« back to all changes in this revision
Viewing changes to src/app-layer-ssl.c
- browse files at revision 19
- compare with another revision
- download diff
- download tarball
- view history from revision 19
- Committer: Package Import Robot
- Author(s): Pierre Chifflier
- Date: 2012-07-22 22:27:36 UTC
- mfrom: (1.1.13)
- Revision ID: package-import@ubuntu.com-20120722222736-s2bcw3ruzenagjam
Tags: 1.3-1
* Imported Upstream version 1.3
* Add build-dependency on libnss3-dev and libnspr4-dev
* Bump Standards Version to 3.9.3
* Add build-dependency on libnss3-dev and libnspr4-dev
* Bump Standards Version to 3.9.3
- files added:
- .pc
- files removed:
- src/detect-recursive.c
- files modified:
- ChangeLog
added
removed
src/app-layer-ssl.c
1
/* Copyright (C) 2007-2011 Open Information Security Foundation
1
/* Copyright (C) 2007-2012 Open Information Security Foundation
2
2
*
3
3
* You can copy, redistribute or modify this Program under the terms of
4
4
* the GNU General Public License version 2 as published by the Free
19
19
* \file
20
20
*
21
21
* \author Anoop Saldanha <anoopsaldanha@gmail.com>
22
* \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
22
23
*
23
24
*/
24
25
39
40
#include "app-layer-parser.h"
40
41
#include "app-layer-ssl.h"
41
42
43
#include "app-layer-tls-handshake.h"
44
42
45
#include "conf.h"
46
#include "decode-events.h"
43
47
44
48
#include "util-spm.h"
45
49
#include "util-unittest.h"
49
53
50
54
#include "util-byte.h"
51
55
56
SCEnumCharMap tls_decoder_event_table[ ] = {
57
/* TLS protocol messages */
58
{ "INVALID_SSLV2_HEADER", TLS_DECODER_EVENT_INVALID_SSLV2_HEADER },
59
{ "INVALID_TLS_HEADER", TLS_DECODER_EVENT_INVALID_TLS_HEADER },
60
{ "INVALID_RECORD_TYPE", TLS_DECODER_EVENT_INVALID_RECORD_TYPE },
61
{ "INVALID_HANDSHAKE_MESSAGE", TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE },
62
/* Certificates decoding messages */
63
{ "INVALID_CERTIFICATE", TLS_DECODER_EVENT_INVALID_CERTIFICATE },
64
{ "CERTIFICATE_MISSING_ELEMENT", TLS_DECODER_EVENT_CERTIFICATE_MISSING_ELEMENT },
65
{ "CERTIFICATE_UNKNOWN_ELEMENT", TLS_DECODER_EVENT_CERTIFICATE_UNKNOWN_ELEMENT },
66
{ "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
67
{ "CERTIFICATE_INVALID_STRING", TLS_DECODER_EVENT_CERTIFICATE_INVALID_STRING },
68
{ "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
69
{ NULL, -1 },
70
};
71
52
72
typedef struct SslConfig_ {
53
73
int no_reassemble;
54
74
} SslConfig;
87
107
#define SSLV2_MT_CLIENT_CERTIFICATE 8
88
108
89
109
#define SSLV3_RECORD_LEN 5
110
#define SSLV3_MESSAGE_HDR_LEN 4
90
111
91
112
static void SSLParserReset(SSLState *ssl_state)
92
113
{
93
ssl_state->bytes_processed = 0;
114
ssl_state->curr_connp->bytes_processed = 0;
115
ssl_state->curr_connp->message_start = 0;
94
116
}
95
117
96
118
static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
98
120
{
99
121
uint8_t *initial_input = input;
100
122
uint32_t parsed = 0;
123
int rc;
101
124
102
125
if (input_len == 0) {
103
126
return 0;
104
127
}
105
128
106
switch (ssl_state->handshake_type) {
129
switch (ssl_state->curr_connp->handshake_type) {
107
130
case SSLV3_HS_CLIENT_HELLO:
108
131
ssl_state->flags |= SSL_AL_FLAG_STATE_CLIENT_HELLO;
109
110
switch (ssl_state->bytes_processed) {
111
case 9:
112
ssl_state->bytes_processed++;
113
ssl_state->handshake_client_hello_ssl_version = *(input++) << 8;
114
if (--input_len == 0)
115
break;
116
case 10:
117
ssl_state->bytes_processed++;
118
ssl_state->handshake_client_hello_ssl_version |= *(input++);
119
if (--input_len == 0)
120
break;
121
}
122
132
break;
123
133
124
134
case SSLV3_HS_SERVER_HELLO:
125
135
ssl_state->flags |= SSL_AL_FLAG_STATE_SERVER_HELLO;
126
136
127
switch (ssl_state->bytes_processed) {
128
case 9:
129
ssl_state->bytes_processed++;
130
ssl_state->handshake_server_hello_ssl_version = *(input++) << 8;
131
if (--input_len == 0)
132
break;
133
case 10:
134
ssl_state->bytes_processed++;
135
ssl_state->handshake_server_hello_ssl_version |= *(input++);
136
if (--input_len == 0)
137
break;
138
}
139
137
break;
140
138
141
139
case SSLV3_HS_SERVER_KEY_EXCHANGE:
146
144
ssl_state->flags |= SSL_AL_FLAG_STATE_CLIENT_KEYX;
147
145
break;
148
146
147
case SSLV3_HS_CERTIFICATE:
148
if (ssl_state->curr_connp->trec == NULL) {
149
ssl_state->curr_connp->trec_len = 2 * ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN + 1;
150
ssl_state->curr_connp->trec = SCMalloc( ssl_state->curr_connp->trec_len );
151
}
152
if (ssl_state->curr_connp->trec_pos + input_len >= ssl_state->curr_connp->trec_len) {
153
ssl_state->curr_connp->trec_len = ssl_state->curr_connp->trec_len + 2 * input_len + 1;
154
ssl_state->curr_connp->trec = SCRealloc( ssl_state->curr_connp->trec, ssl_state->curr_connp->trec_len );
155
}
156
if (ssl_state->curr_connp->trec == NULL) {
157
ssl_state->curr_connp->trec_len = 0;
158
/* error, skip packet */
159
parsed += input_len;
160
ssl_state->curr_connp->bytes_processed += input_len;
161
break;
162
}
163
memcpy(ssl_state->curr_connp->trec + ssl_state->curr_connp->trec_pos, initial_input, input_len);
164
ssl_state->curr_connp->trec_pos += input_len;
165
166
rc = DecodeTLSHandshakeServerCertificate(ssl_state, ssl_state->curr_connp->trec, ssl_state->curr_connp->trec_pos);
167
if (rc > 0) {
168
/* do not return normally if the packet was fragmented:
169
* we would return the size of the *entire* message,
170
* while we expect only the number of bytes parsed bytes
171
* from the *current* fragment
172
*/
173
uint32_t diff = input_len - (ssl_state->curr_connp->trec_pos - rc);
174
ssl_state->curr_connp->bytes_processed += diff;
175
return diff;
176
}
177
break;
149
178
case SSLV3_HS_HELLO_REQUEST:
150
case SSLV3_HS_CERTIFICATE:
151
179
case SSLV3_HS_CERTIFICATE_REQUEST:
152
180
case SSLV3_HS_CERTIFICATE_VERIFY:
153
181
case SSLV3_HS_FINISHED:
158
186
break;
159
187
}
160
188
161
/* looks like we have another record */
162
parsed += (input - initial_input);
163
if ((input_len + ssl_state->bytes_processed) >= ssl_state->record_length + SSLV3_RECORD_LEN) {
164
uint32_t diff = ssl_state->record_length + SSLV3_RECORD_LEN - ssl_state->bytes_processed;
165
parsed += diff;
166
ssl_state->bytes_processed += diff;
167
return parsed;
168
169
/* we still don't have the entire record for the one we are
170
* currently parsing */
171
} else {
189
/* skip the rest of the current message */
190
uint32_t next_msg_offset = ssl_state->curr_connp->message_start + SSLV3_MESSAGE_HDR_LEN + ssl_state->curr_connp->message_length;
191
if (ssl_state->curr_connp->bytes_processed + input_len < next_msg_offset) {
192
/* we don't have enough data */
172
193
parsed += input_len;
173
ssl_state->bytes_processed += input_len;
194
ssl_state->curr_connp->bytes_processed += input_len;
174
195
return parsed;
175
196
}
197
uint32_t diff = next_msg_offset - ssl_state->curr_connp->bytes_processed;
198
parsed += diff;
199
ssl_state->curr_connp->bytes_processed += diff;
200
return parsed;
176
201
}
177
202
178
203
static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, uint8_t *input,
179
204
uint32_t input_len)
180
205
{
181
206
uint8_t *initial_input = input;
207
int retval;
182
208
183
209
if (input_len == 0) {
184
210
return 0;
185
211
}
186
212
187
switch (ssl_state->bytes_processed) {
188
case 5:
189
if (input_len >= 4) {
190
ssl_state->handshake_type = *(input++);
191
input += 3;
192
input_len -= 4;
193
ssl_state->bytes_processed += 4;
194
break;
195
} else {
196
ssl_state->handshake_type = *(input++);
197
ssl_state->bytes_processed++;
198
if (--input_len == 0)
199
break;
200
}
201
case 6:
202
ssl_state->bytes_processed++;
203
input++;
204
if (--input_len == 0)
205
break;
206
case 7:
207
ssl_state->bytes_processed++;
208
input++;
209
if (--input_len == 0)
210
break;
211
case 8:
212
ssl_state->bytes_processed++;
213
input++;
214
if (--input_len == 0)
215
break;
216
}
217
218
if (input_len == 0)
219
return (input - initial_input);
220
221
int retval = SSLv3ParseHandshakeType(ssl_state, input, input_len);
222
if (retval == -1) {
223
SCReturnInt(-1);
224
} else {
225
input += retval;
226
return (input - initial_input);
227
}
213
if (ssl_state->curr_connp->message_start == 0) {
214
ssl_state->curr_connp->message_start = SSLV3_RECORD_LEN;
215
}
216
217
switch (ssl_state->curr_connp->bytes_processed - ssl_state->curr_connp->message_start) {
218
case 0:
219
ssl_state->curr_connp->handshake_type = *(input++);
220
ssl_state->curr_connp->bytes_processed++;
221
if (--input_len == 0)
222
break;
223
case 1:
224
ssl_state->curr_connp->message_length = *(input++) << 16;
225
ssl_state->curr_connp->bytes_processed++;
226
if (--input_len == 0)
227
break;
228
case 2:
229
ssl_state->curr_connp->message_length |= *(input++) << 8;
230
ssl_state->curr_connp->bytes_processed++;
231
if (--input_len == 0)
232
break;
233
case 3:
234
ssl_state->curr_connp->message_length |= *(input++);
235
ssl_state->curr_connp->bytes_processed++;
236
if (--input_len == 0)
237
break;
238
}
239
240
retval = SSLv3ParseHandshakeType(ssl_state, input, input_len);
241
if (retval < 0) {
242
return retval;
243
}
244
input += retval;
245
246
uint32_t next_msg_offset = ssl_state->curr_connp->message_start + SSLV3_MESSAGE_HDR_LEN + ssl_state->curr_connp->message_length;
247
if (ssl_state->curr_connp->bytes_processed == next_msg_offset) {
248
ssl_state->curr_connp->handshake_type = 0;
249
ssl_state->curr_connp->message_length = 0;
250
ssl_state->curr_connp->message_start = next_msg_offset;
251
} else if (ssl_state->curr_connp->bytes_processed > next_msg_offset) {
252
return -1;
253
}
254
255
return (input - initial_input);
228
256
}
229
257
230
258
static int SSLv3ParseRecord(uint8_t direction, SSLState *ssl_state,
236
264
return 0;
237
265
}
238
266
239
switch (ssl_state->bytes_processed) {
267
switch (ssl_state->curr_connp->bytes_processed) {
240
268
case 0:
241
269
if (input_len >= 5) {
242
/* toserver - 0 */
243
ssl_state->cur_content_type = input[0];
244
if (direction == 0) {
245
ssl_state->client_content_type = input[0];
246
ssl_state->client_version = input[1] << 8;
247
ssl_state->client_version |= input[2];
248
249
/* toclient - 1 */
250
} else {
251
ssl_state->server_content_type = input[0];
252
ssl_state->server_version = input[1] << 8;
253
ssl_state->server_version |= input[2];
254
}
255
ssl_state->record_length = input[3] << 8;
256
ssl_state->record_length |= input[4];
257
ssl_state->bytes_processed += SSLV3_RECORD_LEN;
270
ssl_state->curr_connp->content_type = input[0];
271
ssl_state->curr_connp->version = input[1] << 8;
272
ssl_state->curr_connp->version |= input[2];
273
ssl_state->curr_connp->record_length = input[3] << 8;
274
ssl_state->curr_connp->record_length |= input[4];
275
ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_LEN;
258
276
return SSLV3_RECORD_LEN;
259
277
} else {
260
ssl_state->cur_content_type = *input;
261
if (direction == 0) {
262
ssl_state->client_content_type = *(input++);
263
} else {
264
ssl_state->server_content_type = *(input++);
265
}
278
ssl_state->curr_connp->content_type = *(input++);
266
279
if (--input_len == 0)
267
280
break;
268
281
}
269
282
case 1:
270
if (direction == 0) {
271
ssl_state->client_version = *(input++) << 8;
272
} else {
273
ssl_state->server_version = *(input++) << 8;
274
}
283
ssl_state->curr_connp->version = *(input++) << 8;
275
284
if (--input_len == 0)
276
285
break;
277
286
case 2:
278
if (direction == 0) {
279
ssl_state->client_version |= *(input++);
280
} else {
281
ssl_state->server_version |= *(input++);
282
}
287
ssl_state->curr_connp->version |= *(input++);
283
288
if (--input_len == 0)
284
289
break;
285
290
case 3:
286
ssl_state->record_length = *(input++) << 8;
291
ssl_state->curr_connp->record_length = *(input++) << 8;
287
292
if (--input_len == 0)
288
293
break;
289
294
case 4:
290
ssl_state->record_length |= *(input++);
291
if (ssl_state->record_length <= SSLV3_RECORD_LEN)
295
ssl_state->curr_connp->record_length |= *(input++);
296
if (ssl_state->curr_connp->record_length <= SSLV3_RECORD_LEN)
292
297
return -1;
293
298
if (--input_len == 0)
294
299
break;
295
} /* switch (ssl_state->bytes_processed) */
300
} /* switch (ssl_state->curr_connp->bytes_processed) */
296
301
297
ssl_state->bytes_processed += (input - initial_input);
302
ssl_state->curr_connp->bytes_processed += (input - initial_input);
298
303
299
304
return (input - initial_input);
300
305
}
308
313
return 0;
309
314
}
310
315
311
if (ssl_state->record_lengths_length == 2) {
312
switch (ssl_state->bytes_processed) {
316
if (ssl_state->curr_connp->record_lengths_length == 2) {
317
switch (ssl_state->curr_connp->bytes_processed) {
313
318
case 0:
314
if (input_len >= ssl_state->record_lengths_length + 1) {
315
ssl_state->record_length = (0x7f & input[0]) << 8 | input[1];
316
ssl_state->cur_content_type = input[2];
317
if (direction == 0) {
318
ssl_state->client_content_type = input[2];
319
ssl_state->client_version = SSL_VERSION_2;
320
} else {
321
ssl_state->server_content_type = input[2];
322
ssl_state->server_version = SSL_VERSION_2;
323
}
324
ssl_state->bytes_processed += 3;
319
if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
320
ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
321
ssl_state->curr_connp->content_type = input[2];
322
ssl_state->curr_connp->version = SSL_VERSION_2;
323
ssl_state->curr_connp->bytes_processed += 3;
325
324
return 3;
326
325
} else {
327
ssl_state->record_length = (0x7f & *(input++)) << 8;
326
ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
328
327
if (--input_len == 0)
329
328
break;
330
329
}
331
330
332
331
case 1:
333
ssl_state->record_length |= *(input++);
332
ssl_state->curr_connp->record_length |= *(input++);
334
333
if (--input_len == 0)
335
334
break;
336
335
case 2:
337
ssl_state->cur_content_type = *input;
338
if (direction == 0) {
339
ssl_state->client_content_type = *(input++);
340
ssl_state->client_version = SSL_VERSION_2;
341
} else {
342
ssl_state->server_content_type = *(input++);
343
ssl_state->server_version = SSL_VERSION_2;
344
}
336
ssl_state->curr_connp->content_type = *(input++);
337
ssl_state->curr_connp->version = SSL_VERSION_2;
345
338
if (--input_len == 0)
346
339
break;
347
} /* switch (ssl_state->bytes_processed) */
340
} /* switch (ssl_state->curr_connp->bytes_processed) */
348
341
349
342
} else {
350
switch (ssl_state->bytes_processed) {
343
switch (ssl_state->curr_connp->bytes_processed) {
351
344
case 0:
352
if (input_len >= ssl_state->record_lengths_length + 1) {
353
ssl_state->record_length = (0x3f & input[0]) << 8 | input[1];
354
ssl_state->cur_content_type = input[3];
355
if (direction == 0) {
356
ssl_state->client_content_type = input[3];
357
ssl_state->client_version = SSL_VERSION_2;
358
} else {
359
ssl_state->server_content_type = input[3];
360
ssl_state->server_version = SSL_VERSION_2;
361
}
362
ssl_state->bytes_processed += 4;
345
if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
346
ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
347
ssl_state->curr_connp->content_type = input[3];
348
ssl_state->curr_connp->version = SSL_VERSION_2;
349
ssl_state->curr_connp->bytes_processed += 4;
363
350
return 4;
364
351
} else {
365
ssl_state->record_length = (0x3f & *(input++)) << 8;
352
ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
366
353
if (--input_len == 0)
367
354
break;
368
355
}
369
356
370
357
case 1:
371
ssl_state->record_length |= *(input++);
358
ssl_state->curr_connp->record_length |= *(input++);
372
359
if (--input_len == 0)
373
360
break;
374
361
379
366
break;
380
367
381
368
case 3:
382
ssl_state->cur_content_type = *input;
383
if (direction == 0) {
384
ssl_state->client_content_type = *(input++);
385
ssl_state->client_version = SSL_VERSION_2;
386
} else {
387
ssl_state->server_content_type = *(input++);
388
ssl_state->server_version = SSL_VERSION_2;
389
}
369
ssl_state->curr_connp->content_type = *(input++);
370
ssl_state->curr_connp->version = SSL_VERSION_2;
390
371
if (--input_len == 0)
391
372
break;
392
} /* switch (ssl_state->bytes_processed) */
373
} /* switch (ssl_state->curr_connp->bytes_processed) */
393
374
}
394
375
395
ssl_state->bytes_processed += (input - initial_input);
376
ssl_state->curr_connp->bytes_processed += (input - initial_input);
396
377
397
378
return (input - initial_input);
398
379
}
404
385
int retval = 0;
405
386
uint8_t *initial_input = input;
406
387
407
if (ssl_state->bytes_processed == 0) {
388
if (ssl_state->curr_connp->bytes_processed == 0) {
408
389
if (input[0] & 0x80) {
409
ssl_state->record_lengths_length = 2;
390
ssl_state->curr_connp->record_lengths_length = 2;
410
391
} else {
411
ssl_state->record_lengths_length = 3;
392
ssl_state->curr_connp->record_lengths_length = 3;
412
393
}
413
394
}
414
395
415
396
/* the + 1 because, we also read one extra byte inside SSLv2ParseRecord
416
397
* to read the msg_type */
417
if (ssl_state->bytes_processed < (ssl_state->record_lengths_length + 1)) {
398
if (ssl_state->curr_connp->bytes_processed < (ssl_state->curr_connp->record_lengths_length + 1)) {
418
399
retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
419
400
if (retval == -1) {
420
SCLogDebug("Error parsing SSLv2Header");
401
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
421
402
return -1;
422
403
} else {
423
404
input += retval;
429
410
return (input - initial_input);
430
411
}
431
412
432
switch (ssl_state->cur_content_type) {
413
switch (ssl_state->curr_connp->content_type) {
433
414
case SSLV2_MT_ERROR:
434
SCLogWarning(SC_ERR_ALPARSER, "SSLV2_MT_ERROR msg_type recived. "
435
"Error encountered in establishing the sslv2 "
436
"session, may be version");
415
SCLogDebug("SSLV2_MT_ERROR msg_type received. "
416
"Error encountered in establishing the sslv2 "
417
"session, may be version");
418
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED);
437
419
438
420
break;
439
421
441
423
ssl_state->flags |= SSL_AL_FLAG_STATE_CLIENT_HELLO;
442
424
ssl_state->flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
443
425
444
if (ssl_state->record_lengths_length == 3) {
445
switch (ssl_state->bytes_processed) {
426
if (ssl_state->curr_connp->record_lengths_length == 3) {
427
switch (ssl_state->curr_connp->bytes_processed) {
446
428
case 4:
447
429
if (input_len >= 6) {
448
ssl_state->session_id_length = input[4] << 8;
449
ssl_state->session_id_length |= input[5];
430
ssl_state->curr_connp->session_id_length = input[4] << 8;
431
ssl_state->curr_connp->session_id_length |= input[5];
450
432
input += 6;
451
433
input_len -= 6;
452
ssl_state->bytes_processed += 6;
453
if (ssl_state->session_id_length == 0) {
434
ssl_state->curr_connp->bytes_processed += 6;
435
if (ssl_state->curr_connp->session_id_length == 0) {
454
436
ssl_state->flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
455
437
}
456
438
break;
457
439
} else {
458
440
input++;
459
ssl_state->bytes_processed++;
441
ssl_state->curr_connp->bytes_processed++;
460
442
if (--input_len == 0)
461
443
break;
462
444
}
463
445
case 5:
464
446
input++;
465
ssl_state->bytes_processed++;
447
ssl_state->curr_connp->bytes_processed++;
466
448
if (--input_len == 0)
467
449
break;
468
450
case 6:
469
451
input++;
470
ssl_state->bytes_processed++;
452
ssl_state->curr_connp->bytes_processed++;
471
453
if (--input_len == 0)
472
454
break;
473
455
case 7:
474
456
input++;
475
ssl_state->bytes_processed++;
457
ssl_state->curr_connp->bytes_processed++;
476
458
if (--input_len == 0)
477
459
break;
478
460
case 8:
479
ssl_state->session_id_length = *(input++) << 8;
480
ssl_state->bytes_processed++;
461
ssl_state->curr_connp->session_id_length = *(input++) << 8;
462
ssl_state->curr_connp->bytes_processed++;
481
463
if (--input_len == 0)
482
464
break;
483
465
case 9:
484
ssl_state->session_id_length |= *(input++);
485
ssl_state->bytes_processed++;
466
ssl_state->curr_connp->session_id_length |= *(input++);
467
ssl_state->curr_connp->bytes_processed++;
486
468
if (--input_len == 0)
487
469
break;
488
} /* switch (ssl_state->bytes_processed) */
470
} /* switch (ssl_state->curr_connp->bytes_processed) */
489
471
490
/* ssl_state->record_lengths_length is 3 */
472
/* ssl_state->curr_connp->record_lengths_length is 3 */
491
473
} else {
492
switch (ssl_state->bytes_processed) {
474
switch (ssl_state->curr_connp->bytes_processed) {
493
475
case 3:
494
476
if (input_len >= 6) {
495
ssl_state->session_id_length = input[4] << 8;
496
ssl_state->session_id_length |= input[5];
477
ssl_state->curr_connp->session_id_length = input[4] << 8;
478
ssl_state->curr_connp->session_id_length |= input[5];
497
479
input += 6;
498
480
input_len -= 6;
499
ssl_state->bytes_processed += 6;
500
if (ssl_state->session_id_length == 0) {
481
ssl_state->curr_connp->bytes_processed += 6;
482
if (ssl_state->curr_connp->session_id_length == 0) {
501
483
ssl_state->flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
502
484
}
503
485
break;
504
486
} else {
505
487
input++;
506
ssl_state->bytes_processed++;
488
ssl_state->curr_connp->bytes_processed++;
507
489
if (--input_len == 0)
508
490
break;
509
491
}
510
492
case 4:
511
493
input++;
512
ssl_state->bytes_processed++;
494
ssl_state->curr_connp->bytes_processed++;
513
495
if (--input_len == 0)
514
496
break;
515
497
case 5:
516
498
input++;
517
ssl_state->bytes_processed++;
499
ssl_state->curr_connp->bytes_processed++;
518
500
if (--input_len == 0)
519
501
break;
520
502
case 6:
521
503
input++;
522
ssl_state->bytes_processed++;
504
ssl_state->curr_connp->bytes_processed++;
523
505
if (--input_len == 0)
524
506
break;
525
507
case 7:
526
ssl_state->session_id_length = *(input++) << 8;
527
ssl_state->bytes_processed++;
508
ssl_state->curr_connp->session_id_length = *(input++) << 8;
509
ssl_state->curr_connp->bytes_processed++;
528
510
if (--input_len == 0)
529
511
break;
530
512
case 8:
531
ssl_state->session_id_length |= *(input++);
532
ssl_state->bytes_processed++;
513
ssl_state->curr_connp->session_id_length |= *(input++);
514
ssl_state->curr_connp->bytes_processed++;
533
515
if (--input_len == 0)
534
516
break;
535
} /* switch (ssl_state->bytes_processed) */
536
} /* else - if (ssl_state->record_lengths_length == 3) */
517
} /* switch (ssl_state->curr_connp->bytes_processed) */
518
} /* else - if (ssl_state->curr_connp->record_lengths_length == 3) */
537
519
538
520
break;
539
521
556
538
case SSLV2_MT_SERVER_VERIFY:
557
539
case SSLV2_MT_SERVER_FINISHED:
558
540
if (direction == 0 &&
559
!(ssl_state->cur_content_type & SSLV2_MT_CLIENT_CERTIFICATE)) {
541
!(ssl_state->curr_connp->content_type & SSLV2_MT_CLIENT_CERTIFICATE)) {
560
542
SCLogDebug("Incorrect SSL Record type sent in the toserver "
561
543
"direction!");
562
544
}
598
580
break;
599
581
}
600
582
601
if (input_len + ssl_state->bytes_processed >=
602
(ssl_state->record_length + ssl_state->record_lengths_length)) {
583
if (input_len + ssl_state->curr_connp->bytes_processed >=
584
(ssl_state->curr_connp->record_length + ssl_state->curr_connp->record_lengths_length)) {
603
585
/* looks like we have another record after this*/
604
uint32_t diff = ssl_state->record_length +
605
ssl_state->record_lengths_length + - ssl_state->bytes_processed;
586
uint32_t diff = ssl_state->curr_connp->record_length +
587
ssl_state->curr_connp->record_lengths_length + - ssl_state->curr_connp->bytes_processed;
606
588
input += diff;
607
589
SSLParserReset(ssl_state);
608
590
return (input - initial_input);
611
593
* currently parsing */
612
594
} else {
613
595
input += input_len;
614
ssl_state->bytes_processed += input_len;
596
ssl_state->curr_connp->bytes_processed += input_len;
615
597
return (input - initial_input);
616
598
}
617
599
}
623
605
int retval = 0;
624
606
uint32_t parsed = 0;
625
607
626
if (ssl_state->bytes_processed < SSLV3_RECORD_LEN) {
608
if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_LEN) {
627
609
retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
628
if (retval == -1) {
629
SCLogDebug("Error parsing SSLv3Header");
610
if (retval < 0) {
611
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
630
612
return -1;
631
613
} else {
632
614
parsed += retval;
638
620
return parsed;
639
621
}
640
622
641
switch (ssl_state->cur_content_type) {
623
switch (ssl_state->curr_connp->content_type) {
642
624
/* we don't need any data from these types */
643
625
case SSLV3_CHANGE_CIPHER_SPEC:
644
626
ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
662
644
pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY;
663
645
}
664
646
647
break;
648
665
649
case SSLV3_HANDSHAKE_PROTOCOL:
666
650
if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)
667
651
break;
668
652
669
653
retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed, input_len);
670
if (retval == -1) {
671
SCLogDebug("Error parsing SSLv3.x. Let's get outta here");
654
if (retval < 0) {
655
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
672
656
return -1;
673
657
} else {
658
if ((uint32_t)retval > input_len) {
659
SCLogDebug("Error parsing SSLv3.x. Reseting parser "
660
"state. Let's get outta here");
661
SSLParserReset(ssl_state);
662
return -1;
663
}
674
664
parsed += retval;
675
665
input_len -= retval;
676
if (ssl_state->bytes_processed == ssl_state->record_length + SSLV3_RECORD_LEN) {
666
if (ssl_state->curr_connp->bytes_processed == ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN) {
677
667
SSLParserReset(ssl_state);
678
668
}
679
669
return parsed;
682
672
break;
683
673
684
674
default:
685
SCLogDebug("Bad ssl record type");
686
return -1;
675
/* \todo fix the event from invalid rule to unknown rule */
676
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
677
/* we still need to parse the record */
678
break;
687
679
}
688
680
689
if (input_len + ssl_state->bytes_processed >= ssl_state->record_length + SSLV3_RECORD_LEN) {
681
if (input_len + ssl_state->curr_connp->bytes_processed >= ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN) {
690
682
/* looks like we have another record */
691
uint32_t diff = ssl_state->record_length + SSLV3_RECORD_LEN - ssl_state->bytes_processed;
683
uint32_t diff = ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN - ssl_state->curr_connp->bytes_processed;
692
684
parsed += diff;
693
685
SSLParserReset(ssl_state);
694
686
return parsed;
697
689
* currently parsing */
698
690
} else {
699
691
parsed += input_len;
700
ssl_state->bytes_processed += input_len;
692
ssl_state->curr_connp->bytes_processed += input_len;
701
693
return parsed;
702
694
}
703
695
723
715
*
724
716
* \retval >=0 On success.
725
717
*/
726
static int SSLDecode(uint8_t direction, void *alstate, AppLayerParserState *pstate,
727
uint8_t *input, uint32_t input_len)
718
static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserState *pstate,
719
uint8_t *input, uint32_t ilen)
728
720
{
729
721
SSLState *ssl_state = (SSLState *)alstate;
730
722
int retval = 0;
731
723
uint8_t counter = 0;
732
724
725
int32_t input_len = (int32_t)ilen;
726
727
ssl_state->f = f;
728
729
if (direction == 0)
730
ssl_state->curr_connp = &ssl_state->client_connp;
731
else
732
ssl_state->curr_connp = &ssl_state->server_connp;
733
733
734
/* if we have more than one record */
734
while (input_len) {
735
while (input_len > 0) {
735
736
if (counter++ == 30) {
736
737
SCLogDebug("Looks like we have looped quite a bit. Reset state "
737
738
"and get out of here");
738
739
SSLParserReset(ssl_state);
739
return 0;
740
return -1;
740
741
}
741
742
742
/* ssl_state->bytes_processed is either ways it is either 0 for a
743
/* ssl_state->bytes_processed is 0 for a
743
744
* fresh record or positive to indicate a record currently being
744
745
* parsed */
745
switch (ssl_state->bytes_processed) {
746
switch (ssl_state->curr_connp->bytes_processed) {
746
747
/* fresh record */
747
748
case 0:
748
749
/* only SSLv2, has one of the top 2 bits set */
749
750
if (input[0] & 0x80 || input[0] & 0x40) {
750
751
SCLogDebug("SSLv2 detected");
751
ssl_state->cur_ssl_version = SSL_VERSION_2;
752
ssl_state->curr_connp->version = SSL_VERSION_2;
752
753
retval = SSLv2Decode(direction, ssl_state, pstate, input,
753
754
input_len);
754
if (retval == -1) {
755
if (retval < 0) {
755
756
SCLogDebug("Error parsing SSLv2.x. Reseting parser "
756
757
"state. Let's get outta here");
757
758
SSLParserReset(ssl_state);
758
return 0;
759
return -1;
759
760
} else {
760
761
input_len -= retval;
761
762
input += retval;
762
763
}
763
764
} else {
764
765
SCLogDebug("SSLv3.x detected");
766
/* we will keep it this way till our record parser tells
767
* us what exact version it is */
768
ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
765
769
retval = SSLv3Decode(direction, ssl_state, pstate, input,
766
770
input_len);
767
if (retval == -1) {
771
if (retval < 0) {
768
772
SCLogDebug("Error parsing SSLv3.x. Reseting parser "
769
773
"state. Let's get outta here");
770
774
SSLParserReset(ssl_state);
771
return 0;
775
return -1;
772
776
} else {
773
777
input_len -= retval;
774
778
input += retval;
779
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_LEN
780
&& ssl_state->curr_connp->record_length == 0) {
781
/* empty record */
782
SSLParserReset(ssl_state);
783
}
775
784
}
776
785
}
777
786
780
789
default:
781
790
/* we would have established by now if we are dealing with
782
791
* SSLv2 or above */
783
if (ssl_state->cur_ssl_version == SSL_VERSION_2) {
792
if (ssl_state->curr_connp->version == SSL_VERSION_2) {
784
793
SCLogDebug("Continuing parsing SSLv2 record from where we "
785
794
"previously left off");
786
795
retval = SSLv2Decode(direction, ssl_state, pstate, input,
799
808
"previously left off");
800
809
retval = SSLv3Decode(direction, ssl_state, pstate, input,
801
810
input_len);
802
if (retval == -1) {
811
if (retval < 0) {
803
812
SCLogDebug("Error parsing SSLv3.x. Reseting parser "
804
813
"state. Let's get outta here");
805
814
SSLParserReset(ssl_state);
806
815
return 0;
807
816
} else {
817
if (retval > input_len) {
818
SCLogDebug("Error parsing SSLv3.x. Reseting parser "
819
"state. Let's get outta here");
820
SSLParserReset(ssl_state);
821
}
808
822
input_len -= retval;
809
823
input += retval;
824
if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_LEN
825
&& ssl_state->curr_connp->record_length == 0) {
826
/* empty record */
827
SSLParserReset(ssl_state);
828
}
810
829
}
811
830
}
812
831
813
832
break;
814
} /* switch (ssl_state->bytes_processed) */
833
} /* switch (ssl_state->curr_connp->bytes_processed) */
815
834
} /* while (input_len) */
816
835
817
836
return 1;
821
840
uint8_t *input, uint32_t input_len,
822
841
void *local_data, AppLayerParserResult *output)
823
842
{
824
return SSLDecode(0 /* toserver */, alstate, pstate, input, input_len);
843
return SSLDecode(f, 0 /* toserver */, alstate, pstate, input, input_len);
825
844
}
826
845
827
846
int SSLParseServerRecord(Flow *f, void *alstate, AppLayerParserState *pstate,
828
847
uint8_t *input, uint32_t input_len,
829
848
void *local_data, AppLayerParserResult *output)
830
849
{
831
return SSLDecode(1 /* toclient */, alstate, pstate, input, input_len);
850
return SSLDecode(f, 1 /* toclient */, alstate, pstate, input, input_len);
832
851
}
833
852
834
853
/**
851
870
*/
852
871
void SSLStateFree(void *p)
853
872
{
854
SCFree(p);
873
SSLState *ssl_state = (SSLState *)p;
874
875
if (ssl_state->client_connp.trec)
876
SCFree(ssl_state->client_connp.trec);
877
if (ssl_state->client_connp.cert0_subject)
878
SCFree(ssl_state->client_connp.cert0_subject);
879
if (ssl_state->client_connp.cert0_issuerdn)
880
SCFree(ssl_state->client_connp.cert0_issuerdn);
881
882
if (ssl_state->server_connp.trec)
883
SCFree(ssl_state->server_connp.trec);
884
if (ssl_state->server_connp.cert0_subject)
885
SCFree(ssl_state->server_connp.cert0_subject);
886
if (ssl_state->server_connp.cert0_issuerdn)
887
SCFree(ssl_state->server_connp.cert0_issuerdn);
888
889
SCFree(ssl_state);
855
890
856
891
return;
857
892
}
858
893
894
static uint16_t SSLProbingParser(uint8_t *input, uint32_t ilen)
895
{
896
/* probably a rst/fin sending an eof */
897
if (ilen == 0)
898
return ALPROTO_UNKNOWN;
899
900
/* for now just the 3 byte header ones */
901
/* \todo Detect the 2 byte ones */
902
if ((input[0] & 0x80) && (input[2] == 0x01)) {
903
return ALPROTO_TLS;
904
}
905
906
return ALPROTO_FAILED;
907
}
908
859
909
/**
860
910
* \brief Function to register the SSL protocol parser and other functions
861
911
*/
862
912
void RegisterSSLParsers(void)
863
913
{
914
char *proto_name = "tls";
915
864
916
/** SSLv2 and SSLv23*/
865
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER);
917
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 00 02|", 5, 2, STREAM_TOSERVER);
866
918
/* subsection - SSLv2 style record by client, but informing the server the max
867
919
* version it supports */
868
920
/* Updated by Anoop Saldanha. Disabled it for now. We'll get back to it
871
923
//AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|00 02|", 7, 5, STREAM_TOCLIENT);
872
924
873
925
/** SSLv3 */
874
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER);
875
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */
926
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 00|", 3, 0, STREAM_TOSERVER);
927
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 00|", 3, 0, STREAM_TOSERVER); /* client hello */
876
928
/** TLSv1 */
877
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER);
878
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */
929
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 01|", 3, 0, STREAM_TOSERVER);
930
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 01|", 3, 0, STREAM_TOSERVER); /* client hello */
879
931
/** TLSv1.1 */
880
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER);
881
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */
932
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 02|", 3, 0, STREAM_TOSERVER);
933
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 02|", 3, 0, STREAM_TOSERVER); /* client hello */
882
934
/** TLSv1.2 */
883
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER);
884
AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */
935
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|01 03 03|", 3, 0, STREAM_TOSERVER);
936
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_TLS, "|16 03 03|", 3, 0, STREAM_TOSERVER); /* client hello */
885
937
886
AppLayerRegisterProto("tls", ALPROTO_TLS, STREAM_TOSERVER,
938
AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOSERVER,
887
939
SSLParseClientRecord);
888
940
889
AppLayerRegisterProto("tls", ALPROTO_TLS, STREAM_TOCLIENT,
941
AppLayerRegisterProto(proto_name, ALPROTO_TLS, STREAM_TOCLIENT,
890
942
SSLParseServerRecord);
943
AppLayerDecoderEventsModuleRegister(ALPROTO_TLS, tls_decoder_event_table);
891
944
892
945
AppLayerRegisterStateFuncs(ALPROTO_TLS, SSLStateAlloc, SSLStateFree);
893
946
947
AppLayerRegisterProbingParser(&alp_proto_ctx,
948
443,
949
IPPROTO_TCP,
950
proto_name,
951
ALPROTO_TLS,
952
0, 3,
953
STREAM_TOSERVER,
954
APP_LAYER_PROBING_PARSER_PRIORITY_HIGH, 1,
955
SSLProbingParser);
956
894
957
/* Get the value of no reassembly option from the config file */
895
if (ConfGetBool("tls.no_reassemble", &ssl_config.no_reassemble) != 1)
958
if (ConfGetBool("tls.no-reassemble", &ssl_config.no_reassemble) != 1)
896
959
ssl_config.no_reassemble = 1;
897
960
898
961
return;
933
996
goto end;
934
997
}
935
998
936
if (ssl_state->client_content_type != 0x16) {
999
if (ssl_state->client_connp.content_type != 0x16) {
937
1000
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
938
ssl_state->client_content_type);
1001
ssl_state->client_connp.content_type);
939
1002
result = 0;
940
1003
goto end;
941
1004
}
942
1005
943
if (ssl_state->client_version != TLS_VERSION_10) {
1006
if (ssl_state->client_connp.version != TLS_VERSION_10) {
944
1007
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
945
TLS_VERSION_10, ssl_state->client_version);
1008
TLS_VERSION_10, ssl_state->client_connp.version);
946
1009
result = 0;
947
1010
goto end;
948
1011
}
989
1052
goto end;
990
1053
}
991
1054
992
if (ssl_state->client_content_type != 0x16) {
1055
if (ssl_state->client_connp.content_type != 0x16) {
993
1056
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
994
ssl_state->client_content_type);
1057
ssl_state->client_connp.content_type);
995
1058
result = 0;
996
1059
goto end;
997
1060
}
998
1061
999
if (ssl_state->client_version != TLS_VERSION_10) {
1062
if (ssl_state->client_connp.version != TLS_VERSION_10) {
1000
1063
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1001
TLS_VERSION_10, ssl_state->client_version);
1064
TLS_VERSION_10, ssl_state->client_connp.version);
1002
1065
result = 0;
1003
1066
goto end;
1004
1067
}
1054
1117
goto end;
1055
1118
}
1056
1119
1057
if (ssl_state->client_content_type != 0x16) {
1120
if (ssl_state->client_connp.content_type != 0x16) {
1058
1121
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
1059
ssl_state->client_content_type);
1122
ssl_state->client_connp.content_type);
1060
1123
result = 0;
1061
1124
goto end;
1062
1125
}
1063
1126
1064
if (ssl_state->client_version != TLS_VERSION_10) {
1127
if (ssl_state->client_connp.version != TLS_VERSION_10) {
1065
1128
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1066
TLS_VERSION_10, ssl_state->client_version);
1129
TLS_VERSION_10, ssl_state->client_connp.version);
1067
1130
result = 0;
1068
1131
goto end;
1069
1132
}
1128
1191
goto end;
1129
1192
}
1130
1193
1131
if (ssl_state->client_content_type != 0x16) {
1194
if (ssl_state->client_connp.content_type != 0x16) {
1132
1195
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
1133
ssl_state->client_content_type);
1196
ssl_state->client_connp.content_type);
1134
1197
result = 0;
1135
1198
goto end;
1136
1199
}
1137
1200
1138
if (ssl_state->client_version != TLS_VERSION_10) {
1201
if (ssl_state->client_connp.version != TLS_VERSION_10) {
1139
1202
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1140
TLS_VERSION_10, ssl_state->client_version);
1203
TLS_VERSION_10, ssl_state->client_connp.version);
1141
1204
result = 0;
1142
1205
goto end;
1143
1206
}
1211
1274
goto end;
1212
1275
}
1213
1276
1214
if (ssl_state->client_content_type != 0x17) {
1277
if (ssl_state->client_connp.content_type != 0x17) {
1215
1278
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
1216
ssl_state->client_content_type);
1279
ssl_state->client_connp.content_type);
1217
1280
result = 0;
1218
1281
goto end;
1219
1282
}
1220
1283
1221
if (ssl_state->client_version != TLS_VERSION_10) {
1284
if (ssl_state->client_connp.version != TLS_VERSION_10) {
1222
1285
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1223
TLS_VERSION_10, ssl_state->client_version);
1286
TLS_VERSION_10, ssl_state->client_connp.client_version);
1224
1287
result = 0;
1225
1288
goto end;
1226
1289
}
1307
1370
goto end;
1308
1371
}
1309
1372
1310
if (ssl_state->client_content_type != 0x17) {
1373
if (ssl_state->client_connp.content_type != 0x17) {
1311
1374
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
1312
ssl_state->client_content_type);
1375
ssl_state->client_connp._content_type);
1313
1376
result = 0;
1314
1377
goto end;
1315
1378
}
1316
1379
1317
if (ssl_state->client_version != TLS_VERSION_10) {
1380
if (ssl_state->client_connp.version != TLS_VERSION_10) {
1318
1381
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1319
TLS_VERSION_10, ssl_state->client_version);
1382
TLS_VERSION_10, ssl_state->client_connp.version);
1320
1383
result = 0;
1321
1384
goto end;
1322
1385
}
1427
1490
goto end;
1428
1491
}
1429
1492
1430
if (ssl_state->client_content_type != 0x16) {
1493
if (ssl_state->client_connp.content_type != 0x16) {
1431
1494
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
1432
ssl_state->client_content_type);
1495
ssl_state->client_connp.content_type);
1433
1496
result = 0;
1434
1497
goto end;
1435
1498
}
1436
1499
1437
if (ssl_state->client_version != TLS_VERSION_10) {
1500
if (ssl_state->client_connp.version != TLS_VERSION_10) {
1438
1501
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1439
TLS_VERSION_10, ssl_state->client_version);
1502
TLS_VERSION_10, ssl_state->client_connp.version);
1440
1503
result = 0;
1441
1504
goto end;
1442
1505
}
1501
1564
goto end;
1502
1565
}
1503
1566
1504
if (ssl_state->server_content_type != 0x16) {
1567
if (ssl_state->server_connp.content_type != 0x16) {
1505
1568
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
1506
ssl_state->server_content_type);
1569
ssl_state->server_connp.content_type);
1507
1570
result = 0;
1508
1571
goto end;
1509
1572
}
1510
1573
1511
if (ssl_state->server_version != 0x0301) {
1574
if (ssl_state->server_connp.version != 0x0301) {
1512
1575
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ", 0x0301,
1513
ssl_state->server_version);
1576
ssl_state->server_connp.version);
1514
1577
result = 0;
1515
1578
goto end;
1516
1579
}
1564
1627
goto end;
1565
1628
}
1566
1629
1567
if (ssl_state->client_content_type != 0x16) {
1630
if (ssl_state->client_connp.content_type != 0x16) {
1568
1631
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
1569
ssl_state->client_content_type);
1632
ssl_state->client_connp.content_type);
1570
1633
result = 0;
1571
1634
goto end;
1572
1635
}
1573
1636
1574
if (ssl_state->client_version != SSL_VERSION_3) {
1637
if (ssl_state->client_connp.version != SSL_VERSION_3) {
1575
1638
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1576
SSL_VERSION_3, ssl_state->client_version);
1639
SSL_VERSION_3, ssl_state->client_connp.version);
1577
1640
result = 0;
1578
1641
goto end;
1579
1642
}
1648
1711
goto end;
1649
1712
}
1650
1713
1651
if (ssl_state->client_content_type != 0x17) {
1714
if (ssl_state->client_connp.content_type != 0x17) {
1652
1715
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
1653
ssl_state->client_content_type);
1716
ssl_state->client_connp.content_type);
1654
1717
result = 0;
1655
1718
goto end;
1656
1719
}
1657
1720
1658
if (ssl_state->client_version != SSL_VERSION_3) {
1721
if (ssl_state->client_connp.version != SSL_VERSION_3) {
1659
1722
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1660
SSL_VERSION_3, ssl_state->client_version);
1723
SSL_VERSION_3, ssl_state->client_connp.version);
1661
1724
result = 0;
1662
1725
goto end;
1663
1726
}
1746
1809
goto end;
1747
1810
}
1748
1811
1749
if (ssl_state->client_content_type != 0x16) {
1812
if (ssl_state->client_connp.content_type != 0x16) {
1750
1813
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
1751
ssl_state->client_content_type);
1752
result = 0;
1753
goto end;
1754
}
1755
1756
if (ssl_state->client_version != SSL_VERSION_3) {
1757
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1758
SSL_VERSION_3, ssl_state->client_version);
1759
result = 0;
1760
goto end;
1761
}
1762
1763
if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
1764
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1765
SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
1814
ssl_state->client_connp.content_type);
1815
result = 0;
1816
goto end;
1817
}
1818
1819
if (ssl_state->client_connp.version != SSL_VERSION_3) {
1820
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1821
SSL_VERSION_3, ssl_state->client_connp.version);
1766
1822
result = 0;
1767
1823
goto end;
1768
1824
}
1831
1887
goto end;
1832
1888
}
1833
1889
1834
if (ssl_state->client_content_type != 0x16) {
1890
if (ssl_state->client_connp.content_type != 0x16) {
1835
1891
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
1836
ssl_state->client_content_type);
1837
result = 0;
1838
goto end;
1839
}
1840
1841
if (ssl_state->client_version != SSL_VERSION_3) {
1842
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1843
SSL_VERSION_3, ssl_state->client_version);
1844
result = 0;
1845
goto end;
1846
}
1847
1848
if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
1849
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1850
SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
1892
ssl_state->client_connp.content_type);
1893
result = 0;
1894
goto end;
1895
}
1896
1897
if (ssl_state->client_connp.version != SSL_VERSION_3) {
1898
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1899
SSL_VERSION_3, ssl_state->client_connp.version);
1851
1900
result = 0;
1852
1901
goto end;
1853
1902
}
1915
1964
goto end;
1916
1965
}
1917
1966
1918
if (ssl_state->client_content_type != 0x16) {
1967
if (ssl_state->client_connp.content_type != 0x16) {
1919
1968
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
1920
ssl_state->client_content_type);
1921
result = 0;
1922
goto end;
1923
}
1924
1925
if (ssl_state->client_version != SSL_VERSION_3) {
1926
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1927
SSL_VERSION_3, ssl_state->client_version);
1928
result = 0;
1929
goto end;
1930
}
1931
1932
if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
1933
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1934
SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
1969
ssl_state->client_connp.content_type);
1970
result = 0;
1971
goto end;
1972
}
1973
1974
if (ssl_state->client_connp.version != SSL_VERSION_3) {
1975
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
1976
SSL_VERSION_3, ssl_state->client_connp.version);
1935
1977
result = 0;
1936
1978
goto end;
1937
1979
}
2011
2053
goto end;
2012
2054
}
2013
2055
2014
if (ssl_state->client_content_type != 0x16) {
2056
if (ssl_state->client_connp.content_type != 0x16) {
2015
2057
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
2016
ssl_state->client_content_type);
2017
result = 0;
2018
goto end;
2019
}
2020
2021
if (ssl_state->client_version != SSL_VERSION_3) {
2022
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2023
SSL_VERSION_3, ssl_state->client_version);
2024
result = 0;
2025
goto end;
2026
}
2027
2028
if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
2029
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2030
SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
2058
ssl_state->client_connp.content_type);
2059
result = 0;
2060
goto end;
2061
}
2062
2063
if (ssl_state->client_connp.version != SSL_VERSION_3) {
2064
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2065
SSL_VERSION_3, ssl_state->client_connp.version);
2031
2066
result = 0;
2032
2067
goto end;
2033
2068
}
2119
2154
goto end;
2120
2155
}
2121
2156
2122
if (ssl_state->client_content_type != 0x16) {
2157
if (ssl_state->client_connp.content_type != 0x16) {
2123
2158
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
2124
ssl_state->client_content_type);
2125
result = 0;
2126
goto end;
2127
}
2128
2129
if (ssl_state->client_version != SSL_VERSION_3) {
2130
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2131
SSL_VERSION_3, ssl_state->client_version);
2132
result = 0;
2133
goto end;
2134
}
2135
2136
if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
2137
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2138
SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
2159
ssl_state->client_connp.content_type);
2160
result = 0;
2161
goto end;
2162
}
2163
2164
if (ssl_state->client_connp.version != SSL_VERSION_3) {
2165
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2166
SSL_VERSION_3, ssl_state->client_connp.version);
2139
2167
result = 0;
2140
2168
goto end;
2141
2169
}
2524
2552
goto end;
2525
2553
}
2526
2554
2527
if (app_state->client_content_type != SSLV2_MT_CLIENT_HELLO) {
2555
if (app_state->client_connp.content_type != SSLV2_MT_CLIENT_HELLO) {
2528
2556
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
2529
SSLV2_MT_SERVER_HELLO, app_state->client_content_type);
2557
SSLV2_MT_SERVER_HELLO, app_state->client_connp.content_type);
2530
2558
goto end;
2531
2559
}
2532
2560
2533
if (app_state->client_version != SSL_VERSION_2) {
2561
if (app_state->client_connp.version != SSL_VERSION_2) {
2534
2562
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2535
SSL_VERSION_2, app_state->client_version);
2563
SSL_VERSION_2, app_state->client_connp.version);
2536
2564
goto end;
2537
2565
}
2538
2566
2584
2612
goto end;
2585
2613
}
2586
2614
2587
if (app_state->server_content_type != SSLV2_MT_SERVER_HELLO) {
2615
if (app_state->server_connp.content_type != SSLV2_MT_SERVER_HELLO) {
2588
2616
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
2589
SSLV2_MT_SERVER_HELLO, app_state->server_content_type);
2617
SSLV2_MT_SERVER_HELLO, app_state->server_connp.content_type);
2590
2618
result = 0;
2591
2619
goto end;
2592
2620
}
2593
2621
2594
if (app_state->server_version != SSL_VERSION_2) {
2622
if (app_state->server_connp.version != SSL_VERSION_2) {
2595
2623
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2596
SSL_VERSION_2, app_state->server_version);
2624
SSL_VERSION_2, app_state->server_connp.version);
2597
2625
result = 0;
2598
2626
goto end;
2599
2627
}
2881
2909
goto end;
2882
2910
}
2883
2911
2884
if (app_state->client_content_type != SSLV2_MT_CLIENT_HELLO) {
2912
if (app_state->client_connp.content_type != SSLV2_MT_CLIENT_HELLO) {
2885
2913
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
2886
SSLV2_MT_CLIENT_HELLO, app_state->client_content_type);
2914
SSLV2_MT_CLIENT_HELLO, app_state->client_connp.content_type);
2887
2915
result = 0;
2888
2916
goto end;
2889
2917
}
2890
2918
2891
if (app_state->client_version != SSL_VERSION_2) {
2919
if (app_state->client_connp.version != SSL_VERSION_2) {
2892
2920
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2893
SSL_VERSION_2, app_state->client_version);
2921
SSL_VERSION_2, app_state->client_connp.version);
2894
2922
result = 0;
2895
2923
goto end;
2896
2924
}
2912
2940
goto end;
2913
2941
}
2914
2942
2915
if (app_state->server_content_type != SSLV3_HANDSHAKE_PROTOCOL) {
2943
if (app_state->server_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL) {
2916
2944
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
2917
SSLV3_HANDSHAKE_PROTOCOL, app_state->server_content_type);
2945
SSLV3_HANDSHAKE_PROTOCOL, app_state->server_connp.content_type);
2918
2946
result = 0;
2919
2947
goto end;
2920
2948
}
2921
2949
2922
if (app_state->server_version != SSL_VERSION_3) {
2950
if (app_state->server_connp.version != SSL_VERSION_3) {
2923
2951
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2924
SSL_VERSION_3, app_state->server_version);
2952
SSL_VERSION_3, app_state->server_connp.version);
2925
2953
result = 0;
2926
2954
goto end;
2927
2955
}
2944
2972
2945
2973
/* with multiple records the client content type hold the type from the last
2946
2974
* record */
2947
if (app_state->client_content_type != SSLV3_HANDSHAKE_PROTOCOL) {
2975
if (app_state->client_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL) {
2948
2976
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
2949
SSLV3_HANDSHAKE_PROTOCOL, app_state->client_content_type);
2977
SSLV3_HANDSHAKE_PROTOCOL, app_state->client_connp.content_type);
2950
2978
result = 0;
2951
2979
goto end;
2952
2980
}
2953
2981
2954
if (app_state->client_version != SSL_VERSION_3) {
2982
if (app_state->client_connp.version != SSL_VERSION_3) {
2955
2983
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2956
SSL_VERSION_3, app_state->client_version);
2984
SSL_VERSION_3, app_state->client_connp.version);
2957
2985
result = 0;
2958
2986
goto end;
2959
2987
}
2978
3006
2979
3007
/* with multiple records the serve content type hold the type from the last
2980
3008
* record */
2981
if (app_state->server_content_type != SSLV3_HANDSHAKE_PROTOCOL) {
3009
if (app_state->server_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL) {
2982
3010
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
2983
SSLV3_HANDSHAKE_PROTOCOL, app_state->server_content_type);
3011
SSLV3_HANDSHAKE_PROTOCOL, app_state->server_connp.content_type);
2984
3012
result = 0;
2985
3013
goto end;
2986
3014
}
2987
3015
2988
if (app_state->server_version != SSL_VERSION_3) {
3016
if (app_state->server_connp.version != SSL_VERSION_3) {
2989
3017
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
2990
SSL_VERSION_3, app_state->server_version);
3018
SSL_VERSION_3, app_state->server_connp.version);
2991
3019
result = 0;
2992
3020
goto end;
2993
3021
}
3011
3039
goto end;
3012
3040
}
3013
3041
3014
if (app_state->client_content_type != SSLV3_APPLICATION_PROTOCOL) {
3042
if (app_state->client_connp.content_type != SSLV3_APPLICATION_PROTOCOL) {
3015
3043
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
3016
SSLV3_APPLICATION_PROTOCOL, app_state->client_content_type);
3044
SSLV3_APPLICATION_PROTOCOL, app_state->client_connp.content_type);
3017
3045
result = 0;
3018
3046
goto end;
3019
3047
}
3020
3048
3021
if (app_state->client_version != SSL_VERSION_3) {
3049
if (app_state->client_connp.version != SSL_VERSION_3) {
3022
3050
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
3023
SSL_VERSION_3, app_state->client_version);
3051
SSL_VERSION_3, app_state->client_connp.version);
3024
3052
result = 0;
3025
3053
goto end;
3026
3054
}
3118
3146
goto end;
3119
3147
}
3120
3148
3121
if (ssl_state->client_content_type != 0x16) {
3149
if (ssl_state->client_connp.content_type != 0x16) {
3122
3150
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
3123
ssl_state->client_content_type);
3124
result = 0;
3125
goto end;
3126
}
3127
3128
if (ssl_state->client_version != SSL_VERSION_3) {
3129
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
3130
SSL_VERSION_3, ssl_state->client_version);
3131
result = 0;
3132
goto end;
3133
}
3134
3135
if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
3136
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
3137
SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
3151
ssl_state->client_connp.content_type);
3152
result = 0;
3153
goto end;
3154
}
3155
3156
if (ssl_state->client_connp.version != SSL_VERSION_3) {
3157
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
3158
SSL_VERSION_3, ssl_state->client_connp.version);
3138
3159
result = 0;
3139
3160
goto end;
3140
3161
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1