mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
analyzer/ssl: handle missing <openssl/kdf.h>
This commit is contained in:
Florian Wilkens
Florian Wilkens
parent
95a6ee27b1
commit
979bf20769
3 changed files with 16 additions and 5 deletions
2
cmake
2
cmake
|
|
@ -1 +1 @@
|
|||
Subproject commit 74259745dea5ee4889d1ac1f4ebde4e2c59c329a
|
||||
Subproject commit cce53d15008a26dcb1b7eb534a78f52f9355c676
|
||||
|
|
@ -11,7 +11,10 @@
|
|||
|
||||
#include <arpa/inet.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/kdf.h>
|
||||
|
||||
#ifdef OPENSSL_HAVE_KDF_H
|
||||
#include <openssl/kdf.h>
|
||||
#endif
|
||||
|
||||
static void print_hex(std::string name, u_char* data, int len)
|
||||
{
|
||||
|
|
@ -146,6 +149,7 @@ void SSL_Analyzer::SetKeys(const u_char* data, int len)
|
|||
bool SSL_Analyzer::TLS12_PRF(const std::string& secret, const std::string& label,
|
||||
const char* rnd1, size_t rnd1_len, const char* rnd2, size_t rnd2_len, u_char* out, size_t out_len)
|
||||
{
|
||||
#ifdef OPENSSL_HAVE_KDF_H
|
||||
// alloc buffers
|
||||
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
|
||||
size_t seed_len = label.length() + rnd1_len + rnd2_len;
|
||||
|
|
@ -174,6 +178,7 @@ bool SSL_Analyzer::TLS12_PRF(const std::string& secret, const std::string& label
|
|||
|
||||
abort:
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -201,6 +206,8 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
|
|||
// Secret present, but no keys derived yet: derive keys
|
||||
if ( secret != nullptr && secret->Len() != 0 && ( keys == nullptr || keys->Len() == 0 ) )
|
||||
{
|
||||
#ifdef OPENSSL_HAVE_KDF_H
|
||||
DBG_LOG(DBG_ANALYZER, "Deriving TLS keys for connection foo");
|
||||
uint32_t ts = htonl((uint32_t) handshake_interp->gmt_unix_time());
|
||||
|
||||
char crand[32] = {0x00};
|
||||
|
|
@ -221,7 +228,8 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
|
|||
|
||||
// save derived keys
|
||||
SetKeys(keybuf, sizeof(keybuf));
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
// Keys present: decrypt TLS application data
|
||||
if ( keys != nullptr && keys->Len() != 0 )
|
||||
|
|
@ -302,9 +310,9 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
|
|||
|
||||
delete [] decrypted;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
// This is only reached if key derivation somehow failed
|
||||
// This is only reached if key derivation fails or is unsupported
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -77,6 +77,9 @@
|
|||
/* Compatibility for Darwin */
|
||||
#cmakedefine NEED_NAMESER_COMPAT_H
|
||||
|
||||
/* openssl/kdf.h for TLS PRF (key derivation) */
|
||||
#cmakedefine OPENSSL_HAVE_KDF_H
|
||||
|
||||
/* d2i_x509 uses const char** */
|
||||
#cmakedefine OPENSSL_D2I_X509_USES_CONST_CHAR
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue