tls: prepare for client cert parsing

author Victor Julien <vjulien@oisf.net>

Tue, 23 Aug 2022 09:31:08 +0000 (11:31 +0200)

committer Victor Julien <vjulien@oisf.net>

Wed, 21 Sep 2022 04:43:48 +0000 (06:43 +0200)
author Victor Julien <vjulien@oisf.net>
Tue, 23 Aug 2022 09:31:08 +0000 (11:31 +0200)
committer Victor Julien <vjulien@oisf.net>
Wed, 21 Sep 2022 04:43:48 +0000 (06:43 +0200)
diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c

index 5c9c7b0983a6f8b663ddc257bec8cfab588e812d..41aab58629763ae217e07314f65561005dd5b67d 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -462,29 +462,26 @@ static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
      }
  }
  
-static inline int TlsDecodeHSCertificateFingerprint(SSLState *ssl_state,
-                                                    const uint8_t *input,
-                                                    uint32_t cert_len)
+static inline int TlsDecodeHSCertificateFingerprint(
+        SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
  {
-    if (unlikely(ssl_state->server_connp.cert0_fingerprint != NULL))
+    if (unlikely(connp->cert0_fingerprint != NULL))
          return 0;
  
-    ssl_state->server_connp.cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH *
-                                                         sizeof(char));
-    if (ssl_state->server_connp.cert0_fingerprint == NULL)
+    connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH * sizeof(char));
+    if (connp->cert0_fingerprint == NULL)
          return -1;
  
      uint8_t hash[SC_SHA1_LEN];
      if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
-        rs_to_hex_sep((uint8_t *)ssl_state->server_connp.cert0_fingerprint, SHA1_STRING_LENGTH, ':',
-                hash, SC_SHA1_LEN);
+        rs_to_hex_sep(
+                (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
      }
      return 0;
  }
  
-static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
-                                                       const uint8_t *input,
-                                                       uint32_t cert_len)
+static inline int TlsDecodeHSCertificateAddCertToChain(
+        SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
  {
      SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
      if (cert == NULL)
@@ -492,7 +489,7 @@ static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
  
      cert->cert_data = (uint8_t *)input;
      cert->cert_len = cert_len;
-    TAILQ_INSERT_TAIL(&ssl_state->server_connp.certs, cert, next);
+    TAILQ_INSERT_TAIL(&connp->certs, cert, next);
  
      return 0;
  }
@@ -573,14 +570,14 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
              rs_x509_free(x509);
              x509 = NULL;
  
-            rc = TlsDecodeHSCertificateFingerprint(ssl_state, input, cert_len);
+            rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
              if (rc != 0) {
                  SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
                  goto error;
              }
          }
  
-        rc = TlsDecodeHSCertificateAddCertToChain(ssl_state, input, cert_len);
+        rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
          if (rc != 0) {
              SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
              goto error;
author	Victor Julien <vjulien@oisf.net>
	Tue, 23 Aug 2022 09:31:08 +0000 (11:31 +0200)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 21 Sep 2022 04:43:48 +0000 (06:43 +0200)