summaryrefslogtreecommitdiff
path: root/src/SSL_Message.c
diff options
context:
space:
mode:
author刘学利 <[email protected]>2023-07-03 13:39:18 +0000
committer刘学利 <[email protected]>2023-07-03 13:39:18 +0000
commit21950877e691e1b52038d6cffa3914b944c9dfe9 (patch)
tree9242fffc06ccc2bd89381f2e1e13067ac2ebab3e /src/SSL_Message.c
parentfda2e4a435d7dbfce8d0ab1f2d02176255a77652 (diff)
代码重构,性能优化
Diffstat (limited to 'src/SSL_Message.c')
-rw-r--r--src/SSL_Message.c1449
1 files changed, 693 insertions, 756 deletions
diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index 77969a8..0ad84ff 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -1,27 +1,184 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
#include "SSL_Analyze.h"
#include "ssl.h"
#include "SSL_Message.h"
#include "SSL_Proc.h"
-#include "SSL_Common.h"
#include "SSL_Certificate.h"
-extern ssl_prog_runtime_parameter_t g_ssl_prog_para;
-extern stSerialString_t g_astCipherSuit;
-const stSerialString_t g_astCompression[] =
+#define SUITE_VALUELEN 2
+#define KEY_EXCHANGELEN_LEN 4
+#define RECORD_DIGESTLEN_LEN 2
+#define ESNILEN_LEN 2
+#define SERVER_HELLO_HDRLEN 4
+#define SESSION_TICKET_HDRLEN 4
+
+#define MAX_EXT_DATA_LEN 256
+#define ALPN_EXT_TYPE 0x0010
+#define SERVER_NAME_EXT_TYPE 0x0000
+#define SERVER_NAME_HOST_TYPE 0x0000
+#define SERVER_NAME_OTHER_TYPE 0x0008
+#define SESSION_TICKET_EXT_TYPE 0x0023
+#define ENCRPTED_SERVER_NAME_EXT_TYPE 0xFFCE
+#define ENCRPTED_CLIENT_HELLO_EXT_TYPE 0xFE0D
+
+#define CERTIFICATE_HDRLEN 7
+#define SSL_CERTIFICATE_HDRLEN 3
+
+extern int ja3_md5sum(const char *str, int len, char *buf, int size);
+extern struct ssl_serial_string g_astCipherSuit;
+
+const struct ssl_serial_string g_astCompression[] =
{
{{0}, NULL},
};
-const char *ssl_get_suite(st_suites_t *ciphersuites)
+const struct ssl_value2string ssl_version_list[] =
+{
+ { DTLSV1_0_VERSION, "DTLS1.0" },
+ { DTLSV1_0_VERSION_NOT, "DTLS1.0(OpenSSL pre 0.9.8f)" },
+ { TLSV1_2_VERSION, "TLS1.2" },
+ { TLSV1_1_VERSION, "TLS1.1" },
+ { TLSV1_0_VERSION, "TLS1.0" },
+ { SSLV3_VERSION, "SSL3.0" },
+ { SSLV2_VERSION, "SSL2.0" },
+ { UNKNOWN_VERSION, NULL }
+};
+
+const char *ssl_get_suite(struct ssl_l2v *ciphersuites)
{
if (ciphersuites == NULL)
return NULL;
- return fn_pcGetSuite((unsigned char *)ciphersuites->suites_value, ciphersuites->suites_len, (stSerialString_t *)&g_astCipherSuit);
+ return fn_pcGetSuite((unsigned char *)ciphersuites->value, ciphersuites->len, (struct ssl_serial_string *)&g_astCipherSuit);
+}
+
+
+int ssl_parse_lv1(struct ssl_l1v *lv1, unsigned char *payload, int payload_len)
+{
+ lv1->len=(unsigned char)BtoL1BytesNum((const char *)payload);
+ int offset=(int)sizeof(lv1->len);
+ if((payload_len-offset-lv1->len)<0)
+ {
+ return -1;
+ }
+
+ if(lv1->len>0)
+ {
+ lv1->value=payload+offset;
+ offset+=lv1->len;
+ }
+
+ return offset;
+}
+
+int ssl_parse_lv2(struct ssl_l2v *lv2, unsigned char *payload, int payload_len)
+{
+ lv2->len=(unsigned short)BtoL2BytesNum((const char *)payload);
+ int offset=sizeof(lv2->len);
+ if((payload_len-offset-(lv2->len))<0)
+ {
+ return -1;
+ }
+
+ if(lv2->len>0)
+ {
+ lv2->value=payload+offset;
+ offset+=lv2->len;
+ }
+
+ return offset;
+}
+
+int ssl_parse_ltv2(struct ssl_l2tv *ltv2, unsigned char *payload, int payload_len)
+{
+ ltv2->type=(unsigned short)BtoL2BytesNum((const char *)(payload));
+ int offset=(int)sizeof(ltv2->type);
+ if((payload_len-offset)<0)
+ {
+ return -1;
+ }
+
+ ltv2->len=(unsigned short)BtoL2BytesNum((const char *)(payload+offset));
+ offset+=(int)sizeof(ltv2->len);
+ if((payload_len-offset-ltv2->len)<0)
+ {
+ return -1;
+ }
+
+ if(ltv2->len>0)
+ {
+ ltv2->value=payload+offset;
+ offset+=ltv2->len;
+ }
+
+ return offset;
+}
+
+void ssl_trunk_free(struct ssl_runtime_context *ssl_context, int thread_seq)
+{
+ if(ssl_context!=NULL)
+ {
+ if(ssl_context->record.cache_buff!=NULL)
+ {
+ dictator_free(thread_seq, ssl_context->record.cache_buff);
+ ssl_context->record.cache_buff=NULL;
+ }
+
+ ssl_context->record.cache_len=0;
+ }
+}
+
+int ssl_trunk_cache(struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq)
+{
+ if(ssl_context->record.cache_buff==NULL)
+ {
+ ssl_context->record.cache_buff=(char *)dictator_malloc(thread_seq, g_ssl_runtime_para.max_cache_len);
+ }
+
+ ssl_context->record.cache_len=0;
+ int length=MIN(payload_len, g_ssl_runtime_para.max_cache_len);
+ memcpy(ssl_context->record.cache_buff+ssl_context->record.cache_len, payload, length);
+ ssl_context->record.cache_len+=length;
+
+ return 0;
+}
+
+int ssl_get_alpn_list(struct ssl_l2tv *extension_alpn, struct ssl_alpn_list* alpn_list, int alpn_size)
+{
+ if(extension_alpn==NULL || (extension_alpn->value==NULL) || (extension_alpn->len==0) || (extension_alpn->type!=ALPN_EXT_TYPE))
+ {
+ return 0;
+ }
+
+ int alpn_proto_num = 0;
+ unsigned char* alpl=extension_alpn->value;
+ int alpn_ext_len=BtoL2BytesNum((char *)alpl);
+ if(alpn_ext_len<=0 || alpn_ext_len>extension_alpn->len)
+ {
+ return 0;
+ }
+
+ alpl+=2;
+ while(alpn_ext_len>0 && alpn_proto_num<alpn_size)
+ {
+ int alpn_proto_len = BtoL1BytesNum((char *)alpl);
+ alpl++;
+ alpn_ext_len-=1;
+
+ alpn_list[alpn_proto_num].alpn=(char*)alpl;
+ alpn_list[alpn_proto_num].alpn_len=alpn_proto_len;
+ alpn_ext_len-=alpn_proto_len;
+ alpl+=alpn_proto_len;
+ alpn_proto_num++;
+ }
+
+ return alpn_proto_num;
}
-unsigned short ssl_getHelloVersion(unsigned char *pcData, unsigned int iDataLen)
+unsigned short ssl_get_hello_version(unsigned char *pcData, unsigned int payload_len)
{
if (CLIENT_HELLO != pcData[0] && SERVER_HELLO != pcData[0])
{
@@ -66,493 +223,495 @@ unsigned short ssl_getHelloVersion(unsigned char *pcData, unsigned int iDataLen)
return 0;
}
-int fn_iIsHandShakeMsg(unsigned char ucMsgType)
+int ssl_parse_server_name(struct ssl_client_hello *chello, struct ssl_l2tv *extension)
+{
+ struct client_server_name p_server_name={0};
+
+ p_server_name.list_len=extension->len;
+ unsigned char *cur_data=extension->value;
+
+ p_server_name.list_len-=sizeof(p_server_name.list_len);
+ cur_data+=sizeof(p_server_name.list_len);
+
+ /*3=sizeof(p_server_name.server_name_type)+sizeof(p_server_name.server_name_len)*/
+ while(p_server_name.list_len>3)
+ {
+ p_server_name.type = BtoL1BytesNum((const char *)cur_data);
+ p_server_name.len = BtoL2BytesNum((const char *)(cur_data+1));
+ p_server_name.list_len -= 3;
+ cur_data += 3;
+ /*have data*/
+ if(((p_server_name.type == SERVER_NAME_HOST_TYPE)) && p_server_name.len>0&& p_server_name.list_len>=p_server_name.len)
+ {
+ p_server_name.data = cur_data;
+
+ int length=MIN(sizeof(chello->server_name)-1, p_server_name.len);
+ memcpy(chello->server_name, p_server_name.data, length);
+ chello->server_name[length]='\0';
+ break;
+ }
+ p_server_name.list_len-=p_server_name.len;
+ cur_data+=p_server_name.len;
+ }
+
+ return 0;
+}
+
+int ssl_parse_encrypt_server_name(struct ssl_client_hello *chello, struct ssl_l2tv *extension)
{
- switch (ucMsgType)
- {
- // case HELLO_REQUEST:
- case CLIENT_HELLO:
- case SERVER_HELLO:
- case CERTIFICATE:
- case NEW_SESSION_TICKET:
- // case SERVER_KEY_EXCHANGE:
- // case CERTIFICATE_REQUEST:
- // case SERVER_HELLO_DONE:
- // case CERTIFICATE_VERIFY:
- // case CLIENT_KEY_EXCHANGE:
- // case FINISHED:
- return 1;
- break;
- default:
+ int offset=0,one_l2v=0;
+ unsigned char* cur_data=extension->value;
+ int extension_len=extension->len;
+
+ if(extension_len-offset>SUITE_VALUELEN)
+ {
+ chello->esni.suite.value=cur_data+offset;
+ chello->esni.suite.len=SUITE_VALUELEN;
+ offset+=SUITE_VALUELEN;
+ }
+
+ if((extension_len-offset)>=(int)sizeof(chello->esni.key_exchange_group))
+ {
+ chello->esni.key_exchange_group=(unsigned short)BtoL2BytesNum((const char *)(cur_data+offset));
+ offset+=sizeof(chello->esni.key_exchange_group);
+ }
+ else
+ {
return 0;
- break;
}
+
+ one_l2v=ssl_parse_lv2(&(chello->esni.key_exchange), cur_data+offset, extension_len-offset);
+ if(one_l2v==-1)
+ {
+ return 0;
+ }
+
+ offset+=one_l2v;
+
+ one_l2v=ssl_parse_lv2(&(chello->esni.record_digest), cur_data+offset, extension_len-offset);
+ if(one_l2v==-1)
+ {
+ return 0;
+ }
+ offset+=one_l2v;
+
+ one_l2v=ssl_parse_lv2(&(chello->esni.esni), cur_data+offset, extension_len-offset);
+ if(one_l2v==-1)
+ {
+ return 0;
+ }
+ offset+=one_l2v;
+
+ chello->esni.is_esni=1;
+
+ return 1;
}
-/*
-Function: analyse ssl hand shake msgs
-Note: if one msg is trunked, just wait
-return : SSL_RETURN_UNNORM : error ; SSL_RETURN_DROPME/KILLME; business return_value
-*/
-UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
- unsigned long long region_flag, int thread_seq, void *a_packet)
+UCHAR ssl_parse_client_hello(struct ssl_client_hello *chello, unsigned char *payload, int payload_len)
{
- /**variable define and initialise**/
- int iSslDataLen = 0;
- char *pcCurSslData=NULL;
- int iUnAnalyseLen;
- int iUnAnaCertLen;
- int iUnAnaHelloLen;
- UCHAR return_val;
- stHandShakeTypeHdr_t *pstHandShakeTypeHdr = NULL;
-
- iSslDataLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
- iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
-
- while (iUnAnalyseLen > 0)
- {
-
- // 20150324
- pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)pcSslData;
- pcCurSslData = pcSslData;
- /**analyse certification**/
- if (CERTIFICATE == pstHandShakeTypeHdr->ucContType)
- {
- if (iUnAnalyseLen < CERTIFICATE_HDRLEN)
- {
- /**packet trunked**/
- break;
- }
+ int offset=0,one_ltv=0;
+ chello->total_len=BtoL3BytesNum((const char *)(payload+1));
+ if(chello->total_len<0 || (chello->total_len+CLIENT_HELLO_HDRLEN > payload_len) || (chello->total_len-(int)sizeof(chello->version)<0)) /*CLIENT_HELLO_HDRLEN: 4 means client_type+len*/
+ {
+ return SSL_RETURN_DROPME;
+ }
- if (a_ssl_stream->stSSLCert == NULL)
- {
- a_ssl_stream->stSSLCert = (st_cert_t *)dictator_malloc(thread_seq, sizeof(st_cert_t));
- // memset(a_ssl_stream->stSSLCert, 0, sizeof(a_ssl_stream->stSSLCert));
- }
- memset(a_ssl_stream->stSSLCert, 0, sizeof(st_cert_t));
- a_ssl_stream->stSSLCert->totallen = BtoL3BytesNum((char *)(pcCurSslData + 4));
- if (a_ssl_stream->stSSLCert->totallen < 0)
- return SSL_RETURN_DROPME;
+ chello->version=ssl_get_hello_version((unsigned char *)payload, payload_len);
+ if(chello->version==0)
+ {
+ return SSL_RETURN_DROPME;
+ }
- /*7 means cert_type+len*/
- if (a_ssl_stream->stSSLCert->totallen + 7 > iUnAnalyseLen)
- {
- /**packet trunked**/
- break;
- }
+ offset+=(CLIENT_HELLO_HDRLEN+sizeof(chello->version));
- /*2 means version*/
- pcCurSslData += CERTIFICATE_HDRLEN;
- iUnAnaCertLen = iUnAnalyseLen - CERTIFICATE_HDRLEN;
+ /*get client hello random*/
+ chello->random.gmt_time=(unsigned int)BtoL4BytesNum((const char *)(payload+offset));
+ offset+=sizeof(chello->random.gmt_time);
+
+ if(payload_len-offset-SSL_RANDOM_SIZE<=0)
+ {
+ return SSL_RETURN_DROPME;
+ }
+
+ chello->random.bytes.len=SSL_RANDOM_SIZE;
+ chello->random.bytes.value=payload+offset;
+ offset+=SSL_RANDOM_SIZE;
- if (g_ssl_prog_para.ssl_interested_region_flag & SSL_CERTIFICATE)
- {
- a_ssl_stream->p_output_buffer->p_data = pcCurSslData;
- a_ssl_stream->p_output_buffer->data_size = iUnAnaCertLen;
- a_ssl_stream->output_region_mask = SSL_CERTIFICATE_MASK;
- return_val = ssl_doWithCertificate(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- a_ssl_stream->p_output_buffer->p_data = NULL;
- a_ssl_stream->p_output_buffer->data_size = 0;
- if (SSL_RETURN_NORM != return_val)
- return return_val;
- }
- if (g_ssl_prog_para.ssl_interested_region_flag & SSL_CERTIFICATE_DETAIL)
- {
- return_val = ssl_AnalyseCertificate(pcCurSslData, iUnAnaCertLen, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- if (SSL_RETURN_NORM != return_val)
- return return_val;
- }
- iUnAnalyseLen -= (a_ssl_stream->stSSLCert->totallen + 7);
- pcSslData += (a_ssl_stream->stSSLCert->totallen + 7);
+ /*get client hello session*/
+ one_ltv=ssl_parse_lv1(&(chello->session), payload+offset, payload_len-offset);
+ if(one_ltv==-1)
+ {
+ return SSL_RETURN_DROPME;
+ }
+ offset+=one_ltv;
+
+ /*get client hello suites*/
+ one_ltv=ssl_parse_lv2(&chello->ciphersuites, payload+offset, payload_len-offset);
+ if(one_ltv==-1)
+ {
+ return SSL_RETURN_DROPME;
+ }
+ offset+=one_ltv;
+
+ /*get client hello compress*/
+ one_ltv=ssl_parse_lv1(&(chello->compress_method), payload+offset, payload_len-offset);
+ if(one_ltv==-1)
+ {
+ return SSL_RETURN_DROPME;
+ }
+ offset+=one_ltv;
+
+ /*get extension*/
+ chello->extensions.len=(unsigned short)BtoL2BytesNum((const char *)(payload+offset));
+ offset+=sizeof(chello->extensions.len);
+
+ for(int i=0; payload_len-offset >= 4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte
+ {
+ one_ltv=ssl_parse_ltv2(&(chello->extensions.extension[i]), payload+offset, payload_len-offset);
+ if(one_ltv==-1)
+ {
+ return SSL_RETURN_DROPME;
}
- /**analyse client_hello**/
- else if (CLIENT_HELLO == pstHandShakeTypeHdr->ucContType)
+ offset+=one_ltv;
+ chello->extensions.num++;
+
+ switch(chello->extensions.extension[i].type)
{
- if (iUnAnalyseLen < CLIENT_HELLO_HDRLEN)
- {
+ case SERVER_NAME_EXT_TYPE:
+ ssl_parse_server_name(chello, &(chello->extensions.extension[i]));
break;
- }
- if (a_ssl_stream->stClientHello == NULL)
- {
- a_ssl_stream->stClientHello = (st_client_hello_t *)dictator_malloc(thread_seq, sizeof(st_client_hello_t));
- memset(a_ssl_stream->stClientHello, 0, sizeof(st_client_hello_t));
- ssl_initStructClientHello(a_ssl_stream->stClientHello);
- }
+ case SESSION_TICKET_EXT_TYPE:
+ chello->session_ticket=&(chello->extensions.extension[i]);
+ break;
+ case ENCRPTED_SERVER_NAME_EXT_TYPE:
+ ssl_parse_encrypt_server_name(chello, &(chello->extensions.extension[i]));
+ break;
+ case ENCRPTED_CLIENT_HELLO_EXT_TYPE:
+ chello->encrypt_chello=&(chello->extensions.extension[i]);
+ break;
+ case ALPN_EXT_TYPE:
+ chello->alpn=&(chello->extensions.extension[i]);
+ break;
+ default:
+ break;
+ }
+ }
- a_ssl_stream->stClientHello->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
- if (a_ssl_stream->stClientHello->totallen < 0)
- return SSL_RETURN_DROPME;
+ return SSL_RETURN_NORM;
+}
- /*4 means client_type+len*/
- if (a_ssl_stream->stClientHello->totallen + CLIENT_HELLO_HDRLEN > iUnAnalyseLen)
- {
- /**packet trunked**/
- break;
- }
- if (0 == (a_ssl_stream->stClientHello->client_ver = ssl_getHelloVersion((unsigned char *)pcCurSslData, iUnAnalyseLen)))
- {
- return SSL_RETURN_DROPME;
- }
+UCHAR ssl_parse_server_hello(struct ssl_server_hello *shello, unsigned char *payload, int payload_len)
+{
+ int offset=0,one_ltv=0;
+ int ja3s_string_offset=0;
+ char ja3s_string[1024]={0};
+ shello->total_len = BtoL3BytesNum((const char *)(payload+1));
+ if(shello->total_len<0 || (shello->total_len+SERVER_HELLO_HDRLEN > payload_len-offset))
+ {
+ return SSL_RETURN_DROPME;
+ }
- iUnAnaHelloLen = a_ssl_stream->stClientHello->totallen - sizeof(a_ssl_stream->stClientHello->client_ver);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- pcCurSslData += CLIENT_HELLO_HDRLEN + sizeof(a_ssl_stream->stClientHello->client_ver);
+ shello->version=ssl_get_hello_version((unsigned char *)payload, payload_len-offset);
+ if(shello->version==0)
+ {
+ return SSL_RETURN_DROPME;
+ }
+
+ ja3s_string_offset+=snprintf(ja3s_string+ja3s_string_offset, sizeof(ja3s_string)-ja3s_string_offset, "%u,", shello->version);
- /*get client hello random*/
- a_ssl_stream->stClientHello->random.gmt_time = (unsigned int)BtoL4BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->random.gmt_time);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->random.gmt_time);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- memcpy(a_ssl_stream->stClientHello->random.random_bytes, pcCurSslData, sizeof(a_ssl_stream->stClientHello->random.random_bytes));
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->random.random_bytes);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->random.random_bytes);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
+ offset+=(sizeof(shello->version)+SERVER_HELLO_HDRLEN);
- /*get client hello session*/
- a_ssl_stream->stClientHello->session.session_len = (unsigned char)BtoL1BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->session.session_len);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->session.session_len);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stClientHello->session.session_len > iUnAnaHelloLen)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stClientHello->session.session_len != 0)
- {
- a_ssl_stream->stClientHello->session.session_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->session.session_len);
- memcpy(a_ssl_stream->stClientHello->session.session_value, pcCurSslData, a_ssl_stream->stClientHello->session.session_len);
- pcCurSslData += a_ssl_stream->stClientHello->session.session_len;
- iUnAnaHelloLen -= a_ssl_stream->stClientHello->session.session_len;
- if (iUnAnaHelloLen < 0)
+ /*get client hello random*/
+ shello->random.gmt_time=(unsigned int)BtoL4BytesNum((const char *)(payload+offset));
+ offset+=sizeof(shello->random.gmt_time);
+
+ if(payload_len-offset-SSL_RANDOM_SIZE<=0)
+ {
+ return SSL_RETURN_DROPME;
+ }
+
+ shello->random.bytes.len=SSL_RANDOM_SIZE;
+ shello->random.bytes.value=payload+offset;
+ offset+=SSL_RANDOM_SIZE;
+
+ /*get client hello session*/
+ one_ltv=ssl_parse_lv1(&(shello->session), payload+offset, payload_len-offset);
+ if(one_ltv==-1)
+ {
+ return SSL_RETURN_DROPME;
+ }
+ offset+=one_ltv;
+
+ /*get client hello suites*/
+ shello->ciphersuites.len=2;
+ shello->ciphersuites.value=payload+offset;
+ offset+=2;
+
+ ja3s_string_offset+=snprintf(ja3s_string+ja3s_string_offset, sizeof(ja3s_string)-ja3s_string_offset, "%u,", ntohs(*(unsigned short *)(shello->ciphersuites.value)));
+
+ /*get client hello compress*/
+ shello->compress_method.len=1;
+ shello->compress_method.value=payload+offset;
+ offset+=1;
+
+ /*get extension*/
+ shello->extensions.len=(unsigned short)BtoL2BytesNum((const char *)(payload+offset));
+ offset+=sizeof(shello->extensions.len);
+
+ // shello->total_len not contains handshake header
+ for(int i=0; (shello->total_len-offset+SERVER_HELLO_HDRLEN) >=4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte
+ {
+ one_ltv=ssl_parse_ltv2(&(shello->extensions.extension[i]), payload+offset, payload_len-offset);
+ if(one_ltv==-1)
+ {
+ return SSL_RETURN_DROPME;
+ }
+ offset+=one_ltv;
+ shello->extensions.num++;
+
+ ja3s_string_offset+=snprintf(ja3s_string+ja3s_string_offset, sizeof(ja3s_string)-ja3s_string_offset, "%u-", shello->extensions.extension[i].type);
+ }
+
+ ja3s_string_offset--;
+ if(ja3s_string_offset==0)
+ {
+ return SSL_RETURN_DROPME;
+ }
+
+ ja3s_string[ja3s_string_offset]='\0';
+ shello->ja3s.fingerprint_md5_len=ja3_md5sum(ja3s_string, ja3s_string_offset, shello->ja3s.fingerprint_md5, sizeof(shello->ja3s.fingerprint_md5));
+ shello->ja3s.fingerprint_md5[shello->ja3s.fingerprint_md5_len]='\0';
+
+ return 1;
+}
+
+UCHAR ssl_parse_new_session_ticket(struct ssl_new_session_ticket *new_session_ticket, char *payload, int payload_len)
+{
+ int offset=0;
+ new_session_ticket->total_len=BtoL3BytesNum((const char *)(payload+1));
+ if(new_session_ticket->total_len<0)
+ {
+ return SSL_RETURN_DROPME;
+ }
+
+ /*4 means _type+len*/
+ if(new_session_ticket->total_len+SESSION_TICKET_HDRLEN > payload_len-offset)
+ {
+ /**packet trunked**/
+ return SSL_RETURN_NORM;
+ }
+ offset+=SESSION_TICKET_HDRLEN;
+ new_session_ticket->lift_time=BtoL4BytesNum((const char *)(payload+offset));
+ offset+=sizeof(new_session_ticket->lift_time);
+ new_session_ticket->ticket_len=BtoL2BytesNum((const char *)(payload+offset));
+
+ new_session_ticket->ticket=(unsigned char *)(payload+offset);
+
+ return SSL_RETURN_NORM;
+}
+
+int ssl_parse_certificate_detail(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
+{
+ if(!(g_ssl_runtime_para.ssl_interested_region_flag&SSL_CERTIFICATE_DETAIL))
+ {
+ ssl_context->stream.certificate=NULL;
+ return SSL_TRUE;
+ }
+
+ int certificate_num=0;
+ struct ssl_certificate_chain cert_unit[CERT_MAXNUM];
+ int certificate_count=ssl_read_all_cert(payload, payload_len, cert_unit, CERT_MAXNUM);
+
+ for(int i=0;i<certificate_count;i++)
+ {
+ int state=x509_parse_certificate_detail(ssl_context->stream.certificate, cert_unit[i].cert, cert_unit[i].cert_len, thread_seq);
+ if(state==SSL_FLASE)
+ {
+ return SSL_FLASE;
+ }
+
+ ssl_context->stream.certificate->cert_len = cert_unit[i].cert_len;
+
+ switch(certificate_num)
+ {
+ case 0:
+ ssl_context->stream.certificate->cert_type=CERT_TYPE_INDIVIDUAL;
+ break;
+ case 1:
+ if(certificate_count==2)
{
- return SSL_RETURN_DROPME;
+ ssl_context->stream.certificate->cert_type=CERT_TYPE_ROOT;
}
- }
-
- /*get client hello suites*/
- a_ssl_stream->stClientHello->ciphersuites.suites_len = (unsigned short)BtoL2BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->ciphersuites.suites_len);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->ciphersuites.suites_len);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stClientHello->ciphersuites.suites_len > iUnAnaHelloLen)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stClientHello->ciphersuites.suites_len != 0)
- {
- a_ssl_stream->stClientHello->ciphersuites.suites_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->ciphersuites.suites_len);
- memcpy(a_ssl_stream->stClientHello->ciphersuites.suites_value, pcCurSslData, a_ssl_stream->stClientHello->ciphersuites.suites_len);
- pcCurSslData += a_ssl_stream->stClientHello->ciphersuites.suites_len;
- iUnAnaHelloLen -= a_ssl_stream->stClientHello->ciphersuites.suites_len;
- if (iUnAnaHelloLen < 0)
+ else
{
- return SSL_RETURN_DROPME;
+ ssl_context->stream.certificate->cert_type=CERT_TYPE_MIDDLE;
}
- }
-
- /*get client hello compress*/
- a_ssl_stream->stClientHello->com_method.methlen = (unsigned short)BtoL1BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->com_method.methlen);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->com_method.methlen);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stClientHello->com_method.methlen > iUnAnaHelloLen)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stClientHello->com_method.methlen != 0)
- {
- a_ssl_stream->stClientHello->com_method.methods = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->com_method.methlen);
- memcpy(a_ssl_stream->stClientHello->com_method.methods, pcCurSslData, a_ssl_stream->stClientHello->com_method.methlen);
- pcCurSslData += a_ssl_stream->stClientHello->com_method.methlen;
- iUnAnaHelloLen -= a_ssl_stream->stClientHello->com_method.methlen;
- if (iUnAnaHelloLen < 0)
+ break;
+ case 2:
+ if(certificate_count==3)
{
- return SSL_RETURN_DROPME;
+ ssl_context->stream.certificate->cert_type=CERT_TYPE_ROOT;
}
- }
-
- /*get extension*/
- a_ssl_stream->stClientHello->extlen = (unsigned short)BtoL2BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->extlen);
-
- int i = 0;
- for (i = 0; iUnAnaHelloLen >= 4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte
- {
-
- a_ssl_stream->stClientHello->exts[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].type);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].type);
- if (iUnAnaHelloLen < 0)
+ else
{
- return SSL_RETURN_DROPME;
+ ssl_context->stream.certificate->cert_type=CERT_TYPE_CHAIN;
}
-
- a_ssl_stream->stClientHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].len);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].len);
- if (iUnAnaHelloLen < 0 || a_ssl_stream->stClientHello->exts[i].len > iUnAnaHelloLen)
+ break;
+ default:
+ if(certificate_num==certificate_count-1)
{
- return SSL_RETURN_DROPME;
+ ssl_context->stream.certificate->cert_type=CERT_TYPE_ROOT;
}
- a_ssl_stream->stClientHello->exts[i].data = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->exts[i].len);
- memcpy(a_ssl_stream->stClientHello->exts[i].data, pcCurSslData, a_ssl_stream->stClientHello->exts[i].len); // get ext data
- pcCurSslData += a_ssl_stream->stClientHello->exts[i].len;
- iUnAnaHelloLen -= a_ssl_stream->stClientHello->exts[i].len;
- }
- a_ssl_stream->stClientHello->ext_num = i;
- // printf("ext_num: %d\n", a_ssl_stream->stClientHello->ext_num);
- return_val = ssl_doWithClientHello(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- // 20141121
- for (int j = 0; j < a_ssl_stream->stClientHello->ext_num; j++)
- {
- if (a_ssl_stream->stClientHello->exts[j].data != NULL)
+ else
{
- dictator_free(thread_seq, a_ssl_stream->stClientHello->exts[j].data);
- a_ssl_stream->stClientHello->exts[j].data = NULL;
+ ssl_context->stream.certificate->cert_type=CERT_TYPE_CHAIN;
}
- }
- a_ssl_stream->stClientHello->ext_num = 0;
- a_ssl_stream->stClientHello->session_ticket.ticket = NULL;
- if (a_ssl_stream->stClientHello->session.session_value != NULL)
- {
- dictator_free(thread_seq, a_ssl_stream->stClientHello->session.session_value);
- a_ssl_stream->stClientHello->session.session_value = NULL;
- }
- if (a_ssl_stream->stClientHello->ciphersuites.suites_value != NULL)
- {
- dictator_free(thread_seq, a_ssl_stream->stClientHello->ciphersuites.suites_value);
- a_ssl_stream->stClientHello->ciphersuites.suites_value = NULL;
- }
- if (a_ssl_stream->stClientHello->com_method.methods != NULL)
- {
- dictator_free(thread_seq, a_ssl_stream->stClientHello->com_method.methods);
- a_ssl_stream->stClientHello->com_method.methods = NULL;
- }
+ break;
+ }
+
+ ssl_call_plugins(a_tcp, ssl_context, (char *)(ssl_context->stream.certificate), sizeof(struct ssl_certificate), SSL_CERTIFICATE_DETAIL_MASK, thread_seq, a_packet);
+ certificate_num++;
- if (SSL_RETURN_NORM != return_val)
- return return_val;
- iUnAnalyseLen -= (a_ssl_stream->stClientHello->totallen + CLIENT_HELLO_HDRLEN);
- pcSslData += (a_ssl_stream->stClientHello->totallen + CLIENT_HELLO_HDRLEN);
+ ssl_context->stream.certificate->subject_alter.num=0;
+ if(ssl_context->stream.certificate->subject_alter.name!=NULL)
+ {
+ dictator_free(thread_seq, ssl_context->stream.certificate->subject_alter.name);
+ ssl_context->stream.certificate->subject_alter.name=NULL;
}
- /**analyse server_hello**/
- else if (SERVER_HELLO == pstHandShakeTypeHdr->ucContType)
+ ssl_context->stream.certificate->subject_key.len=0;
+ if(ssl_context->stream.certificate->subject_key.value!=NULL)
{
- if (iUnAnalyseLen < SERVER_HELLO_HDRLEN)
- {
- break;
- }
- if (a_ssl_stream->stServerHello == NULL)
- {
- a_ssl_stream->stServerHello = (st_server_hello_t *)dictator_malloc(thread_seq, sizeof(st_server_hello_t));
- memset(a_ssl_stream->stServerHello, 0, sizeof(st_server_hello_t));
- ssl_initStructServerHello(a_ssl_stream->stServerHello);
- }
- a_ssl_stream->stServerHello->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
- if (a_ssl_stream->stServerHello->totallen < 0)
- return SSL_RETURN_DROPME;
+ dictator_free(thread_seq, ssl_context->stream.certificate->subject_key.value);
+ ssl_context->stream.certificate->subject_key.value=NULL;
+ }
+
+ memset(&(ssl_context->stream.certificate->issuer), 0, sizeof(struct ssl_rdn_sequence));
+ memset(&(ssl_context->stream.certificate->subject), 0, sizeof(struct ssl_rdn_sequence));
+
+ ssl_context->stream.certificate->serial.len=0;
+ ssl_context->stream.certificate->version.len=0;
+ ssl_context->stream.certificate->version.value=NULL;
+ ssl_context->stream.certificate->validity.before[0]='\0';
+ ssl_context->stream.certificate->validity.after[0]='\0';
+ ssl_context->stream.certificate->signature_algorithm.len=0;
+ ssl_context->stream.certificate->signature_algorithm.value[0]='\0';
+ }
+
+ return SSL_TRUE;
+}
- /*4 means client_type+len*/
- if (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN > iUnAnalyseLen)
- {
- /**packet trunked**/
- break;
- }
- if (0 == (a_ssl_stream->stServerHello->server_ver = ssl_getHelloVersion((unsigned char *)pcCurSslData, iUnAnalyseLen)))
- {
- return SSL_RETURN_DROPME;
- }
+int ssl_parse_certificate(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
+{
+ int offset=0;
+
+ ssl_context->stream.certificate->total_len=BtoL3BytesNum((const char *)(payload+4));
+ if(ssl_context->stream.certificate->total_len<0)
+ {
+ return SSL_FLASE;
+ }
- iUnAnaHelloLen = a_ssl_stream->stServerHello->totallen - sizeof(a_ssl_stream->stServerHello->server_ver);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
+ /*7 means cert_type+len*/
+ if(ssl_context->stream.certificate->total_len+CERTIFICATE_HDRLEN>payload_len)
+ {
+ /**packet trunked**/
+ return SSL_TRUE;
+ }
- pcCurSslData += SERVER_HELLO_HDRLEN + sizeof(a_ssl_stream->stServerHello->server_ver);
+ /*2 means version*/
+ offset=CERTIFICATE_HDRLEN;
- /*get server hello random*/
- a_ssl_stream->stServerHello->random.gmt_time = (unsigned int)BtoL4BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stServerHello->random.gmt_time);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->random.gmt_time);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- memcpy(a_ssl_stream->stServerHello->random.random_bytes, pcCurSslData, sizeof(a_ssl_stream->stServerHello->random.random_bytes));
- pcCurSslData += sizeof(a_ssl_stream->stServerHello->random.random_bytes);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->random.random_bytes);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
+ if(g_ssl_runtime_para.ssl_interested_region_flag & SSL_CERTIFICATE)
+ {
+ ssl_call_plugins(a_tcp, ssl_context, payload+offset, payload_len-offset, SSL_CERTIFICATE_MASK, thread_seq, a_packet);
+ }
- /*get server hello session*/
- a_ssl_stream->stServerHello->session.session_len = (unsigned char)BtoL1BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stServerHello->session.session_len);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->session.session_len);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stServerHello->session.session_len > iUnAnaHelloLen)
- {
- return SSL_RETURN_DROPME;
- }
- if (a_ssl_stream->stServerHello->session.session_len != 0)
- {
- a_ssl_stream->stServerHello->session.session_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->session.session_len);
- memcpy(a_ssl_stream->stServerHello->session.session_value, pcCurSslData, a_ssl_stream->stServerHello->session.session_len);
- pcCurSslData += a_ssl_stream->stServerHello->session.session_len;
- iUnAnaHelloLen -= a_ssl_stream->stServerHello->session.session_len;
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
- }
+ return ssl_parse_certificate_detail(a_tcp, ssl_context, payload+offset, payload_len-offset, thread_seq, a_packet);
+}
- /*get server hello suites*/
- a_ssl_stream->stServerHello->ciphersuites.suites_len = 2;
- a_ssl_stream->stServerHello->ciphersuites.suites_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->ciphersuites.suites_len);
- memcpy(a_ssl_stream->stServerHello->ciphersuites.suites_value, pcCurSslData, a_ssl_stream->stServerHello->ciphersuites.suites_len);
- pcCurSslData += a_ssl_stream->stServerHello->ciphersuites.suites_len;
- iUnAnaHelloLen -= a_ssl_stream->stServerHello->ciphersuites.suites_len;
- if (iUnAnaHelloLen < 0)
+int ssl_parse_handshake(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
+{
+ int offset=0;
+ int state=SSL_TRUE;
+
+ while((payload_len-offset) > 0)
+ {
+ struct ssl_handshake_type *handshake=(struct ssl_handshake_type *)(payload+offset);
+ if(CERTIFICATE == handshake->content_type)
+ {
+ if(payload_len-offset<CERTIFICATE_HDRLEN)
{
- return SSL_RETURN_DROPME;
+ /**packet trunked**/
+ break;
}
-
- /*get server hello compress*/
- /*
- a_ssl_stream->stServerHello->com_method.methlen = (unsigned short)BtoL1BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stServerHello->com_method.methlen);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->com_method.methlen);
- if(iUnAnaHelloLen<0)
+
+ struct ssl_certificate certificate={0};
+ ssl_context->stream.certificate=&certificate;
+ state=ssl_parse_certificate(a_tcp, ssl_context, payload+offset, payload_len-offset, thread_seq, a_packet);
+ if(state==SSL_FLASE)
{
- return SSL_RETURN_DROPME;
+ return SSL_FLASE;
}
- */
- /*20160906 methlenֻռһ���ֽ�*/
- a_ssl_stream->stServerHello->com_method.methlen = 1;
- a_ssl_stream->stServerHello->com_method.methods = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->com_method.methlen);
- memcpy(a_ssl_stream->stServerHello->com_method.methods, pcCurSslData, a_ssl_stream->stServerHello->com_method.methlen);
- pcCurSslData += a_ssl_stream->stServerHello->com_method.methlen;
- iUnAnaHelloLen -= a_ssl_stream->stServerHello->com_method.methlen;
- if (iUnAnaHelloLen < 0)
+ offset+=(certificate.total_len+CERTIFICATE_HDRLEN);
+ ssl_context->stream.certificate=NULL;
+ }
+ /**analyse client_hello**/
+ else if (CLIENT_HELLO == handshake->content_type)
+ {
+ if ((payload_len-offset)<CLIENT_HELLO_HDRLEN)
{
- return SSL_RETURN_DROPME;
+ break;
}
-
-
- /*get extension*/
- a_ssl_stream->stServerHello->extlen = (unsigned short)BtoL2BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stServerHello->extlen);
- int i = 0;
- for (i = 0; iUnAnaHelloLen >= 4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte
+ struct ssl_client_hello chello={0};
+ ssl_context->stream.chello=&chello;
+ state=ssl_parse_client_hello(&chello, (unsigned char *)(payload+offset), payload_len-offset);
+ if(state==SSL_FLASE)
{
- a_ssl_stream->stServerHello->exts[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stServerHello->exts[i].type);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->exts[i].type);
- if (iUnAnaHelloLen < 0)
- {
- return SSL_RETURN_DROPME;
- }
-
- a_ssl_stream->stServerHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
- pcCurSslData += sizeof(a_ssl_stream->stServerHello->exts[i].len);
- iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->exts[i].len);
- if (iUnAnaHelloLen < 0 || a_ssl_stream->stServerHello->exts[i].len > iUnAnaHelloLen)
- {
- return SSL_RETURN_DROPME;
- }
- a_ssl_stream->stServerHello->exts[i].data = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->exts[i].len);
- memcpy(a_ssl_stream->stServerHello->exts[i].data, pcCurSslData, a_ssl_stream->stServerHello->exts[i].len); // get ext data
- pcCurSslData += a_ssl_stream->stServerHello->exts[i].len;
- iUnAnaHelloLen -= a_ssl_stream->stServerHello->exts[i].len;
+ return SSL_FLASE;
}
- a_ssl_stream->stServerHello->ext_num = i;
- for (int j = 0; j < a_ssl_stream->stServerHello->ext_num; j++)
+ ssl_call_plugins(a_tcp, ssl_context, (char *)(payload+offset), chello.total_len+CLIENT_HELLO_HDRLEN, SSL_CLIENT_HELLO_MASK, thread_seq, a_packet);
+ offset+=(chello.total_len+CLIENT_HELLO_HDRLEN);
+ ssl_context->stream.chello=NULL;
+ }
+ /**analyse server_hello**/
+ else if (SERVER_HELLO == handshake->content_type)
+ {
+ if((payload_len-offset)<SERVER_HELLO_HDRLEN)
{
- if (a_ssl_stream->stServerHello->exts[j].data != NULL)
- {
- dictator_free(thread_seq, a_ssl_stream->stServerHello->exts[j].data);
- a_ssl_stream->stServerHello->exts[j].data = NULL;
- }
+ break;
}
- a_ssl_stream->stServerHello->ext_num = 0;
- return_val = ssl_doWithServerHello(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- // 20141121
- if (a_ssl_stream->stServerHello->session.session_value != NULL)
- {
- dictator_free(thread_seq, a_ssl_stream->stServerHello->session.session_value);
- a_ssl_stream->stServerHello->session.session_value = NULL;
- }
- if (a_ssl_stream->stServerHello->ciphersuites.suites_value != NULL)
- {
- dictator_free(thread_seq, a_ssl_stream->stServerHello->ciphersuites.suites_value);
- a_ssl_stream->stServerHello->ciphersuites.suites_value = NULL;
- }
- if (a_ssl_stream->stServerHello->com_method.methods != NULL)
+ struct ssl_server_hello shello={0};
+ ssl_context->stream.shello=&shello;
+ state=ssl_parse_server_hello(&shello, (unsigned char *)(payload+offset), payload_len-offset);
+ if(state==SSL_FLASE)
{
- dictator_free(thread_seq, a_ssl_stream->stServerHello->com_method.methods);
- a_ssl_stream->stServerHello->com_method.methods = NULL;
+ return SSL_FLASE;
}
- if (SSL_RETURN_NORM != return_val)
- return return_val;
- iUnAnalyseLen -= (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN);
- pcSslData += (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN);
+
+ ssl_call_plugins(a_tcp, ssl_context, (char *)(payload+offset), shello.total_len+SERVER_HELLO_HDRLEN, SSL_SERVER_HELLO_MASK, thread_seq, a_packet);
+ offset+=(shello.total_len+SERVER_HELLO_HDRLEN);
+ ssl_context->stream.shello=NULL;
}
- else if (NEW_SESSION_TICKET == pstHandShakeTypeHdr->ucContType)
+ else if (NEW_SESSION_TICKET == handshake->content_type)
{
- if (iUnAnalyseLen < SESSION_TICKET_HDRLEN)
+ if((payload_len-offset) < SESSION_TICKET_HDRLEN)
{
break;
}
- if (a_ssl_stream->stNewSessionTicket == NULL)
+ struct ssl_new_session_ticket new_session_ticket={0};
+ ssl_context->stream.new_session_ticket=&new_session_ticket;
+ state=ssl_parse_new_session_ticket(&new_session_ticket, (payload+offset), (payload_len-offset));
+ if(state==SSL_FLASE)
{
- a_ssl_stream->stNewSessionTicket = (st_new_session_ticket_t *)dictator_malloc(thread_seq, sizeof(st_new_session_ticket_t));
- memset(a_ssl_stream->stNewSessionTicket, 0, sizeof(st_new_session_ticket_t));
+ return SSL_FLASE;
}
- a_ssl_stream->stNewSessionTicket->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
- if (a_ssl_stream->stNewSessionTicket->totallen < 0)
- return SSL_RETURN_DROPME;
- /*4 means _type+len*/
- if (a_ssl_stream->stNewSessionTicket->totallen + SESSION_TICKET_HDRLEN > iUnAnalyseLen)
- {
- /**packet trunked**/
- break;
- }
- pcCurSslData += SESSION_TICKET_HDRLEN;
- a_ssl_stream->stNewSessionTicket->lifttime = BtoL4BytesNum((char *)(pcCurSslData));
- a_ssl_stream->stNewSessionTicket->ticket_len = BtoL2BytesNum((char *)(pcCurSslData + 4));
- a_ssl_stream->stNewSessionTicket->ticket = (unsigned char *)(pcCurSslData + 6);
- pcCurSslData += 6 + a_ssl_stream->stNewSessionTicket->ticket_len;
- iUnAnalyseLen -= (a_ssl_stream->stNewSessionTicket->totallen + SERVER_HELLO_HDRLEN);
- pcSslData += (a_ssl_stream->stNewSessionTicket->totallen + SERVER_HELLO_HDRLEN);
- ssl_doWithNewSessionTicket(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- // printf("new session ticket:%d\n", a_ssl_stream->stNewSessionTicket->ticket_len);
+ ssl_call_plugins(a_tcp, ssl_context, (char *)(payload+offset), new_session_ticket.total_len+SESSION_TICKET_HDRLEN, SSL_NEW_SESSION_TICKET_MASK, thread_seq, a_packet);
+ offset+=(new_session_ticket.total_len+SESSION_TICKET_HDRLEN);
+ ssl_context->stream.new_session_ticket=NULL;
}
else
{
@@ -560,91 +719,34 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen
}
}
- *res = (iSslDataLen - iUnAnalyseLen);
- return SSL_RETURN_NORM;
+ return SSL_TRUE;;
}
-UCHAR ssl_analyseAppData(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
- unsigned long long region_flag, int thread_seq, void *a_packet)
+int ssl_parse_application_data(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
{
- /**variable define and initialise**/
- int return_val = SSL_RETURN_NORM;
- int iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
-
- /**validaty check**/
- if (NULL == pcSslData || iUnAnalyseLen <= 0)
+ if (NULL==payload || payload_len<= 0)
{
- *res = 0;
- return SSL_RETURN_NORM;
+ return SSL_TRUE;
}
- a_ssl_stream->output_region_mask = SSL_APPLICATION_DATA_MASK;
- a_ssl_stream->p_output_buffer->p_data = pcSslData;
- a_ssl_stream->p_output_buffer->data_size = iUnAnalyseLen;
- return_val = ssl_doWithApplicationData(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- a_ssl_stream->p_output_buffer->p_data = NULL;
- a_ssl_stream->p_output_buffer->data_size = 0;
- *res = iUnAnalyseLen;
- if (SSL_RETURN_NORM != return_val)
- return return_val;
- return SSL_RETURN_NORM;
-}
-
-UCHAR ssl_analyseAlert(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
- unsigned long long region_flag, int thread_seq, void *a_packet)
-{
- /**variable define and initialise**/
- int return_val = SSL_RETURN_NORM;
- int iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
- /**validaty check**/
- if (NULL == pcSslData || iUnAnalyseLen <= 0)
- {
- *res = 0;
- return SSL_RETURN_NORM;
- }
- a_ssl_stream->output_region_mask = SSL_ALERT_MASK;
- a_ssl_stream->p_output_buffer->p_data = pcSslData;
- a_ssl_stream->p_output_buffer->data_size = iUnAnalyseLen;
- return_val = ssl_doWithAlert(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- a_ssl_stream->p_output_buffer->p_data = NULL;
- a_ssl_stream->p_output_buffer->data_size = 0;
- *res = iUnAnalyseLen;
- if (SSL_RETURN_NORM != return_val)
- return return_val;
- return SSL_RETURN_NORM;
+ ssl_call_plugins(a_tcp, ssl_context, payload, payload_len, SSL_APPLICATION_DATA_MASK, thread_seq, a_packet);
+ return SSL_TRUE;
}
-char *fn_pcGetType(const unsigned char *pucId, int iIdLen, stSerialString_t *pastElemTypes)
+int ssl_parse_alert(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
{
- int iLoop;
- int iInLoop;
-
- if (NULL == pucId || iIdLen < 0 || NULL == pastElemTypes)
- {
- return NULL;
- }
-
- for (iLoop = 0; NULL != pastElemTypes[iLoop].pcString; ++iLoop)
+ if(NULL==payload || payload_len<=0)
{
- for (iInLoop = 0; iInLoop < iIdLen; ++iInLoop)
- {
- if (pucId[iInLoop] != pastElemTypes[iLoop].aucSerial[iInLoop])
- {
- break;
- }
- }
- if (iInLoop == iIdLen)
- {
- return (char *)(pastElemTypes[iLoop].pcString);
- }
+ return SSL_TRUE;
}
- return NULL;
+ ssl_call_plugins(a_tcp, ssl_context, payload, payload_len, SSL_ALERT_MASK, thread_seq, a_packet);
+ return SSL_TRUE;
}
-int ssl_protoRecg(char *pcData, int iDataLen)
+int ssl_identify_version(char *pcData, int payload_len)
{
- if (NULL == pcData || iDataLen < 1)
+ if (NULL == pcData || payload_len < 1)
{
return 0;
}
@@ -692,322 +794,157 @@ int ssl_protoRecg(char *pcData, int iDataLen)
return 0;
}
-#define MAX_THREAD_NUM 64
-#define COUNTER_NUM 4096
-
-extern volatile unsigned long long g_SysInputInfo[MAX_THREAD_NUM][COUNTER_NUM];
-
-UCHAR ssl_analyseSsl(char *pcSslData, int iDataLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
- unsigned long long region_flag, int thread_seq, void *a_packet)
-{
- /**variable define and initialise**/
- stSSLRecordHdr_t *pstSSLRecordHdr = NULL;
- stHandShakeTypeHdr_t *pstHandShakeTypeHdr = NULL;
- int iUnAnalyseLen = iDataLen;
- char *pcCurSslData = pcSslData;
- int iCurAllMsgLen = 0;
- int iCurMsgLen = 0;
- int is_trunk = 0;
- UCHAR return_val = SSL_RETURN_NORM;
-
- /**validaty check**/
- if (NULL == pcSslData || iDataLen < SSL_HEADER_LEN)
+const char* ssl_get_version_name(unsigned short version)
+{
+ for(unsigned int i=0;ssl_version_list[i].value!=0;i++)
{
- *res = 0;
- return SSL_RETURN_NORM;
+ if(ssl_version_list[i].value==version)
+ {
+ return (char*)ssl_version_list[i].string;
+ }
}
+
+ return NULL;
+}
- /**first packet of an hand shake conversation**/
- if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion)
+int ssl_parse_version(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
+{
+ if(UNKNOWN_VERSION==ssl_context->version)
{
- a_ssl_stream->uiSslVersion = (unsigned int)ssl_protoRecg(pcSslData, iDataLen);
+ ssl_context->version=(unsigned int)ssl_identify_version(payload, payload_len);
/*jump the first pkt*/
- if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion)
+ if (UNKNOWN_VERSION==ssl_context->version)
{
- *res = -1;
- if (a_ssl_stream->first_pkt_flag == 0)
+ if (ssl_context->first_pkt_flag==0)
{
- a_ssl_stream->first_pkt_flag = 1;
- return SSL_RETURN_GIVEME;
+ ssl_context->first_pkt_flag=1;
+ return SSL_CONTINUE;
}
else
{
- return SSL_RETURN_DROPME;
+ return SSL_FLASE;
}
}
/*version callback*/
- return_val = ssl_doWithVersion(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- if (SSL_RETURN_NORM != return_val)
- return return_val;
- }
- // 2020.11.27 iUnAnalyseLen need more than SSL_RECORD_HDRLEN
- while (iUnAnalyseLen > SSL_RECORD_HDRLEN)
- {
- if (SSL_HANDSHAKE_MSG_TRUNKED == a_ssl_stream->uiMsgState)
+ for(int i=0; ssl_version_list[i].value!=0; i++)
{
- switch (a_ssl_stream->ucContType)
+ if(ssl_version_list[i].value==ssl_context->version)
{
- case HANDSHAKE:
- case APPLICATION_DATA:
- case ALERT:
- pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)pcCurSslData;
- iCurAllMsgLen = (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen);
- iCurMsgLen = (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen) < iUnAnalyseLen ? (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen) : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
+ ssl_call_plugins(a_tcp, ssl_context, (char*)ssl_version_list[i].string, strlen(ssl_version_list[i].string), SSL_VERSION_MASK, thread_seq, a_packet);
break;
- default:
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- a_ssl_stream->ucContType = 0;
- *res = -1;
- return SSL_RETURN_NORM;
}
- }
- else
- {
-
- pstSSLRecordHdr = (stSSLRecordHdr_t *)pcCurSslData;
- switch (pstSSLRecordHdr->ucContType)
- {
- case HANDSHAKE:
- a_ssl_stream->ucContType = HANDSHAKE;
- a_ssl_stream->is_ssl_stream = SSL_TRUE;
- a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
- pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)(pcCurSslData + SSL_RECORD_HDRLEN);
- pcCurSslData += SSL_RECORD_HDRLEN;
- iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- break;
+ }
+ }
- case APPLICATION_DATA:
- a_ssl_stream->ucContType = APPLICATION_DATA;
- a_ssl_stream->is_ssl_stream = SSL_TRUE;
- a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
- pcCurSslData += SSL_RECORD_HDRLEN;
- iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- // static int count;
- // count++;
- // printf("%d\t%d\t%lld\n",count, a_ssl_stream->uiAllMsgLen, g_SysInputInfo[0][0]);
- break;
+ return SSL_TRUE;
+}
- case CHANGE_CIPHER_SEP:
- a_ssl_stream->ucContType = CHANGE_CIPHER_SEP;
- a_ssl_stream->is_ssl_stream = SSL_TRUE;
- a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
- pcCurSslData += SSL_RECORD_HDRLEN;
- iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- *res = iCurAllMsgLen;
- break;
+int ssl_parse_message(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, char *payload, int payload_len, int thread_seq, const void *a_packet)
+{
+ int offset=0;
+ int state=SSL_TRUE;
- case ALERT:
- a_ssl_stream->ucContType = ALERT;
- a_ssl_stream->is_ssl_stream = SSL_TRUE;
- a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
- pcCurSslData += SSL_RECORD_HDRLEN;
- iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- *res = iCurAllMsgLen;
- break;
+ state=ssl_parse_version(a_tcp, ssl_context, payload, payload_len, thread_seq, a_packet);
+ if(state!=SSL_TRUE)
+ {
+ return state;
+ }
- default:
- if (a_ssl_stream->is_ssl_stream == SSL_TRUE)
- {
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- a_ssl_stream->ucContType = 0;
- *res = -1;
- return SSL_RETURN_NORM;
- }
- else
- {
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- a_ssl_stream->ucContType = 0;
- *res = -1;
- return SSL_RETURN_DROPME;
- }
- }
+ while(payload_len-offset > SSL_RECORD_HDRLEN)
+ {
+ struct ssl_record_header *ssl_record=(struct ssl_record_header *)(payload+offset);
+
+ int one_record_len=htons(ssl_record->total_len);
+ ssl_context->is_ssl_stream=SSL_TRUE;
+
+ if((payload_len-offset) < one_record_len)
+ {
+ ssl_trunk_cache(ssl_context, payload+offset, payload_len-offset, thread_seq);
+ break; //cache
}
- switch (a_ssl_stream->ucContType)
+
+ offset+=SSL_RECORD_HDRLEN;
+
+ switch (ssl_record->content_type)
{
case APPLICATION_DATA:
- /*���������ݣ�ʵʱ����*/
- return_val = ssl_analyseAppData((char *)pcCurSslData, iCurAllMsgLen, iUnAnalyseLen, res, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- /*the data is not enough*/
- if (*res < iCurAllMsgLen)
- {
- is_trunk = 1;
- }
+ state=ssl_parse_application_data(a_tcp, ssl_context, payload+offset, one_record_len, thread_seq, a_packet);
break;
-
- /*��������ȫ������ٴ���*/
- case ALERT:
- // printf("%d:%d\n",iCurAllMsgLen,iUnAnalyseLen);
- if (iUnAnalyseLen < iCurAllMsgLen)
- {
- *res = 0;
- is_trunk = 1;
- }
- else
- {
- return_val = ssl_analyseAlert((char *)pcCurSslData, iCurAllMsgLen, iUnAnalyseLen, res, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- is_trunk = 0;
- }
+ case ALERT:
+ state=ssl_parse_alert(a_tcp, ssl_context, payload+offset, one_record_len, thread_seq, a_packet);
break;
-
- /*other handshark proto not process*/
case HANDSHAKE:
- /*���幻�����ٴ���*/
- if (fn_iIsHandShakeMsg(*(unsigned char *)pstHandShakeTypeHdr))
+ state=ssl_parse_handshake(a_tcp, ssl_context, payload+offset, one_record_len, thread_seq, a_packet);
+ break;
+ case CHANGE_CIPHER_SEP:
+ break;
+ default:
+ if (ssl_context->is_ssl_stream==SSL_TRUE)
{
- /*res��ʾ����������*/
- return_val = ssl_analyseHandShake((char *)pstHandShakeTypeHdr, iCurAllMsgLen, iUnAnalyseLen, res, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- if (*res < iCurAllMsgLen)
- {
- is_trunk = 1;
- }
+ return SSL_TRUE;
}
else
{
- if (iCurMsgLen >= iCurAllMsgLen)
- {
- /*����Ϣ�������*/
- *res = iCurMsgLen;
- }
- else
- {
- /*��ʾ��Ҫ���浱ǰ���ݰ����������ݣ�����*res������������Ϊ0*/
- *res = 0;
- is_trunk = 1;
- }
+ return SSL_FLASE;
}
- /*20140731 res<0 but no why*/
- if (*res < 0)
- {
- return SSL_RETURN_DROPME;
- }
- break;
-
- default:
- *res = iCurMsgLen;
- break;
}
- /*the data is not enough*/
- if (is_trunk)
- // if(*res < iCurMsgLen)
+ if(state==SSL_FLASE)
{
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_MSG_TRUNKED;
- a_ssl_stream->uiMsgProcLen += *res;
- //pcCurSslData += *res; //20220318 cppcheck
- iUnAnalyseLen -= *res;
+ offset=payload_len;
break;
}
- else
- {
- /*������Ϣ�������*/
- a_ssl_stream->uiAllMsgLen = 0;
- a_ssl_stream->uiMsgProcLen = 0;
- }
- if (SSL_RETURN_NORM != return_val)
- {
- return return_val;
- }
-
- pcCurSslData += *res;
- iUnAnalyseLen -= *res;
+ offset+=one_record_len;
}
- *res = iDataLen - iUnAnalyseLen;
+ if(offset==payload_len)
+ {
+ ssl_trunk_free(ssl_context, thread_seq);
+ }
- return SSL_RETURN_NORM;
+ return state;
}
-UCHAR ssl_analyseStream(struct streaminfo *a_tcp, void **pme, int thread_seq, void *a_packet)
+int ssl_parse_stream(const struct streaminfo *a_tcp, struct ssl_runtime_context *ssl_context, int thread_seq, const void *a_packet)
{
- /**variables define, and initialise**/
- int return_val = APP_STATE_GIVEME;
- ssl_stream *a_ssl_stream = (ssl_stream *)*pme;
- struct tcpdetail *tcp_detail = (struct tcpdetail *)a_tcp->pdetail;
- char *pcSslData = NULL;
- int iSslDateLen = 0;
- int iRet = 0;
+ int payload_len = 0;
+ char *payload=NULL;
- if (NULL == a_ssl_stream)
+ if(ssl_context==NULL)
{
- return SSL_RETURN_DROPME;
+ return SSL_FLASE;
}
- if (0 == tcp_detail->datalen)
- {
- /*trans ssl over state*/
- if (a_ssl_stream->over_flag == SSL_TRUE && a_ssl_stream->uiSslVersion != UNKNOWN_VERSION)
- {
- return ssl_callPlugins(&a_ssl_stream, a_tcp, a_ssl_stream->output_region_flag, thread_seq, a_packet);
- }
- else
- return APP_STATE_GIVEME;
- }
+ struct tcpdetail *tcp_detail=(struct tcpdetail *)a_tcp->pdetail;
/**if buffered, copy new data to the buff**/
/**if lose packets, drop the buffered data**/
/*bad data fill the buffer, or lose pkt clear it*/
- if ((tcp_detail->lostlen > 0) || (a_ssl_stream->uiMaxBuffLen > 0 && a_ssl_stream->uiCurBuffLen >= a_ssl_stream->uiMaxBuffLen))
+ if(tcp_detail->lostlen>0 && ssl_context->record.cache_len>0)
{
- // 20151231
- return SSL_RETURN_DROPME;
- a_ssl_stream->uiCurBuffLen = 0;
+ ssl_trunk_free(ssl_context, thread_seq);
}
- if (a_ssl_stream->uiCurBuffLen > 0)
+ if(ssl_context->record.cache_len>0)
{
- // 20151231 not enough,tcp_detail->pdata will be cut, it's not useful
- if (a_ssl_stream->uiMaxBuffLen - a_ssl_stream->uiCurBuffLen < (int)tcp_detail->datalen)
- {
- return SSL_RETURN_DROPME;
- }
- iSslDateLen = MIN((int)tcp_detail->datalen, (a_ssl_stream->uiMaxBuffLen - a_ssl_stream->uiCurBuffLen));
-
- memcpy(a_ssl_stream->pcSslBuffer + a_ssl_stream->uiCurBuffLen, tcp_detail->pdata, iSslDateLen);
- a_ssl_stream->uiCurBuffLen += iSslDateLen;
- iSslDateLen = a_ssl_stream->uiCurBuffLen;
- pcSslData = a_ssl_stream->pcSslBuffer;
+ payload_len=MIN((int)tcp_detail->datalen, (g_ssl_runtime_para.max_cache_len - ssl_context->record.cache_len));
+ memcpy(ssl_context->record.cache_buff + ssl_context->record.cache_len, tcp_detail->pdata, payload_len);
+ ssl_context->record.cache_len += payload_len;
+ payload_len=ssl_context->record.cache_len;
+ payload=ssl_context->record.cache_buff;
}
else
{
- pcSslData = (char *)tcp_detail->pdata;
- iSslDateLen = tcp_detail->datalen;
+ payload=(char *)tcp_detail->pdata;
+ payload_len=tcp_detail->datalen;
}
- return_val = ssl_analyseSsl(pcSslData, iSslDateLen, &iRet, a_ssl_stream, a_tcp, a_ssl_stream->output_region_flag, thread_seq, a_packet);
-
- if (SSL_RETURN_NORM != return_val)
- {
- return return_val;
- }
- /*is ssl_stream, need buffer data*/
- if (iRet < 0 || iRet >= iSslDateLen)
- {
- a_ssl_stream->uiCurBuffLen = 0;
- }
- else
+ /**validaty check**/
+ if(NULL==payload || payload_len<SSL_HEADER_LEN)
{
- if (0 == a_ssl_stream->uiMaxBuffLen)
- {
- a_ssl_stream->pcSslBuffer = (char *)dictator_malloc(thread_seq, MAX_DATA_BUFFER);
- memset(a_ssl_stream->pcSslBuffer, 0, MAX_DATA_BUFFER);
- a_ssl_stream->uiMaxBuffLen = MAX_DATA_BUFFER;
- }
- fn_vMemCpy(a_ssl_stream->pcSslBuffer, (int)a_ssl_stream->uiMaxBuffLen, pcSslData + iRet, (int)(iSslDateLen - iRet));
- a_ssl_stream->uiCurBuffLen = iSslDateLen - iRet;
+ return SSL_TRUE;
}
- return return_val;
+
+ return ssl_parse_message(a_tcp, ssl_context, payload, payload_len, thread_seq, a_packet);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 15:28:40 +0000