mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 15:48:19 +00:00
Remove opaque of ocsp_resp.
Only used in one event, without any way to use the opaque for anything else. At this point this just seems like a complication that has no reason to be there.
This commit is contained in:
Johanna Amann
parent
c068daa258
commit
446b5cb90e
11 changed files with 14 additions and 85 deletions
|
|
@ -175,9 +175,7 @@ bool file_analysis::OCSP::EndOfFile()
|
|||
return false;
|
||||
}
|
||||
|
||||
OCSP_RESPVal* resp_val = new OCSP_RESPVal(resp); // resp_val takes ownership
|
||||
ParseResponse(resp_val);
|
||||
Unref(resp_val);
|
||||
ParseResponse(resp);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -449,9 +447,8 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
|
|||
BIO_free(bio);
|
||||
}
|
||||
|
||||
void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val)
|
||||
void file_analysis::OCSP::ParseResponse(OCSP_RESPONSE *resp)
|
||||
{
|
||||
OCSP_RESPONSE *resp = resp_val->GetResp();
|
||||
//OCSP_RESPBYTES *resp_bytes = resp->responseBytes;
|
||||
OCSP_BASICRESP *basic_resp = nullptr;
|
||||
OCSP_RESPDATA *resp_data = nullptr;
|
||||
|
|
@ -506,7 +503,6 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val)
|
|||
#endif
|
||||
|
||||
vl.append(GetFile()->GetVal()->Ref());
|
||||
vl.append(resp_val->Ref());
|
||||
vl.append(status_val);
|
||||
|
||||
#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
|
@ -690,52 +686,3 @@ void file_analysis::OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool globa
|
|||
ParseSignedCertificateTimestamps(ex);
|
||||
}
|
||||
|
||||
OCSP_RESPVal::OCSP_RESPVal(OCSP_RESPONSE* arg_ocsp_resp) : OpaqueVal(ocsp_resp_opaque_type)
|
||||
{
|
||||
ocsp_resp = arg_ocsp_resp;
|
||||
}
|
||||
|
||||
OCSP_RESPVal::OCSP_RESPVal() : OpaqueVal(ocsp_resp_opaque_type)
|
||||
{
|
||||
ocsp_resp = nullptr;
|
||||
}
|
||||
|
||||
OCSP_RESPVal::~OCSP_RESPVal()
|
||||
{
|
||||
if (ocsp_resp)
|
||||
OCSP_RESPONSE_free(ocsp_resp);
|
||||
}
|
||||
|
||||
OCSP_RESPONSE* OCSP_RESPVal::GetResp() const
|
||||
{
|
||||
return ocsp_resp;
|
||||
}
|
||||
|
||||
IMPLEMENT_OPAQUE_VALUE(OCSP_RESPVal)
|
||||
|
||||
broker::data OCSP_RESPVal::DoSerialize() const
|
||||
{
|
||||
unsigned char *buf = NULL;
|
||||
int length = i2d_OCSP_RESPONSE(ocsp_resp, &buf);
|
||||
if ( length < 0 )
|
||||
return broker::none();
|
||||
|
||||
auto d = std::string(reinterpret_cast<const char*>(buf), length);
|
||||
OPENSSL_free(buf);
|
||||
|
||||
return d;
|
||||
}
|
||||
|
||||
bool OCSP_RESPVal::DoUnserialize(const broker::data& data)
|
||||
{
|
||||
if ( caf::get_if<broker::none>(&data) )
|
||||
return false;
|
||||
|
||||
auto s = caf::get_if<std::string>(&data);
|
||||
if ( ! s )
|
||||
return false;
|
||||
|
||||
auto opensslbuf = reinterpret_cast<const unsigned char*>(s->data());
|
||||
ocsp_resp = d2i_OCSP_RESPONSE(NULL, &opensslbuf, s->size());
|
||||
return (ocsp_resp != nullptr);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
|
||||
#include <string>
|
||||
|
||||
#include "OpaqueVal.h"
|
||||
#include "../File.h"
|
||||
#include "Analyzer.h"
|
||||
#include "X509Common.h"
|
||||
|
|
@ -14,8 +13,6 @@
|
|||
|
||||
namespace file_analysis {
|
||||
|
||||
class OCSP_RESPVal;
|
||||
|
||||
class OCSP : public file_analysis::X509Common {
|
||||
public:
|
||||
bool DeliverStream(const u_char* data, uint64 len) override;
|
||||
|
|
@ -29,7 +26,7 @@ protected:
|
|||
OCSP(RecordVal* args, File* file, bool request);
|
||||
|
||||
private:
|
||||
void ParseResponse(OCSP_RESPVal*);
|
||||
void ParseResponse(OCSP_RESPONSE*);
|
||||
void ParseRequest(OCSP_REQUEST*);
|
||||
void ParseExtensionsSpecific(X509_EXTENSION* ex, bool, ASN1_OBJECT*, const char*) override;
|
||||
|
||||
|
|
@ -37,19 +34,6 @@ private:
|
|||
bool request = false; // true if ocsp request, false if reply
|
||||
};
|
||||
|
||||
class OCSP_RESPVal: public OpaqueVal {
|
||||
public:
|
||||
explicit OCSP_RESPVal(OCSP_RESPONSE *);
|
||||
~OCSP_RESPVal() override;
|
||||
OCSP_RESPONSE *GetResp() const;
|
||||
protected:
|
||||
OCSP_RESPVal();
|
||||
|
||||
DECLARE_OPAQUE_VALUE(OCSP_RESPVal)
|
||||
private:
|
||||
OCSP_RESPONSE *ocsp_resp;
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -52,9 +52,6 @@ event ocsp_response_status%(f: fa_file, status: string%);
|
|||
##
|
||||
## f: The file.
|
||||
##
|
||||
## req_ref: An opaque pointer to the underlying OpenSSL data structure of the
|
||||
## OCSP response.
|
||||
##
|
||||
## status: The status of the OCSP response (e.g. succesful, malformedRequest, tryLater).
|
||||
##
|
||||
## version: Version of the OCSP response (typically - for version 1).
|
||||
|
|
@ -71,7 +68,7 @@ event ocsp_response_status%(f: fa_file, status: string%);
|
|||
## .. zeek:see:: ocsp_request ocsp_request_certificate ocsp_response_status
|
||||
## ocsp_response_certificate ocsp_extension
|
||||
## x509_ocsp_ext_signed_certificate_timestamp
|
||||
event ocsp_response_bytes%(f: fa_file, resp_ref: opaque of ocsp_resp, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector%);
|
||||
event ocsp_response_bytes%(f: fa_file, status: string, version: count, responderId: string, producedAt: time, signatureAlgorithm: string, certs: x509_opaque_vector%);
|
||||
|
||||
## This event is raised for each SingleResponse contained in an OCSP response.
|
||||
## See :rfc:`6960` for more details on OCSP.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue