Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Spicy SSL: reformat with new version of spicy format

Browse source
This commit is contained in:
Johanna Amann 2024-09-11 17:06:01 +02:00
parent 743e2a3663
commit 86c542fd47
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/analyzer/protocol/ssl/spicy/SSL.spicy
View file

@ -701,7 +701,7 @@ type SSL2Record = unit(lengthone: uint8, inout msg: Message, inout sh: Share) {
var length: uint16; var length: uint16;
on lengthtwo { on lengthtwo {
self.length = (cast<uint16>(lengthone) & 0x7F)<<8 | self.lengthtwo; self.length = (cast<uint16>(lengthone) & 0x7F) << 8 | self.lengthtwo;
} }
message_type: uint8; message_type: uint8;
@ -712,7 +712,7 @@ type SSL2Record = unit(lengthone: uint8, inout msg: Message, inout sh: Share) {
SSL2ProtocolMessages::ssl_server_verify -> : skip bytes &size=self.length; SSL2ProtocolMessages::ssl_server_verify -> : skip bytes &size=self.length;
SSL2ProtocolMessages::ssl_request_certificate -> : skip bytes &size=self.length; SSL2ProtocolMessages::ssl_request_certificate -> : skip bytes &size=self.length;
SSL2ProtocolMessages::ssl_client_certificate -> : skip bytes &size=self.length; SSL2ProtocolMessages::ssl_client_certificate -> : skip bytes &size=self.length;
} if(get_encrypted(sh) == False) ; } if(get_encrypted(sh) == False);
: skip bytes &size=self.length if(get_encrypted(sh) == True); : skip bytes &size=self.length if(get_encrypted(sh) == True);
on %done { on %done {
@ -842,7 +842,7 @@ function determine_encryption_on(pr: PlaintextRecord, content_type: uint8, hands
return False; return False;
if (content_type != 23) # application_data if (content_type != 23) # application_data
return False; return False;
## in theory, we should check for TLS13 or draft-TLS13 instead of doing the reverse. ## in theory, we should check for TLS13 or draft-TLS13 instead of doing the reverse.
## But - people use weird version numbers. And all of those weird version numbers are ## But - people use weird version numbers. And all of those weird version numbers are