ssl,0,ContentType_decoder,ct)) {
|
if((r=ssl_print_enum(ssl,0,ContentType_decoder,ct))) {
|
||||||
printf(" unknown record type: %d\n", ct);
|
printf(" unknown record type: %d\n", ct);
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
}
|
}
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
if(r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d)) {
|
if((r=ssl_decode_switch(ssl,ContentType_decoder,data[0],direction,q, &d))) {
|
||||||
printf(" unknown record type: %d\n", ct);
|
printf(" unknown record type: %d\n", ct);
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
}
|
}
|
||||||
|
|
@ -332,7 +328,7 @@ int ssl_decode_opaque_array(ssl,name,size,p,data,x)
|
||||||
sprintf(n,"%s (length)",name?name:"<unknown>");
|
sprintf(n,"%s (length)",name?name:"<unknown>");
|
||||||
if(size<0){
|
if(size<0){
|
||||||
size*=-1;
|
size*=-1;
|
||||||
if(r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len))
|
if((r=ssl_decode_uintX(ssl,n,BYTES_NEEDED(size),P_DC,data,&len)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
|
|
@ -388,11 +384,11 @@ int ssl_decode_enum(ssl,name,size,dtable,p,data,x)
|
||||||
|
|
||||||
if(!x) x=&_x;
|
if(!x) x=&_x;
|
||||||
|
|
||||||
if(r=ssl_decode_uintX(ssl,name,size,0,data,x))
|
if((r=ssl_decode_uintX(ssl,name,size,0,data,x)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
|
|
||||||
P_(p){
|
P_(p){
|
||||||
if(r=ssl_print_enum(ssl,name,dtable,*x))
|
if((r=ssl_print_enum(ssl,name,dtable,*x)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -476,7 +472,7 @@ int combodump(ssl,name,data)
|
||||||
char *name;
|
char *name;
|
||||||
Data *data;
|
Data *data;
|
||||||
{
|
{
|
||||||
char *ptr=data->data;
|
UCHAR *ptr=data->data;
|
||||||
int len=data->len;
|
int len=data->len;
|
||||||
|
|
||||||
if(name){
|
if(name){
|
||||||
|
|
@ -620,12 +616,12 @@ int ssl_print_timestamp(ssl,ts)
|
||||||
explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100);
|
explain(ssl,"%d%c%4.4d ",ts->tv_sec,'.',ts->tv_usec/100);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
if(r=timestamp_diff(ts,&ssl->time_start,&dt))
|
if((r=timestamp_diff(ts,&ssl->time_start,&dt)))
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
|
explain(ssl,"%d%c%4.4d ",dt.tv_sec,'.',dt.tv_usec/100);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(r=timestamp_diff(ts,&ssl->time_last,&dt)){
|
if((r=timestamp_diff(ts,&ssl->time_last,&dt))){
|
||||||
ERETURN(r);
|
ERETURN(r);
|
||||||
}
|
}
|
||||||
explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100);
|
explain(ssl,"(%d%c%4.4d) ",dt.tv_sec,'.',dt.tv_usec/100);
|
||||||
|
|
@ -664,7 +660,7 @@ int ssl_print_cipher_suite(ssl,version,p,val)
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
P_(p){
|
P_(p){
|
||||||
if(r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str)){
|
if((r=ssl_lookup_enum(ssl,cipher_suite_decoder,val,&str))){
|
||||||
explain(ssl,"Unknown value 0x%x",val);
|
explain(ssl,"Unknown value 0x%x",val);
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -79,12 +79,12 @@ int explain PROTO_LIST((ssl_obj *ssl,char *format,...));
|
||||||
int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data));
|
int exdump PROTO_LIST((ssl_obj *ssl,char *name,Data *data));
|
||||||
|
|
||||||
|
|
||||||
