diff options
| -rw-r--r-- | CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/SSL_Message.c | 40 | ||||
| -rw-r--r-- | src/SSL_Proc.c | 29 | ||||
| -rw-r--r-- | src/SSL_Proc.h | 2 | ||||
| -rw-r--r-- | src/ssl.h | 2 | ||||
| -rw-r--r-- | test/CMakeLists.txt | 2 |
6 files changed, 36 insertions, 41 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index bfb930a..a8a2df8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required (VERSION 2.8) +cmake_minimum_required (VERSION 3.10) set(lib_name ssl) diff --git a/src/SSL_Message.c b/src/SSL_Message.c index 77969a8..12cc251 100644 --- a/src/SSL_Message.c +++ b/src/SSL_Message.c @@ -290,45 +290,39 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen } /*get extension*/ + st_ext_t exts_on_stack[64]; + memset(&exts_on_stack, 0, sizeof(exts_on_stack)); a_ssl_stream->stClientHello->extlen = (unsigned short)BtoL2BytesNum(pcCurSslData); pcCurSslData += sizeof(a_ssl_stream->stClientHello->extlen); int i = 0; - for (i = 0; iUnAnaHelloLen >= 4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte + for (i = 0; iUnAnaHelloLen >= 4 && i < 64; i++) // min len of ext is 4 byte { - a_ssl_stream->stClientHello->exts[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData); - pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].type); - iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].type); + exts_on_stack[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData); + pcCurSslData += sizeof(exts_on_stack[i].type); + iUnAnaHelloLen -= sizeof(exts_on_stack[i].type); if (iUnAnaHelloLen < 0) { return SSL_RETURN_DROPME; } - a_ssl_stream->stClientHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData); - pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].len); - iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].len); - if (iUnAnaHelloLen < 0 || a_ssl_stream->stClientHello->exts[i].len > iUnAnaHelloLen) + exts_on_stack[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData); + pcCurSslData += sizeof(exts_on_stack[i].len); + iUnAnaHelloLen -= sizeof(exts_on_stack[i].len); + if (iUnAnaHelloLen < 0 || exts_on_stack[i].len > iUnAnaHelloLen) { return SSL_RETURN_DROPME; } - a_ssl_stream->stClientHello->exts[i].data = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->exts[i].len); - memcpy(a_ssl_stream->stClientHello->exts[i].data, pcCurSslData, a_ssl_stream->stClientHello->exts[i].len); // get ext data - pcCurSslData += a_ssl_stream->stClientHello->exts[i].len; - iUnAnaHelloLen -= a_ssl_stream->stClientHello->exts[i].len; + exts_on_stack[i].data=(unsigned char *)pcCurSslData; + + + pcCurSslData += exts_on_stack[i].len; + iUnAnaHelloLen -= exts_on_stack[i].len; } - a_ssl_stream->stClientHello->ext_num = i; + int ext_on_stack_num = i; // printf("ext_num: %d\n", a_ssl_stream->stClientHello->ext_num); - return_val = ssl_doWithClientHello(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet); - // 20141121 - for (int j = 0; j < a_ssl_stream->stClientHello->ext_num; j++) - { - if (a_ssl_stream->stClientHello->exts[j].data != NULL) - { - dictator_free(thread_seq, a_ssl_stream->stClientHello->exts[j].data); - a_ssl_stream->stClientHello->exts[j].data = NULL; - } - } + return_val = ssl_doWithClientHello(exts_on_stack, ext_on_stack_num, &a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet); a_ssl_stream->stClientHello->ext_num = 0; a_ssl_stream->stClientHello->session_ticket.ticket = NULL; if (a_ssl_stream->stClientHello->session.session_value != NULL) diff --git a/src/SSL_Proc.c b/src/SSL_Proc.c index bea37aa..35c7754 100644 --- a/src/SSL_Proc.c +++ b/src/SSL_Proc.c @@ -383,7 +383,7 @@ UCHAR ssl_doWithCertificateDetail(ssl_stream **a_ssl_stream, struct streaminfo * return return_val; } -UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, +UCHAR ssl_doWithClientHello(st_ext_t exts[], int exts_num, ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, unsigned long long region_flag, int thread_seq, void *a_packet) { UCHAR return_val = SSL_RETURN_NORM; @@ -391,15 +391,15 @@ UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, /*parse extionsion server_name*/ int i=0; - for(i=0; i<(*a_ssl_stream)->stClientHello->ext_num; i++) + for(i=0; i<exts_num; i++) { - if((*a_ssl_stream)->stClientHello->exts[i].type == SERVER_NAME_EXT_TYPE) + if(exts[i].type == SERVER_NAME_EXT_TYPE) { st_client_server_name_t* pstClientServerName = (st_client_server_name_t*)dictator_malloc(thread_seq,sizeof(st_client_server_name_t)); unsigned char* cur_data = NULL; unsigned char servernamelen = 0; - pstClientServerName->server_name_list_len = (*a_ssl_stream)->stClientHello->exts[i].len; - cur_data = (*a_ssl_stream)->stClientHello->exts[i].data; + pstClientServerName->server_name_list_len = exts[i].len; + cur_data = exts[i].data; pstClientServerName->server_name_list_len -= sizeof(pstClientServerName->server_name_list_len); cur_data += sizeof(pstClientServerName->server_name_list_len); @@ -436,16 +436,16 @@ UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, dictator_free(thread_seq,pstClientServerName); //} } - else if((*a_ssl_stream)->stClientHello->exts[i].type == SESSION_TICKET_EXT_TYPE) + else if(exts[i].type == SESSION_TICKET_EXT_TYPE) { - (*a_ssl_stream)->stClientHello->session_ticket.ticketlen = (*a_ssl_stream)->stClientHello->exts[i].len; - (*a_ssl_stream)->stClientHello->session_ticket.ticket = (*a_ssl_stream)->stClientHello->exts[i].data; + (*a_ssl_stream)->stClientHello->session_ticket.ticketlen = exts[i].len; + (*a_ssl_stream)->stClientHello->session_ticket.ticket = exts[i].data; //printf("====session ticket:%d\n", (*a_ssl_stream)->stClientHello->session_ticket.ticketlen); } - else if((*a_ssl_stream)->stClientHello->exts[i].type == ENCRPTED_SERVER_NAME_EXT_TYPE) + else if(exts[i].type == ENCRPTED_SERVER_NAME_EXT_TYPE) { - char* cur_data = (char*)(*a_ssl_stream)->stClientHello->exts[i].data; - int iUnAnaHelloLen = (*a_ssl_stream)->stClientHello->exts[i].len; + char* cur_data = (char*)exts[i].data; + int iUnAnaHelloLen = exts[i].len; if(iUnAnaHelloLen>SUITE_VALUELEN) { (*a_ssl_stream)->stClientHello->encrypted_server_name.suite_value = (unsigned char *)dictator_malloc(thread_seq,SUITE_VALUELEN); @@ -479,12 +479,13 @@ UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, iUnAnaHelloLen -= (ESNILEN_LEN+(*a_ssl_stream)->stClientHello->encrypted_server_name.esni_len); } } - else if((*a_ssl_stream)->stClientHello->exts[i].type == ENCRPTED_CLIENT_HELLO_EXT_TYPE) + else if(exts[i].type == ENCRPTED_CLIENT_HELLO_EXT_TYPE) { - (*a_ssl_stream)->stClientHello->encrypt_chello = &(*a_ssl_stream)->stClientHello->exts[i]; + (*a_ssl_stream)->stClientHello->encrypt_chello = &exts[i]; } } - + (*a_ssl_stream)->stClientHello->ext_num = MIN(exts_num, MAX_EXTENSION_NUM); + memcpy((*a_ssl_stream)->stClientHello->exts, exts, sizeof(st_ext_t)*(*a_ssl_stream)->stClientHello->ext_num); return_val = ssl_callPlugins(a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet); (*a_ssl_stream)->output_region_mask = SSL_INTEREST_KEY_MASK; return return_val; diff --git a/src/SSL_Proc.h b/src/SSL_Proc.h index 62ddd35..d96a63d 100644 --- a/src/SSL_Proc.h +++ b/src/SSL_Proc.h @@ -35,7 +35,7 @@ UCHAR ssl_doWithCertificateDetail(ssl_stream **a_ssl_stream, struct streaminf unsigned long long region_flag, int thread_seq, void *a_packet); UCHAR ssl_doWithServerName(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, unsigned long long region_flag, int thread_seq, void *a_packet); -UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, +UCHAR ssl_doWithClientHello(st_ext_t exts[], int ext_num, ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, unsigned long long region_flag, int thread_seq, void *a_packet); UCHAR ssl_doWithServerHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp, unsigned long long region_flag, int thread_seq, void *a_packet); @@ -99,7 +99,7 @@ typedef struct _st_esni_t }st_esni_t; //#############################################client hello -#define MAX_EXTENSION_NUM 64 +#define MAX_EXTENSION_NUM 16 #define MAX_EXT_DATA_LEN 256 #define SERVER_NAME_EXT_TYPE 0x0000 #define SERVER_NAME_HOST_TYPE 0x0000 diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index d982b1b..d1f9aef 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required (VERSION 2.8) +cmake_minimum_required (VERSION 3.10) project(${lib_name}_test) |