summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/SSL_Analyze.c54
-rw-r--r--src/SSL_Certificate.c317
-rw-r--r--src/SSL_Message.c1045
-rw-r--r--src/SSL_Proc.c35
-rw-r--r--src/SSL_Proc.h8
5 files changed, 725 insertions, 734 deletions
diff --git a/src/SSL_Analyze.c b/src/SSL_Analyze.c
index c8a8881..0cccd9f 100644
--- a/src/SSL_Analyze.c
+++ b/src/SSL_Analyze.c
@@ -116,22 +116,22 @@ void ssl_history()
int ssl_readconf(const char* filename)
{
FILE *fp = NULL;
- char buf[2048] = {0};
- int region_id = 0;
- int temp = 0;
- char region_name[REGION_NAME_LEN] = {0};
+
if(((fp = fopen(filename, "r"))!=NULL))
{
+ char buf[2048]={0};
+ int region_id=0;
+ char region_name[REGION_NAME_LEN]={0};
while( fgets(buf, sizeof(buf), fp))
{
- temp = sscanf(buf, "%d\t%s", &region_id, region_name);
+ int temp = sscanf(buf, "%d\t%31s", &region_id, region_name); //szieof(region_name)=32
if ( 2 > temp )
{
printf( "ssl.so : ssl.conf %s read error\n", filename);
return -1;
}
- if(region_id>MAX_REGION_NUM)
+ if(region_id>=MAX_REGION_NUM)
{
printf( "ssl.so : ssl.conf %d bigger than MAX_REGION_NUM\n", region_id);
return -1;
@@ -198,7 +198,6 @@ void ssl_proto_tag_free(int thread_seq, void *value)
int SSL_INIT(void)
{
- int value = 0;
memset(&g_ssl_prog_para,0,sizeof(ssl_prog_runtime_parameter_t));
strcat(g_ssl_prog_para.ssl_conf_filename, "./conf/ssl/ssl.conf");
@@ -216,7 +215,7 @@ int SSL_INIT(void)
{
g_ssl_prog_para.stat_handler = FS_create_handle();
FS_set_para(g_ssl_prog_para.stat_handler, OUTPUT_DEVICE, g_ssl_prog_para.stat_filename, strlen(g_ssl_prog_para.stat_filename)+1);
- value = 1;//flush by date
+ int value = 1;//flush by date
FS_set_para(g_ssl_prog_para.stat_handler, FLUSH_BY_DATE, &value, sizeof(value));
value = 2;//append
FS_set_para(g_ssl_prog_para.stat_handler, PRINT_MODE, &value, sizeof(value));
@@ -273,7 +272,6 @@ long long SSL_FLAG_CHANGE(char* flag_str)
if(flag_str==NULL) return -1;
long long protflag = 0;
- long long region_id = 0;
char *start_token = flag_str;
char *end_token = flag_str;
char *end_pos = flag_str+strlen(flag_str);
@@ -293,7 +291,7 @@ long long SSL_FLAG_CHANGE(char* flag_str)
memcpy(region_name, start_token, end_pos-start_token);
end_token = end_pos;
}
- region_id = ssl_getRegionID(region_name, strlen(region_name), g_ssl_prog_para.ssl_conf_regionname);
+ long long region_id = ssl_getRegionID(region_name, strlen(region_name), g_ssl_prog_para.ssl_conf_regionname);
if(-1==region_id)
{
printf( "ssl.so : PROT_CHANGE %s read %s error\n", flag_str, region_name);
@@ -307,7 +305,7 @@ long long SSL_FLAG_CHANGE(char* flag_str)
UCHAR ssl_doWithInsterestedRegion(struct streaminfo *a_tcp)
{
- /*ҵ���û��ע����Ȥ��*/
+ /*ҵ���û��ע����Ȥ��*/
if(g_ssl_prog_para.ssl_interested_region_flag < SSL_KEY) return APP_STATE_DROPME;
return SSL_RETURN_NORM;
@@ -357,17 +355,13 @@ void ssl_initStructServerHello(st_server_hello_t* pstServerHello)
int ssl_initSslStream(struct streaminfo *a_tcp, void **pme, int thread_seq)
{
/**Variables define**/
- ssl_stream *a_ssl_stream = (ssl_stream *)*pme;
-
- if(NULL != a_ssl_stream)
- return -1;
-
- a_ssl_stream = (ssl_stream *)dictator_malloc(thread_seq, sizeof(ssl_stream));
+ if(NULL != *pme)
+ {
+ return -1;
+ }
+
+ ssl_stream *a_ssl_stream = (ssl_stream *)dictator_malloc(thread_seq, sizeof(ssl_stream));
memset(a_ssl_stream,0,sizeof(ssl_stream));
- if (NULL == a_ssl_stream)
- {
- return -1;
- }
a_ssl_stream->output_region_flag = g_ssl_prog_para.ssl_interested_region_flag;
@@ -570,10 +564,12 @@ char SSL_ENTRY(struct streaminfo *a_tcp, void**pme, int thread_seq, void *a_pack
case OP_STATE_CLOSE:
a_ssl_stream = (ssl_stream *)*pme;
- if(a_ssl_stream!=NULL)
+ if(a_ssl_stream==NULL)
{
- a_ssl_stream->over_flag = SSL_TRUE;
+ return APP_STATE_DROPME;
}
+
+ a_ssl_stream->over_flag = SSL_TRUE;
if (a_ssl_stream->uiSslVersion != UNKNOWN_VERSION)
{
ssl_add_proto_tag(g_ssl_prog_para.proto_tag_id, a_tcp, "SSL", strlen("SSL"));
@@ -590,19 +586,17 @@ char SSL_ENTRY(struct streaminfo *a_tcp, void**pme, int thread_seq, void *a_pack
FS_operate(g_ssl_prog_para.stat_handler, g_ssl_prog_para.stat_field[SSL_STAT_BITS_S2C], 0, FS_OP_SET, g_ssl_prog_para.stat_value[SSL_STAT_BITS_S2C]);
}
}
- return_val = ssl_analyseStream(a_tcp, pme ,thread_seq, a_packet);
+ ssl_analyseStream(a_tcp, pme ,thread_seq, a_packet);
state = APP_STATE_DROPME;
if(a_ssl_stream->business->return_value&PROT_STATE_DROPPKT)
{
state |= APP_STATE_DROPPKT;
a_ssl_stream->business->return_value ^= PROT_STATE_DROPPKT;
}
- if(NULL!=a_ssl_stream)
- {
- ssl_releaseSslStream(a_tcp, &a_ssl_stream, thread_seq,a_packet);
- *pme = NULL;
- }
-
+
+ ssl_releaseSslStream(a_tcp, &a_ssl_stream, thread_seq,a_packet);
+ *pme = NULL;
+
return state;
}
return APP_STATE_GIVEME;
diff --git a/src/SSL_Certificate.c b/src/SSL_Certificate.c
index 36dc565..380fa5e 100644
--- a/src/SSL_Certificate.c
+++ b/src/SSL_Certificate.c
@@ -71,7 +71,6 @@ int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint
char* unproc_cert = (char*)conj_cert_buf;
uint32_t unproc_certlen = conj_buflen;
char* cur_cert = NULL;
- uint32_t cur_certlen = 0;
uint32_t cert_unit_cnt = 0;
cert_chain_t cert_unit[CERT_TYPE_MAXNUM];
@@ -81,8 +80,8 @@ int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint
{
break;
}
- cur_certlen = BtoL3BytesNum(unproc_cert);
- if(((int)cur_certlen <0) || cur_certlen+SSL_CERTIFICATE_HDRLEN>unproc_certlen)
+ cert_unit[cert_unit_cnt].cert_len = BtoL3BytesNum(unproc_cert);
+ if(((int)cert_unit[cert_unit_cnt].cert_len <0) || cert_unit[cert_unit_cnt].cert_len+SSL_CERTIFICATE_HDRLEN>unproc_certlen)
{
break;
}
@@ -90,14 +89,14 @@ int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint
if(cert_unit_cnt==0&&CERT_TYPE_INDIVIDUAL==cert_type)
{
*cert = cur_cert;
- *cert_len = cur_certlen;
+ *cert_len = cert_unit[cert_unit_cnt].cert_len;
return 1;
}
cert_unit[cert_unit_cnt].cert = cur_cert;
- cert_unit[cert_unit_cnt].cert_len = cur_certlen;
+ unproc_certlen -= (SSL_CERTIFICATE_HDRLEN+cert_unit[cert_unit_cnt].cert_len);
+ unproc_cert += SSL_CERTIFICATE_HDRLEN+cert_unit[cert_unit_cnt].cert_len;
cert_unit_cnt++;
- unproc_certlen -= (SSL_CERTIFICATE_HDRLEN+cur_certlen);
- unproc_cert += SSL_CERTIFICATE_HDRLEN+cur_certlen;
+
}
switch(cert_type)
@@ -151,7 +150,6 @@ int ssl_read_all_cert(const char* conj_cert_buf, uint32_t conj_buflen, cert_chai
char* unproc_cert = (char*)conj_cert_buf;
uint32_t unproc_certlen = conj_buflen;
char* cur_cert = NULL;
- uint32_t cur_certlen = 0;
uint32_t cert_unit_cnt = 0;
while ((int)unproc_certlen > 0)
@@ -160,20 +158,17 @@ int ssl_read_all_cert(const char* conj_cert_buf, uint32_t conj_buflen, cert_chai
{
break;
}
- cur_certlen = BtoL3BytesNum(unproc_cert);
- if((int)cur_certlen <0 || cur_certlen+SSL_CERTIFICATE_HDRLEN>unproc_certlen)
+ cert_unit[cert_unit_cnt].cert_len = BtoL3BytesNum(unproc_cert);
+ if((int)cert_unit[cert_unit_cnt].cert_len <0 || cert_unit[cert_unit_cnt].cert_len+SSL_CERTIFICATE_HDRLEN>unproc_certlen)
{
break;
}
- cur_cert = unproc_cert+SSL_CERTIFICATE_HDRLEN;
- if(cert_unit_cnt<unit_size)
- {
- cert_unit[cert_unit_cnt].cert = cur_cert;
- cert_unit[cert_unit_cnt].cert_len = cur_certlen;
- }
- cert_unit_cnt++;
- unproc_certlen -= (SSL_CERTIFICATE_HDRLEN+cur_certlen);
- unproc_cert += SSL_CERTIFICATE_HDRLEN+cur_certlen;
+ cur_cert = unproc_cert+SSL_CERTIFICATE_HDRLEN;
+ cert_unit[cert_unit_cnt].cert = cur_cert;
+ unproc_certlen -= (SSL_CERTIFICATE_HDRLEN+cert_unit[cert_unit_cnt].cert_len);
+ unproc_cert += SSL_CERTIFICATE_HDRLEN+cert_unit[cert_unit_cnt].cert_len;
+ cert_unit_cnt++;
+
}
return cert_unit_cnt;
}
@@ -184,11 +179,10 @@ UCHAR ssl_Certificate(char *pcSslCertificateData, int iDataLen, ssl_stream *a_ss
{
int iUnAnaCertLen = iDataLen;
char *pcCurSslCertificateData = pcSslCertificateData;
- int return_val = 0;
while (iUnAnaCertLen > 0)
{
a_ssl_stream->stSSLCert->certlen = BtoL3BytesNum(pcCurSslCertificateData);
- if (a_ssl_stream->stSSLCert->certlen + SSL_CERTIFICATE_HDRLEN > iUnAnaCertLen)
+ if (a_ssl_stream->stSSLCert->certlen + SSL_CERTIFICATE_HDRLEN > iUnAnaCertLen)
{
/**packet trunked is impossible**/
break;
@@ -198,10 +192,13 @@ UCHAR ssl_Certificate(char *pcSslCertificateData, int iDataLen, ssl_stream *a_ss
a_ssl_stream->p_output_buffer->p_data = pcCurSslCertificateData;
a_ssl_stream->p_output_buffer->data_size = a_ssl_stream->stSSLCert->certlen;
a_ssl_stream->output_region_mask = SSL_CERTIFICATE_MASK;
- return_val = ssl_doWithCertificate(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
+ int return_val = ssl_doWithCertificate(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
a_ssl_stream->p_output_buffer->p_data = NULL;
a_ssl_stream->p_output_buffer->data_size = 0;
- if(SSL_RETURN_NORM != return_val) return return_val;
+ if(SSL_RETURN_NORM != return_val)
+ {
+ return return_val;
+ }
pcCurSslCertificateData += a_ssl_stream->stSSLCert->certlen;
iUnAnaCertLen -= a_ssl_stream->stSSLCert->certlen;
}
@@ -237,7 +234,7 @@ UCHAR ssl_AnalyseCertificate(char *pcSslCertificateData, int iDataLen, ssl_strea
{
int iUnAnaCertLen = iDataLen;
char *pcCurSslCertificateData = pcSslCertificateData;
- int return_val = 0;
+ int return_val;
cert_chain_t cert_unit[CERT_MAXNUM];
int cert_num = 0;
int cert_cnt = ssl_read_all_cert(pcCurSslCertificateData, iUnAnaCertLen, cert_unit, CERT_MAXNUM);
@@ -321,11 +318,10 @@ UCHAR ssl_AnalyseCertificate(char *pcSslCertificateData, int iDataLen, ssl_strea
}
-char *fn_pcGetElemType(unsigned char *pucId, int iIdLen, stSerialString_t *pastElemTypes)
+char *fn_pcGetElemType(const unsigned char *pucId, int iIdLen, stSerialString_t *pastElemTypes)
{
int iLoop = 0;
int iInLoop = 0;
- int iAlgIdLen = 0;
if (NULL == pucId || iIdLen < 0 || NULL == pastElemTypes)
{
@@ -334,7 +330,7 @@ char *fn_pcGetElemType(unsigned char *pucId, int iIdLen, stSerialString_t *pastE
for (iLoop = 0; NULL != pastElemTypes[iLoop].pcString; ++iLoop)
{
- iAlgIdLen = strlen((const char *)pastElemTypes[iLoop].aucSerial);
+ int iAlgIdLen = strlen((const char *)pastElemTypes[iLoop].aucSerial);
if (iAlgIdLen != iIdLen)
{
@@ -371,13 +367,13 @@ UCHAR fn_pGetSSLInfo_v1(char *pcCert, int iLen, ssl_stream *a_ssl_stream, stru
char *pcCurElemData = NULL;
char *pcCurExtItem = NULL;
char acBuffer[8192] = {0};
- int iCurExtItemLen = 0;
+ //int iCurExtItemLen; //20220318 cppcheck
int uiLength = 0;
- int iCurItemLen = 0;
+ int iCurItemLen; //20220318 cppcheck
int iCurElemLen = 0;
int iExtenLen = 0;
int iByteNum = 0;
- int iShowFlag = 0;
+ int iShowFlag;
int iLoop = 0;
st_cert_t *stSSLCert = a_ssl_stream->stSSLCert;
char* issuer_info = NULL;
@@ -916,7 +912,7 @@ UCHAR fn_pGetSSLInfo_v1(char *pcCert, int iLen, ssl_stream *a_ssl_stream, stru
while (iExtenLen > 0)
{
/*current item length*/
- iCurExtItemLen = fn_iSslDecodeTagLength(pcCurExtData, iExtenLen, &iByteNum);
+ int iCurExtItemLen = fn_iSslDecodeTagLength(pcCurExtData, iExtenLen, &iByteNum);
if (iCurExtItemLen <= 0)
{
return SSL_RETURN_UNNORM;
@@ -970,8 +966,8 @@ UCHAR fn_pGetSSLInfo_v1(char *pcCert, int iLen, ssl_stream *a_ssl_stream, stru
/*get the last piece*/
pcCurElemData = pcCurExtItem;
iCurElemLen = uiLength;
- pcCurExtItem += uiLength;
- iCurExtItemLen -= uiLength;
+ //pcCurExtItem += uiLength; //20220318 cppcheck
+ //iCurExtItemLen -= uiLength; //20220318 cppcheck
/*DNS name*/
if((char)0x82 == pcCurElemData[0])
{
@@ -1002,7 +998,7 @@ UCHAR fn_pGetSSLInfo_v1(char *pcCert, int iLen, ssl_stream *a_ssl_stream, stru
}
pcCurExtData = pcCurData + iByteNum + 1;
iExtenLen = uiLength;
- pcCurData += (iByteNum + 1 + uiLength);
+ //pcCurData += (iByteNum + 1 + uiLength); //20220318 cppcheck
iUnAnalyseLen -= (iByteNum + 1 + uiLength);
if (iUnAnalyseLen <= 0)
{
@@ -1028,7 +1024,7 @@ UCHAR fn_pGetSSLInfo_v1(char *pcCert, int iLen, ssl_stream *a_ssl_stream, stru
memcpy(stSSLCert->SSLFPAg, pcIdString, 1 + strlen((const char *)pcIdString));
}
- pcCurExtData += uiLength;
+ //pcCurExtData += uiLength; //20220318 cppcheck
/**padding**/
/**encrypted**/
@@ -1066,136 +1062,133 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct
return SSL_RETURN_NORM;
}
- if(NULL!=x509_handle)
- {
- /*version*/
- int ver = X509_get_version(x509_handle);
- if(ver>CERT_VER_MAXNUM || ver<0) goto cert_return;
- memcpy(a_ssl_stream->stSSLCert->SSLVersion,
- g_astCertVersions[ver].pcString,
- 1 + strlen((const char *)g_astCertVersions[ver].pcString));
-
- /*serial num*/
- serial = X509_get_serialNumber(x509_handle);
- if (NULL != serial)
- {
- a_ssl_stream->stSSLCert->SSLSerialNumLen = MIN(ASN1_STRING_length(serial), sizeof(a_ssl_stream->stSSLCert->SSLSerialNum));
- memcpy(a_ssl_stream->stSSLCert->SSLSerialNum, ASN1_STRING_get0_data(serial), a_ssl_stream->stSSLCert->SSLSerialNumLen);
- }
-
- /*SSL AgID*/
- tsig_alg = X509_get0_tbs_sigalg(x509_handle);
- X509_ALGOR_get0(&salg, NULL, NULL, tsig_alg);
- OBJ_obj2txt(a_ssl_stream->stSSLCert->SSLAgID, sizeof(a_ssl_stream->stSSLCert->SSLAgID), salg, 1);
-
- /*SSL Issuer*/
- issuer = X509_get_issuer_name(x509_handle);
- if(NULL!=issuer)
- {
- X509_NAME_get_text_by_NID(issuer, NID_commonName, a_ssl_stream->stSSLCert->SSLIssuerCN, sizeof(a_ssl_stream->stSSLCert->SSLIssuerCN));
- X509_NAME_get_text_by_NID(issuer, NID_organizationName, a_ssl_stream->stSSLCert->SSLIssuerO, sizeof(a_ssl_stream->stSSLCert->SSLIssuerO));
- X509_NAME_get_text_by_NID(issuer, NID_organizationalUnitName, a_ssl_stream->stSSLCert->SSLIssuerU, sizeof(a_ssl_stream->stSSLCert->SSLIssuerU));
- X509_NAME_get_text_by_NID(issuer, NID_localityName, a_ssl_stream->stSSLCert->SSLIssuerL, sizeof(a_ssl_stream->stSSLCert->SSLIssuerL));
- X509_NAME_get_text_by_NID(issuer, NID_streetAddress, a_ssl_stream->stSSLCert->SSLIssuerS, sizeof(a_ssl_stream->stSSLCert->SSLIssuerS));
- X509_NAME_get_text_by_NID(issuer, NID_stateOrProvinceName, a_ssl_stream->stSSLCert->SSLIssuerP, sizeof(a_ssl_stream->stSSLCert->SSLIssuerP));
- X509_NAME_get_text_by_NID(issuer, NID_countryName, a_ssl_stream->stSSLCert->SSLIssuerC, sizeof(a_ssl_stream->stSSLCert->SSLIssuerC));
-
-
- snprintf(a_ssl_stream->stSSLCert->SSLIssuer,
- sizeof(a_ssl_stream->stSSLCert->SSLIssuer),
- "%s;%s;%s;%s;%s;%s;%s",
- a_ssl_stream->stSSLCert->SSLIssuerCN,
- a_ssl_stream->stSSLCert->SSLIssuerO,
- a_ssl_stream->stSSLCert->SSLIssuerU,
- a_ssl_stream->stSSLCert->SSLIssuerL,
- a_ssl_stream->stSSLCert->SSLIssuerS,
- a_ssl_stream->stSSLCert->SSLIssuerP,
- a_ssl_stream->stSSLCert->SSLIssuerC);
- }
+ /*version*/
+ int ver = X509_get_version(x509_handle);
+ if(ver>CERT_VER_MAXNUM || ver<0) goto cert_return;
+ memcpy(a_ssl_stream->stSSLCert->SSLVersion,
+ g_astCertVersions[ver].pcString,
+ 1 + strlen((const char *)g_astCertVersions[ver].pcString));
+
+ /*serial num*/
+ serial = X509_get_serialNumber(x509_handle);
+ if (NULL != serial)
+ {
+ a_ssl_stream->stSSLCert->SSLSerialNumLen = MIN(ASN1_STRING_length(serial), (int)(sizeof(a_ssl_stream->stSSLCert->SSLSerialNum)));
+ memcpy(a_ssl_stream->stSSLCert->SSLSerialNum, ASN1_STRING_get0_data(serial), a_ssl_stream->stSSLCert->SSLSerialNumLen);
+ }
- /*SSL Subject*/
- subject = X509_get_subject_name(x509_handle);
- if(NULL!=subject)
- {
- X509_NAME_get_text_by_NID(subject, NID_commonName, a_ssl_stream->stSSLCert->SSLSubCN, sizeof(a_ssl_stream->stSSLCert->SSLSubCN));
- X509_NAME_get_text_by_NID(subject, NID_organizationName, a_ssl_stream->stSSLCert->SSLSubO, sizeof(a_ssl_stream->stSSLCert->SSLSubO));
- X509_NAME_get_text_by_NID(subject, NID_countryName, a_ssl_stream->stSSLCert->SSLSubC, sizeof(a_ssl_stream->stSSLCert->SSLSubC));
-
-
- X509_NAME_get_text_by_NID(subject, NID_commonName, a_ssl_stream->stSSLCert->SSLSubCN, sizeof(a_ssl_stream->stSSLCert->SSLSubCN));
- X509_NAME_get_text_by_NID(subject, NID_organizationName, a_ssl_stream->stSSLCert->SSLSubO, sizeof(a_ssl_stream->stSSLCert->SSLSubO));
- X509_NAME_get_text_by_NID(subject, NID_organizationalUnitName, a_ssl_stream->stSSLCert->SSLSubU, sizeof(a_ssl_stream->stSSLCert->SSLSubU));
- X509_NAME_get_text_by_NID(subject, NID_localityName, a_ssl_stream->stSSLCert->SSLSubL, sizeof(a_ssl_stream->stSSLCert->SSLSubL));
- X509_NAME_get_text_by_NID(subject, NID_streetAddress, a_ssl_stream->stSSLCert->SSLSubS, sizeof(a_ssl_stream->stSSLCert->SSLSubS));
- X509_NAME_get_text_by_NID(subject, NID_stateOrProvinceName, a_ssl_stream->stSSLCert->SSLSubP, sizeof(a_ssl_stream->stSSLCert->SSLSubP));
- X509_NAME_get_text_by_NID(subject, NID_countryName, a_ssl_stream->stSSLCert->SSLSubC, sizeof(a_ssl_stream->stSSLCert->SSLSubC));
-
-
- snprintf(a_ssl_stream->stSSLCert->SSLSub,
- sizeof(a_ssl_stream->stSSLCert->SSLSub),
- "%s;%s;%s;%s;%s;%s;%s",
- a_ssl_stream->stSSLCert->SSLSubCN,
- a_ssl_stream->stSSLCert->SSLSubO,
- a_ssl_stream->stSSLCert->SSLSubU,
- a_ssl_stream->stSSLCert->SSLSubL,
- a_ssl_stream->stSSLCert->SSLSubS,
- a_ssl_stream->stSSLCert->SSLSubP,
- a_ssl_stream->stSSLCert->SSLSubC);
- }
+ /*SSL AgID*/
+ tsig_alg = X509_get0_tbs_sigalg(x509_handle);
+ X509_ALGOR_get0(&salg, NULL, NULL, tsig_alg);
+ OBJ_obj2txt(a_ssl_stream->stSSLCert->SSLAgID, sizeof(a_ssl_stream->stSSLCert->SSLAgID), salg, 1);
- /*SSL Subject keyInfo*/
- pkey = X509_get_pubkey(x509_handle);
- if(pkey!=NULL)
- {
- int pkeyLen=0;
- a_ssl_stream->stSSLCert->SSLSubKeyLen = i2d_PublicKey(pkey, NULL);;
- a_ssl_stream->stSSLCert->SSLSubKey = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stSSLCert->SSLSubKeyLen);
- pkeyLen = i2d_PublicKey(pkey, &(a_ssl_stream->stSSLCert->SSLSubKey)); //!!! point will be changed
- a_ssl_stream->stSSLCert->SSLSubKey = a_ssl_stream->stSSLCert->SSLSubKey-a_ssl_stream->stSSLCert->SSLSubKeyLen;
+ /*SSL Issuer*/
+ issuer = X509_get_issuer_name(x509_handle);
+ if(NULL!=issuer)
+ {
+ X509_NAME_get_text_by_NID(issuer, NID_commonName, a_ssl_stream->stSSLCert->SSLIssuerCN, sizeof(a_ssl_stream->stSSLCert->SSLIssuerCN));
+ X509_NAME_get_text_by_NID(issuer, NID_organizationName, a_ssl_stream->stSSLCert->SSLIssuerO, sizeof(a_ssl_stream->stSSLCert->SSLIssuerO));
+ X509_NAME_get_text_by_NID(issuer, NID_organizationalUnitName, a_ssl_stream->stSSLCert->SSLIssuerU, sizeof(a_ssl_stream->stSSLCert->SSLIssuerU));
+ X509_NAME_get_text_by_NID(issuer, NID_localityName, a_ssl_stream->stSSLCert->SSLIssuerL, sizeof(a_ssl_stream->stSSLCert->SSLIssuerL));
+ X509_NAME_get_text_by_NID(issuer, NID_streetAddress, a_ssl_stream->stSSLCert->SSLIssuerS, sizeof(a_ssl_stream->stSSLCert->SSLIssuerS));
+ X509_NAME_get_text_by_NID(issuer, NID_stateOrProvinceName, a_ssl_stream->stSSLCert->SSLIssuerP, sizeof(a_ssl_stream->stSSLCert->SSLIssuerP));
+ X509_NAME_get_text_by_NID(issuer, NID_countryName, a_ssl_stream->stSSLCert->SSLIssuerC, sizeof(a_ssl_stream->stSSLCert->SSLIssuerC));
+
+
+ snprintf(a_ssl_stream->stSSLCert->SSLIssuer,
+ sizeof(a_ssl_stream->stSSLCert->SSLIssuer),
+ "%s;%s;%s;%s;%s;%s;%s",
+ a_ssl_stream->stSSLCert->SSLIssuerCN,
+ a_ssl_stream->stSSLCert->SSLIssuerO,
+ a_ssl_stream->stSSLCert->SSLIssuerU,
+ a_ssl_stream->stSSLCert->SSLIssuerL,
+ a_ssl_stream->stSSLCert->SSLIssuerS,
+ a_ssl_stream->stSSLCert->SSLIssuerP,
+ a_ssl_stream->stSSLCert->SSLIssuerC);
+ }
+
+ /*SSL Subject*/
+ subject = X509_get_subject_name(x509_handle);
+ if(NULL!=subject)
+ {
+ X509_NAME_get_text_by_NID(subject, NID_commonName, a_ssl_stream->stSSLCert->SSLSubCN, sizeof(a_ssl_stream->stSSLCert->SSLSubCN));
+ X509_NAME_get_text_by_NID(subject, NID_organizationName, a_ssl_stream->stSSLCert->SSLSubO, sizeof(a_ssl_stream->stSSLCert->SSLSubO));
+ X509_NAME_get_text_by_NID(subject, NID_countryName, a_ssl_stream->stSSLCert->SSLSubC, sizeof(a_ssl_stream->stSSLCert->SSLSubC));
+
+
+ X509_NAME_get_text_by_NID(subject, NID_commonName, a_ssl_stream->stSSLCert->SSLSubCN, sizeof(a_ssl_stream->stSSLCert->SSLSubCN));
+ X509_NAME_get_text_by_NID(subject, NID_organizationName, a_ssl_stream->stSSLCert->SSLSubO, sizeof(a_ssl_stream->stSSLCert->SSLSubO));
+ X509_NAME_get_text_by_NID(subject, NID_organizationalUnitName, a_ssl_stream->stSSLCert->SSLSubU, sizeof(a_ssl_stream->stSSLCert->SSLSubU));
+ X509_NAME_get_text_by_NID(subject, NID_localityName, a_ssl_stream->stSSLCert->SSLSubL, sizeof(a_ssl_stream->stSSLCert->SSLSubL));
+ X509_NAME_get_text_by_NID(subject, NID_streetAddress, a_ssl_stream->stSSLCert->SSLSubS, sizeof(a_ssl_stream->stSSLCert->SSLSubS));
+ X509_NAME_get_text_by_NID(subject, NID_stateOrProvinceName, a_ssl_stream->stSSLCert->SSLSubP, sizeof(a_ssl_stream->stSSLCert->SSLSubP));
+ X509_NAME_get_text_by_NID(subject, NID_countryName, a_ssl_stream->stSSLCert->SSLSubC, sizeof(a_ssl_stream->stSSLCert->SSLSubC));
+
+
+ snprintf(a_ssl_stream->stSSLCert->SSLSub,
+ sizeof(a_ssl_stream->stSSLCert->SSLSub),
+ "%s;%s;%s;%s;%s;%s;%s",
+ a_ssl_stream->stSSLCert->SSLSubCN,
+ a_ssl_stream->stSSLCert->SSLSubO,
+ a_ssl_stream->stSSLCert->SSLSubU,
+ a_ssl_stream->stSSLCert->SSLSubL,
+ a_ssl_stream->stSSLCert->SSLSubS,
+ a_ssl_stream->stSSLCert->SSLSubP,
+ a_ssl_stream->stSSLCert->SSLSubC);
+ }
+
+ /*SSL Subject keyInfo*/
+ pkey = X509_get_pubkey(x509_handle);
+ if(pkey!=NULL)
+ {
+ a_ssl_stream->stSSLCert->SSLSubKeyLen = i2d_PublicKey(pkey, NULL);;
+ a_ssl_stream->stSSLCert->SSLSubKey = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stSSLCert->SSLSubKeyLen);
+ i2d_PublicKey(pkey, &(a_ssl_stream->stSSLCert->SSLSubKey)); //!!! point will be changed
+ a_ssl_stream->stSSLCert->SSLSubKey = a_ssl_stream->stSSLCert->SSLSubKey-a_ssl_stream->stSSLCert->SSLSubKeyLen;
+
+ EVP_PKEY_free(pkey);
+ }
+
+ /*validity*/
+ start = X509_get_notBefore(x509_handle);
+ end = X509_get_notAfter(x509_handle);
+ sprintf(a_ssl_stream->stSSLCert->SSLFrom, "%s", start->data);
+ sprintf(a_ssl_stream->stSSLCert->SSLTo, "%s", end->data);
+
+ /*subject bak*/
+ subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL);
+ if(!subjectAltNames) goto cert_return;
+ cnt = sk_GENERAL_NAME_num(subjectAltNames);
+ if(cnt>0)
+ {
+ a_ssl_stream->stSSLCert->SSLSubAltName = (st_san_t*)dictator_malloc(thread_seq, sizeof(st_san_t));
+ a_ssl_stream->stSSLCert->SSLSubAltName->san_array = (san_t*)dictator_malloc(thread_seq, cnt*sizeof(san_t));
+ memset(a_ssl_stream->stSSLCert->SSLSubAltName->san_array,0,cnt*sizeof(san_t));
+ a_ssl_stream->stSSLCert->SSLSubAltName->count = 0;
+ for (i = 0; i < cnt; i++)
+ {
+ generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
+ if(!generalName) goto cert_return;
+ if(GEN_DNS == generalName->type)
+ {
+ san_name = (ASN1_STRING*)GENERAL_NAME_get0_value(generalName, NULL);
+ if(ASN1_STRING_length(san_name)>0)
+ {
+ san = (char*)ASN1_STRING_get0_data(san_name);
+ snprintf(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san,
+ sizeof(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san),
+ "%s",
+ san);
+ a_ssl_stream->stSSLCert->SSLSubAltName->count++;
+ }
+ }
+ }
+ }
+ if(subjectAltNames)
+ {
+ GENERAL_NAMES_free(subjectAltNames);
+ }
- EVP_PKEY_free(pkey);
- }
-
- /*validity*/
- start = X509_get_notBefore(x509_handle);
- end = X509_get_notAfter(x509_handle);
- sprintf(a_ssl_stream->stSSLCert->SSLFrom, "%s", start->data);
- sprintf(a_ssl_stream->stSSLCert->SSLTo, "%s", end->data);
-
- /*subject bak*/
- subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL);
- if(!subjectAltNames) goto cert_return;
- cnt = sk_GENERAL_NAME_num(subjectAltNames);
- if(cnt>0)
- {
- a_ssl_stream->stSSLCert->SSLSubAltName = (st_san_t*)dictator_malloc(thread_seq, sizeof(st_san_t));
- a_ssl_stream->stSSLCert->SSLSubAltName->san_array = (san_t*)dictator_malloc(thread_seq, cnt*sizeof(san_t));
- memset(a_ssl_stream->stSSLCert->SSLSubAltName->san_array,0,cnt*sizeof(san_t));
- a_ssl_stream->stSSLCert->SSLSubAltName->count = 0;
- for (i = 0; i < cnt; i++)
- {
- generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
- if(!generalName) goto cert_return;
- if(GEN_DNS == generalName->type)
- {
- san_name = (ASN1_STRING*)GENERAL_NAME_get0_value(generalName, NULL);
- if(ASN1_STRING_length(san_name)>0)
- {
- san = (char*)ASN1_STRING_get0_data(san_name);
- snprintf(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san,
- sizeof(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san),
- "%s",
- san);
- a_ssl_stream->stSSLCert->SSLSubAltName->count++;
- }
- }
- }
- }
- if(subjectAltNames)
- {
- GENERAL_NAMES_free(subjectAltNames);
- }
- }
cert_return:
if (x509_handle != NULL)
diff --git a/src/SSL_Message.c b/src/SSL_Message.c
index c4942f8..77969a8 100644
--- a/src/SSL_Message.c
+++ b/src/SSL_Message.c
@@ -1,4 +1,4 @@
-
+
#include "SSL_Analyze.h"
#include "ssl.h"
#include "SSL_Message.h"
@@ -6,22 +6,23 @@
#include "SSL_Common.h"
#include "SSL_Certificate.h"
-extern ssl_prog_runtime_parameter_t g_ssl_prog_para;
+extern ssl_prog_runtime_parameter_t g_ssl_prog_para;
extern stSerialString_t g_astCipherSuit;
const stSerialString_t g_astCompression[] =
-{
- {{0}, NULL},
+ {
+ {{0}, NULL},
};
-const char* ssl_get_suite(st_suites_t* ciphersuites)
+const char *ssl_get_suite(st_suites_t *ciphersuites)
{
- if(ciphersuites==NULL) return NULL;
- return fn_pcGetSuite((unsigned char *)ciphersuites->suites_value, ciphersuites->suites_len, (stSerialString_t*)&g_astCipherSuit);
+ if (ciphersuites == NULL)
+ return NULL;
+ return fn_pcGetSuite((unsigned char *)ciphersuites->suites_value, ciphersuites->suites_len, (stSerialString_t *)&g_astCipherSuit);
}
unsigned short ssl_getHelloVersion(unsigned char *pcData, unsigned int iDataLen)
-{
+{
if (CLIENT_HELLO != pcData[0] && SERVER_HELLO != pcData[0])
{
return 0;
@@ -65,30 +66,27 @@ unsigned short ssl_getHelloVersion(unsigned char *pcData, unsigned int iDataLen)
return 0;
}
-
-
-
int fn_iIsHandShakeMsg(unsigned char ucMsgType)
{
- switch (ucMsgType)
- {
-// case HELLO_REQUEST:
- case CLIENT_HELLO:
- case SERVER_HELLO:
- case CERTIFICATE:
- case NEW_SESSION_TICKET:
-// case SERVER_KEY_EXCHANGE:
-// case CERTIFICATE_REQUEST:
-// case SERVER_HELLO_DONE:
-// case CERTIFICATE_VERIFY:
-// case CLIENT_KEY_EXCHANGE:
-// case FINISHED:
- return 1;
- break;
- default:
- return 0;
- break;
- }
+ switch (ucMsgType)
+ {
+ // case HELLO_REQUEST:
+ case CLIENT_HELLO:
+ case SERVER_HELLO:
+ case CERTIFICATE:
+ case NEW_SESSION_TICKET:
+ // case SERVER_KEY_EXCHANGE:
+ // case CERTIFICATE_REQUEST:
+ // case SERVER_HELLO_DONE:
+ // case CERTIFICATE_VERIFY:
+ // case CLIENT_KEY_EXCHANGE:
+ // case FINISHED:
+ return 1;
+ break;
+ default:
+ return 0;
+ break;
+ }
}
/*
@@ -96,121 +94,125 @@ Function: analyse ssl hand shake msgs
Note: if one msg is trunked, just wait
return : SSL_RETURN_UNNORM : error ; SSL_RETURN_DROPME/KILLME; business return_value
*/
-UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int * res, ssl_stream *a_ssl_stream, struct streaminfo* a_tcp,
- unsigned long long region_flag, int thread_seq, void* a_packet)
+UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
+ unsigned long long region_flag, int thread_seq, void *a_packet)
{
- /**variable define and initialise**/
- int iSslDataLen = 0;
- char* pcCurSslData = pcSslData;
- int iUnAnalyseLen = 0;
- int iUnAnaCertLen = 0;
- int iUnAnaHelloLen = 0;
- UCHAR return_val = SSL_RETURN_NORM;
- stHandShakeTypeHdr_t* pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)pcSslData;
-
- iSslDataLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
- iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
-
+ /**variable define and initialise**/
+ int iSslDataLen = 0;
+ char *pcCurSslData=NULL;
+ int iUnAnalyseLen;
+ int iUnAnaCertLen;
+ int iUnAnaHelloLen;
+ UCHAR return_val;
+ stHandShakeTypeHdr_t *pstHandShakeTypeHdr = NULL;
+
+ iSslDataLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
+ iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
+
while (iUnAnalyseLen > 0)
- {
-
- //20150324
+ {
+
+ // 20150324
pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)pcSslData;
- pcCurSslData = pcSslData;
- /**analyse certification**/
+ pcCurSslData = pcSslData;
+ /**analyse certification**/
if (CERTIFICATE == pstHandShakeTypeHdr->ucContType)
{
- if(iUnAnalyseLen<CERTIFICATE_HDRLEN)
+ if (iUnAnalyseLen < CERTIFICATE_HDRLEN)
{
- /**packet trunked**/
+ /**packet trunked**/
break;
}
-
- if(a_ssl_stream->stSSLCert==NULL)
+
+ if (a_ssl_stream->stSSLCert == NULL)
{
- a_ssl_stream->stSSLCert = (st_cert_t*)dictator_malloc(thread_seq,sizeof(st_cert_t));
- //memset(a_ssl_stream->stSSLCert, 0, sizeof(a_ssl_stream->stSSLCert));
- }
- memset(a_ssl_stream->stSSLCert,0,sizeof(st_cert_t));
+ a_ssl_stream->stSSLCert = (st_cert_t *)dictator_malloc(thread_seq, sizeof(st_cert_t));
+ // memset(a_ssl_stream->stSSLCert, 0, sizeof(a_ssl_stream->stSSLCert));
+ }
+ memset(a_ssl_stream->stSSLCert, 0, sizeof(st_cert_t));
a_ssl_stream->stSSLCert->totallen = BtoL3BytesNum((char *)(pcCurSslData + 4));
- if(a_ssl_stream->stSSLCert->totallen<0) return SSL_RETURN_DROPME;
+ if (a_ssl_stream->stSSLCert->totallen < 0)
+ return SSL_RETURN_DROPME;
/*7 means cert_type+len*/
- if (a_ssl_stream->stSSLCert->totallen + 7> iUnAnalyseLen)
+ if (a_ssl_stream->stSSLCert->totallen + 7 > iUnAnalyseLen)
{
/**packet trunked**/
break;
}
-
- /*2 means version*/
+
+ /*2 means version*/
pcCurSslData += CERTIFICATE_HDRLEN;
- iUnAnaCertLen = iUnAnalyseLen-CERTIFICATE_HDRLEN;
-
- if(g_ssl_prog_para.ssl_interested_region_flag&SSL_CERTIFICATE)
- {
+ iUnAnaCertLen = iUnAnalyseLen - CERTIFICATE_HDRLEN;
+
+ if (g_ssl_prog_para.ssl_interested_region_flag & SSL_CERTIFICATE)
+ {
a_ssl_stream->p_output_buffer->p_data = pcCurSslData;
- a_ssl_stream->p_output_buffer->data_size = iUnAnaCertLen;
+ a_ssl_stream->p_output_buffer->data_size = iUnAnaCertLen;
a_ssl_stream->output_region_mask = SSL_CERTIFICATE_MASK;
return_val = ssl_doWithCertificate(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
a_ssl_stream->p_output_buffer->p_data = NULL;
a_ssl_stream->p_output_buffer->data_size = 0;
- if(SSL_RETURN_NORM != return_val) return return_val;
- }
- if(g_ssl_prog_para.ssl_interested_region_flag&SSL_CERTIFICATE_DETAIL)
- {
- return_val = ssl_AnalyseCertificate(pcCurSslData,iUnAnaCertLen, a_ssl_stream, a_tcp,region_flag,thread_seq, a_packet);
- if(SSL_RETURN_NORM != return_val) return return_val;
- }
- iUnAnalyseLen -= (a_ssl_stream->stSSLCert->totallen +7);
- pcSslData += (a_ssl_stream->stSSLCert->totallen +7);
+ if (SSL_RETURN_NORM != return_val)
+ return return_val;
+ }
+ if (g_ssl_prog_para.ssl_interested_region_flag & SSL_CERTIFICATE_DETAIL)
+ {
+ return_val = ssl_AnalyseCertificate(pcCurSslData, iUnAnaCertLen, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
+ if (SSL_RETURN_NORM != return_val)
+ return return_val;
+ }
+ iUnAnalyseLen -= (a_ssl_stream->stSSLCert->totallen + 7);
+ pcSslData += (a_ssl_stream->stSSLCert->totallen + 7);
}
/**analyse client_hello**/
else if (CLIENT_HELLO == pstHandShakeTypeHdr->ucContType)
{
- if(iUnAnalyseLen<CLIENT_HELLO_HDRLEN)
+ if (iUnAnalyseLen < CLIENT_HELLO_HDRLEN)
{
break;
}
- if(a_ssl_stream->stClientHello==NULL)
+ if (a_ssl_stream->stClientHello == NULL)
{
- a_ssl_stream->stClientHello = (st_client_hello_t*)dictator_malloc(thread_seq,sizeof(st_client_hello_t));
+ a_ssl_stream->stClientHello = (st_client_hello_t *)dictator_malloc(thread_seq, sizeof(st_client_hello_t));
memset(a_ssl_stream->stClientHello, 0, sizeof(st_client_hello_t));
ssl_initStructClientHello(a_ssl_stream->stClientHello);
}
-
- a_ssl_stream->stClientHello->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
- if(a_ssl_stream->stClientHello->totallen<0) return SSL_RETURN_DROPME;
-
+
+ a_ssl_stream->stClientHello->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
+ if (a_ssl_stream->stClientHello->totallen < 0)
+ return SSL_RETURN_DROPME;
+
/*4 means client_type+len*/
- if (a_ssl_stream->stClientHello->totallen+CLIENT_HELLO_HDRLEN > iUnAnalyseLen)
+ if (a_ssl_stream->stClientHello->totallen + CLIENT_HELLO_HDRLEN > iUnAnalyseLen)
{
/**packet trunked**/
break;
- }
- if(0==(a_ssl_stream->stClientHello->client_ver = ssl_getHelloVersion((unsigned char*)pcCurSslData, iUnAnalyseLen)))
+ }
+ if (0 == (a_ssl_stream->stClientHello->client_ver = ssl_getHelloVersion((unsigned char *)pcCurSslData, iUnAnalyseLen)))
{
return SSL_RETURN_DROPME;
}
-
- iUnAnaHelloLen = a_ssl_stream->stClientHello->totallen-sizeof(a_ssl_stream->stClientHello->client_ver);
- if(iUnAnaHelloLen<0)
+
+ iUnAnaHelloLen = a_ssl_stream->stClientHello->totallen - sizeof(a_ssl_stream->stClientHello->client_ver);
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
- pcCurSslData += CLIENT_HELLO_HDRLEN+sizeof(a_ssl_stream->stClientHello->client_ver);
-
+ pcCurSslData += CLIENT_HELLO_HDRLEN + sizeof(a_ssl_stream->stClientHello->client_ver);
+
/*get client hello random*/
a_ssl_stream->stClientHello->random.gmt_time = (unsigned int)BtoL4BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stClientHello->random.gmt_time);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->random.gmt_time);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
memcpy(a_ssl_stream->stClientHello->random.random_bytes, pcCurSslData, sizeof(a_ssl_stream->stClientHello->random.random_bytes));
pcCurSslData += sizeof(a_ssl_stream->stClientHello->random.random_bytes);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->random.random_bytes);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
@@ -219,21 +221,21 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseL
a_ssl_stream->stClientHello->session.session_len = (unsigned char)BtoL1BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stClientHello->session.session_len);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->session.session_len);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stClientHello->session.session_len>iUnAnaHelloLen)
+ if (a_ssl_stream->stClientHello->session.session_len > iUnAnaHelloLen)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stClientHello->session.session_len!=0)
+ if (a_ssl_stream->stClientHello->session.session_len != 0)
{
- a_ssl_stream->stClientHello->session.session_value = (unsigned char *)dictator_malloc(thread_seq,a_ssl_stream->stClientHello->session.session_len);
+ a_ssl_stream->stClientHello->session.session_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->session.session_len);
memcpy(a_ssl_stream->stClientHello->session.session_value, pcCurSslData, a_ssl_stream->stClientHello->session.session_len);
pcCurSslData += a_ssl_stream->stClientHello->session.session_len;
iUnAnaHelloLen -= a_ssl_stream->stClientHello->session.session_len;
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
@@ -243,45 +245,45 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseL
a_ssl_stream->stClientHello->ciphersuites.suites_len = (unsigned short)BtoL2BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stClientHello->ciphersuites.suites_len);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->ciphersuites.suites_len);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stClientHello->ciphersuites.suites_len>iUnAnaHelloLen)
+ if (a_ssl_stream->stClientHello->ciphersuites.suites_len > iUnAnaHelloLen)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stClientHello->ciphersuites.suites_len!=0)
+ if (a_ssl_stream->stClientHello->ciphersuites.suites_len != 0)
{
- a_ssl_stream->stClientHello->ciphersuites.suites_value = (unsigned char *)dictator_malloc(thread_seq,a_ssl_stream->stClientHello->ciphersuites.suites_len);
+ a_ssl_stream->stClientHello->ciphersuites.suites_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->ciphersuites.suites_len);
memcpy(a_ssl_stream->stClientHello->ciphersuites.suites_value, pcCurSslData, a_ssl_stream->stClientHello->ciphersuites.suites_len);
pcCurSslData += a_ssl_stream->stClientHello->ciphersuites.suites_len;
iUnAnaHelloLen -= a_ssl_stream->stClientHello->ciphersuites.suites_len;
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
- }
+ }
/*get client hello compress*/
a_ssl_stream->stClientHello->com_method.methlen = (unsigned short)BtoL1BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stClientHello->com_method.methlen);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->com_method.methlen);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stClientHello->com_method.methlen>iUnAnaHelloLen)
+ if (a_ssl_stream->stClientHello->com_method.methlen > iUnAnaHelloLen)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stClientHello->com_method.methlen!=0)
+ if (a_ssl_stream->stClientHello->com_method.methlen != 0)
{
- a_ssl_stream->stClientHello->com_method.methods = (unsigned char *)dictator_malloc(thread_seq,a_ssl_stream->stClientHello->com_method.methlen);
+ a_ssl_stream->stClientHello->com_method.methods = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->com_method.methlen);
memcpy(a_ssl_stream->stClientHello->com_method.methods, pcCurSslData, a_ssl_stream->stClientHello->com_method.methlen);
pcCurSslData += a_ssl_stream->stClientHello->com_method.methlen;
iUnAnaHelloLen -= a_ssl_stream->stClientHello->com_method.methlen;
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
@@ -290,113 +292,115 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseL
/*get extension*/
a_ssl_stream->stClientHello->extlen = (unsigned short)BtoL2BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stClientHello->extlen);
-
- int i=0;
- for(i=0; iUnAnaHelloLen>=4 && i<MAX_EXTENSION_NUM; i++)//min len of ext is 4 byte
+
+ int i = 0;
+ for (i = 0; iUnAnaHelloLen >= 4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte
{
-
+
a_ssl_stream->stClientHello->exts[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].type);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].type);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
-
+
a_ssl_stream->stClientHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stClientHello->exts[i].len);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stClientHello->exts[i].len);
- if(iUnAnaHelloLen<0 || a_ssl_stream->stClientHello->exts[i].len>iUnAnaHelloLen)
+ if (iUnAnaHelloLen < 0 || a_ssl_stream->stClientHello->exts[i].len > iUnAnaHelloLen)
{
return SSL_RETURN_DROPME;
- }
+ }
a_ssl_stream->stClientHello->exts[i].data = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stClientHello->exts[i].len);
- memcpy(a_ssl_stream->stClientHello->exts[i].data, pcCurSslData, a_ssl_stream->stClientHello->exts[i].len); //get ext data
+ memcpy(a_ssl_stream->stClientHello->exts[i].data, pcCurSslData, a_ssl_stream->stClientHello->exts[i].len); // get ext data
pcCurSslData += a_ssl_stream->stClientHello->exts[i].len;
- iUnAnaHelloLen -= a_ssl_stream->stClientHello->exts[i].len;
+ iUnAnaHelloLen -= a_ssl_stream->stClientHello->exts[i].len;
}
a_ssl_stream->stClientHello->ext_num = i;
- //printf("ext_num: %d\n", a_ssl_stream->stClientHello->ext_num);
+ // printf("ext_num: %d\n", a_ssl_stream->stClientHello->ext_num);
return_val = ssl_doWithClientHello(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- //20141121
- for(int j=0;j<a_ssl_stream->stClientHello->ext_num;j++)
+ // 20141121
+ for (int j = 0; j < a_ssl_stream->stClientHello->ext_num; j++)
{
- if(a_ssl_stream->stClientHello->exts[j].data!=NULL)
+ if (a_ssl_stream->stClientHello->exts[j].data != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stClientHello->exts[j].data);
+ dictator_free(thread_seq, a_ssl_stream->stClientHello->exts[j].data);
a_ssl_stream->stClientHello->exts[j].data = NULL;
}
}
a_ssl_stream->stClientHello->ext_num = 0;
a_ssl_stream->stClientHello->session_ticket.ticket = NULL;
- if(a_ssl_stream->stClientHello->session.session_value!=NULL)
+ if (a_ssl_stream->stClientHello->session.session_value != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stClientHello->session.session_value);
+ dictator_free(thread_seq, a_ssl_stream->stClientHello->session.session_value);
a_ssl_stream->stClientHello->session.session_value = NULL;
}
- if(a_ssl_stream->stClientHello->ciphersuites.suites_value!=NULL)
+ if (a_ssl_stream->stClientHello->ciphersuites.suites_value != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stClientHello->ciphersuites.suites_value);
+ dictator_free(thread_seq, a_ssl_stream->stClientHello->ciphersuites.suites_value);
a_ssl_stream->stClientHello->ciphersuites.suites_value = NULL;
}
- if(a_ssl_stream->stClientHello->com_method.methods!=NULL)
+ if (a_ssl_stream->stClientHello->com_method.methods != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stClientHello->com_method.methods);
+ dictator_free(thread_seq, a_ssl_stream->stClientHello->com_method.methods);
a_ssl_stream->stClientHello->com_method.methods = NULL;
}
-
- if(SSL_RETURN_NORM != return_val) return return_val;
- iUnAnalyseLen -= (a_ssl_stream->stClientHello->totallen + CLIENT_HELLO_HDRLEN);
+
+ if (SSL_RETURN_NORM != return_val)
+ return return_val;
+ iUnAnalyseLen -= (a_ssl_stream->stClientHello->totallen + CLIENT_HELLO_HDRLEN);
pcSslData += (a_ssl_stream->stClientHello->totallen + CLIENT_HELLO_HDRLEN);
}
- /**analyse server_hello**/
- else if (SERVER_HELLO == pstHandShakeTypeHdr->ucContType)
- {
- if(iUnAnalyseLen<SERVER_HELLO_HDRLEN)
+ /**analyse server_hello**/
+ else if (SERVER_HELLO == pstHandShakeTypeHdr->ucContType)
+ {
+ if (iUnAnalyseLen < SERVER_HELLO_HDRLEN)
{
break;
- }
- if(a_ssl_stream->stServerHello==NULL)
+ }
+ if (a_ssl_stream->stServerHello == NULL)
{
- a_ssl_stream->stServerHello = (st_server_hello_t*)dictator_malloc(thread_seq,sizeof(st_server_hello_t));
- memset(a_ssl_stream->stServerHello, 0, sizeof(st_server_hello_t));
+ a_ssl_stream->stServerHello = (st_server_hello_t *)dictator_malloc(thread_seq, sizeof(st_server_hello_t));
+ memset(a_ssl_stream->stServerHello, 0, sizeof(st_server_hello_t));
ssl_initStructServerHello(a_ssl_stream->stServerHello);
}
- a_ssl_stream->stServerHello->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
- if(a_ssl_stream->stServerHello->totallen<0) return SSL_RETURN_DROPME;
-
+ a_ssl_stream->stServerHello->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
+ if (a_ssl_stream->stServerHello->totallen < 0)
+ return SSL_RETURN_DROPME;
+
/*4 means client_type+len*/
- if (a_ssl_stream->stServerHello->totallen+SERVER_HELLO_HDRLEN > iUnAnalyseLen)
+ if (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN > iUnAnalyseLen)
{
/**packet trunked**/
break;
- }
- if(0==(a_ssl_stream->stServerHello->server_ver = ssl_getHelloVersion((unsigned char*)pcCurSslData, iUnAnalyseLen)))
+ }
+ if (0 == (a_ssl_stream->stServerHello->server_ver = ssl_getHelloVersion((unsigned char *)pcCurSslData, iUnAnalyseLen)))
{
return SSL_RETURN_DROPME;
}
-
- iUnAnaHelloLen = a_ssl_stream->stServerHello->totallen-sizeof(a_ssl_stream->stServerHello->server_ver);
- if(iUnAnaHelloLen<0)
+
+ iUnAnaHelloLen = a_ssl_stream->stServerHello->totallen - sizeof(a_ssl_stream->stServerHello->server_ver);
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
- pcCurSslData += SERVER_HELLO_HDRLEN+sizeof(a_ssl_stream->stServerHello->server_ver);
-
+ pcCurSslData += SERVER_HELLO_HDRLEN + sizeof(a_ssl_stream->stServerHello->server_ver);
+
/*get server hello random*/
a_ssl_stream->stServerHello->random.gmt_time = (unsigned int)BtoL4BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stServerHello->random.gmt_time);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->random.gmt_time);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
memcpy(a_ssl_stream->stServerHello->random.random_bytes, pcCurSslData, sizeof(a_ssl_stream->stServerHello->random.random_bytes));
pcCurSslData += sizeof(a_ssl_stream->stServerHello->random.random_bytes);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->random.random_bytes);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
@@ -405,21 +409,21 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseL
a_ssl_stream->stServerHello->session.session_len = (unsigned char)BtoL1BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stServerHello->session.session_len);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->session.session_len);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stServerHello->session.session_len>iUnAnaHelloLen)
+ if (a_ssl_stream->stServerHello->session.session_len > iUnAnaHelloLen)
{
return SSL_RETURN_DROPME;
}
- if(a_ssl_stream->stServerHello->session.session_len!=0)
+ if (a_ssl_stream->stServerHello->session.session_len != 0)
{
- a_ssl_stream->stServerHello->session.session_value = (unsigned char *)dictator_malloc(thread_seq,a_ssl_stream->stServerHello->session.session_len);
+ a_ssl_stream->stServerHello->session.session_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->session.session_len);
memcpy(a_ssl_stream->stServerHello->session.session_value, pcCurSslData, a_ssl_stream->stServerHello->session.session_len);
pcCurSslData += a_ssl_stream->stServerHello->session.session_len;
iUnAnaHelloLen -= a_ssl_stream->stServerHello->session.session_len;
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
@@ -427,14 +431,14 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseL
/*get server hello suites*/
a_ssl_stream->stServerHello->ciphersuites.suites_len = 2;
- a_ssl_stream->stServerHello->ciphersuites.suites_value = (unsigned char *)dictator_malloc(thread_seq,a_ssl_stream->stServerHello->ciphersuites.suites_len);
+ a_ssl_stream->stServerHello->ciphersuites.suites_value = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->ciphersuites.suites_len);
memcpy(a_ssl_stream->stServerHello->ciphersuites.suites_value, pcCurSslData, a_ssl_stream->stServerHello->ciphersuites.suites_len);
pcCurSslData += a_ssl_stream->stServerHello->ciphersuites.suites_len;
- iUnAnaHelloLen -= a_ssl_stream->stServerHello->ciphersuites.suites_len;
- if(iUnAnaHelloLen<0)
+ iUnAnaHelloLen -= a_ssl_stream->stServerHello->ciphersuites.suites_len;
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
- }
+ }
/*get server hello compress*/
/*
@@ -446,109 +450,109 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseL
return SSL_RETURN_DROPME;
}
*/
- /*20160906 methlenֻռһ���ֽ�*/
+ /*20160906 methlenֻռһ���ֽ�*/
a_ssl_stream->stServerHello->com_method.methlen = 1;
- if(a_ssl_stream->stServerHello->com_method.methlen!=0)
+ a_ssl_stream->stServerHello->com_method.methods = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->com_method.methlen);
+ memcpy(a_ssl_stream->stServerHello->com_method.methods, pcCurSslData, a_ssl_stream->stServerHello->com_method.methlen);
+ pcCurSslData += a_ssl_stream->stServerHello->com_method.methlen;
+ iUnAnaHelloLen -= a_ssl_stream->stServerHello->com_method.methlen;
+ if (iUnAnaHelloLen < 0)
{
- a_ssl_stream->stServerHello->com_method.methods = (unsigned char *)dictator_malloc(thread_seq,a_ssl_stream->stServerHello->com_method.methlen);
- memcpy(a_ssl_stream->stServerHello->com_method.methods, pcCurSslData, a_ssl_stream->stServerHello->com_method.methlen);
- pcCurSslData += a_ssl_stream->stServerHello->com_method.methlen;
- iUnAnaHelloLen -= a_ssl_stream->stServerHello->com_method.methlen;
- if(iUnAnaHelloLen<0)
- {
- return SSL_RETURN_DROPME;
- }
- }
+ return SSL_RETURN_DROPME;
+ }
+
/*get extension*/
a_ssl_stream->stServerHello->extlen = (unsigned short)BtoL2BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stServerHello->extlen);
-
- int i=0;
- for(i=0; iUnAnaHelloLen>=4 && i<MAX_EXTENSION_NUM; i++)//min len of ext is 4 byte
+
+ int i = 0;
+ for (i = 0; iUnAnaHelloLen >= 4 && i < MAX_EXTENSION_NUM; i++) // min len of ext is 4 byte
{
a_ssl_stream->stServerHello->exts[i].type = (unsigned short)BtoL2BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stServerHello->exts[i].type);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->exts[i].type);
- if(iUnAnaHelloLen<0)
+ if (iUnAnaHelloLen < 0)
{
return SSL_RETURN_DROPME;
}
-
+
a_ssl_stream->stServerHello->exts[i].len = (unsigned short)BtoL2BytesNum(pcCurSslData);
pcCurSslData += sizeof(a_ssl_stream->stServerHello->exts[i].len);
iUnAnaHelloLen -= sizeof(a_ssl_stream->stServerHello->exts[i].len);
- if(iUnAnaHelloLen<0 || a_ssl_stream->stServerHello->exts[i].len>iUnAnaHelloLen)
+ if (iUnAnaHelloLen < 0 || a_ssl_stream->stServerHello->exts[i].len > iUnAnaHelloLen)
{
return SSL_RETURN_DROPME;
}
a_ssl_stream->stServerHello->exts[i].data = (unsigned char *)dictator_malloc(thread_seq, a_ssl_stream->stServerHello->exts[i].len);
- memcpy(a_ssl_stream->stServerHello->exts[i].data, pcCurSslData, a_ssl_stream->stServerHello->exts[i].len); //get ext data
+ memcpy(a_ssl_stream->stServerHello->exts[i].data, pcCurSslData, a_ssl_stream->stServerHello->exts[i].len); // get ext data
pcCurSslData += a_ssl_stream->stServerHello->exts[i].len;
- iUnAnaHelloLen -= a_ssl_stream->stServerHello->exts[i].len;
+ iUnAnaHelloLen -= a_ssl_stream->stServerHello->exts[i].len;
}
- a_ssl_stream->stServerHello->ext_num = i;
+ a_ssl_stream->stServerHello->ext_num = i;
- for(int j=0;j<a_ssl_stream->stServerHello->ext_num;j++)
+ for (int j = 0; j < a_ssl_stream->stServerHello->ext_num; j++)
{
- if(a_ssl_stream->stServerHello->exts[j].data!=NULL)
+ if (a_ssl_stream->stServerHello->exts[j].data != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stServerHello->exts[j].data);
+ dictator_free(thread_seq, a_ssl_stream->stServerHello->exts[j].data);
a_ssl_stream->stServerHello->exts[j].data = NULL;
}
}
- a_ssl_stream->stServerHello->ext_num = 0;
-
+ a_ssl_stream->stServerHello->ext_num = 0;
+
return_val = ssl_doWithServerHello(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- //20141121
- if(a_ssl_stream->stServerHello->session.session_value!=NULL)
+ // 20141121
+ if (a_ssl_stream->stServerHello->session.session_value != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stServerHello->session.session_value);
+ dictator_free(thread_seq, a_ssl_stream->stServerHello->session.session_value);
a_ssl_stream->stServerHello->session.session_value = NULL;
}
- if(a_ssl_stream->stServerHello->ciphersuites.suites_value!=NULL)
+ if (a_ssl_stream->stServerHello->ciphersuites.suites_value != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stServerHello->ciphersuites.suites_value);
+ dictator_free(thread_seq, a_ssl_stream->stServerHello->ciphersuites.suites_value);
a_ssl_stream->stServerHello->ciphersuites.suites_value = NULL;
}
- if(a_ssl_stream->stServerHello->com_method.methods!=NULL)
+ if (a_ssl_stream->stServerHello->com_method.methods != NULL)
{
- dictator_free(thread_seq,a_ssl_stream->stServerHello->com_method.methods);
+ dictator_free(thread_seq, a_ssl_stream->stServerHello->com_method.methods);
a_ssl_stream->stServerHello->com_method.methods = NULL;
}
- if(SSL_RETURN_NORM != return_val) return return_val;
- iUnAnalyseLen -= (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN);
- pcSslData += (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN);
+ if (SSL_RETURN_NORM != return_val)
+ return return_val;
+ iUnAnalyseLen -= (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN);
+ pcSslData += (a_ssl_stream->stServerHello->totallen + SERVER_HELLO_HDRLEN);
}
- else if(NEW_SESSION_TICKET == pstHandShakeTypeHdr->ucContType)
+ else if (NEW_SESSION_TICKET == pstHandShakeTypeHdr->ucContType)
{
- if(iUnAnalyseLen<SESSION_TICKET_HDRLEN)
+ if (iUnAnalyseLen < SESSION_TICKET_HDRLEN)
{
break;
- }
- if(a_ssl_stream->stNewSessionTicket==NULL)
+ }
+ if (a_ssl_stream->stNewSessionTicket == NULL)
{
- a_ssl_stream->stNewSessionTicket = (st_new_session_ticket_t*)dictator_malloc(thread_seq,sizeof(st_new_session_ticket_t));
- memset(a_ssl_stream->stNewSessionTicket, 0, sizeof(st_new_session_ticket_t));
+ a_ssl_stream->stNewSessionTicket = (st_new_session_ticket_t *)dictator_malloc(thread_seq, sizeof(st_new_session_ticket_t));
+ memset(a_ssl_stream->stNewSessionTicket, 0, sizeof(st_new_session_ticket_t));
}
- a_ssl_stream->stNewSessionTicket->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
- if(a_ssl_stream->stNewSessionTicket->totallen<0) return SSL_RETURN_DROPME;
-
+ a_ssl_stream->stNewSessionTicket->totallen = BtoL3BytesNum((char *)(pcCurSslData + 1));
+ if (a_ssl_stream->stNewSessionTicket->totallen < 0)
+ return SSL_RETURN_DROPME;
+
/*4 means _type+len*/
- if (a_ssl_stream->stNewSessionTicket->totallen+SESSION_TICKET_HDRLEN > iUnAnalyseLen)
+ if (a_ssl_stream->stNewSessionTicket->totallen + SESSION_TICKET_HDRLEN > iUnAnalyseLen)
{
/**packet trunked**/
break;
}
pcCurSslData += SESSION_TICKET_HDRLEN;
a_ssl_stream->stNewSessionTicket->lifttime = BtoL4BytesNum((char *)(pcCurSslData));
- a_ssl_stream->stNewSessionTicket->ticket_len = BtoL2BytesNum((char *)(pcCurSslData+4));
- a_ssl_stream->stNewSessionTicket->ticket = (unsigned char*)(pcCurSslData+6);
- pcCurSslData += 6+a_ssl_stream->stNewSessionTicket->ticket_len;
- iUnAnalyseLen -= (a_ssl_stream->stNewSessionTicket->totallen + SERVER_HELLO_HDRLEN);
- pcSslData += (a_ssl_stream->stNewSessionTicket->totallen + SERVER_HELLO_HDRLEN);
- return_val = ssl_doWithNewSessionTicket(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- //printf("new session ticket:%d\n", a_ssl_stream->stNewSessionTicket->ticket_len);
+ a_ssl_stream->stNewSessionTicket->ticket_len = BtoL2BytesNum((char *)(pcCurSslData + 4));
+ a_ssl_stream->stNewSessionTicket->ticket = (unsigned char *)(pcCurSslData + 6);
+ pcCurSslData += 6 + a_ssl_stream->stNewSessionTicket->ticket_len;
+ iUnAnalyseLen -= (a_ssl_stream->stNewSessionTicket->totallen + SERVER_HELLO_HDRLEN);
+ pcSslData += (a_ssl_stream->stNewSessionTicket->totallen + SERVER_HELLO_HDRLEN);
+ ssl_doWithNewSessionTicket(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
+ // printf("new session ticket:%d\n", a_ssl_stream->stNewSessionTicket->ticket_len);
}
else
{
@@ -556,137 +560,136 @@ UCHAR ssl_analyseHandShake(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseL
}
}
- *res = (iSslDataLen - iUnAnalyseLen);
- return SSL_RETURN_NORM;
+ *res = (iSslDataLen - iUnAnalyseLen);
+ return SSL_RETURN_NORM;
}
-UCHAR ssl_analyseAppData(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo* a_tcp,
- unsigned long long region_flag, int thread_seq, void* a_packet)
+UCHAR ssl_analyseAppData(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
+ unsigned long long region_flag, int thread_seq, void *a_packet)
{
- /**variable define and initialise**/
- int return_val = SSL_RETURN_NORM;
- int iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
-
- /**validaty check**/
- if (NULL == pcSslData || iUnAnalyseLen <= 0)
- {
- *res = 0;
- return SSL_RETURN_NORM;
- }
+ /**variable define and initialise**/
+ int return_val = SSL_RETURN_NORM;
+ int iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
+
+ /**validaty check**/
+ if (NULL == pcSslData || iUnAnalyseLen <= 0)
+ {
+ *res = 0;
+ return SSL_RETURN_NORM;
+ }
a_ssl_stream->output_region_mask = SSL_APPLICATION_DATA_MASK;
a_ssl_stream->p_output_buffer->p_data = pcSslData;
a_ssl_stream->p_output_buffer->data_size = iUnAnalyseLen;
- return_val = ssl_doWithApplicationData(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
+ return_val = ssl_doWithApplicationData(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
a_ssl_stream->p_output_buffer->p_data = NULL;
a_ssl_stream->p_output_buffer->data_size = 0;
*res = iUnAnalyseLen;
- if(SSL_RETURN_NORM!= return_val) return return_val;
+ if (SSL_RETURN_NORM != return_val)
+ return return_val;
return SSL_RETURN_NORM;
}
-UCHAR ssl_analyseAlert(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo* a_tcp,
- unsigned long long region_flag, int thread_seq, void* a_packet)
+UCHAR ssl_analyseAlert(char *pcSslData, int iAllMsgLen, int iSslUnAnalyseLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
+ unsigned long long region_flag, int thread_seq, void *a_packet)
{
- /**variable define and initialise**/
- int return_val = SSL_RETURN_NORM;
- int iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
-
- /**validaty check**/
- if (NULL == pcSslData || iUnAnalyseLen <= 0)
- {
- *res = 0;
- return SSL_RETURN_NORM;
- }
+ /**variable define and initialise**/
+ int return_val = SSL_RETURN_NORM;
+ int iUnAnalyseLen = iAllMsgLen < iSslUnAnalyseLen ? iAllMsgLen : iSslUnAnalyseLen;
+
+ /**validaty check**/
+ if (NULL == pcSslData || iUnAnalyseLen <= 0)
+ {
+ *res = 0;
+ return SSL_RETURN_NORM;
+ }
a_ssl_stream->output_region_mask = SSL_ALERT_MASK;
a_ssl_stream->p_output_buffer->p_data = pcSslData;
a_ssl_stream->p_output_buffer->data_size = iUnAnalyseLen;
- return_val = ssl_doWithAlert(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
+ return_val = ssl_doWithAlert(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
a_ssl_stream->p_output_buffer->p_data = NULL;
a_ssl_stream->p_output_buffer->data_size = 0;
*res = iUnAnalyseLen;
- if(SSL_RETURN_NORM!= return_val) return return_val;
+ if (SSL_RETURN_NORM != return_val)
+ return return_val;
return SSL_RETURN_NORM;
}
-char *fn_pcGetType(unsigned char *pucId, int iIdLen, stSerialString_t *pastElemTypes)
+char *fn_pcGetType(const unsigned char *pucId, int iIdLen, stSerialString_t *pastElemTypes)
{
- int iLoop = 0;
- int iInLoop = 0;
- int iAlgIdLen = 0;
-
- if (NULL == pucId || iIdLen < 0 || NULL == pastElemTypes)
- {
- return NULL;
- }
-
- for (iLoop = 0; NULL != pastElemTypes[iLoop].pcString; ++iLoop)
- {
- iAlgIdLen = iIdLen ;
-
- for (iInLoop = 0; iInLoop < iAlgIdLen; ++iInLoop)
- {
- if (pucId[iInLoop] != pastElemTypes[iLoop].aucSerial[iInLoop])
- {
- break;
- }
- }
- if (iInLoop == iAlgIdLen)
- {
- return (char *)(pastElemTypes[iLoop].pcString);
- }
- }
-
- return NULL;
+ int iLoop;
+ int iInLoop;
+
+ if (NULL == pucId || iIdLen < 0 || NULL == pastElemTypes)
+ {
+ return NULL;
+ }
+
+ for (iLoop = 0; NULL != pastElemTypes[iLoop].pcString; ++iLoop)
+ {
+ for (iInLoop = 0; iInLoop < iIdLen; ++iInLoop)
+ {
+ if (pucId[iInLoop] != pastElemTypes[iLoop].aucSerial[iInLoop])
+ {
+ break;
+ }
+ }
+ if (iInLoop == iIdLen)
+ {
+ return (char *)(pastElemTypes[iLoop].pcString);
+ }
+ }
+
+ return NULL;
}
int ssl_protoRecg(char *pcData, int iDataLen)
{
- if (NULL == pcData || iDataLen < 1)
- {
- return 0;
- }
- else if (20 > pcData[0] || 23 < pcData[0])
- {
- return 0;
- }
-
- if (03 == pcData[1] && 1 == pcData[2])
- {
- /*TLS 1.0*/
- return TLSV1_0_VERSION;
- }
- else if (03 == pcData[1] && 2 == pcData[2])
- {
- /*TLS 1.1*/
- return TLSV1_1_VERSION;
- }
+ if (NULL == pcData || iDataLen < 1)
+ {
+ return 0;
+ }
+ else if (20 > pcData[0] || 23 < pcData[0])
+ {
+ return 0;
+ }
+
+ if (03 == pcData[1] && 1 == pcData[2])
+ {
+ /*TLS 1.0*/
+ return TLSV1_0_VERSION;
+ }
+ else if (03 == pcData[1] && 2 == pcData[2])
+ {
+ /*TLS 1.1*/
+ return TLSV1_1_VERSION;
+ }
else if (03 == pcData[1] && 3 == pcData[2])
- {
- /*TLS 1.2*/
- return TLSV1_2_VERSION;
- }
- else if (03 == pcData[1] && 0 == pcData[2])
- {
- /*SSL 3.0*/
- return SSLV3_VERSION;
- }
- else if (0 == pcData[1] && 2 == pcData[2])
- {
- /*SSL 2.0*/
- return SSLV2_VERSION;
- }
- else if (0xfe == (unsigned char)pcData[1] && 0xff == (unsigned char)pcData[2])
- {
- /*DTLS 1.0*/
- return DTLSV1_0_VERSION;
- }
- else if (0x01 == (unsigned char)pcData[1] && 0x00 == (unsigned char)pcData[2])
- {
- /*DTLS 1.0 (OpenSSL pre 0.9.8f)*/
- return DTLSV1_0_VERSION_NOT;
- }
-
- return 0;
+ {
+ /*TLS 1.2*/
+ return TLSV1_2_VERSION;
+ }
+ else if (03 == pcData[1] && 0 == pcData[2])
+ {
+ /*SSL 3.0*/
+ return SSLV3_VERSION;
+ }
+ else if (0 == pcData[1] && 2 == pcData[2])
+ {
+ /*SSL 2.0*/
+ return SSLV2_VERSION;
+ }
+ else if (0xfe == (unsigned char)pcData[1] && 0xff == (unsigned char)pcData[2])
+ {
+ /*DTLS 1.0*/
+ return DTLSV1_0_VERSION;
+ }
+ else if (0x01 == (unsigned char)pcData[1] && 0x00 == (unsigned char)pcData[2])
+ {
+ /*DTLS 1.0 (OpenSSL pre 0.9.8f)*/
+ return DTLSV1_0_VERSION_NOT;
+ }
+
+ return 0;
}
#define MAX_THREAD_NUM 64
@@ -694,35 +697,35 @@ int ssl_protoRecg(char *pcData, int iDataLen)
extern volatile unsigned long long g_SysInputInfo[MAX_THREAD_NUM][COUNTER_NUM];
-UCHAR ssl_analyseSsl(char *pcSslData, int iDataLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo* a_tcp,
- unsigned long long region_flag, int thread_seq, void* a_packet)
+UCHAR ssl_analyseSsl(char *pcSslData, int iDataLen, int *res, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp,
+ unsigned long long region_flag, int thread_seq, void *a_packet)
{
- /**variable define and initialise**/
- stSSLRecordHdr_t* pstSSLRecordHdr = NULL;
- stHandShakeTypeHdr_t* pstHandShakeTypeHdr = NULL;
- int iUnAnalyseLen = iDataLen;
- char* pcCurSslData = pcSslData;
- int iCurAllMsgLen = 0;
- int iCurMsgLen = 0;
- int is_trunk = 0;
- UCHAR return_val = SSL_RETURN_NORM;
-
- /**validaty check**/
- if (NULL == pcSslData || iDataLen < SSL_HEADER_LEN)
- {
- *res = 0;
- return SSL_RETURN_NORM;
- }
-
- /**first packet of an hand shake conversation**/
- if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion)
- {
- a_ssl_stream->uiSslVersion = (unsigned int)ssl_protoRecg(pcSslData, iDataLen);
+ /**variable define and initialise**/
+ stSSLRecordHdr_t *pstSSLRecordHdr = NULL;
+ stHandShakeTypeHdr_t *pstHandShakeTypeHdr = NULL;
+ int iUnAnalyseLen = iDataLen;
+ char *pcCurSslData = pcSslData;
+ int iCurAllMsgLen = 0;
+ int iCurMsgLen = 0;
+ int is_trunk = 0;
+ UCHAR return_val = SSL_RETURN_NORM;
+
+ /**validaty check**/
+ if (NULL == pcSslData || iDataLen < SSL_HEADER_LEN)
+ {
+ *res = 0;
+ return SSL_RETURN_NORM;
+ }
+
+ /**first packet of an hand shake conversation**/
+ if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion)
+ {
+ a_ssl_stream->uiSslVersion = (unsigned int)ssl_protoRecg(pcSslData, iDataLen);
/*jump the first pkt*/
- if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion)
- {
- *res = -1;
- if(a_ssl_stream->first_pkt_flag==0)
+ if (UNKNOWN_VERSION == a_ssl_stream->uiSslVersion)
+ {
+ *res = -1;
+ if (a_ssl_stream->first_pkt_flag == 0)
{
a_ssl_stream->first_pkt_flag = 1;
return SSL_RETURN_GIVEME;
@@ -730,123 +733,124 @@ UCHAR ssl_analyseSsl(char *pcSslData, int iDataLen, int *res, ssl_stream *a_ssl_
else
{
return SSL_RETURN_DROPME;
- }
- }
+ }
+ }
/*version callback*/
- return_val = ssl_doWithVersion(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- if(SSL_RETURN_NORM!= return_val) return return_val;
- }
- //2020.11.27 iUnAnalyseLen need more than SSL_RECORD_HDRLEN
- while (iUnAnalyseLen > SSL_RECORD_HDRLEN)
- {
- if (SSL_HANDSHAKE_MSG_TRUNKED == a_ssl_stream->uiMsgState)
- {
- switch(a_ssl_stream->ucContType)
- {
- case HANDSHAKE:
- case APPLICATION_DATA:
+ return_val = ssl_doWithVersion(&a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
+ if (SSL_RETURN_NORM != return_val)
+ return return_val;
+ }
+ // 2020.11.27 iUnAnalyseLen need more than SSL_RECORD_HDRLEN
+ while (iUnAnalyseLen > SSL_RECORD_HDRLEN)
+ {
+ if (SSL_HANDSHAKE_MSG_TRUNKED == a_ssl_stream->uiMsgState)
+ {
+ switch (a_ssl_stream->ucContType)
+ {
+ case HANDSHAKE:
+ case APPLICATION_DATA:
case ALERT:
- pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)pcCurSslData;
- iCurAllMsgLen = (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen) ;
- iCurMsgLen = (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen) < iUnAnalyseLen ? (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen) : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- break;
- default:
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- a_ssl_stream->ucContType = 0;
- *res = -1;
- return SSL_RETURN_NORM;
- }
- }
- else
- {
-
- pstSSLRecordHdr = (stSSLRecordHdr_t *)pcCurSslData;
- switch(pstSSLRecordHdr->ucContType)
- {
- case HANDSHAKE:
- a_ssl_stream->ucContType = HANDSHAKE;
+ pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)pcCurSslData;
+ iCurAllMsgLen = (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen);
+ iCurMsgLen = (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen) < iUnAnalyseLen ? (a_ssl_stream->uiAllMsgLen - a_ssl_stream->uiMsgProcLen) : iUnAnalyseLen;
+ a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
+ break;
+ default:
+ a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
+ a_ssl_stream->ucContType = 0;
+ *res = -1;
+ return SSL_RETURN_NORM;
+ }
+ }
+ else
+ {
+
+ pstSSLRecordHdr = (stSSLRecordHdr_t *)pcCurSslData;
+ switch (pstSSLRecordHdr->ucContType)
+ {
+ case HANDSHAKE:
+ a_ssl_stream->ucContType = HANDSHAKE;
a_ssl_stream->is_ssl_stream = SSL_TRUE;
- a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
- pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)(pcCurSslData + SSL_RECORD_HDRLEN);
- pcCurSslData += SSL_RECORD_HDRLEN;
- iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- break;
-
- case APPLICATION_DATA:
- a_ssl_stream->ucContType = APPLICATION_DATA;
+ a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
+ pstHandShakeTypeHdr = (stHandShakeTypeHdr_t *)(pcCurSslData + SSL_RECORD_HDRLEN);
+ pcCurSslData += SSL_RECORD_HDRLEN;
+ iUnAnalyseLen -= SSL_RECORD_HDRLEN;
+ iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
+ iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
+ a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
+ break;
+
+ case APPLICATION_DATA:
+ a_ssl_stream->ucContType = APPLICATION_DATA;
a_ssl_stream->is_ssl_stream = SSL_TRUE;
- a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
+ a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
pcCurSslData += SSL_RECORD_HDRLEN;
iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen ;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- //static int count;
- //count++;
- //printf("%d\t%d\t%lld\n",count, a_ssl_stream->uiAllMsgLen, g_SysInputInfo[0][0]);
+ iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
+ iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
+ a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
+ // static int count;
+ // count++;
+ // printf("%d\t%d\t%lld\n",count, a_ssl_stream->uiAllMsgLen, g_SysInputInfo[0][0]);
break;
case CHANGE_CIPHER_SEP:
a_ssl_stream->ucContType = CHANGE_CIPHER_SEP;
a_ssl_stream->is_ssl_stream = SSL_TRUE;
a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen ;
+ iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
pcCurSslData += SSL_RECORD_HDRLEN;
iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- *res = iCurAllMsgLen;
- break;
-
- case ALERT:
+ iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
+ a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
+ *res = iCurAllMsgLen;
+ break;
+
+ case ALERT:
a_ssl_stream->ucContType = ALERT;
a_ssl_stream->is_ssl_stream = SSL_TRUE;
a_ssl_stream->uiAllMsgLen = htons(pstSSLRecordHdr->usTotalLen);
- iCurAllMsgLen = a_ssl_stream->uiAllMsgLen ;
+ iCurAllMsgLen = a_ssl_stream->uiAllMsgLen;
pcCurSslData += SSL_RECORD_HDRLEN;
iUnAnalyseLen -= SSL_RECORD_HDRLEN;
- iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
- a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
- *res = iCurAllMsgLen;
+ iCurMsgLen = a_ssl_stream->uiAllMsgLen < iUnAnalyseLen ? a_ssl_stream->uiAllMsgLen : iUnAnalyseLen;
+ a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
+ *res = iCurAllMsgLen;
break;
- default:
- if(a_ssl_stream->is_ssl_stream == SSL_TRUE)
+ default:
+ if (a_ssl_stream->is_ssl_stream == SSL_TRUE)
{
a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
a_ssl_stream->ucContType = 0;
*res = -1;
return SSL_RETURN_NORM;
}
- else
+ else
{
a_ssl_stream->uiMsgState = SSL_HANDSHAKE_NOTRUNK;
a_ssl_stream->ucContType = 0;
*res = -1;
return SSL_RETURN_DROPME;
}
- }
- }
- switch(a_ssl_stream->ucContType)
+ }
+ }
+ switch (a_ssl_stream->ucContType)
{
- case APPLICATION_DATA:
- /*���������ݣ�ʵʱ����*/
+ case APPLICATION_DATA:
+ /*���������ݣ�ʵʱ����*/
return_val = ssl_analyseAppData((char *)pcCurSslData, iCurAllMsgLen, iUnAnalyseLen, res, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
/*the data is not enough*/
- if(*res < iCurAllMsgLen)
+ if (*res < iCurAllMsgLen)
{
is_trunk = 1;
- }
- break;
+ }
+ break;
- /*��������ȫ������ٴ���*/
+ /*��������ȫ������ٴ���*/
case ALERT:
- //printf("%d:%d\n",iCurAllMsgLen,iUnAnalyseLen);
- if(iUnAnalyseLen<iCurAllMsgLen)
+ // printf("%d:%d\n",iCurAllMsgLen,iUnAnalyseLen);
+ if (iUnAnalyseLen < iCurAllMsgLen)
{
*res = 0;
is_trunk = 1;
@@ -854,155 +858,156 @@ UCHAR ssl_analyseSsl(char *pcSslData, int iDataLen, int *res, ssl_stream *a_ssl_
else
{
return_val = ssl_analyseAlert((char *)pcCurSslData, iCurAllMsgLen, iUnAnalyseLen, res, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- is_trunk = 0;
- }
- break;
+ is_trunk = 0;
+ }
+ break;
/*other handshark proto not process*/
case HANDSHAKE:
- /*���幻�����ٴ���*/
+ /*���幻�����ٴ���*/
if (fn_iIsHandShakeMsg(*(unsigned char *)pstHandShakeTypeHdr))
{
- /*res��ʾ����������*/
+ /*res��ʾ����������*/
return_val = ssl_analyseHandShake((char *)pstHandShakeTypeHdr, iCurAllMsgLen, iUnAnalyseLen, res, a_ssl_stream, a_tcp, region_flag, thread_seq, a_packet);
- if(*res < iCurAllMsgLen)
+ if (*res < iCurAllMsgLen)
{
is_trunk = 1;
}
}
else
- {
- if(iCurMsgLen>=iCurAllMsgLen)
+ {
+ if (iCurMsgLen >= iCurAllMsgLen)
{
- /*����Ϣ�������*/
+ /*����Ϣ�������*/
*res = iCurMsgLen;
- }
+ }
else
{
- /*��ʾ��Ҫ���浱ǰ���ݰ����������ݣ�����*res������������Ϊ0*/
+ /*��ʾ��Ҫ���浱ǰ���ݰ����������ݣ�����*res������������Ϊ0*/
*res = 0;
is_trunk = 1;
- }
+ }
}
/*20140731 res<0 but no why*/
- if(*res<0)
- {
- return SSL_RETURN_DROPME;
- }
+ if (*res < 0)
+ {
+ return SSL_RETURN_DROPME;
+ }
break;
- default :
+ default:
*res = iCurMsgLen;
break;
- }
+ }
/*the data is not enough*/
- if(is_trunk)
- //if(*res < iCurMsgLen)
+ if (is_trunk)
+ // if(*res < iCurMsgLen)
{
a_ssl_stream->uiMsgState = SSL_HANDSHAKE_MSG_TRUNKED;
a_ssl_stream->uiMsgProcLen += *res;
- pcCurSslData += *res;
- iUnAnalyseLen -= *res ;
+ //pcCurSslData += *res; //20220318 cppcheck
+ iUnAnalyseLen -= *res;
break;
}
else
{
- /*������Ϣ�������*/
+ /*������Ϣ�������*/
a_ssl_stream->uiAllMsgLen = 0;
a_ssl_stream->uiMsgProcLen = 0;
- }
- if (SSL_RETURN_NORM != return_val)
- {
- return return_val;
- }
- pcCurSslData += *res;
- iUnAnalyseLen -= *res;
- }
+ }
+
+ if (SSL_RETURN_NORM != return_val)
+ {
+ return return_val;
+ }
+
+ pcCurSslData += *res;
+ iUnAnalyseLen -= *res;
+ }
*res = iDataLen - iUnAnalyseLen;
- return SSL_RETURN_NORM;
+
+ return SSL_RETURN_NORM;
}
-UCHAR ssl_analyseStream(struct streaminfo *a_tcp, void** pme, int thread_seq, void *a_packet)
+UCHAR ssl_analyseStream(struct streaminfo *a_tcp, void **pme, int thread_seq, void *a_packet)
{
/**variables define, and initialise**/
- int return_val = APP_STATE_GIVEME;
- ssl_stream* a_ssl_stream = (ssl_stream *)*pme;
- struct tcpdetail* tcp_detail = (struct tcpdetail*)a_tcp->pdetail;
- char* pcSslData = NULL;
- int iSslDateLen = 0;
- int iRet = 0;
-
- if(NULL== a_ssl_stream)
- {
+ int return_val = APP_STATE_GIVEME;
+ ssl_stream *a_ssl_stream = (ssl_stream *)*pme;
+ struct tcpdetail *tcp_detail = (struct tcpdetail *)a_tcp->pdetail;
+ char *pcSslData = NULL;
+ int iSslDateLen = 0;
+ int iRet = 0;
+
+ if (NULL == a_ssl_stream)
+ {
return SSL_RETURN_DROPME;
- }
-
- if(0==tcp_detail->datalen)
+ }
+
+ if (0 == tcp_detail->datalen)
{
/*trans ssl over state*/
- if(a_ssl_stream->over_flag == SSL_TRUE&&a_ssl_stream->uiSslVersion!=UNKNOWN_VERSION)
+ if (a_ssl_stream->over_flag == SSL_TRUE && a_ssl_stream->uiSslVersion != UNKNOWN_VERSION)
{
return ssl_callPlugins(&a_ssl_stream, a_tcp, a_ssl_stream->output_region_flag, thread_seq, a_packet);
}
- else return APP_STATE_GIVEME;
- }
+ else
+ return APP_STATE_GIVEME;
+ }
/**if buffered, copy new data to the buff**/
- /**if lose packets, drop the buffered data**/
- /*bad data fill the buffer, or lose pkt clear it*/
- if ((tcp_detail->lostlen > 0) || (a_ssl_stream->uiMaxBuffLen>0 && a_ssl_stream->uiCurBuffLen >= a_ssl_stream->uiMaxBuffLen))
- {
- //20151231
- return SSL_RETURN_DROPME;
- a_ssl_stream->uiCurBuffLen = 0;
- }
-
- if (a_ssl_stream->uiCurBuffLen > 0)
- {
- //20151231 not enough,tcp_detail->pdata will be cut, it's not useful
- if(a_ssl_stream->uiMaxBuffLen - a_ssl_stream->uiCurBuffLen < (int)tcp_detail->datalen)
- {
+ /**if lose packets, drop the buffered data**/
+ /*bad data fill the buffer, or lose pkt clear it*/
+ if ((tcp_detail->lostlen > 0) || (a_ssl_stream->uiMaxBuffLen > 0 && a_ssl_stream->uiCurBuffLen >= a_ssl_stream->uiMaxBuffLen))
+ {
+ // 20151231
+ return SSL_RETURN_DROPME;
+ a_ssl_stream->uiCurBuffLen = 0;
+ }
+
+ if (a_ssl_stream->uiCurBuffLen > 0)
+ {
+ // 20151231 not enough,tcp_detail->pdata will be cut, it's not useful
+ if (a_ssl_stream->uiMaxBuffLen - a_ssl_stream->uiCurBuffLen < (int)tcp_detail->datalen)
+ {
return SSL_RETURN_DROPME;
}
- iSslDateLen = MIN((int)tcp_detail->datalen,(a_ssl_stream->uiMaxBuffLen - a_ssl_stream->uiCurBuffLen));
-
- memcpy(a_ssl_stream->pcSslBuffer + a_ssl_stream->uiCurBuffLen, tcp_detail->pdata, iSslDateLen);
- a_ssl_stream->uiCurBuffLen += iSslDateLen;
- iSslDateLen = a_ssl_stream->uiCurBuffLen;
- pcSslData = a_ssl_stream->pcSslBuffer;
- }
- else
- {
- pcSslData = (char*)tcp_detail->pdata;
- iSslDateLen = tcp_detail->datalen;
- }
-
-
- return_val = ssl_analyseSsl(pcSslData, iSslDateLen, &iRet, a_ssl_stream, a_tcp, a_ssl_stream->output_region_flag, thread_seq, a_packet);
-
- if(SSL_RETURN_NORM != return_val)
- {
- return return_val;
- }
- /*is ssl_stream, need buffer data*/
- if (iRet < 0 || iRet >= iSslDateLen)
- {
- a_ssl_stream->uiCurBuffLen = 0;
- }
- else
- {
- if(0==a_ssl_stream->uiMaxBuffLen)
- {
- a_ssl_stream->pcSslBuffer = (char*)dictator_malloc(thread_seq, MAX_DATA_BUFFER);
- memset(a_ssl_stream->pcSslBuffer,0,MAX_DATA_BUFFER);
+ iSslDateLen = MIN((int)tcp_detail->datalen, (a_ssl_stream->uiMaxBuffLen - a_ssl_stream->uiCurBuffLen));
+
+ memcpy(a_ssl_stream->pcSslBuffer + a_ssl_stream->uiCurBuffLen, tcp_detail->pdata, iSslDateLen);
+ a_ssl_stream->uiCurBuffLen += iSslDateLen;
+ iSslDateLen = a_ssl_stream->uiCurBuffLen;
+ pcSslData = a_ssl_stream->pcSslBuffer;
+ }
+ else
+ {
+ pcSslData = (char *)tcp_detail->pdata;
+ iSslDateLen = tcp_detail->datalen;
+ }
+
+ return_val = ssl_analyseSsl(pcSslData, iSslDateLen, &iRet, a_ssl_stream, a_tcp, a_ssl_stream->output_region_flag, thread_seq, a_packet);
+
+ if (SSL_RETURN_NORM != return_val)
+ {
+ return return_val;
+ }
+ /*is ssl_stream, need buffer data*/
+ if (iRet < 0 || iRet >= iSslDateLen)
+ {
+ a_ssl_stream->uiCurBuffLen = 0;
+ }
+ else
+ {
+ if (0 == a_ssl_stream->uiMaxBuffLen)
+ {
+ a_ssl_stream->pcSslBuffer = (char *)dictator_malloc(thread_seq, MAX_DATA_BUFFER);
+ memset(a_ssl_stream->pcSslBuffer, 0, MAX_DATA_BUFFER);
a_ssl_stream->uiMaxBuffLen = MAX_DATA_BUFFER;
}
- fn_vMemCpy(a_ssl_stream->pcSslBuffer, (int)a_ssl_stream->uiMaxBuffLen, pcSslData + iRet, (int)(iSslDateLen - iRet));
- a_ssl_stream->uiCurBuffLen = iSslDateLen - iRet;
- }
- return return_val;
+ fn_vMemCpy(a_ssl_stream->pcSslBuffer, (int)a_ssl_stream->uiMaxBuffLen, pcSslData + iRet, (int)(iSslDateLen - iRet));
+ a_ssl_stream->uiCurBuffLen = iSslDateLen - iRet;
+ }
+ return return_val;
}
-
-
diff --git a/src/SSL_Proc.c b/src/SSL_Proc.c
index c9f7db0..7277468 100644
--- a/src/SSL_Proc.c
+++ b/src/SSL_Proc.c
@@ -183,7 +183,7 @@ stSerialString_t g_astCipherSuit[] =
-int BtoL4BytesNum(char *pcData)
+int BtoL4BytesNum(const char *pcData)
{
int uiLength = 0;
uiLength = pcData[0];
@@ -193,7 +193,7 @@ int BtoL4BytesNum(char *pcData)
return uiLength;
}
-int BtoL3BytesNum(char *pcData)
+int BtoL3BytesNum(const char *pcData)
{
int uiLength = 0;
uiLength = pcData[0];
@@ -203,7 +203,7 @@ int BtoL3BytesNum(char *pcData)
return uiLength;
}
-int BtoL2BytesNum(char *pcData)
+int BtoL2BytesNum(const char *pcData)
{
int uiLength = 0;
uiLength = pcData[0];
@@ -212,7 +212,7 @@ int BtoL2BytesNum(char *pcData)
return uiLength;
}
-int BtoL1BytesNum(char *pcData)
+int BtoL1BytesNum(const char *pcData)
{
int uiLength = 0;
uiLength = pcData[0];
@@ -220,10 +220,10 @@ int BtoL1BytesNum(char *pcData)
return uiLength;
}
-char *fn_pcGetSuite(unsigned char *pucId, int iIdLen, const stSerialString_t *pastElemTypes)
+char *fn_pcGetSuite(const unsigned char *pucId, int iIdLen, const stSerialString_t *pastElemTypes)
{
- int iLoop = 0;
- int iInLoop = 0;
+ int iLoop;
+ int iInLoop;
if (NULL == pucId || iIdLen < 0 || NULL == pastElemTypes)
{
@@ -258,22 +258,21 @@ const char* ssl_get_suite_name(unsigned char* suite_value, unsigned short suite_
const char* ssl_get_version_name(unsigned short version)
{
- int find_index = -1;
for(unsigned int i=0;pastSslVersions[i].uiValue!=0;i++)
{
if(pastSslVersions[i].uiValue==version)
{
- find_index = (int)i;
- break;
+ return (char*)pastSslVersions[i].pcString;
}
}
- return (char*)pastSslVersions[find_index].pcString;
+
+ return NULL;
}
int ssl_get_alpn_list(alpn_list_t* alpn_list, int alpn_size, st_ext_t* exts, unsigned short ext_num)
{
- int alpn_ext_len = 0;
- int alpn_proto_len = 0;
+ int alpn_ext_len;
+ int alpn_proto_len;
int alpn_proto_num = 0;
unsigned char* alpl = NULL;
@@ -281,7 +280,7 @@ int ssl_get_alpn_list(alpn_list_t* alpn_list, int alpn_size, st_ext_t* exts, uns
{
if(exts[i].type == ALPN_EXT_TYPE)
{
- alpn_ext_len = exts[i].len;
+ //alpn_ext_len = exts[i].len;
alpl = exts[i].data;
alpn_ext_len = BtoL2BytesNum((char *)alpl);
alpl +=2;
@@ -290,7 +289,7 @@ int ssl_get_alpn_list(alpn_list_t* alpn_list, int alpn_size, st_ext_t* exts, uns
alpn_proto_len = BtoL1BytesNum((char *)alpl);
alpl++;
alpn_ext_len -= 1;
- alpn_list[alpn_proto_num].alpn_len = alpn_proto_len;
+ //alpn_list[alpn_proto_num].alpn_len = alpn_proto_len;
//memcpy(alpn_list[alpn_proto_num].alpn, alpl, alpn_proto_len);
alpn_list[alpn_proto_num].alpn = (char*)alpl;
alpn_list[alpn_proto_num].alpn_len = alpn_proto_len;
@@ -432,10 +431,10 @@ UCHAR ssl_doWithClientHello(ssl_stream **a_ssl_stream, struct streaminfo *a_tcp,
pstClientServerName->server_name_list_len -= pstClientServerName->server_name_len;
cur_data += pstClientServerName->server_name_len;
}
- if(NULL!=pstClientServerName)
- {
+ //if(NULL!=pstClientServerName)
+ //{
dictator_free(thread_seq,pstClientServerName);
- }
+ //}
}
else if((*a_ssl_stream)->stClientHello->exts[i].type == SESSION_TICKET_EXT_TYPE)
{
diff --git a/src/SSL_Proc.h b/src/SSL_Proc.h
index 8e25916..62ddd35 100644
--- a/src/SSL_Proc.h
+++ b/src/SSL_Proc.h
@@ -14,10 +14,10 @@
extern "C" {
#endif
-int BtoL1BytesNum(char *pcData);
-int BtoL2BytesNum(char *pcData);
-int BtoL3BytesNum(char *pcData);
-int BtoL4BytesNum(char *pcData);
+int BtoL1BytesNum(const char *pcData);
+int BtoL2BytesNum(const char *pcData);
+int BtoL3BytesNum(const char *pcData);
+int BtoL4BytesNum(const char *pcData);
int ssl_protoRecg(char *pcData, int iDataLen);
char *fn_pcGetSuite(unsigned char *pucId, int iIdLen, stSerialString_t *pastElemTypes);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:19:11 +0000