#define SSL_DECODE_UINT8(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,1,b,c,d)) ERETURN(r)
|
#define SSL_DECODE_UINT8(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,1,b,c,d))) ERETURN(r)
|
||||||
#define SSL_DECODE_UINT16(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,2,b,c,d)) ERETURN(r)
|
#define SSL_DECODE_UINT16(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,2,b,c,d))) ERETURN(r)
|
||||||
#define SSL_DECODE_UINT24(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,3,b,c,d)) ERETURN(r)
|
#define SSL_DECODE_UINT24(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,3,b,c,d))) ERETURN(r)
|
||||||
#define SSL_DECODE_UINT32(a,n,b,c,d) if(r=ssl_decode_uintX(a,n,4,b,c,d)) ERETURN(r)
|
#define SSL_DECODE_UINT32(a,n,b,c,d) if((r=ssl_decode_uintX(a,n,4,b,c,d))) ERETURN(r)
|
||||||
#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if(r=ssl_decode_opaque_array(a,n,b,c,d,e)) ERETURN(r)
|
#define SSL_DECODE_OPAQUE_ARRAY(a,n,b,c,d,e) if((r=ssl_decode_opaque_array(a,n,b,c,d,e))) ERETURN(r)
|
||||||
#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if(r=ssl_decode_enum(a,b,c,d,e,f,g)) ERETURN(r)
|
#define SSL_DECODE_ENUM(a,b,c,d,e,f,g) if((r=ssl_decode_enum(a,b,c,d,e,f,g))) ERETURN(r)
|
||||||
#define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags))
|
#define P_(p) if((p==SSL_PRINT_ALL) || (p & SSL_print_flags))
|
||||||
|
|
||||||
#define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0)
|
#define INDENT do {int i; for(i=0;i<(ssl->indent_depth + ssl->indent_name_len);i++) printf("%s",SSL_print_flags & SSL_PRINT_NROFF?" ":" ");} while(0)
|
||||||
|
|
|
||||||
|
|
@ -81,7 +81,7 @@ int sslx_print_certificate(ssl,data,pf)
|
||||||
|
|
||||||
d=data->data;
|
d=data->data;
|
||||||
|
|
||||||
if(!(x=d2i_X509(0,&d,data->len))){
|
if(!(x=d2i_X509(0,(const unsigned char **) &d,data->len))){
|
||||||
explain(ssl,"Bad certificate");
|
explain(ssl,"Bad certificate");
|
||||||
ABORT(R_BAD_DATA);
|
ABORT(R_BAD_DATA);
|
||||||
}
|
}
|
||||||
|
|
@ -114,7 +114,7 @@ int sslx_print_certificate(ssl,data,pf)
|
||||||
|
|
||||||
ex=X509_get_ext(x,i);
|
ex=X509_get_ext(x,i);
|
||||||
obj=X509_EXTENSION_get_object(ex);
|
obj=X509_EXTENSION_get_object(ex);
|
||||||
i2t_ASN1_OBJECT(buf,sizeof(buf),obj);
|
i2t_ASN1_OBJECT((char *)buf,sizeof(buf),obj);
|
||||||
|
|
||||||
explain(ssl,"Extension: %s\n",buf);
|
explain(ssl,"Extension: %s\n",buf);
|
||||||
j=X509_EXTENSION_get_critical(ex);
|
j=X509_EXTENSION_get_critical(ex);
|
||||||
|
|
@ -173,10 +173,10 @@ int sslx_print_dn(ssl,data,pf)
|
||||||
P_(pf){
|
P_(pf){
|
||||||
#ifdef OPENSSL
|
#ifdef OPENSSL
|
||||||
P_(P_ASN){
|
P_(P_ASN){
|
||||||
if(!(n=d2i_X509_NAME(0,&d,data->len)))
|
if(!(n=d2i_X509_NAME(0,(const unsigned char **) &d,data->len)))
|
||||||
ABORT(R_BAD_DATA);
|
ABORT(R_BAD_DATA);
|
||||||
X509_NAME_oneline(n,buf,BUFSIZE);
|
X509_NAME_oneline(n,(char *)buf,BUFSIZE);
|
||||||
sslx__print_dn(ssl,buf);
|
sslx__print_dn(ssl,(char *)buf);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -203,7 +203,7 @@ static int sslx__print_dn(ssl,x)
|
||||||
if(*x=='/') x++;
|
if(*x=='/') x++;
|
||||||
|
|
||||||
while (x){
|
while (x){
|
||||||
if(slash=strchr(x,'/')){
|
if((slash=strchr(x,'/'))){
|
||||||
*slash=0;
|
*slash=0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue