better error output for temp keys or compression on sniffer

2025-08-02 12:14:38 +02:00 · 2012-06-29 10:59:48 -07:00
parent 22cb11f304
commit 638c095737
6 changed files with 32 additions and 6 deletions
--- a/cyassl/sniffer_error.h
+++ b/cyassl/sniffer_error.h
@@ -98,6 +98,7 @@
 #define BAD_INPUT_STR 64
 #define BAD_DECRYPT_TYPE 65
 #define BAD_FINISHED_MSG 66
 #define BAD_COMPRESSION_STR 67
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
--- a/cyassl/sniffer_error.rc
+++ b/cyassl/sniffer_error.rc
@@ -80,5 +80,6 @@ STRINGTABLE
    65, "Bad Decrypt Type"
    66, "Bad Finished Message Processing"
    67, "Bad Compression Type"
 }
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -128,6 +128,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
    load_buffer(ctx, svrKey,  CYASSL_KEY);
 #endif
 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
    /* don't use EDH, can't sniff tmp keys */
    CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
 #endif
    SignalReady(args);
    while (!shutdown) {
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -146,6 +146,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    load_buffer(ctx, svrKey,  CYASSL_KEY);
 #endif /* NO_FILESYSTEM */
 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
    /* don't use EDH, can't sniff tmp keys */
    SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
 #endif
    ssl = SSL_new(ctx);
 #ifdef HAVE_CRL
    CyaSSL_EnableCRL(ssl, 0);
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -216,7 +216,8 @@ static const char* const msgTable[] =
    "Bad Decrypt Type",
    /* 66 */
-    "Bad Finished Message Processing"
+    "Bad Finished Message Processing",
    "Bad Compression Type"
 };
@@ -1173,12 +1174,22 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
    input     += b;
    *sslBytes -= b;
    /* cipher suite */ 
    (void)*input++;  /* eat first byte, always 0 */
    b = *input++;
    session->sslServer->options.cipherSuite = b;
    session->sslClient->options.cipherSuite = b;
    *sslBytes -= SUITE_LEN;
    /* compression */
    b = *input++;
    *sslBytes -= ENUM_LEN;
    if (b) {
        SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    if (session->sslServer->options.haveSessionId &&
            XMEMCMP(session->sslServer->arrays.sessionID,
                    session->sslClient->arrays.sessionID, ID_LEN) == 0)
@@ -1466,6 +1477,9 @@ static int DoHandShake(const byte* input, int* sslBytes,
            break;
        case server_key_exchange:
            Trace(GOT_SERVER_KEY_EX_STR);
            /* can't know temp key passively */
            SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
            ret = -1;
            break;
        case certificate:
            Trace(GOT_CERT_STR);
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -63,7 +63,7 @@ typedef unsigned char byte;
 enum {
    ETHER_IF_FRAME_LEN = 14,   /* ethernet interface frame length */
-    LOCAL_IF_FRAME_LEN =  4,   /* localhost interface frame length  */
+    NULL_IF_FRAME_LEN =   4,   /* no link interface frame length  */
 };
@@ -241,8 +241,8 @@ int main(int argc, char** argv)
    if (ret != 0)
        err_sys(err);
-    if (pcap_datalink(pcap) == 0) 
+    if (pcap_datalink(pcap) == DLT_NULL) 
-        frame = LOCAL_IF_FRAME_LEN;
+        frame = NULL_IF_FRAME_LEN;
    while (1) {
        struct pcap_pkthdr header;