diff options
author | Bill Meier <wmeier@newsguy.com> | 2012-05-07 22:11:34 +0000 |
---|---|---|
committer | Bill Meier <wmeier@newsguy.com> | 2012-05-07 22:11:34 +0000 |
commit | c055ca8c7e2457c348d5ae22e3b779b99a11ffec (patch) | |
tree | 2aee6168b7f96c0437a0c388646b7dd19030de0c /epan/dissectors/packet-ssl-utils.c | |
parent | 8d33dddd11955bb267cc2f747279c91f1a381beb (diff) |
General minor cleanup including:
- remove unneeded #includes;
- use val_to_str_const() as appropriate;
- reformat hf[] entries;
- reformat long lines;
- use #if 0/#endif to coment out code instead of /* ... */;
- remove boilerplate comments;
- whitespace & indentation
svn path=/trunk/; revision=42487
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.c')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 740 |
1 files changed, 374 insertions, 366 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 552a537e57..2302a071ab 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -351,15 +351,15 @@ value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_ const value_string ssl_extension_curves[] = { - { 1, "sect163k1" }, - { 2, "sect163r1" }, - { 3, "sect163r2" }, - { 4, "sect193r1" }, - { 5, "sect193r2" }, - { 6, "sect233k1" }, - { 7, "sect233r1" }, - { 8, "sect239k1" }, - { 9, "sect283k1" }, + { 1, "sect163k1" }, + { 2, "sect163r1" }, + { 3, "sect163r2" }, + { 4, "sect193r1" }, + { 5, "sect193r2" }, + { 6, "sect233k1" }, + { 7, "sect233r1" }, + { 8, "sect239k1" }, + { 9, "sect283k1" }, { 10, "sect283r1" }, { 11, "sect409k1" }, { 12, "sect409r1" }, @@ -438,29 +438,29 @@ const value_string ssl_31_alert_level[] = { }; const value_string ssl_31_alert_description[] = { - { 0, "Close Notify" }, - { 10, "Unexpected Message" }, - { 20, "Bad Record MAC" }, - { 21, "Decryption Failed" }, - { 22, "Record Overflow" }, - { 30, "Decompression Failure" }, - { 40, "Handshake Failure" }, - { 41, "No Certificate" }, - { 42, "Bad Certificate" }, - { 43, "Unsupported Certificate" }, - { 44, "Certificate Revoked" }, - { 45, "Certificate Expired" }, - { 46, "Certificate Unknown" }, - { 47, "Illegal Parameter" }, - { 48, "Unknown CA" }, - { 49, "Access Denied" }, - { 50, "Decode Error" }, - { 51, "Decrypt Error" }, - { 60, "Export Restriction" }, - { 70, "Protocol Version" }, - { 71, "Insufficient Security" }, - { 80, "Internal Error" }, - { 90, "User Canceled" }, + { 0, "Close Notify" }, + { 10, "Unexpected Message" }, + { 20, "Bad Record MAC" }, + { 21, "Decryption Failed" }, + { 22, "Record Overflow" }, + { 30, "Decompression Failure" }, + { 40, "Handshake Failure" }, + { 41, "No Certificate" }, + { 42, "Bad Certificate" }, + { 43, "Unsupported Certificate" }, + { 44, "Certificate Revoked" }, + { 45, "Certificate Expired" }, + { 46, "Certificate Unknown" }, + { 47, "Illegal Parameter" }, + { 48, "Unknown CA" }, + { 49, "Access Denied" }, + { 50, "Decode Error" }, + { 51, "Decrypt Error" }, + { 60, "Export Restriction" }, + { 70, "Protocol Version" }, + { 71, "Insufficient Security" }, + { 80, "Internal Error" }, + { 90, "User Canceled" }, { 100, "No Renegotiation" }, { 110, "Unsupported Extension" }, { 111, "Certificate Unobtainable" }, @@ -501,8 +501,8 @@ const value_string tls_heartbeat_mode[] = { }; const value_string ssl_31_compression_method[] = { - { 0, "null" }, - { 1, "DEFLATE" }, + { 0, "null" }, + { 1, "DEFLATE" }, { 64, "LZS" }, { 0x00, NULL } }; @@ -975,192 +975,192 @@ struct _SslDecompress { 0 indicates unknown */ gint ssl_get_keyex_alg(gint cipher) { - switch(cipher) { - case 0x0001: - case 0x0002: - case 0x0003: - case 0x0004: - case 0x0005: - case 0x0006: - case 0x0007: - case 0x0008: - case 0x0009: - case 0x000a: - case 0x002e: - case 0x002f: - case 0x0035: - case 0x003b: - case 0x003c: - case 0x003d: - case 0x0041: - case 0x0060: - case 0x0061: - case 0x0062: - case 0x0064: - case 0x0084: - case 0x0092: - case 0x0093: - case 0x0094: - case 0x0095: - case 0x0096: - case 0x009c: - case 0x009d: - case 0x00ac: - case 0x00ad: - case 0x00b6: - case 0x00b7: - case 0x00b8: - case 0x00b9: - case 0x00ba: - case 0x00c0: - case 0xfefe: - case 0xfeff: - case 0xffe0: - case 0xffe1: - return KEX_RSA; - case 0x000b: - case 0x000c: - case 0x000d: - case 0x000e: - case 0x000f: - case 0x0010: - case 0x0011: - case 0x0012: - case 0x0013: - case 0x0014: - case 0x0015: - case 0x0016: - case 0x0017: - case 0x0018: - case 0x0019: - case 0x001a: - case 0x001b: - case 0x002d: - case 0x0030: - case 0x0031: - case 0x0032: - case 0x0033: - case 0x0034: - case 0x0036: - case 0x0037: - case 0x0038: - case 0x0039: - case 0x003a: - case 0x003e: - case 0x003f: - case 0x0040: - case 0x0042: - case 0x0043: - case 0x0044: - case 0x0045: - case 0x0046: - case 0x0063: - case 0x0065: - case 0x0066: - case 0x0067: - case 0x0068: - case 0x0069: - case 0x006a: - case 0x006b: - case 0x006c: - case 0x006d: - case 0x0085: - case 0x0086: - case 0x0087: - case 0x0088: - case 0x0089: - case 0x008e: - case 0x008f: - case 0x0090: - case 0x0091: - case 0x0097: - case 0x0098: - case 0x0099: - case 0x009a: - case 0x009b: - case 0x009e: - case 0x009f: - case 0x00a0: - case 0x00a1: - case 0x00a2: - case 0x00a3: - case 0x00a4: - case 0x00a5: - case 0x00a6: - case 0x00a7: - case 0x00aa: - case 0x00ab: - case 0x00b2: - case 0x00b3: - case 0x00b4: - case 0x00b5: - case 0x00bb: - case 0x00bc: - case 0x00bd: - case 0x00be: - case 0x00bf: - case 0x00c1: - case 0x00c2: - case 0x00c3: - case 0x00c4: - case 0x00c5: - return KEX_DH; - case 0xc001: - case 0xc002: - case 0xc003: - case 0xc004: - case 0xc005: - case 0xc006: - case 0xc007: - case 0xc008: - case 0xc009: - case 0xc00a: - case 0xc00b: - case 0xc00c: - case 0xc00d: - case 0xc00e: - case 0xc00f: - case 0xc010: - case 0xc011: - case 0xc012: - case 0xc013: - case 0xc014: - case 0xc015: - case 0xc016: - case 0xc017: - case 0xc018: - case 0xc019: - case 0xc023: - case 0xc024: - case 0xc025: - case 0xc026: - case 0xc027: - case 0xc028: - case 0xc029: - case 0xc02a: - case 0xc02b: - case 0xc02c: - case 0xc02d: - case 0xc02e: - case 0xc02f: - case 0xc030: - case 0xc031: - case 0xc032: - case 0xc033: - case 0xc034: - case 0xc035: - case 0xc036: - case 0xc037: - case 0xc038: - case 0xc039: - case 0xc03a: - case 0xc03b: - return KEX_ECDH; - default: - break; - } - - return 0; + switch(cipher) { + case 0x0001: + case 0x0002: + case 0x0003: + case 0x0004: + case 0x0005: + case 0x0006: + case 0x0007: + case 0x0008: + case 0x0009: + case 0x000a: + case 0x002e: + case 0x002f: + case 0x0035: + case 0x003b: + case 0x003c: + case 0x003d: + case 0x0041: + case 0x0060: + case 0x0061: + case 0x0062: + case 0x0064: + case 0x0084: + case 0x0092: + case 0x0093: + case 0x0094: + case 0x0095: + case 0x0096: + case 0x009c: + case 0x009d: + case 0x00ac: + case 0x00ad: + case 0x00b6: + case 0x00b7: + case 0x00b8: + case 0x00b9: + case 0x00ba: + case 0x00c0: + case 0xfefe: + case 0xfeff: + case 0xffe0: + case 0xffe1: + return KEX_RSA; + case 0x000b: + case 0x000c: + case 0x000d: + case 0x000e: + case 0x000f: + case 0x0010: + case 0x0011: + case 0x0012: + case 0x0013: + case 0x0014: + case 0x0015: + case 0x0016: + case 0x0017: + case 0x0018: + case 0x0019: + case 0x001a: + case 0x001b: + case 0x002d: + case 0x0030: + case 0x0031: + case 0x0032: + case 0x0033: + case 0x0034: + case 0x0036: + case 0x0037: + case 0x0038: + case 0x0039: + case 0x003a: + case 0x003e: + case 0x003f: + case 0x0040: + case 0x0042: + case 0x0043: + case 0x0044: + case 0x0045: + case 0x0046: + case 0x0063: + case 0x0065: + case 0x0066: + case 0x0067: + case 0x0068: + case 0x0069: + case 0x006a: + case 0x006b: + case 0x006c: + case 0x006d: + case 0x0085: + case 0x0086: + case 0x0087: + case 0x0088: + case 0x0089: + case 0x008e: + case 0x008f: + case 0x0090: + case 0x0091: + case 0x0097: + case 0x0098: + case 0x0099: + case 0x009a: + case 0x009b: + case 0x009e: + case 0x009f: + case 0x00a0: + case 0x00a1: + case 0x00a2: + case 0x00a3: + case 0x00a4: + case 0x00a5: + case 0x00a6: + case 0x00a7: + case 0x00aa: + case 0x00ab: + case 0x00b2: + case 0x00b3: + case 0x00b4: + case 0x00b5: + case 0x00bb: + case 0x00bc: + case 0x00bd: + case 0x00be: + case 0x00bf: + case 0x00c1: + case 0x00c2: + case 0x00c3: + case 0x00c4: + case 0x00c5: + return KEX_DH; + case 0xc001: + case 0xc002: + case 0xc003: + case 0xc004: + case 0xc005: + case 0xc006: + case 0xc007: + case 0xc008: + case 0xc009: + case 0xc00a: + case 0xc00b: + case 0xc00c: + case 0xc00d: + case 0xc00e: + case 0xc00f: + case 0xc010: + case 0xc011: + case 0xc012: + case 0xc013: + case 0xc014: + case 0xc015: + case 0xc016: + case 0xc017: + case 0xc018: + case 0xc019: + case 0xc023: + case 0xc024: + case 0xc025: + case 0xc026: + case 0xc027: + case 0xc028: + case 0xc029: + case 0xc02a: + case 0xc02b: + case 0xc02c: + case 0xc02d: + case 0xc02e: + case 0xc02f: + case 0xc030: + case 0xc031: + case 0xc032: + case 0xc033: + case 0xc034: + case 0xc035: + case 0xc036: + case 0xc037: + case 0xc038: + case 0xc039: + case 0xc03a: + case 0xc03b: + return KEX_ECDH; + default: + break; + } + + return 0; } @@ -1195,8 +1195,9 @@ static gint ver_major, ver_minor, ver_patch; static inline gint ssl_hmac_init(SSL_HMAC* md, const void * key, gint len, gint algo) { - gcry_error_t err; - const char *err_str, *err_src; + gcry_error_t err; + const char *err_str, *err_src; + err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC); if (err != 0) { err_str = gcry_strerror(err); @@ -1215,12 +1216,13 @@ ssl_hmac_update(SSL_HMAC* md, const void* data, gint len) static inline void ssl_hmac_final(SSL_HMAC* md, guchar* data, guint* datalen) { - gint algo; + gint algo; guint len; + algo = gcry_md_get_algo (*(md)); - len = gcry_md_get_algo_dlen(algo); + len = gcry_md_get_algo_dlen(algo); memcpy(data, gcry_md_read(*(md), algo), len); - *datalen =len; + *datalen = len; } static inline void ssl_hmac_cleanup(SSL_HMAC* md) @@ -1234,8 +1236,8 @@ ssl_hmac_cleanup(SSL_HMAC* md) static inline gint ssl_md_init(SSL_MD* md, gint algo) { - gcry_error_t err; - const char *err_str, *err_src; + gcry_error_t err; + const char *err_str, *err_src; err = gcry_md_open(md,algo, 0); if (err != 0) { err_str = gcry_strerror(err); @@ -1284,7 +1286,7 @@ static inline void ssl_sha_final(guchar* buf, SSL_SHA_CTX* md) { memcpy(buf, gcry_md_read(*(md), GCRY_MD_SHA1), - gcry_md_get_algo_dlen(GCRY_MD_SHA1)); + gcry_md_get_algo_dlen(GCRY_MD_SHA1)); } static inline void ssl_sha_cleanup(SSL_SHA_CTX* md) @@ -1306,7 +1308,7 @@ static inline void ssl_md5_final(guchar* buf, SSL_MD5_CTX* md) { memcpy(buf, gcry_md_read(*(md), GCRY_MD_MD5), - gcry_md_get_algo_dlen(GCRY_MD_MD5)); + gcry_md_get_algo_dlen(GCRY_MD_MD5)); } static inline void ssl_md5_cleanup(SSL_MD5_CTX* md) @@ -1317,27 +1319,30 @@ ssl_md5_cleanup(SSL_MD5_CTX* md) gint ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, guchar* iv, gint iv_len) { - /* guchar * ivp; */ gint ret; - /* gint i; */ - /* gcry_cipher_hd_t c; */ - /*c=(gcry_cipher_hd_t)*cipher;*/ - +#if 0 + guchar *ivp; + gint i; + gcry_cipher_hd_t c; + c=(gcry_cipher_hd_t)*cipher; +#endif ssl_debug_printf("--------------------------------------------------------------------"); - /*for(ivp=c->iv,i=0; i < iv_len; i++ ) +#if 0 + for(ivp=c->iv,i=0; i < iv_len; i++ ) { ssl_debug_printf("%d ",ivp[i]); i++; } - */ +#endif ssl_debug_printf("--------------------------------------------------------------------"); ret = gcry_cipher_setiv(*(cipher), iv, iv_len); - /*for(ivp=c->iv,i=0; i < iv_len; i++ ) +#if 0 + for(ivp=c->iv,i=0; i < iv_len; i++ ) { ssl_debug_printf("%d ",ivp[i]); i++; } - */ +#endif ssl_debug_printf("--------------------------------------------------------------------"); return ret; } @@ -1408,9 +1413,9 @@ _gcry_rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data, const gchar* ssl_private_key_to_str(SSL_PRIVATE_KEY* pk) { - const gchar *str="NULL"; - size_t n; - gchar *buf; + const gchar *str = "NULL"; + size_t n; + gchar *buf; if (!pk) return str; #ifndef SSL_FAST @@ -1430,16 +1435,16 @@ ssl_private_key_to_str(SSL_PRIVATE_KEY* pk) int ssl_private_decrypt(guint len, guchar* encr_data, SSL_PRIVATE_KEY* pk) { - gint rc; - size_t decr_len; - gcry_sexp_t s_data, s_plain; - gcry_mpi_t encr_mpi; - size_t i, encr_len; - guchar* decr_data_ptr; - gcry_mpi_t text; + gint rc; + size_t decr_len; + gcry_sexp_t s_data, s_plain; + gcry_mpi_t encr_mpi; + size_t i, encr_len; + guchar* decr_data_ptr; + gcry_mpi_t text; decr_len = 0; encr_len = len; - text=NULL; + text = NULL; /* build up a mpi rappresentation for encrypted data */ rc = gcry_mpi_scan(&encr_mpi, GCRYMPI_FMT_USG,encr_data, encr_len, &encr_len); @@ -1693,15 +1698,15 @@ ssl_find_cipher(int num,SslCipherSuite* cs) static gint tls_hash(StringInfo* secret, StringInfo* seed, gint md, StringInfo* out) { - guint8 *ptr; - guint left; - gint tocpy; - guint8 *A; - guint8 _A[48],tmp[48]; - guint A_l,tmp_l; - SSL_HMAC hm; - ptr=out->data; - left=out->data_len; + guint8 *ptr; + guint left; + gint tocpy; + guint8 *A; + guint8 _A[48],tmp[48]; + guint A_l,tmp_l; + SSL_HMAC hm; + ptr = out->data; + left = out->data_len; ssl_print_string("tls_hash: hash secret", secret); @@ -1736,12 +1741,12 @@ static gint tls_prf(StringInfo* secret, const gchar *usage, StringInfo* rnd1, StringInfo* rnd2, StringInfo* out) { - StringInfo seed, sha_out, md5_out; - guint8 *ptr; - StringInfo s1, s2; - guint i,s_l, r; - size_t usage_len; - r=-1; + StringInfo seed, sha_out, md5_out; + guint8 *ptr; + StringInfo s1, s2; + guint i,s_l, r; + size_t usage_len; + r = -1; usage_len = strlen(usage); /* initalize buffer for sha, md5 random seed*/ @@ -1810,7 +1815,7 @@ static gint tls12_prf(gint md, StringInfo* secret, const gchar* usage, StringInfo* rnd1, StringInfo* rnd2, StringInfo* out) { StringInfo label_seed; - size_t usage_len; + size_t usage_len; usage_len = strlen(usage); if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2->data_len) < 0) { @@ -1835,7 +1840,7 @@ ssl3_generate_export_iv(StringInfo* r1, StringInfo* r2, StringInfo* out) { SSL_MD5_CTX md5; - guint8 tmp[16]; + guint8 tmp[16]; ssl_md5_init(&md5); ssl_md5_update(&md5,r1->data,r1->data_len); @@ -1854,12 +1859,12 @@ ssl3_prf(StringInfo* secret, const gchar* usage, StringInfo* r1, StringInfo* r2,StringInfo* out) { - SSL_MD5_CTX md5; - SSL_SHA_CTX sha; - StringInfo *rnd1,*rnd2; - guint off; - gint i=0,j; - guint8 buf[20]; + SSL_MD5_CTX md5; + SSL_SHA_CTX sha; + StringInfo *rnd1,*rnd2; + guint off; + gint i = 0,j; + guint8 buf[20]; rnd1=r1; rnd2=r2; @@ -1989,7 +1994,7 @@ ssl_create_decoder(SslCipherSuite *cipher_suite, gint compression, guint8 *mk, guint8 *sk, guint8 *iv) { SslDecoder *dec; - gint ciph; + gint ciph; dec = se_alloc0(sizeof(SslDecoder)); /* Find the SSLeay cipher */ @@ -2032,11 +2037,11 @@ ssl_create_decoder(SslCipherSuite *cipher_suite, gint compression, int ssl_generate_keyring_material(SslDecryptSession*ssl_session) { - StringInfo key_block; - guint8 _iv_c[MAX_BLOCK_SIZE],_iv_s[MAX_BLOCK_SIZE]; - guint8 _key_c[MAX_KEY_SIZE],_key_s[MAX_KEY_SIZE]; - gint needed; - guint8 *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv = _iv_c,*s_iv = _iv_s; + StringInfo key_block; + guint8 _iv_c[MAX_BLOCK_SIZE],_iv_s[MAX_BLOCK_SIZE]; + guint8 _key_c[MAX_KEY_SIZE],_key_s[MAX_KEY_SIZE]; + gint needed; + guint8 *ptr,*c_wk,*s_wk,*c_mk,*s_mk,*c_iv = _iv_c,*s_iv = _iv_s; /* check for enough info to proced */ guint need_all = SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION; @@ -2327,10 +2332,10 @@ tls_check_mac(SslDecoder*decoder, gint ct, gint ver, guint8* data, guint32 datalen, guint8* mac) { SSL_HMAC hm; - gint md; - guint32 len; - guint8 buf[48]; - gint16 temp; + gint md; + guint32 len; + guint8 buf[48]; + gint16 temp; md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]); ssl_debug_printf("tls_check_mac mac type:%s md %d\n", @@ -2376,12 +2381,12 @@ int ssl3_check_mac(SslDecoder*decoder,int ct,guint8* data, guint32 datalen, guint8* mac) { - SSL_MD mc; - gint md; + SSL_MD mc; + gint md; guint32 len; - guint8 buf[64],dgst[20]; - gint pad_ct; - gint16 temp; + guint8 buf[64],dgst[20]; + gint pad_ct; + gint16 temp; pad_ct=(decoder->cipher_suite->dig==DIG_SHA)?40:48; @@ -2441,10 +2446,10 @@ dtls_check_mac(SslDecoder*decoder, gint ct,int ver, guint8* data, guint32 datalen, guint8* mac) { SSL_HMAC hm; - gint md; - guint32 len; - guint8 buf[20]; - gint16 temp; + gint md; + guint32 len; + guint8 buf[20]; + gint16 temp; md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]); ssl_debug_printf("dtls_check_mac mac type:%s md %d\n", @@ -2526,7 +2531,7 @@ int ssl_decrypt_record(SslDecryptSession*ssl,SslDecoder* decoder, gint ct, const guchar* in, guint inl, StringInfo* comp_str, StringInfo* out_str, guint* outl) { - guint pad, worklen, uncomplen; + guint pad, worklen, uncomplen; guint8 *mac; ssl_debug_printf("ssl_decrypt_record ciphertext len %d\n", inl); @@ -2584,13 +2589,13 @@ ssl_decrypt_record(SslDecryptSession*ssl,SslDecoder* decoder, gint ct, worklen, ssl->version_netorder, ct, decoder->seq); if(ssl->version_netorder==SSLV3_VERSION){ if(ssl3_check_mac(decoder,ct,out_str->data,worklen,mac) < 0) { - if(ssl_ignore_mac_failed) { - ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); + if(ssl_ignore_mac_failed) { + ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); + } + else{ + ssl_debug_printf("ssl_decrypt_record: mac failed\n"); + return -1; } - else{ - ssl_debug_printf("ssl_decrypt_record: mac failed\n"); - return -1; - } } else{ ssl_debug_printf("ssl_decrypt_record: mac ok\n"); @@ -2598,13 +2603,13 @@ ssl_decrypt_record(SslDecryptSession*ssl,SslDecoder* decoder, gint ct, } else if(ssl->version_netorder==TLSV1_VERSION || ssl->version_netorder==TLSV1DOT1_VERSION || ssl->version_netorder==TLSV1DOT2_VERSION){ if(tls_check_mac(decoder,ct,ssl->version_netorder,out_str->data,worklen,mac)< 0) { - if(ssl_ignore_mac_failed) { - ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); + if(ssl_ignore_mac_failed) { + ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); + } + else{ + ssl_debug_printf("ssl_decrypt_record: mac failed\n"); + return -1; } - else{ - ssl_debug_printf("ssl_decrypt_record: mac failed\n"); - return -1; - } } else{ ssl_debug_printf("ssl_decrypt_record: mac ok\n"); @@ -2629,19 +2634,19 @@ ssl_decrypt_record(SslDecryptSession*ssl,SslDecoder* decoder, gint ct, } } - *outl = worklen; + *outl = worklen; if (decoder->compression > 0) { - ssl_debug_printf("ssl_decrypt_record: compression method %d\n", decoder->compression); - ssl_data_copy(comp_str, out_str); - ssl_print_data("Plaintext compressed", comp_str->data, worklen); - if (!decoder->decomp) { - ssl_debug_printf("decrypt_ssl3_record: no decoder available\n"); - return -1; - } - if (ssl_decompress_record(decoder->decomp, comp_str->data, worklen, out_str, &uncomplen) < 0) return -1; - ssl_print_data("Plaintext uncompressed", out_str->data, uncomplen); - *outl = uncomplen; + ssl_debug_printf("ssl_decrypt_record: compression method %d\n", decoder->compression); + ssl_data_copy(comp_str, out_str); + ssl_print_data("Plaintext compressed", comp_str->data, worklen); + if (!decoder->decomp) { + ssl_debug_printf("decrypt_ssl3_record: no decoder available\n"); + return -1; + } + if (ssl_decompress_record(decoder->decomp, comp_str->data, worklen, out_str, &uncomplen) < 0) return -1; + ssl_print_data("Plaintext uncompressed", out_str->data, uncomplen); + *outl = uncomplen; } return 0; @@ -2660,13 +2665,13 @@ SSL_PRIVATE_KEY* ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key) { gnutls_datum_t rsa_datum[RSA_PARS]; /* m, e, d, p, q, u */ - size_t tmp_size; - gcry_sexp_t rsa_priv_key = NULL; - gint major, minor, patch; - gint i, p_idx, q_idx; - int ret; - size_t buf_len; - unsigned char buf_keyid[32]; + size_t tmp_size; + gcry_sexp_t rsa_priv_key = NULL; + gint major, minor, patch; + gint i, p_idx, q_idx; + int ret; + size_t buf_len; + unsigned char buf_keyid[32]; #ifdef SSL_FAST gcry_mpi_t* rsa_params = g_malloc(sizeof(gcry_mpi_t)*RSA_PARS); @@ -2722,7 +2727,7 @@ ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key) ssl_get_version(&major, &minor, &patch); /* certain versions of gnutls require swap of rsa params 'p' and 'q' */ - if ((major <= 1) && (minor <= 0) && (patch <=13)) + if ((major <= 1) && (minor <= 0) && (patch <= 13)) { gcry_mpi_t tmp; ssl_debug_printf("ssl_load_key: swapping p and q parameters\n"); @@ -2755,14 +2760,14 @@ ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key) Ssl_private_key_t * ssl_load_key(FILE* fp) { - /* gnutls make our work much harded, since we have to work internally with - * s-exp formatted data, but PEM loader export only in "gnutls_datum" + /* gnutls makes our work much harder, since we have to work internally with + * s-exp formatted data, but PEM loader exports only in "gnutls_datum" * format, and a datum -> s-exp convertion function does not exist. */ gnutls_x509_privkey_t priv_key; - gnutls_datum key; - gint size; - guint bytes; + gnutls_datum key; + gint size; + guint bytes; Ssl_private_key_t *private_key = g_malloc0(sizeof(Ssl_private_key_t)); @@ -2839,16 +2844,16 @@ BAGTYPE(gnutls_pkcs12_bag_type_t x) { Ssl_private_key_t * ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd) { - int i, j, ret; - int rest; - unsigned char *p; - gnutls_datum_t data; - gnutls_pkcs12_bag_t bag = NULL; - gnutls_pkcs12_bag_type_t bag_type; - size_t len, buf_len; - static char buf_name[256]; - static char buf_email[128]; - unsigned char buf_keyid[32]; + int i, j, ret; + int rest; + unsigned char *p; + gnutls_datum_t data; + gnutls_pkcs12_bag_t bag = NULL; + gnutls_pkcs12_bag_type_t bag_type; + size_t len, buf_len; + static char buf_name[256]; + static char buf_email[128]; + unsigned char buf_keyid[32]; gnutls_pkcs12_t ssl_p12 = NULL; gnutls_x509_crt_t ssl_cert = NULL; @@ -3016,8 +3021,8 @@ void ssl_free_key(Ssl_private_key_t* key) gint ssl_find_private_key(SslDecryptSession *ssl_session, GHashTable *key_hash, GTree* associations, packet_info *pinfo) { SslService dummy; - char ip_addr_any[] = {0,0,0,0}; - guint32 port = 0; + char ip_addr_any[] = {0,0,0,0}; + guint32 port = 0; Ssl_private_key_t * private_key; /* we need to know which side of the conversation is speaking */ @@ -3249,12 +3254,13 @@ guint ssl_private_key_hash (gconstpointer v) { const SslService *key; - guint l, hash, len ; + guint l, hash, len ; const guint* cur; - key = (const SslService *)v; + + key = (const SslService *)v; hash = key->port; - len = key->addr.len; - cur = (const guint*) key->addr.data; + len = key->addr.len; + cur = (const guint*) key->addr.data; for (l=4; (l<len); l+=4, cur++) hash = hash ^ (*cur); @@ -3337,7 +3343,7 @@ SslAssociation* ssl_association_find(GTree * associations, guint port, gboolean tcp) { register SslAssociation* ret; - SslAssociation assoc_tmp; + SslAssociation assoc_tmp; assoc_tmp.tcp = tcp; assoc_tmp.ssl_port = port; @@ -3373,7 +3379,7 @@ ssl_packet_from_server(SslDecryptSession* ssl, GTree* associations, packet_info void ssl_add_record_info(gint proto, packet_info *pinfo, guchar* data, gint data_len, gint record_id) { - guchar* real_data; + guchar* real_data; SslRecordInfo* rec; SslPacketInfo* pi; @@ -3419,7 +3425,7 @@ ssl_get_record_info(tvbuff_t *parent_tvb, int proto, packet_info *pinfo, gint re void ssl_add_data_info(gint proto, packet_info *pinfo, guchar* data, gint data_len, gint key, SslFlow *flow) { - SslDataInfo *rec, **prec; + SslDataInfo *rec, **prec; SslPacketInfo *pi; pi = p_get_proto_data(pinfo->fd, proto); @@ -3455,7 +3461,7 @@ ssl_add_data_info(gint proto, packet_info *pinfo, guchar* data, gint data_len, g SslDataInfo* ssl_get_data_info(int proto, packet_info *pinfo, gint key) { - SslDataInfo* rec; + SslDataInfo* rec; SslPacketInfo* pi; pi = p_get_proto_data(pinfo->fd, proto); @@ -3489,11 +3495,11 @@ ssl_common_init(GHashTable **session_hash, StringInfo *decrypted_data, StringInf void ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree* associations, dissector_handle_t handle, gboolean tcp) { - SslService* service; - Ssl_private_key_t * private_key, *tmp_private_key; - FILE* fp = NULL; - guint32 addr_data[4]; - int addr_len, at; + SslService* service; + Ssl_private_key_t* private_key, *tmp_private_key; + FILE* fp = NULL; + guint32 addr_data[4]; + int addr_len, at; address_type addr_type[2] = { AT_IPv4, AT_IPv6 }; /* try to load keys file first */ @@ -3614,7 +3620,7 @@ ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash) int ssl_is_valid_content_type(guint8 type) { - if (type >= 0x14 && type <= 0x18) + if ((type >= 0x14) && (type <= 0x18)) { return 1; } @@ -3624,11 +3630,11 @@ ssl_is_valid_content_type(guint8 type) static guint8 from_hex_char(gchar c) { - if (c >= '0' && c <= '9') + if ((c >= '0') && (c <= '9')) return c - '0'; - if (c >= 'A' && c <= 'F') + if ((c >= 'A') && (c <= 'F')) return c - 'A' + 10; - if (c >= 'a' && c <= 'f') + if ((c >= 'a') && (c <= 'f')) return c - 'a' + 10; return 16; } @@ -3637,10 +3643,11 @@ int ssl_keylog_lookup(SslDecryptSession* ssl_session, const gchar* ssl_keylog_filename, StringInfo* encrypted_pre_master) { + static const unsigned int kRSAPremasterLength = 48; /* RFC5246 7.4.7.1 */ FILE* ssl_keylog; gsize bytes_read; - int ret = -1; + int ret = -1; ssl_debug_printf("trying to use SSL keylog in %s\n", ssl_keylog_filename); @@ -3686,7 +3693,7 @@ ssl_keylog_lookup(SslDecryptSession* ssl_session, offset = 4; - if ( ssl_session->session_id.data_len>0 && memcmp(line+offset,"Session-ID:",11) == 0 ) { + if ( (ssl_session->session_id.data_len > 0) && (memcmp(line+offset,"Session-ID:",11) == 0) ) { offset += 11; for (i = 0; i < ssl_session->session_id.data_len; i++) { if (from_hex_char(line[offset + i*2]) != (ssl_session->session_id.data[i] >> 4) || @@ -3792,9 +3799,10 @@ void ssl_set_debug(const gchar* name) { static gint debug_file_must_be_closed; - gint use_stderr; + gint use_stderr; + debug_file_must_be_closed = 0; - use_stderr = name?(strcmp(name, SSL_DEBUG_USE_STDERR) == 0):0; + use_stderr = name?(strcmp(name, SSL_DEBUG_USE_STDERR) == 0):0; if (debug_file_must_be_closed) fclose(ssl_debug_file); @@ -3849,7 +3857,7 @@ ssl_print_data(const gchar* name, const guchar* data, size_t len) return; fprintf(ssl_debug_file,"%s[%d]:\n",name, (int) len); for (i=0; i< len; i++) { - if ((i>0) && (i%16 == 0)) + if ((i > 0) && (i%16 == 0)) fprintf(ssl_debug_file,"\n"); fprintf(ssl_debug_file,"%.2x ",data[i]&255); } @@ -3934,12 +3942,12 @@ ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U_, const char* p, unsigned len _U_, } gboolean -ssldecrypt_uat_fld_password_chk_cb(void* r _U_, const char* p, unsigned len _U_, const void* u1 _U_, const void* u2 _U_, const char** err) +ssldecrypt_uat_fld_password_chk_cb(void* r _U_, const char* p, unsigned len _U_, const void* u1 _U_, const void* u2 _U_, const char ** err) { - ssldecrypt_assoc_t* f = r; - FILE *fp = NULL; + ssldecrypt_assoc_t* f = r; + FILE *fp = NULL; - if (p && strlen(p) > 0u) { + if (p && (strlen(p) > 0u)) { fp = ws_fopen(f->keyfile, "rb"); if (fp) { if (!ssl_load_pkcs12(fp, p)) { |