feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Changes made per Todd's instruction.

Browse Source
This commit is contained in:
jrblixt
2017-04-06 14:42:42 -06:00
parent 706c02deed
commit d62d0aaa26
2 changed files with 166 additions and 233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
src/keys.c
View File

@@ -1053,7 +1053,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
return UNSUPPORTED_SUITE; return UNSUPPORTED_SUITE;
} /* switch */ } /* switch */
} /* if */ } /* if */
if (ssl->options.cipherSuite0 != ECC_BYTE && if (ssl->options.cipherSuite0 != ECC_BYTE &&
ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */ ssl->options.cipherSuite0 != CHACHA_BYTE) { /* normal suites */
switch (ssl->options.cipherSuite) { switch (ssl->options.cipherSuite) {
@@ -1653,7 +1653,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_HC_128_SHA #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
case TLS_RSA_WITH_HC_128_SHA : case TLS_RSA_WITH_HC_128_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_hc128; ssl->specs.bulk_cipher_algorithm = wolfssl_hc128;
@@ -1667,7 +1667,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.key_size = HC_128_KEY_SIZE; ssl->specs.key_size = HC_128_KEY_SIZE;
ssl->specs.block_size = 0; ssl->specs.block_size = 0;
ssl->specs.iv_size = HC_128_IV_SIZE; ssl->specs.iv_size = HC_128_IV_SIZE;
break; break;
#endif #endif
@@ -1684,7 +1684,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.key_size = HC_128_KEY_SIZE; ssl->specs.key_size = HC_128_KEY_SIZE;
ssl->specs.block_size = 0; ssl->specs.block_size = 0;
ssl->specs.iv_size = HC_128_IV_SIZE; ssl->specs.iv_size = HC_128_IV_SIZE;
break; break;
#endif #endif
@@ -1701,7 +1701,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.key_size = AES_128_KEY_SIZE; ssl->specs.key_size = AES_128_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE;
break; break;
#endif #endif
@@ -1718,7 +1718,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.key_size = AES_256_KEY_SIZE; ssl->specs.key_size = AES_256_KEY_SIZE;
ssl->specs.iv_size = AES_IV_SIZE; ssl->specs.iv_size = AES_IV_SIZE;
ssl->specs.block_size = AES_BLOCK_SIZE; ssl->specs.block_size = AES_BLOCK_SIZE;
break; break;
#endif #endif
@@ -1827,7 +1827,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
break; break;
#endif #endif
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = wolfssl_camellia; ssl->specs.bulk_cipher_algorithm = wolfssl_camellia;
@@ -1978,7 +1978,7 @@ int SetCipherSpecs(WOLFSSL* ssl)
ssl->specs.key_size = IDEA_KEY_SIZE; ssl->specs.key_size = IDEA_KEY_SIZE;
ssl->specs.block_size = IDEA_BLOCK_SIZE; ssl->specs.block_size = IDEA_BLOCK_SIZE;
ssl->specs.iv_size = IDEA_IV_SIZE; ssl->specs.iv_size = IDEA_IV_SIZE;
break; break;
#endif #endif
@@ -2049,7 +2049,7 @@ static int SetPrefix(byte* sha_input, int idx)
break; break;
default: default:
WOLFSSL_MSG("Set Prefix error, bad input"); WOLFSSL_MSG("Set Prefix error, bad input");
return 0; return 0;
} }
return 1; return 1;
} }
@@ -2105,7 +2105,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
} }
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
/* Check that the max implicit iv size is suffecient */ /* Check that the max implicit iv size is suffecient */
#if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */ #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */
@@ -2215,7 +2215,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->setup = 1; dec->setup = 1;
} }
#endif #endif
#ifdef BUILD_RABBIT #ifdef BUILD_RABBIT
/* check that buffer sizes are sufficient */ /* check that buffer sizes are sufficient */
#if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */ #if (MAX_WRITE_IV_SZ < 8) /* RABBIT_IV_SIZE */
@@ -2264,7 +2264,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
dec->setup = 1; dec->setup = 1;
} }
#endif #endif
#ifdef BUILD_DES3 #ifdef BUILD_DES3
/* check that buffer sizes are sufficient */ /* check that buffer sizes are sufficient */
#if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */ #if (MAX_WRITE_IV_SZ < 8) /* DES_IV_SIZE */
@@ -2892,7 +2892,7 @@ int StoreKeys(WOLFSSL* ssl, const byte* keyData)
#ifndef NO_OLD_TLS #ifndef NO_OLD_TLS
int DeriveKeys(WOLFSSL* ssl) int DeriveKeys(WOLFSSL* ssl)
{ {
int length = 2 * ssl->specs.hash_size + int length = 2 * ssl->specs.hash_size +
2 * ssl->specs.key_size + 2 * ssl->specs.key_size +
2 * ssl->specs.iv_size; 2 * ssl->specs.iv_size;
int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i; int rounds = (length + MD5_DIGEST_SIZE - 1 ) / MD5_DIGEST_SIZE, i;
@@ -2915,7 +2915,7 @@ int DeriveKeys(WOLFSSL* ssl)
#endif #endif
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER); NULL, DYNAMIC_TYPE_TMP_BUFFER);
md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE, md5Input = (byte*)XMALLOC(SECRET_LEN + SHA_DIGEST_SIZE,
NULL, DYNAMIC_TYPE_TMP_BUFFER); NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2940,17 +2940,6 @@ int DeriveKeys(WOLFSSL* ssl)
#endif #endif
ret = wc_InitMd5(md5); ret = wc_InitMd5(md5);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_InitSha(sha); ret = wc_InitSha(sha);
@@ -2977,30 +2966,9 @@ int DeriveKeys(WOLFSSL* ssl)
wc_ShaFinal(sha, shaOutput); wc_ShaFinal(sha, shaOutput);
XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE); XMEMCPY(md5Input + SECRET_LEN, shaOutput, SHA_DIGEST_SIZE);
ret = wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE); ret = wc_Md5Update(md5, md5Input, SECRET_LEN + SHA_DIGEST_SIZE);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE); ret = wc_Md5Final(md5, keyData + i * MD5_DIGEST_SIZE);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
} }
if (ret == 0) if (ret == 0)
@@ -3092,16 +3060,6 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
#endif #endif
ret = wc_InitMd5(md5); ret = wc_InitMd5(md5);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_InitSha(sha); ret = wc_InitSha(sha);
@@ -3131,28 +3089,9 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
idx = pmsSz; /* preSz */ idx = pmsSz; /* preSz */
XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE); XMEMCPY(md5Input + idx, shaOutput, SHA_DIGEST_SIZE);
idx += SHA_DIGEST_SIZE; idx += SHA_DIGEST_SIZE;
ret = wc_Md5Update(md5, md5Input, idx); ret = wc_Md5Update(md5, md5Input, idx);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
ret = wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]); ret = wc_Md5Final(md5, &ssl->arrays->masterSecret[i * MD5_DIGEST_SIZE]);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
} }
#ifdef SHOW_SECRETS #ifdef SHOW_SECRETS

306
src/sniffer.c
View File

@@ -193,21 +193,21 @@ static const char* const msgTable[] =
"Got an Alert msg", "Got an Alert msg",
"Another msg to Process", "Another msg to Process",
"Removing Session From Table", "Removing Session From Table",
/* 46 */ /* 46 */
"Bad Key File", "Bad Key File",
"Wrong IP Version", "Wrong IP Version",
"Wrong Protocol type", "Wrong Protocol type",
"Packet Short for header processing", "Packet Short for header processing",
"Got Unknown Record Type", "Got Unknown Record Type",
/* 51 */ /* 51 */
"Can't Open Trace File", "Can't Open Trace File",
"Session in Fatal Error State", "Session in Fatal Error State",
"Partial SSL record received", "Partial SSL record received",
"Buffer Error, malformed input", "Buffer Error, malformed input",
"Added to Partial Input", "Added to Partial Input",
/* 56 */ /* 56 */
"Received a Duplicate Packet", "Received a Duplicate Packet",
"Received an Out of Order Packet", "Received an Out of Order Packet",
@@ -478,7 +478,7 @@ static void FreePacketList(PacketBuffer* in)
if (in) { if (in) {
PacketBuffer* del; PacketBuffer* del;
PacketBuffer* packet = in; PacketBuffer* packet = in;
while (packet) { while (packet) {
del = packet; del = packet;
packet = packet->next; packet = packet->next;
@@ -494,7 +494,7 @@ static void FreeSnifferSession(SnifferSession* session)
if (session) { if (session) {
SSL_free(session->sslClient); SSL_free(session->sslClient);
SSL_free(session->sslServer); SSL_free(session->sslServer);
FreePacketList(session->cliReassemblyList); FreePacketList(session->cliReassemblyList);
FreePacketList(session->srvReassemblyList); FreePacketList(session->srvReassemblyList);
@@ -518,7 +518,7 @@ void ssl_FreeSniffer(void)
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
srv = ServerList; srv = ServerList;
while (srv) { while (srv) {
removeServer = srv; removeServer = srv;
@@ -568,9 +568,6 @@ static int HashInit(HsHashes* hash)
#ifndef NO_MD5 #ifndef NO_MD5
if (ret == 0) { if (ret == 0) {
ret = wc_InitMd5(&hash->hashMd5); ret = wc_InitMd5(&hash->hashMd5);
if (ret != 0) {
return ret;
}
} }
#endif #endif
#endif #endif
@@ -602,9 +599,6 @@ static int HashUpdate(HsHashes* hash, const byte* input, int sz)
#ifndef NO_MD5 #ifndef NO_MD5
if (ret == 0) { if (ret == 0) {
ret = wc_Md5Update(&hash->hashMd5, input, sz); ret = wc_Md5Update(&hash->hashMd5, input, sz);
if (ret !=0) {
return ret;
}
} }
#endif #endif
#endif #endif
@@ -712,7 +706,7 @@ static void InitSession(SnifferSession* session)
session->srvReassemblyMemory = 0; session->srvReassemblyMemory = 0;
session->next = 0; session->next = 0;
session->ticketID = 0; session->ticketID = 0;
InitFlags(&session->flags); InitFlags(&session->flags);
InitFinCapture(&session->finCaputre); InitFinCapture(&session->finCaputre);
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
@@ -766,9 +760,9 @@ static int SetPassword(char* passwd, int sz, int rw, void* userdata)
/* Ethernet Header */ /* Ethernet Header */
typedef struct EthernetHdr { typedef struct EthernetHdr {
byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */ byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */
byte src[ETHER_IF_ADDR_LEN]; /* source host address */ byte src[ETHER_IF_ADDR_LEN]; /* source host address */
word16 type; /* IP, ARP, etc */ word16 type; /* IP, ARP, etc */
} EthernetHdr; } EthernetHdr;
@@ -794,8 +788,8 @@ typedef struct IpHdr {
typedef struct TcpHdr { typedef struct TcpHdr {
word16 srcPort; /* source port */ word16 srcPort; /* source port */
word16 dstPort; /* destination port */ word16 dstPort; /* destination port */
word32 sequence; /* sequence number */ word32 sequence; /* sequence number */
word32 ack; /* acknoledgment number */ word32 ack; /* acknoledgment number */
byte offset; /* data offset, reserved */ byte offset; /* data offset, reserved */
byte flags; /* option flags */ byte flags; /* option flags */
word16 window; /* window */ word16 window; /* window */
@@ -813,8 +807,8 @@ typedef struct TcpHdr {
/* Use platform specific GetError to write to tracfile if tracing */ /* Use platform specific GetError to write to tracfile if tracing */
static void Trace(int idx) static void Trace(int idx)
{ {
if (TraceOn) { if (TraceOn) {
char myBuffer[MAX_ERROR_LEN]; char myBuffer[MAX_ERROR_LEN];
@@ -879,9 +873,9 @@ static void TracePacket(void)
static char* IpToS(word32 addr, char* str) static char* IpToS(word32 addr, char* str)
{ {
byte* p = (byte*)&addr; byte* p = (byte*)&addr;
SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
return str; return str;
} }
@@ -1039,7 +1033,7 @@ static int IsServerRegistered(word32 addr)
SnifferServer* sniffer; SnifferServer* sniffer;
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
sniffer = ServerList; sniffer = ServerList;
while (sniffer) { while (sniffer) {
if (sniffer->server == addr) { if (sniffer->server == addr) {
@@ -1048,7 +1042,7 @@ static int IsServerRegistered(word32 addr)
} }
sniffer = sniffer->next; sniffer = sniffer->next;
} }
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
return ret; return ret;
@@ -1061,18 +1055,18 @@ static int IsPortRegistered(word32 port)
{ {
int ret = 0; /* false */ int ret = 0; /* false */
SnifferServer* sniffer; SnifferServer* sniffer;
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
sniffer = ServerList; sniffer = ServerList;
while (sniffer) { while (sniffer) {
if (sniffer->port == (int)port) { if (sniffer->port == (int)port) {
ret = 1; ret = 1;
break; break;
} }
sniffer = sniffer->next; sniffer = sniffer->next;
} }
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
return ret; return ret;
@@ -1083,9 +1077,9 @@ static int IsPortRegistered(word32 port)
static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo) static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
{ {
SnifferServer* sniffer; SnifferServer* sniffer;
wc_LockMutex(&ServerListMutex); wc_LockMutex(&ServerListMutex);
sniffer = ServerList; sniffer = ServerList;
while (sniffer) { while (sniffer) {
if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src) if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src)
@@ -1094,9 +1088,9 @@ static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
break; break;
sniffer = sniffer->next; sniffer = sniffer->next;
} }
wc_UnLockMutex(&ServerListMutex); wc_UnLockMutex(&ServerListMutex);
return sniffer; return sniffer;
} }
@@ -1106,7 +1100,7 @@ static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
{ {
word32 hash = ipInfo->src * ipInfo->dst; word32 hash = ipInfo->src * ipInfo->dst;
hash *= tcpInfo->srcPort * tcpInfo->dstPort; hash *= tcpInfo->srcPort * tcpInfo->dstPort;
return hash % HASH_SIZE; return hash % HASH_SIZE;
} }
@@ -1115,13 +1109,13 @@ static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo) static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
{ {
SnifferSession* session; SnifferSession* session;
time_t currTime = time(NULL); time_t currTime = time(NULL);
word32 row = SessionHash(ipInfo, tcpInfo); word32 row = SessionHash(ipInfo, tcpInfo);
assert(row <= HASH_SIZE); assert(row <= HASH_SIZE);
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
session = SessionTable[row]; session = SessionTable[row];
while (session) { while (session) {
if (session->server == ipInfo->src && session->client == ipInfo->dst && if (session->server == ipInfo->src && session->client == ipInfo->dst &&
@@ -1132,15 +1126,15 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
session->cliPort == tcpInfo->srcPort && session->cliPort == tcpInfo->srcPort &&
session->srvPort == tcpInfo->dstPort) session->srvPort == tcpInfo->dstPort)
break; break;
session = session->next; session = session->next;
} }
if (session) if (session)
session->lastUsed= currTime; /* keep session alive, remove stale will */ session->lastUsed= currTime; /* keep session alive, remove stale will */
/* leave alone */ /* leave alone */
wc_UnLockMutex(&SessionMutex); wc_UnLockMutex(&SessionMutex);
/* determine side */ /* determine side */
if (session) { if (session) {
if (ipInfo->dst == session->context->server && if (ipInfo->dst == session->context->server &&
@@ -1148,8 +1142,8 @@ static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
session->flags.side = WOLFSSL_SERVER_END; session->flags.side = WOLFSSL_SERVER_END;
else else
session->flags.side = WOLFSSL_CLIENT_END; session->flags.side = WOLFSSL_CLIENT_END;
} }
return session; return session;
} }
@@ -1392,11 +1386,11 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
Trace(IP_CHECK_STR); Trace(IP_CHECK_STR);
if (version != IPV4) { if (version != IPV4) {
SetError(BAD_IPVER_STR, error, NULL, 0); SetError(BAD_IPVER_STR, error, NULL, 0);
return -1; return -1;
} }
if (iphdr->protocol != TCP_PROTOCOL) { if (iphdr->protocol != TCP_PROTOCOL) {
SetError(BAD_PROTO_STR, error, NULL, 0); SetError(BAD_PROTO_STR, error, NULL, 0);
return -1; return -1;
} }
@@ -1433,7 +1427,7 @@ static int CheckTcpHdr(TcpHdr* tcphdr, TcpInfo* info, char* error)
info->syn = tcphdr->flags & TCP_SYN; info->syn = tcphdr->flags & TCP_SYN;
info->ack = tcphdr->flags & TCP_ACK; info->ack = tcphdr->flags & TCP_ACK;
if (info->ack) if (info->ack)
info->ackNumber = ntohl(tcphdr->ack); info->ackNumber = ntohl(tcphdr->ack);
if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) { if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) {
SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0); SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
@@ -1918,12 +1912,12 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
} }
input += bLen; input += bLen;
*sslBytes -= bLen; *sslBytes -= bLen;
if (*sslBytes == 0) { if (*sslBytes == 0) {
/* no extensions */ /* no extensions */
return 0; return 0;
} }
/* skip extensions until session ticket */ /* skip extensions until session ticket */
/* make sure can read len */ /* make sure can read len */
if (SUITE_LEN > *sslBytes) { if (SUITE_LEN > *sslBytes) {
@@ -1996,7 +1990,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
SSL* ssl; SSL* ssl;
word32 inOutIdx = 0; word32 inOutIdx = 0;
int ret; int ret;
if (session->flags.side == WOLFSSL_SERVER_END) if (session->flags.side == WOLFSSL_SERVER_END)
ssl = session->sslServer; ssl = session->sslServer;
else else
@@ -2010,7 +2004,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE); SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
return ret; return ret;
} }
if (ret == 0 && session->flags.cached == 0) { if (ret == 0 && session->flags.cached == 0) {
if (session->sslServer->options.haveSessionId) { if (session->sslServer->options.haveSessionId) {
WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0); WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0);
@@ -2046,7 +2040,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
} }
type = input[0]; type = input[0];
size = (input[1] << 16) | (input[2] << 8) | input[3]; size = (input[1] << 16) | (input[2] << 8) | input[3];
input += HANDSHAKE_HEADER_SZ; input += HANDSHAKE_HEADER_SZ;
*sslBytes -= HANDSHAKE_HEADER_SZ; *sslBytes -= HANDSHAKE_HEADER_SZ;
startBytes = *sslBytes; startBytes = *sslBytes;
@@ -2063,7 +2057,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE); SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
#ifdef HAVE_EXTENDED_MASTER #ifdef HAVE_EXTENDED_MASTER
if (session->hash) { if (session->hash) {
if (HashUpdate(session->hash, input, size) != 0) { if (HashUpdate(session->hash, input, size) != 0) {
@@ -2173,32 +2167,32 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
wc_Arc4Process(ssl->decrypt.arc4, output, input, sz); wc_Arc4Process(ssl->decrypt.arc4, output, input, sz);
break; break;
#endif #endif
#ifdef BUILD_DES3 #ifdef BUILD_DES3
case wolfssl_triple_des: case wolfssl_triple_des:
ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz); ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
break; break;
#endif #endif
#ifdef BUILD_AES #ifdef BUILD_AES
case wolfssl_aes: case wolfssl_aes:
ret = wc_AesCbcDecrypt(ssl->decrypt.aes, output, input, sz); ret = wc_AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
break; break;
#endif #endif
#ifdef HAVE_HC128 #ifdef HAVE_HC128
case wolfssl_hc128: case wolfssl_hc128:
wc_Hc128_Process(ssl->decrypt.hc128, output, input, sz); wc_Hc128_Process(ssl->decrypt.hc128, output, input, sz);
break; break;
#endif #endif
#ifdef BUILD_RABBIT #ifdef BUILD_RABBIT
case wolfssl_rabbit: case wolfssl_rabbit:
wc_RabbitProcess(ssl->decrypt.rabbit, output, input, sz); wc_RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
break; break;
#endif #endif
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
case wolfssl_camellia: case wolfssl_camellia:
wc_CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz); wc_CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
break; break;
@@ -2274,7 +2268,7 @@ static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
if (ssl->specs.cipher_type == block) if (ssl->specs.cipher_type == block)
ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1; ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
return output; return output;
} }
@@ -2287,20 +2281,20 @@ static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
SnifferSession* current; SnifferSession* current;
word32 row = rowHint; word32 row = rowHint;
int haveLock = 0; int haveLock = 0;
if (ipInfo && tcpInfo) if (ipInfo && tcpInfo)
row = SessionHash(ipInfo, tcpInfo); row = SessionHash(ipInfo, tcpInfo);
else else
haveLock = 1; haveLock = 1;
assert(row <= HASH_SIZE); assert(row <= HASH_SIZE);
Trace(REMOVE_SESSION_STR); Trace(REMOVE_SESSION_STR);
if (!haveLock) if (!haveLock)
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
current = SessionTable[row]; current = SessionTable[row];
while (current) { while (current) {
if (current == session) { if (current == session) {
if (previous) if (previous)
@@ -2314,7 +2308,7 @@ static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
previous = current; previous = current;
current = current->next; current = current->next;
} }
if (!haveLock) if (!haveLock)
wc_UnLockMutex(&SessionMutex); wc_UnLockMutex(&SessionMutex);
} }
@@ -2325,11 +2319,11 @@ static void RemoveStaleSessions(void)
{ {
word32 i; word32 i;
SnifferSession* session; SnifferSession* session;
for (i = 0; i < HASH_SIZE; i++) { for (i = 0; i < HASH_SIZE; i++) {
session = SessionTable[i]; session = SessionTable[i];
while (session) { while (session) {
SnifferSession* next = session->next; SnifferSession* next = session->next;
if (time(NULL) >= session->lastUsed + WOLFSSL_SNIFFER_TIMEOUT) { if (time(NULL) >= session->lastUsed + WOLFSSL_SNIFFER_TIMEOUT) {
TraceStaleSession(); TraceStaleSession();
RemoveSession(session, NULL, NULL, i); RemoveSession(session, NULL, NULL, i);
@@ -2346,7 +2340,7 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
{ {
SnifferSession* session = 0; SnifferSession* session = 0;
int row; int row;
Trace(NEW_SESSION_STR); Trace(NEW_SESSION_STR);
/* create a new one */ /* create a new one */
session = (SnifferSession*)malloc(sizeof(SnifferSession)); session = (SnifferSession*)malloc(sizeof(SnifferSession));
@@ -2378,14 +2372,14 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
session->cliSeqStart = tcpInfo->sequence; session->cliSeqStart = tcpInfo->sequence;
session->cliExpected = 1; /* relative */ session->cliExpected = 1; /* relative */
session->lastUsed= time(NULL); session->lastUsed= time(NULL);
session->context = GetSnifferServer(ipInfo, tcpInfo); session->context = GetSnifferServer(ipInfo, tcpInfo);
if (session->context == NULL) { if (session->context == NULL) {
SetError(SERVER_NOT_REG_STR, error, NULL, 0); SetError(SERVER_NOT_REG_STR, error, NULL, 0);
free(session); free(session);
return 0; return 0;
} }
session->sslServer = SSL_new(session->context->ctx); session->sslServer = SSL_new(session->context->ctx);
if (session->sslServer == NULL) { if (session->sslServer == NULL) {
SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
@@ -2403,31 +2397,31 @@ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
} }
/* put server back into server mode */ /* put server back into server mode */
session->sslServer->options.side = WOLFSSL_SERVER_END; session->sslServer->options.side = WOLFSSL_SERVER_END;
row = SessionHash(ipInfo, tcpInfo); row = SessionHash(ipInfo, tcpInfo);
/* add it to the session table */ /* add it to the session table */
wc_LockMutex(&SessionMutex); wc_LockMutex(&SessionMutex);
session->next = SessionTable[row]; session->next = SessionTable[row];
SessionTable[row] = session; SessionTable[row] = session;
SessionCount++; SessionCount++;
if ( (SessionCount % HASH_SIZE) == 0) { if ( (SessionCount % HASH_SIZE) == 0) {
TraceFindingStale(); TraceFindingStale();
RemoveStaleSessions(); RemoveStaleSessions();
} }
wc_UnLockMutex(&SessionMutex); wc_UnLockMutex(&SessionMutex);
/* determine headed side */ /* determine headed side */
if (ipInfo->dst == session->context->server && if (ipInfo->dst == session->context->server &&
tcpInfo->dstPort == session->context->port) tcpInfo->dstPort == session->context->port)
session->flags.side = WOLFSSL_SERVER_END; session->flags.side = WOLFSSL_SERVER_END;
else else
session->flags.side = WOLFSSL_CLIENT_END; session->flags.side = WOLFSSL_CLIENT_END;
return session; return session;
} }
@@ -2456,16 +2450,16 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame,
} }
ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes, ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
(word16)*rhSize); (word16)*rhSize);
if (ret < 0 && ret != MATCH_SUITE_ERROR) { if (ret < 0 && ret != MATCH_SUITE_ERROR) {
SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE); SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
Trace(OLD_CLIENT_OK_STR); Trace(OLD_CLIENT_OK_STR);
XMEMCPY(session->sslClient->arrays->clientRandom, XMEMCPY(session->sslClient->arrays->clientRandom,
session->sslServer->arrays->clientRandom, RAN_LEN); session->sslServer->arrays->clientRandom, RAN_LEN);
*sslBytes -= *rhSize; *sslBytes -= *rhSize;
return 0; return 0;
} }
@@ -2488,38 +2482,38 @@ int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
const word16* data = (word16*)&pseudo; const word16* data = (word16*)&pseudo;
word32 sum = 0; word32 sum = 0;
word16 checksum; word16 checksum;
pseudo.src = ipInfo->src; pseudo.src = ipInfo->src;
pseudo.dst = ipInfo->dst; pseudo.dst = ipInfo->dst;
pseudo.rsv = 0; pseudo.rsv = 0;
pseudo.protocol = TCP_PROTO; pseudo.protocol = TCP_PROTO;
pseudo.length = htons(tcpInfo->length + dataLen); pseudo.length = htons(tcpInfo->length + dataLen);
/* pseudo header sum */ /* pseudo header sum */
while (count >= 2) { while (count >= 2) {
sum += *data++; sum += *data++;
count -= 2; count -= 2;
} }
count = tcpInfo->length + dataLen; count = tcpInfo->length + dataLen;
data = (word16*)packet; data = (word16*)packet;
/* main sum */ /* main sum */
while (count > 1) { while (count > 1) {
sum += *data++; sum += *data++;
count -=2; count -=2;
} }
/* get left-over, if any */ /* get left-over, if any */
packet = (byte*)data; packet = (byte*)data;
if (count > 0) { if (count > 0) {
sum += *packet; sum += *packet;
} }
/* fold 32bit sum into 16 bits */ /* fold 32bit sum into 16 bits */
while (sum >> 16) while (sum >> 16)
sum = (sum & 0xffff) + (sum >> 16); sum = (sum & 0xffff) + (sum >> 16);
checksum = (word16)~sum; checksum = (word16)~sum;
/* checksum should now equal 0, since included already calcd checksum */ /* checksum should now equal 0, since included already calcd checksum */
/* field, but tcp checksum offloading could negate calculation */ /* field, but tcp checksum offloading could negate calculation */
@@ -2545,23 +2539,23 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
} }
if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0) if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
return -1; return -1;
/* tcp header */ /* tcp header */
if (length < (ipInfo->length + TCP_HDR_SZ)) { if (length < (ipInfo->length + TCP_HDR_SZ)) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0) if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
return -1; return -1;
/* setup */ /* setup */
*sslFrame = packet + ipInfo->length + tcpInfo->length; *sslFrame = packet + ipInfo->length + tcpInfo->length;
if (*sslFrame > packet + length) { if (*sslFrame > packet + length) {
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
return -1; return -1;
} }
*sslBytes = (int)(packet + length - *sslFrame); *sslBytes = (int)(packet + length - *sslFrame);
return 0; return 0;
} }
@@ -2580,7 +2574,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
/* already had existing, so OK */ /* already had existing, so OK */
if (*session) if (*session)
return 1; return 1;
SetError(MEMORY_STR, error, NULL, 0); SetError(MEMORY_STR, error, NULL, 0);
return -1; return -1;
} }
@@ -2596,10 +2590,10 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
/* don't worry about duplicate ACKs either */ /* don't worry about duplicate ACKs either */
if (sslBytes == 0 && tcpInfo->ack) if (sslBytes == 0 && tcpInfo->ack)
return 1; return 1;
SetError(BAD_SESSION_STR, error, NULL, 0); SetError(BAD_SESSION_STR, error, NULL, 0);
return -1; return -1;
} }
} }
return 0; return 0;
} }
@@ -2610,27 +2604,27 @@ static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
int* bytesLeft) int* bytesLeft)
{ {
PacketBuffer* pb; PacketBuffer* pb;
int added = end - *begin + 1; int added = end - *begin + 1;
assert(*begin <= end); assert(*begin <= end);
pb = (PacketBuffer*)malloc(sizeof(PacketBuffer)); pb = (PacketBuffer*)malloc(sizeof(PacketBuffer));
if (pb == NULL) return NULL; if (pb == NULL) return NULL;
pb->next = 0; pb->next = 0;
pb->begin = *begin; pb->begin = *begin;
pb->end = end; pb->end = end;
pb->data = (byte*)malloc(added); pb->data = (byte*)malloc(added);
if (pb->data == NULL) { if (pb->data == NULL) {
free(pb); free(pb);
return NULL; return NULL;
} }
XMEMCPY(pb->data, data, added); XMEMCPY(pb->data, data, added);
*bytesLeft -= added; *bytesLeft -= added;
*begin = pb->end + 1; *begin = pb->end + 1;
return pb; return pb;
} }
@@ -2645,7 +2639,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
&session->cliReassemblyList: &session->srvReassemblyList; &session->cliReassemblyList: &session->srvReassemblyList;
PacketBuffer* curr = *front; PacketBuffer* curr = *front;
PacketBuffer* prev = curr; PacketBuffer* prev = curr;
word32* reassemblyMemory = (from == WOLFSSL_SERVER_END) ? word32* reassemblyMemory = (from == WOLFSSL_SERVER_END) ?
&session->cliReassemblyMemory : &session->srvReassemblyMemory; &session->cliReassemblyMemory : &session->srvReassemblyMemory;
word32 startSeq = seq; word32 startSeq = seq;
@@ -2668,14 +2662,14 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
*reassemblyMemory += sslBytes; *reassemblyMemory += sslBytes;
return 1; return 1;
} }
/* add to front if before current front, up to next->begin */ /* add to front if before current front, up to next->begin */
if (seq < curr->begin) { if (seq < curr->begin) {
word32 end = seq + sslBytes - 1; word32 end = seq + sslBytes - 1;
if (end >= curr->begin) if (end >= curr->begin)
end = curr->begin - 1; end = curr->begin - 1;
if (MaxRecoveryMemory -1 && if (MaxRecoveryMemory -1 &&
(int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) { (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
@@ -2690,7 +2684,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
*front = add; *front = add;
*reassemblyMemory += sslBytes; *reassemblyMemory += sslBytes;
} }
/* while we have bytes left, try to find a gap to fill */ /* while we have bytes left, try to find a gap to fill */
while (bytesLeft > 0) { while (bytesLeft > 0) {
/* get previous packet in list */ /* get previous packet in list */
@@ -2698,7 +2692,7 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
prev = curr; prev = curr;
curr = curr->next; curr = curr->next;
} }
/* don't add duplicate data */ /* don't add duplicate data */
if (prev->end >= seq) { if (prev->end >= seq) {
if ( (seq + bytesLeft - 1) <= prev->end) if ( (seq + bytesLeft - 1) <= prev->end)
@@ -2706,18 +2700,18 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
seq = prev->end + 1; seq = prev->end + 1;
bytesLeft = startSeq + sslBytes - seq; bytesLeft = startSeq + sslBytes - seq;
} }
if (!curr) if (!curr)
/* we're at the end */ /* we're at the end */
added = bytesLeft; added = bytesLeft;
else else
/* we're in between two frames */ /* we're in between two frames */
added = min((word32)bytesLeft, curr->begin - seq); added = min((word32)bytesLeft, curr->begin - seq);
/* data already there */ /* data already there */
if (added == 0) if (added == 0)
continue; continue;
if (MaxRecoveryMemory != -1 && if (MaxRecoveryMemory != -1 &&
(int)(*reassemblyMemory + added) > MaxRecoveryMemory) { (int)(*reassemblyMemory + added) > MaxRecoveryMemory) {
SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
@@ -2758,7 +2752,7 @@ static int AddFinCapture(SnifferSession* session, word32 sequence)
static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session, static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
int* sslBytes, const byte** sslFrame, char* error) int* sslBytes, const byte** sslFrame, char* error)
{ {
word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ? word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
session->cliSeqStart :session->srvSeqStart; session->cliSeqStart :session->srvSeqStart;
word32 real = tcpInfo->sequence - seqStart; word32 real = tcpInfo->sequence - seqStart;
word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ? word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
@@ -2768,19 +2762,19 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
byte skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ? byte skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ?
session->flags.srvSkipPartial : session->flags.srvSkipPartial :
session->flags.cliSkipPartial; session->flags.cliSkipPartial;
/* handle rollover of sequence */ /* handle rollover of sequence */
if (tcpInfo->sequence < seqStart) if (tcpInfo->sequence < seqStart)
real = 0xffffffffU - seqStart + tcpInfo->sequence; real = 0xffffffffU - seqStart + tcpInfo->sequence;
TraceRelativeSequence(*expected, real); TraceRelativeSequence(*expected, real);
if (real < *expected) { if (real < *expected) {
Trace(DUPLICATE_STR); Trace(DUPLICATE_STR);
if (real + *sslBytes > *expected) { if (real + *sslBytes > *expected) {
int overlap = *expected - real; int overlap = *expected - real;
Trace(OVERLAP_DUPLICATE_STR); Trace(OVERLAP_DUPLICATE_STR);
/* adjust to expected, remove duplicate */ /* adjust to expected, remove duplicate */
*sslFrame += overlap; *sslFrame += overlap;
*sslBytes -= overlap; *sslBytes -= overlap;
@@ -2790,16 +2784,16 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
* block be sure to also update the block below. */ * block be sure to also update the block below. */
if (reassemblyList) { if (reassemblyList) {
word32 newEnd = *expected + *sslBytes; word32 newEnd = *expected + *sslBytes;
if (newEnd > reassemblyList->begin) { if (newEnd > reassemblyList->begin) {
Trace(OVERLAP_REASSEMBLY_BEGIN_STR); Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
/* remove bytes already on reassembly list */ /* remove bytes already on reassembly list */
*sslBytes -= newEnd - reassemblyList->begin; *sslBytes -= newEnd - reassemblyList->begin;
} }
if (newEnd > reassemblyList->end) { if (newEnd > reassemblyList->end) {
Trace(OVERLAP_REASSEMBLY_END_STR); Trace(OVERLAP_REASSEMBLY_END_STR);
/* may be past reassembly list end (could have more on list) /* may be past reassembly list end (could have more on list)
so try to add what's past the front->end */ so try to add what's past the front->end */
AddToReassembly(session->flags.side, reassemblyList->end +1, AddToReassembly(session->flags.side, reassemblyList->end +1,
@@ -2863,7 +2857,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
*expected += *sslBytes; *expected += *sslBytes;
if (tcpInfo->fin) if (tcpInfo->fin)
*expected += 1; *expected += 1;
return 0; return 0;
} }
@@ -2983,16 +2977,16 @@ static int FixSequence(TcpInfo* tcpInfo, SnifferSession* session)
static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session) static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
{ {
if (tcpInfo->ack) { if (tcpInfo->ack) {
word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ? word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
session->srvSeqStart :session->cliSeqStart; session->srvSeqStart :session->cliSeqStart;
word32 real = tcpInfo->ackNumber - seqStart; word32 real = tcpInfo->ackNumber - seqStart;
word32 expected = (session->flags.side == WOLFSSL_SERVER_END) ? word32 expected = (session->flags.side == WOLFSSL_SERVER_END) ?
session->srvExpected : session->cliExpected; session->srvExpected : session->cliExpected;
/* handle rollover of sequence */ /* handle rollover of sequence */
if (tcpInfo->ackNumber < seqStart) if (tcpInfo->ackNumber < seqStart)
real = 0xffffffffU - seqStart + tcpInfo->ackNumber; real = 0xffffffffU - seqStart + tcpInfo->ackNumber;
TraceAck(real, expected); TraceAck(real, expected);
if (real > expected) if (real > expected)
@@ -3020,13 +3014,13 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
TraceServerSyn(tcpInfo->sequence); TraceServerSyn(tcpInfo->sequence);
return 1; return 1;
} }
/* adjust potential ethernet trailer */ /* adjust potential ethernet trailer */
actualLen = ipInfo->total - ipInfo->length - tcpInfo->length; actualLen = ipInfo->total - ipInfo->length - tcpInfo->length;
if (*sslBytes > actualLen) { if (*sslBytes > actualLen) {
*sslBytes = actualLen; *sslBytes = actualLen;
} }
TraceSequence(tcpInfo->sequence, *sslBytes); TraceSequence(tcpInfo->sequence, *sslBytes);
if (CheckAck(tcpInfo, session) < 0) { if (CheckAck(tcpInfo, session) < 0) {
if (!RecoveryEnabled) { if (!RecoveryEnabled) {
@@ -3043,13 +3037,13 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
return FixSequence(tcpInfo, session); return FixSequence(tcpInfo, session);
} }
} }
if (*ackFault) { if (*ackFault) {
Trace(CLEAR_ACK_FAULT); Trace(CLEAR_ACK_FAULT);
*ackFault = 0; *ackFault = 0;
} }
return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error); return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error);
} }
@@ -3072,19 +3066,19 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
(*session)->flags.finCount += 1; (*session)->flags.finCount += 1;
else if (tcpInfo->rst) else if (tcpInfo->rst)
(*session)->flags.finCount += 2; (*session)->flags.finCount += 2;
if ((*session)->flags.finCount >= 2) { if ((*session)->flags.finCount >= 2) {
RemoveSession(*session, ipInfo, tcpInfo, 0); RemoveSession(*session, ipInfo, tcpInfo, 0);
*session = NULL; *session = NULL;
return 1; return 1;
} }
} }
if ((*session)->flags.fatalError == FATAL_ERROR_STATE) { if ((*session)->flags.fatalError == FATAL_ERROR_STATE) {
SetError(FATAL_ERROR_STR, error, NULL, 0); SetError(FATAL_ERROR_STR, error, NULL, 0);
return -1; return -1;
} }
if (skipPartial) { if (skipPartial) {
if (FindNextRecordInAssembly(*session, if (FindNextRecordInAssembly(*session,
sslFrame, sslBytes, end, error) < 0) { sslFrame, sslBytes, end, error) < 0) {
@@ -3096,13 +3090,13 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
Trace(NO_DATA_STR); Trace(NO_DATA_STR);
return 1; return 1;
} }
/* if current partial data, add to end of partial */ /* if current partial data, add to end of partial */
/* if skipping, the data is already at the end of partial */ /* if skipping, the data is already at the end of partial */
if ( !skipPartial && if ( !skipPartial &&
(length = ssl->buffers.inputBuffer.length) ) { (length = ssl->buffers.inputBuffer.length) ) {
Trace(PARTIAL_ADD_STR); Trace(PARTIAL_ADD_STR);
if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE); SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE);
@@ -3166,7 +3160,7 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
session->sslServer : session->sslClient; session->sslServer : session->sslClient;
word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ? word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ?
&session->cliReassemblyMemory : &session->srvReassemblyMemory; &session->cliReassemblyMemory : &session->srvReassemblyMemory;
while (*front && ((*front)->begin == *expected) ) { while (*front && ((*front)->begin == *expected) ) {
word32 room = *bufferSize - *length; word32 room = *bufferSize - *length;
word32 packetLen = (*front)->end - (*front)->begin + 1; word32 packetLen = (*front)->end - (*front)->begin + 1;
@@ -3178,21 +3172,21 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
} }
room = *bufferSize - *length; /* bufferSize is now bigger */ room = *bufferSize - *length; /* bufferSize is now bigger */
} }
if (packetLen <= room) { if (packetLen <= room) {
PacketBuffer* del = *front; PacketBuffer* del = *front;
byte* buf = *myBuffer; byte* buf = *myBuffer;
XMEMCPY(&buf[*length], (*front)->data, packetLen); XMEMCPY(&buf[*length], (*front)->data, packetLen);
*length += packetLen; *length += packetLen;
*expected += packetLen; *expected += packetLen;
/* remove used packet */ /* remove used packet */
*front = (*front)->next; *front = (*front)->next;
*reassemblyMemory -= packetLen; *reassemblyMemory -= packetLen;
FreePacketBuffer(del); FreePacketBuffer(del);
moreInput = 1; moreInput = 1;
} }
else else
@@ -3205,7 +3199,7 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
} }
return moreInput; return moreInput;
} }
/* Process Message(s) from sslFrame */ /* Process Message(s) from sslFrame */
@@ -3244,11 +3238,11 @@ doMessage:
if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) { if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) {
/* don't have enough input yet to process full SSL record */ /* don't have enough input yet to process full SSL record */
Trace(PARTIAL_INPUT_STR); Trace(PARTIAL_INPUT_STR);
/* store partial if not there already or we advanced */ /* store partial if not there already or we advanced */
if (ssl->buffers.inputBuffer.length == 0 || sslBegin != sslFrame) { if (ssl->buffers.inputBuffer.length == 0 || sslBegin != sslFrame) {
if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) { if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
if (GrowInputBuffer(ssl, sslBytes, 0) < 0) { if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
return -1; return -1;
} }
@@ -3264,7 +3258,7 @@ doMessage:
sslBytes -= RECORD_HEADER_SZ; sslBytes -= RECORD_HEADER_SZ;
recordEnd = sslFrame + rhSize; /* may have more than one record */ recordEnd = sslFrame + rhSize; /* may have more than one record */
inRecordEnd = recordEnd; inRecordEnd = recordEnd;
/* decrypt if needed */ /* decrypt if needed */
if ((session->flags.side == WOLFSSL_SERVER_END && if ((session->flags.side == WOLFSSL_SERVER_END &&
session->flags.serverCipherOn) session->flags.serverCipherOn)
@@ -3292,7 +3286,7 @@ doMessage:
} }
doPart: doPart:
switch ((enum ContentType)rh.type) { switch ((enum ContentType)rh.type) {
case handshake: case handshake:
{ {
@@ -3332,7 +3326,7 @@ doPart:
Trace(GOT_APP_DATA_STR); Trace(GOT_APP_DATA_STR);
{ {
word32 inOutIdx = 0; word32 inOutIdx = 0;
ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx); ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx);
if (ret == 0) { if (ret == 0) {
ret = ssl->buffers.clearOutputBuffer.length; ret = ssl->buffers.clearOutputBuffer.length;
@@ -3396,26 +3390,26 @@ doPart:
sslBytes = (int)(end - recordEnd); sslBytes = (int)(end - recordEnd);
goto doMessage; goto doMessage;
} }
/* clear used input */ /* clear used input */
ssl->buffers.inputBuffer.length = 0; ssl->buffers.inputBuffer.length = 0;
/* could have more input ready now */ /* could have more input ready now */
if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error)) if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
goto doMessage; goto doMessage;
if (ssl->buffers.inputBuffer.dynamicFlag) if (ssl->buffers.inputBuffer.dynamicFlag)
ShrinkInputBuffer(ssl, NO_FORCED_FREE); ShrinkInputBuffer(ssl, NO_FORCED_FREE);
return decoded; return decoded;
} }
/* See if we need to process any pending FIN captures */ /* See if we need to process any pending FIN captures */
static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo, static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
SnifferSession* session) SnifferSession* session)
{ {
if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <= if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <=
session->cliExpected) { session->cliExpected) {
if (session->finCaputre.cliCounted == 0) { if (session->finCaputre.cliCounted == 0) {
session->flags.finCount += 1; session->flags.finCount += 1;
@@ -3423,8 +3417,8 @@ static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected); TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected);
} }
} }
if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <= if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <=
session->srvExpected) { session->srvExpected) {
if (session->finCaputre.srvCounted == 0) { if (session->finCaputre.srvCounted == 0) {
session->flags.finCount += 1; session->flags.finCount += 1;
@@ -3432,13 +3426,13 @@ static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected); TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected);
} }
} }
if (session->flags.finCount >= 2) if (session->flags.finCount >= 2)
RemoveSession(session, ipInfo, tcpInfo, 0); RemoveSession(session, ipInfo, tcpInfo, 0);
} }
/* If session is in fatal error state free resources now /* If session is in fatal error state free resources now
return true if removed, 0 otherwise */ return true if removed, 0 otherwise */
static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo, static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
SnifferSession* session, char* error) SnifferSession* session, char* error)
@@ -3467,17 +3461,17 @@ int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes, if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
error) != 0) error) != 0)
return -1; return -1;
ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error); ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
else if (ret == -1) return -1; else if (ret == -1) return -1;
else if (ret == 1) return 0; /* done for now */ else if (ret == 1) return 0; /* done for now */
ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error); ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
else if (ret == -1) return -1; else if (ret == -1) return -1;
else if (ret == 1) return 0; /* done for now */ else if (ret == 1) return 0; /* done for now */
ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes, ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
&end, error); &end, error);
if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1; if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
@@ -3531,7 +3525,7 @@ int ssl_Trace(const char* traceFile, char* error)
} }
TraceOn = 1; TraceOn = 1;
} }
else else
TraceOn = 0; TraceOn = 0;
return 0; return 0;