static void SSLParserReset(SSLState *ssl_state)
{
- ssl_state->bytes_processed = 0;
- ssl_state->message_start = 0;
+ ssl_state->curr_connp->bytes_processed = 0;
+ ssl_state->curr_connp->message_start = 0;
}
static int SSLv3ParseHandshakeType(SSLState *ssl_state, uint8_t *input,
return 0;
}
- switch (ssl_state->handshake_type) {
+ switch (ssl_state->curr_connp->handshake_type) {
case SSLV3_HS_CLIENT_HELLO:
ssl_state->flags |= SSL_AL_FLAG_STATE_CLIENT_HELLO;
-
- switch (ssl_state->bytes_processed) {
- case 9:
- ssl_state->bytes_processed++;
- parsed++;
- ssl_state->handshake_client_hello_ssl_version = *(input++) << 8;
- if (--input_len == 0)
- break;
- case 10:
- ssl_state->bytes_processed++;
- parsed++;
- ssl_state->handshake_client_hello_ssl_version |= *(input++);
- if (--input_len == 0)
- break;
- }
break;
case SSLV3_HS_SERVER_HELLO:
ssl_state->flags |= SSL_AL_FLAG_STATE_SERVER_HELLO;
- rc = DecodeTLSHandshakeServerHello(ssl_state, input, input_len);
- if (rc >= 0) {
- ssl_state->bytes_processed += rc;
- input += rc;
- parsed += rc;
- }
break;
case SSLV3_HS_SERVER_KEY_EXCHANGE:
break;
case SSLV3_HS_CERTIFICATE:
- if (ssl_state->trec == NULL) {
- ssl_state->trec_len = 2 * ssl_state->record_length + SSLV3_RECORD_LEN + 1;
- ssl_state->trec = SCMalloc( ssl_state->trec_len );
+ if (ssl_state->curr_connp->trec == NULL) {
+ ssl_state->curr_connp->trec_len = 2 * ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN + 1;
+ ssl_state->curr_connp->trec = SCMalloc( ssl_state->curr_connp->trec_len );
}
- if (ssl_state->trec_pos + input_len >= ssl_state->trec_len) {
- ssl_state->trec_len = ssl_state->trec_len + 2 * input_len + 1;
- ssl_state->trec = SCRealloc( ssl_state->trec, ssl_state->trec_len );
+ if (ssl_state->curr_connp->trec_pos + input_len >= ssl_state->curr_connp->trec_len) {
+ ssl_state->curr_connp->trec_len = ssl_state->curr_connp->trec_len + 2 * input_len + 1;
+ ssl_state->curr_connp->trec = SCRealloc( ssl_state->curr_connp->trec, ssl_state->curr_connp->trec_len );
}
- if (ssl_state->trec == NULL) {
- ssl_state->trec_len = 0;
+ if (ssl_state->curr_connp->trec == NULL) {
+ ssl_state->curr_connp->trec_len = 0;
/* error, skip packet */
parsed += input_len;
- ssl_state->bytes_processed += input_len;
+ ssl_state->curr_connp->bytes_processed += input_len;
break;
}
- memcpy(ssl_state->trec + ssl_state->trec_pos, initial_input, input_len);
- ssl_state->trec_pos += input_len;
+ memcpy(ssl_state->curr_connp->trec + ssl_state->curr_connp->trec_pos, initial_input, input_len);
+ ssl_state->curr_connp->trec_pos += input_len;
- rc = DecodeTLSHandshakeServerCertificate(ssl_state, ssl_state->trec, ssl_state->trec_pos);
+ rc = DecodeTLSHandshakeServerCertificate(ssl_state, ssl_state->curr_connp->trec, ssl_state->curr_connp->trec_pos);
if (rc > 0) {
/* do not return normally if the packet was fragmented:
* we would return the size of the *entire* message,
* while we expect only the number of bytes parsed bytes
* from the *current* fragment
*/
- uint32_t diff = input_len - (ssl_state->trec_pos - rc);
- ssl_state->bytes_processed += diff;
+ uint32_t diff = input_len - (ssl_state->curr_connp->trec_pos - rc);
+ ssl_state->curr_connp->bytes_processed += diff;
return diff;
}
break;
}
/* skip the rest of the current message */
- uint32_t next_msg_offset = ssl_state->message_start + SSLV3_MESSAGE_HDR_LEN + ssl_state->message_length;
- if (ssl_state->bytes_processed + input_len < next_msg_offset) {
+ uint32_t next_msg_offset = ssl_state->curr_connp->message_start + SSLV3_MESSAGE_HDR_LEN + ssl_state->curr_connp->message_length;
+ if (ssl_state->curr_connp->bytes_processed + input_len < next_msg_offset) {
/* we don't have enough data */
parsed += input_len;
- ssl_state->bytes_processed += input_len;
+ ssl_state->curr_connp->bytes_processed += input_len;
return parsed;
}
- uint32_t diff = next_msg_offset - ssl_state->bytes_processed;
+ uint32_t diff = next_msg_offset - ssl_state->curr_connp->bytes_processed;
parsed += diff;
- ssl_state->bytes_processed += diff;
+ ssl_state->curr_connp->bytes_processed += diff;
return parsed;
}
return 0;
}
- if (ssl_state->message_start == 0) {
- ssl_state->message_start = SSLV3_RECORD_LEN;
+ if (ssl_state->curr_connp->message_start == 0) {
+ ssl_state->curr_connp->message_start = SSLV3_RECORD_LEN;
}
- switch (ssl_state->bytes_processed - ssl_state->message_start) {
+ switch (ssl_state->curr_connp->bytes_processed - ssl_state->curr_connp->message_start) {
case 0:
- ssl_state->handshake_type = *(input++);
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->handshake_type = *(input++);
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 1:
- ssl_state->message_length = *(input++) << 16;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->message_length = *(input++) << 16;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 2:
- ssl_state->message_length |= *(input++) << 8;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->message_length |= *(input++) << 8;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 3:
- ssl_state->message_length |= *(input++);
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->message_length |= *(input++);
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
}
retval = SSLv3ParseHandshakeType(ssl_state, input, input_len);
if (retval < 0) {
- SCReturnInt(retval);
- }
- uint32_t next_msg_offset = ssl_state->message_start + SSLV3_MESSAGE_HDR_LEN + ssl_state->message_length;
- if (ssl_state->bytes_processed >= next_msg_offset) {
- ssl_state->handshake_type = 0;
- ssl_state->message_length = 0;
- ssl_state->message_start = next_msg_offset;
+ return retval;
}
input += retval;
+
+ uint32_t next_msg_offset = ssl_state->curr_connp->message_start + SSLV3_MESSAGE_HDR_LEN + ssl_state->curr_connp->message_length;
+ if (ssl_state->curr_connp->bytes_processed == next_msg_offset) {
+ ssl_state->curr_connp->handshake_type = 0;
+ ssl_state->curr_connp->message_length = 0;
+ ssl_state->curr_connp->message_start = next_msg_offset;
+ } else if (ssl_state->curr_connp->bytes_processed > next_msg_offset) {
+ return -1;
+ }
+
return (input - initial_input);
}
return 0;
}
- switch (ssl_state->bytes_processed) {
+ switch (ssl_state->curr_connp->bytes_processed) {
case 0:
if (input_len >= 5) {
- /* toserver - 0 */
- ssl_state->cur_content_type = input[0];
- if (direction == 0) {
- ssl_state->client_content_type = input[0];
- ssl_state->client_version = input[1] << 8;
- ssl_state->client_version |= input[2];
-
- /* toclient - 1 */
- } else {
- ssl_state->server_content_type = input[0];
- ssl_state->server_version = input[1] << 8;
- ssl_state->server_version |= input[2];
- }
- ssl_state->record_length = input[3] << 8;
- ssl_state->record_length |= input[4];
- ssl_state->bytes_processed += SSLV3_RECORD_LEN;
+ ssl_state->curr_connp->content_type = input[0];
+ ssl_state->curr_connp->version = input[1] << 8;
+ ssl_state->curr_connp->version |= input[2];
+ ssl_state->curr_connp->record_length = input[3] << 8;
+ ssl_state->curr_connp->record_length |= input[4];
+ ssl_state->curr_connp->bytes_processed += SSLV3_RECORD_LEN;
return SSLV3_RECORD_LEN;
} else {
- ssl_state->cur_content_type = *input;
- if (direction == 0) {
- ssl_state->client_content_type = *(input++);
- } else {
- ssl_state->server_content_type = *(input++);
- }
+ ssl_state->curr_connp->content_type = *(input++);
if (--input_len == 0)
break;
}
case 1:
- if (direction == 0) {
- ssl_state->client_version = *(input++) << 8;
- } else {
- ssl_state->server_version = *(input++) << 8;
- }
+ ssl_state->curr_connp->version = *(input++) << 8;
if (--input_len == 0)
break;
case 2:
- if (direction == 0) {
- ssl_state->client_version |= *(input++);
- } else {
- ssl_state->server_version |= *(input++);
- }
+ ssl_state->curr_connp->version |= *(input++);
if (--input_len == 0)
break;
case 3:
- ssl_state->record_length = *(input++) << 8;
+ ssl_state->curr_connp->record_length = *(input++) << 8;
if (--input_len == 0)
break;
case 4:
- ssl_state->record_length |= *(input++);
- if (ssl_state->record_length <= SSLV3_RECORD_LEN)
+ ssl_state->curr_connp->record_length |= *(input++);
+ if (ssl_state->curr_connp->record_length <= SSLV3_RECORD_LEN)
return -1;
if (--input_len == 0)
break;
- } /* switch (ssl_state->bytes_processed) */
+ } /* switch (ssl_state->curr_connp->bytes_processed) */
- ssl_state->bytes_processed += (input - initial_input);
+ ssl_state->curr_connp->bytes_processed += (input - initial_input);
return (input - initial_input);
}
return 0;
}
- if (ssl_state->record_lengths_length == 2) {
- switch (ssl_state->bytes_processed) {
+ if (ssl_state->curr_connp->record_lengths_length == 2) {
+ switch (ssl_state->curr_connp->bytes_processed) {
case 0:
- if (input_len >= ssl_state->record_lengths_length + 1) {
- ssl_state->record_length = (0x7f & input[0]) << 8 | input[1];
- ssl_state->cur_content_type = input[2];
- if (direction == 0) {
- ssl_state->client_content_type = input[2];
- ssl_state->client_version = SSL_VERSION_2;
- } else {
- ssl_state->server_content_type = input[2];
- ssl_state->server_version = SSL_VERSION_2;
- }
- ssl_state->bytes_processed += 3;
+ if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
+ ssl_state->curr_connp->record_length = (0x7f & input[0]) << 8 | input[1];
+ ssl_state->curr_connp->content_type = input[2];
+ ssl_state->curr_connp->version = SSL_VERSION_2;
+ ssl_state->curr_connp->bytes_processed += 3;
return 3;
} else {
- ssl_state->record_length = (0x7f & *(input++)) << 8;
+ ssl_state->curr_connp->record_length = (0x7f & *(input++)) << 8;
if (--input_len == 0)
break;
}
case 1:
- ssl_state->record_length |= *(input++);
+ ssl_state->curr_connp->record_length |= *(input++);
if (--input_len == 0)
break;
case 2:
- ssl_state->cur_content_type = *input;
- if (direction == 0) {
- ssl_state->client_content_type = *(input++);
- ssl_state->client_version = SSL_VERSION_2;
- } else {
- ssl_state->server_content_type = *(input++);
- ssl_state->server_version = SSL_VERSION_2;
- }
+ ssl_state->curr_connp->content_type = *(input++);
+ ssl_state->curr_connp->version = SSL_VERSION_2;
if (--input_len == 0)
break;
- } /* switch (ssl_state->bytes_processed) */
+ } /* switch (ssl_state->curr_connp->bytes_processed) */
} else {
- switch (ssl_state->bytes_processed) {
+ switch (ssl_state->curr_connp->bytes_processed) {
case 0:
- if (input_len >= ssl_state->record_lengths_length + 1) {
- ssl_state->record_length = (0x3f & input[0]) << 8 | input[1];
- ssl_state->cur_content_type = input[3];
- if (direction == 0) {
- ssl_state->client_content_type = input[3];
- ssl_state->client_version = SSL_VERSION_2;
- } else {
- ssl_state->server_content_type = input[3];
- ssl_state->server_version = SSL_VERSION_2;
- }
- ssl_state->bytes_processed += 4;
+ if (input_len >= ssl_state->curr_connp->record_lengths_length + 1) {
+ ssl_state->curr_connp->record_length = (0x3f & input[0]) << 8 | input[1];
+ ssl_state->curr_connp->content_type = input[3];
+ ssl_state->curr_connp->version = SSL_VERSION_2;
+ ssl_state->curr_connp->bytes_processed += 4;
return 4;
} else {
- ssl_state->record_length = (0x3f & *(input++)) << 8;
+ ssl_state->curr_connp->record_length = (0x3f & *(input++)) << 8;
if (--input_len == 0)
break;
}
case 1:
- ssl_state->record_length |= *(input++);
+ ssl_state->curr_connp->record_length |= *(input++);
if (--input_len == 0)
break;
break;
case 3:
- ssl_state->cur_content_type = *input;
- if (direction == 0) {
- ssl_state->client_content_type = *(input++);
- ssl_state->client_version = SSL_VERSION_2;
- } else {
- ssl_state->server_content_type = *(input++);
- ssl_state->server_version = SSL_VERSION_2;
- }
+ ssl_state->curr_connp->content_type = *(input++);
+ ssl_state->curr_connp->version = SSL_VERSION_2;
if (--input_len == 0)
break;
- } /* switch (ssl_state->bytes_processed) */
+ } /* switch (ssl_state->curr_connp->bytes_processed) */
}
- ssl_state->bytes_processed += (input - initial_input);
+ ssl_state->curr_connp->bytes_processed += (input - initial_input);
return (input - initial_input);
}
int retval = 0;
uint8_t *initial_input = input;
- if (ssl_state->bytes_processed == 0) {
+ if (ssl_state->curr_connp->bytes_processed == 0) {
if (input[0] & 0x80) {
- ssl_state->record_lengths_length = 2;
+ ssl_state->curr_connp->record_lengths_length = 2;
} else {
- ssl_state->record_lengths_length = 3;
+ ssl_state->curr_connp->record_lengths_length = 3;
}
}
/* the + 1 because, we also read one extra byte inside SSLv2ParseRecord
* to read the msg_type */
- if (ssl_state->bytes_processed < (ssl_state->record_lengths_length + 1)) {
+ if (ssl_state->curr_connp->bytes_processed < (ssl_state->curr_connp->record_lengths_length + 1)) {
retval = SSLv2ParseRecord(direction, ssl_state, input, input_len);
if (retval == -1) {
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_SSLV2_HEADER);
return (input - initial_input);
}
- switch (ssl_state->cur_content_type) {
+ switch (ssl_state->curr_connp->content_type) {
case SSLV2_MT_ERROR:
SCLogWarning(SC_ERR_ALPARSER, "SSLV2_MT_ERROR msg_type received. "
"Error encountered in establishing the sslv2 "
ssl_state->flags |= SSL_AL_FLAG_STATE_CLIENT_HELLO;
ssl_state->flags |= SSL_AL_FLAG_SSL_CLIENT_HS;
- if (ssl_state->record_lengths_length == 3) {
- switch (ssl_state->bytes_processed) {
+ if (ssl_state->curr_connp->record_lengths_length == 3) {
+ switch (ssl_state->curr_connp->bytes_processed) {
case 4:
if (input_len >= 6) {
- ssl_state->session_id_length = input[4] << 8;
- ssl_state->session_id_length |= input[5];
+ ssl_state->curr_connp->session_id_length = input[4] << 8;
+ ssl_state->curr_connp->session_id_length |= input[5];
input += 6;
input_len -= 6;
- ssl_state->bytes_processed += 6;
- if (ssl_state->session_id_length == 0) {
+ ssl_state->curr_connp->bytes_processed += 6;
+ if (ssl_state->curr_connp->session_id_length == 0) {
ssl_state->flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
}
break;
} else {
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
}
case 5:
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 6:
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 7:
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 8:
- ssl_state->session_id_length = *(input++) << 8;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->session_id_length = *(input++) << 8;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 9:
- ssl_state->session_id_length |= *(input++);
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->session_id_length |= *(input++);
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
- } /* switch (ssl_state->bytes_processed) */
+ } /* switch (ssl_state->curr_connp->bytes_processed) */
- /* ssl_state->record_lengths_length is 3 */
+ /* ssl_state->curr_connp->record_lengths_length is 3 */
} else {
- switch (ssl_state->bytes_processed) {
+ switch (ssl_state->curr_connp->bytes_processed) {
case 3:
if (input_len >= 6) {
- ssl_state->session_id_length = input[4] << 8;
- ssl_state->session_id_length |= input[5];
+ ssl_state->curr_connp->session_id_length = input[4] << 8;
+ ssl_state->curr_connp->session_id_length |= input[5];
input += 6;
input_len -= 6;
- ssl_state->bytes_processed += 6;
- if (ssl_state->session_id_length == 0) {
+ ssl_state->curr_connp->bytes_processed += 6;
+ if (ssl_state->curr_connp->session_id_length == 0) {
ssl_state->flags |= SSL_AL_FLAG_SSL_NO_SESSION_ID;
}
break;
} else {
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
}
case 4:
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 5:
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 6:
input++;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 7:
- ssl_state->session_id_length = *(input++) << 8;
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->session_id_length = *(input++) << 8;
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
case 8:
- ssl_state->session_id_length |= *(input++);
- ssl_state->bytes_processed++;
+ ssl_state->curr_connp->session_id_length |= *(input++);
+ ssl_state->curr_connp->bytes_processed++;
if (--input_len == 0)
break;
- } /* switch (ssl_state->bytes_processed) */
- } /* else - if (ssl_state->record_lengths_length == 3) */
+ } /* switch (ssl_state->curr_connp->bytes_processed) */
+ } /* else - if (ssl_state->curr_connp->record_lengths_length == 3) */
break;
case SSLV2_MT_SERVER_VERIFY:
case SSLV2_MT_SERVER_FINISHED:
if (direction == 0 &&
- !(ssl_state->cur_content_type & SSLV2_MT_CLIENT_CERTIFICATE)) {
+ !(ssl_state->curr_connp->content_type & SSLV2_MT_CLIENT_CERTIFICATE)) {
SCLogDebug("Incorrect SSL Record type sent in the toserver "
"direction!");
}
break;
}
- if (input_len + ssl_state->bytes_processed >=
- (ssl_state->record_length + ssl_state->record_lengths_length)) {
+ if (input_len + ssl_state->curr_connp->bytes_processed >=
+ (ssl_state->curr_connp->record_length + ssl_state->curr_connp->record_lengths_length)) {
/* looks like we have another record after this*/
- uint32_t diff = ssl_state->record_length +
- ssl_state->record_lengths_length + - ssl_state->bytes_processed;
+ uint32_t diff = ssl_state->curr_connp->record_length +
+ ssl_state->curr_connp->record_lengths_length + - ssl_state->curr_connp->bytes_processed;
input += diff;
SSLParserReset(ssl_state);
return (input - initial_input);
* currently parsing */
} else {
input += input_len;
- ssl_state->bytes_processed += input_len;
+ ssl_state->curr_connp->bytes_processed += input_len;
return (input - initial_input);
}
}
int retval = 0;
uint32_t parsed = 0;
- if (ssl_state->bytes_processed < SSLV3_RECORD_LEN) {
+ if (ssl_state->curr_connp->bytes_processed < SSLV3_RECORD_LEN) {
retval = SSLv3ParseRecord(direction, ssl_state, input, input_len);
- if (retval == -1) {
+ if (retval < 0) {
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_TLS_HEADER);
return -1;
} else {
return parsed;
}
- switch (ssl_state->cur_content_type) {
+ switch (ssl_state->curr_connp->content_type) {
/* we don't need any data from these types */
case SSLV3_CHANGE_CIPHER_SPEC:
ssl_state->flags |= SSL_AL_FLAG_CHANGE_CIPHER_SPEC;
pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY;
}
+ break;
+
case SSLV3_HANDSHAKE_PROTOCOL:
if (ssl_state->flags & SSL_AL_FLAG_CHANGE_CIPHER_SPEC)
break;
retval = SSLv3ParseHandshakeProtocol(ssl_state, input + parsed, input_len);
- if (retval == -1) {
+ if (retval < 0) {
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
return -1;
} else {
}
parsed += retval;
input_len -= retval;
- if (ssl_state->bytes_processed == ssl_state->record_length + SSLV3_RECORD_LEN) {
+ if (ssl_state->curr_connp->bytes_processed == ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN) {
SSLParserReset(ssl_state);
}
return parsed;
break;
default:
+ /* \todo fix the event from invalid rule to unknown rule */
AppLayerDecoderEventsSetEvent(ssl_state->f, TLS_DECODER_EVENT_INVALID_RECORD_TYPE);
- return -1;
+ /* we still need to parse the record */
+ break;
}
- if (input_len + ssl_state->bytes_processed >= ssl_state->record_length + SSLV3_RECORD_LEN) {
+ if (input_len + ssl_state->curr_connp->bytes_processed >= ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN) {
/* looks like we have another record */
- uint32_t diff = ssl_state->record_length + SSLV3_RECORD_LEN - ssl_state->bytes_processed;
+ uint32_t diff = ssl_state->curr_connp->record_length + SSLV3_RECORD_LEN - ssl_state->curr_connp->bytes_processed;
parsed += diff;
SSLParserReset(ssl_state);
return parsed;
* currently parsing */
} else {
parsed += input_len;
- ssl_state->bytes_processed += input_len;
+ ssl_state->curr_connp->bytes_processed += input_len;
return parsed;
}
* \retval >=0 On success.
*/
static int SSLDecode(Flow *f, uint8_t direction, void *alstate, AppLayerParserState *pstate,
- uint8_t *input, uint32_t input_len)
+ uint8_t *input, uint32_t ilen)
{
SSLState *ssl_state = (SSLState *)alstate;
int retval = 0;
uint8_t counter = 0;
+ int32_t input_len = (int32_t)ilen;
+
ssl_state->f = f;
+ if (direction == 0)
+ ssl_state->curr_connp = &ssl_state->client_connp;
+ else
+ ssl_state->curr_connp = &ssl_state->server_connp;
+
/* if we have more than one record */
- while (input_len) {
+ while (input_len > 0) {
if (counter++ == 30) {
SCLogDebug("Looks like we have looped quite a bit. Reset state "
"and get out of here");
SSLParserReset(ssl_state);
- return 0;
+ return -1;
}
- /* ssl_state->bytes_processed is either ways it is either 0 for a
+ /* ssl_state->bytes_processed is 0 for a
* fresh record or positive to indicate a record currently being
* parsed */
- switch (ssl_state->bytes_processed) {
+ switch (ssl_state->curr_connp->bytes_processed) {
/* fresh record */
case 0:
/* only SSLv2, has one of the top 2 bits set */
if (input[0] & 0x80 || input[0] & 0x40) {
SCLogDebug("SSLv2 detected");
- ssl_state->cur_ssl_version = SSL_VERSION_2;
+ ssl_state->curr_connp->version = SSL_VERSION_2;
retval = SSLv2Decode(direction, ssl_state, pstate, input,
input_len);
- if (retval == -1) {
+ if (retval < 0) {
SCLogDebug("Error parsing SSLv2.x. Reseting parser "
"state. Let's get outta here");
SSLParserReset(ssl_state);
- return 0;
+ return -1;
} else {
input_len -= retval;
input += retval;
}
} else {
SCLogDebug("SSLv3.x detected");
+ /* we will keep it this way till our record parser tells
+ * us what exact version it is */
+ ssl_state->curr_connp->version = TLS_VERSION_UNKNOWN;
retval = SSLv3Decode(direction, ssl_state, pstate, input,
input_len);
- if (retval == -1) {
+ if (retval < 0) {
SCLogDebug("Error parsing SSLv3.x. Reseting parser "
"state. Let's get outta here");
SSLParserReset(ssl_state);
- return 0;
+ return -1;
} else {
input_len -= retval;
input += retval;
- if (ssl_state->bytes_processed == SSLV3_RECORD_LEN
- && ssl_state->record_length == 0) {
+ if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_LEN
+ && ssl_state->curr_connp->record_length == 0) {
/* empty record */
SSLParserReset(ssl_state);
}
default:
/* we would have established by now if we are dealing with
* SSLv2 or above */
- if (ssl_state->cur_ssl_version == SSL_VERSION_2) {
+ if (ssl_state->curr_connp->version == SSL_VERSION_2) {
SCLogDebug("Continuing parsing SSLv2 record from where we "
"previously left off");
retval = SSLv2Decode(direction, ssl_state, pstate, input,
SSLParserReset(ssl_state);
return 0;
} else {
- if ((uint32_t)retval > input_len) {
+ if (retval > input_len) {
SCLogDebug("Error parsing SSLv3.x. Reseting parser "
"state. Let's get outta here");
SSLParserReset(ssl_state);
}
input_len -= retval;
input += retval;
- if (ssl_state->bytes_processed == SSLV3_RECORD_LEN
- && ssl_state->record_length == 0) {
+ if (ssl_state->curr_connp->bytes_processed == SSLV3_RECORD_LEN
+ && ssl_state->curr_connp->record_length == 0) {
/* empty record */
SSLParserReset(ssl_state);
}
}
break;
- } /* switch (ssl_state->bytes_processed) */
+ } /* switch (ssl_state->curr_connp->bytes_processed) */
} /* while (input_len) */
return 1;
{
SSLState *ssl_state = (SSLState *)p;
- if (ssl_state->trec)
- SCFree(ssl_state->trec);
- if (ssl_state->cert0_subject)
- SCFree(ssl_state->cert0_subject);
- if (ssl_state->cert0_issuerdn)
- SCFree(ssl_state->cert0_issuerdn);
+ if (ssl_state->client_connp.trec)
+ SCFree(ssl_state->client_connp.trec);
+ if (ssl_state->client_connp.cert0_subject)
+ SCFree(ssl_state->client_connp.cert0_subject);
+ if (ssl_state->client_connp.cert0_issuerdn)
+ SCFree(ssl_state->client_connp.cert0_issuerdn);
+
+ if (ssl_state->server_connp.trec)
+ SCFree(ssl_state->server_connp.trec);
+ if (ssl_state->server_connp.cert0_subject)
+ SCFree(ssl_state->server_connp.cert0_subject);
+ if (ssl_state->server_connp.cert0_issuerdn)
+ SCFree(ssl_state->server_connp.cert0_issuerdn);
+
SCFree(ssl_state);
return;
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != TLS_VERSION_10) {
+ if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- TLS_VERSION_10, ssl_state->client_version);
+ TLS_VERSION_10, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != TLS_VERSION_10) {
+ if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- TLS_VERSION_10, ssl_state->client_version);
+ TLS_VERSION_10, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != TLS_VERSION_10) {
+ if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- TLS_VERSION_10, ssl_state->client_version);
+ TLS_VERSION_10, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != TLS_VERSION_10) {
+ if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- TLS_VERSION_10, ssl_state->client_version);
+ TLS_VERSION_10, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x17) {
+ if (ssl_state->client_connp.content_type != 0x17) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != TLS_VERSION_10) {
+ if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- TLS_VERSION_10, ssl_state->client_version);
+ TLS_VERSION_10, ssl_state->client_connp.client_version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x17) {
+ if (ssl_state->client_connp.content_type != 0x17) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
+ ssl_state->client_connp._content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != TLS_VERSION_10) {
+ if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- TLS_VERSION_10, ssl_state->client_version);
+ TLS_VERSION_10, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != TLS_VERSION_10) {
+ if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- TLS_VERSION_10, ssl_state->client_version);
+ TLS_VERSION_10, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->server_content_type != 0x16) {
+ if (ssl_state->server_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
- ssl_state->server_content_type);
+ ssl_state->server_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->server_version != 0x0301) {
+ if (ssl_state->server_connp.version != 0x0301) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ", 0x0301,
- ssl_state->server_version);
+ ssl_state->server_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x17) {
+ if (ssl_state->client_connp.content_type != 0x17) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
- result = 0;
- goto end;
- }
-
- if (ssl_state->client_version != SSL_VERSION_3) {
- printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
- result = 0;
- goto end;
- }
-
- if (ssl_state->client_version != SSL_VERSION_3) {
- printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
- result = 0;
- goto end;
- }
-
- if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
- printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
- result = 0;
- goto end;
- }
-
- if (ssl_state->client_version != SSL_VERSION_3) {
- printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x17,
- ssl_state->client_content_type);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->client_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
- result = 0;
- goto end;
- }
-
- if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
- printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (app_state->client_content_type != SSLV2_MT_CLIENT_HELLO) {
+ if (app_state->client_connp.content_type != SSLV2_MT_CLIENT_HELLO) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
- SSLV2_MT_SERVER_HELLO, app_state->client_content_type);
+ SSLV2_MT_SERVER_HELLO, app_state->client_connp.content_type);
goto end;
}
- if (app_state->client_version != SSL_VERSION_2) {
+ if (app_state->client_connp.version != SSL_VERSION_2) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_2, app_state->client_version);
+ SSL_VERSION_2, app_state->client_connp.version);
goto end;
}
goto end;
}
- if (app_state->server_content_type != SSLV2_MT_SERVER_HELLO) {
+ if (app_state->server_connp.content_type != SSLV2_MT_SERVER_HELLO) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
- SSLV2_MT_SERVER_HELLO, app_state->server_content_type);
+ SSLV2_MT_SERVER_HELLO, app_state->server_connp.content_type);
result = 0;
goto end;
}
- if (app_state->server_version != SSL_VERSION_2) {
+ if (app_state->server_connp.version != SSL_VERSION_2) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_2, app_state->server_version);
+ SSL_VERSION_2, app_state->server_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (app_state->client_content_type != SSLV2_MT_CLIENT_HELLO) {
+ if (app_state->client_connp.content_type != SSLV2_MT_CLIENT_HELLO) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
- SSLV2_MT_CLIENT_HELLO, app_state->client_content_type);
+ SSLV2_MT_CLIENT_HELLO, app_state->client_connp.content_type);
result = 0;
goto end;
}
- if (app_state->client_version != SSL_VERSION_2) {
+ if (app_state->client_connp.version != SSL_VERSION_2) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_2, app_state->client_version);
+ SSL_VERSION_2, app_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (app_state->server_content_type != SSLV3_HANDSHAKE_PROTOCOL) {
+ if (app_state->server_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
- SSLV3_HANDSHAKE_PROTOCOL, app_state->server_content_type);
+ SSLV3_HANDSHAKE_PROTOCOL, app_state->server_connp.content_type);
result = 0;
goto end;
}
- if (app_state->server_version != SSL_VERSION_3) {
+ if (app_state->server_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, app_state->server_version);
+ SSL_VERSION_3, app_state->server_connp.version);
result = 0;
goto end;
}
/* with multiple records the client content type hold the type from the last
* record */
- if (app_state->client_content_type != SSLV3_HANDSHAKE_PROTOCOL) {
+ if (app_state->client_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
- SSLV3_HANDSHAKE_PROTOCOL, app_state->client_content_type);
+ SSLV3_HANDSHAKE_PROTOCOL, app_state->client_connp.content_type);
result = 0;
goto end;
}
- if (app_state->client_version != SSL_VERSION_3) {
+ if (app_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, app_state->client_version);
+ SSL_VERSION_3, app_state->client_connp.version);
result = 0;
goto end;
}
/* with multiple records the serve content type hold the type from the last
* record */
- if (app_state->server_content_type != SSLV3_HANDSHAKE_PROTOCOL) {
+ if (app_state->server_connp.content_type != SSLV3_HANDSHAKE_PROTOCOL) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
- SSLV3_HANDSHAKE_PROTOCOL, app_state->server_content_type);
+ SSLV3_HANDSHAKE_PROTOCOL, app_state->server_connp.content_type);
result = 0;
goto end;
}
- if (app_state->server_version != SSL_VERSION_3) {
+ if (app_state->server_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, app_state->server_version);
+ SSL_VERSION_3, app_state->server_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (app_state->client_content_type != SSLV3_APPLICATION_PROTOCOL) {
+ if (app_state->client_connp.content_type != SSLV3_APPLICATION_PROTOCOL) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
- SSLV3_APPLICATION_PROTOCOL, app_state->client_content_type);
+ SSLV3_APPLICATION_PROTOCOL, app_state->client_connp.content_type);
result = 0;
goto end;
}
- if (app_state->client_version != SSL_VERSION_3) {
+ if (app_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, app_state->client_version);
+ SSL_VERSION_3, app_state->client_connp.version);
result = 0;
goto end;
}
goto end;
}
- if (ssl_state->client_content_type != 0x16) {
+ if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ", 0x16,
- ssl_state->client_content_type);
- result = 0;
- goto end;
- }
-
- if (ssl_state->client_version != SSL_VERSION_3) {
- printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->client_version);
+ ssl_state->client_connp.content_type);
result = 0;
goto end;
}
- if (ssl_state->handshake_client_hello_ssl_version != SSL_VERSION_3) {
+ if (ssl_state->client_connp.version != SSL_VERSION_3) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
- SSL_VERSION_3, ssl_state->handshake_client_hello_ssl_version);
+ SSL_VERSION_3, ssl_state->client_connp.version);
result = 0;
goto end;
}