Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

OCSP: a bunch of whitespace fixes

Browse source
This commit is contained in:
Johanna Amann 2017-02-09 12:28:00 -08:00
parent b021fe7562
commit 9c6cebf324
5 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/base/files/x509/ocsp.bro
View file

@ -248,7 +248,7 @@ function enq_request(http: HTTP::Info, req: OCSP::Request, req_id: string, req_t
update_http_info(http, req_rec_empty); update_http_info(http, req_rec_empty);
Log::write(LOG, [$ts=req_rec_empty$ts, $req=req_rec_empty, $cid=http$id, $cuid=http$uid, $method=http$method, $http=http]); Log::write(LOG, [$ts=req_rec_empty$ts, $req=req_rec_empty, $cid=http$id, $cuid=http$uid, $method=http$method, $http=http]);
} }
} }
event ocsp_request(f: fa_file, req_ref: opaque of ocsp_req, req: OCSP::Request) &priority = 5 event ocsp_request(f: fa_file, req_ref: opaque of ocsp_req, req: OCSP::Request) &priority = 5
{ {
@ -294,7 +294,7 @@ function check_ocsp_request_uri(http: HTTP::Info): OCSP::Request
if ( ! http?$original_uri ) if ( ! http?$original_uri )
return parsed_req;; return parsed_req;;
local uri_prefix: string = get_uri_prefix(http$original_uri); local uri_prefix: string = get_uri_prefix(http$original_uri);
http$uri_prefix = uri_prefix; http$uri_prefix = uri_prefix;
local ocsp_req_str: string = http$uri[|uri_prefix|:]; local ocsp_req_str: string = http$uri[|uri_prefix|:];
parsed_req = ocsp_parse_request(decode_base64(ocsp_req_str)); parsed_req = ocsp_parse_request(decode_base64(ocsp_req_str));
if ( ! parsed_req?$requestList || |parsed_req$requestList| == 0 ) if ( ! parsed_req?$requestList || |parsed_req$requestList| == 0 )
@ -397,11 +397,11 @@ event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Respo
if ( ! f$http?$ocsp_responses ) if ( ! f$http?$ocsp_responses )
f$http$ocsp_responses = table(); f$http$ocsp_responses = table();
if ( cert_id !in f$http$ocsp_responses ) if ( cert_id !in f$http$ocsp_responses )
f$http$ocsp_responses[cert_id] = Queue::init(); f$http$ocsp_responses[cert_id] = Queue::init();
Queue::put(f$http$ocsp_responses[cert_id], resp_rec); Queue::put(f$http$ocsp_responses[cert_id], resp_rec);
} }
} }
else else
@ -468,7 +468,7 @@ function start_log_ocsp(http: HTTP::Info)
log_unmatched_reqs(http); log_unmatched_reqs(http);
return; return;
} }
for ( cert_id in http$ocsp_responses ) for ( cert_id in http$ocsp_responses )
{ {
while ( Queue::len(http$ocsp_responses[cert_id]) != 0 ) while ( Queue::len(http$ocsp_responses[cert_id]) != 0 )
@ -502,7 +502,7 @@ function start_log_ocsp(http: HTTP::Info)
if ( http?$ocsp_requests && |http$ocsp_requests| != 0 ) if ( http?$ocsp_requests && |http$ocsp_requests| != 0 )
log_unmatched_reqs(http); log_unmatched_reqs(http);
} }
# log OCSP information # log OCSP information
event HTTP::log_http(rec: HTTP::Info) event HTTP::log_http(rec: HTTP::Info)
{ {

6
scripts/policy/protocols/ssl/ocsp-stapling.bro
View file

@ -19,7 +19,7 @@ export {
## size of this response ## size of this response
size: count &log; size: count &log;
## responseStatus ## responseStatus
responseStatus: string &log; responseStatus: string &log;
@ -34,14 +34,14 @@ export {
## producedAt ## producedAt
producedAt: string &log; producedAt: string &log;
## NOTE: the following are specific to one cert id ## NOTE: the following are specific to one cert id
## the above are for one message which may contain ## the above are for one message which may contain
## several responses ## several responses
## index ## index
idx: count &log &optional; idx: count &log &optional;
## cert id ## cert id
cert_id: OCSP::CertId &log &optional; cert_id: OCSP::CertId &log &optional;

8
src/file_analysis/analyzer/x509/functions.bif
View file

@ -548,14 +548,14 @@ x509_verify_chainerror:
## cert: The X509 certificate opaque handle. ## cert: The X509 certificate opaque handle.
## ##
## hash_alg: the hash algorithm to use ## hash_alg: the hash algorithm to use
## ##
## Returns: A string of hash of issuer name. ## Returns: A string of hash of issuer name.
## ##
## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints
## x509_ext_subject_alternative_name x509_parse ## x509_ext_subject_alternative_name x509_parse
## x509_get_certificate_string x509_verify ## x509_get_certificate_string x509_verify
function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: string%): string function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: string%): string
%{ %{
assert(cert); assert(cert);
assert(hash_alg); assert(hash_alg);
@ -583,7 +583,7 @@ function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: string%): string
return NULL; return NULL;
} }
const EVP_MD *dgst; const EVP_MD *dgst;
if (strcmp(h, "sha1") == 0) if (strcmp(h, "sha1") == 0)
dgst = EVP_sha1(); dgst = EVP_sha1();
else if (strcmp(h, "sha224") == 0) else if (strcmp(h, "sha224") == 0)

4
src/file_analysis/analyzer/x509/ocsp_functions.bif
View file

@ -11,7 +11,7 @@
## ##
## .. bro:see:: ssl_stapled_ocsp ocsp_parse_request ## .. bro:see:: ssl_stapled_ocsp ocsp_parse_request
function ocsp_parse_response%(ocsp_reply: string%): OCSP::Response function ocsp_parse_response%(ocsp_reply: string%): OCSP::Response
%{ %{
const unsigned char* start = ocsp_reply->Bytes(); const unsigned char* start = ocsp_reply->Bytes();
OCSP_RESPONSE *resp = NULL; OCSP_RESPONSE *resp = NULL;
file_analysis::OCSP_RESPVal* resp_val = NULL; file_analysis::OCSP_RESPVal* resp_val = NULL;
@ -43,7 +43,7 @@ function ocsp_parse_response%(ocsp_reply: string%): OCSP::Response
## ##
## .. bro:see:: ssl_stapled_ocsp ocsp_parse_response ## .. bro:see:: ssl_stapled_ocsp ocsp_parse_response
function ocsp_parse_request%(ocsp_req: string%): OCSP::Request function ocsp_parse_request%(ocsp_req: string%): OCSP::Request
%{ %{
const unsigned char* start = ocsp_req->Bytes(); const unsigned char* start = ocsp_req->Bytes();
OCSP_REQUEST *req = NULL; OCSP_REQUEST *req = NULL;
file_analysis::OCSP_REQVal* req_val = NULL; file_analysis::OCSP_REQVal* req_val = NULL;

4
src/main.cc
View file

@ -841,9 +841,9 @@ int main(int argc, char** argv)
topk_type = new OpaqueType("topk"); topk_type = new OpaqueType("topk");
bloomfilter_type = new OpaqueType("bloomfilter"); bloomfilter_type = new OpaqueType("bloomfilter");
x509_opaque_type = new OpaqueType("x509"); x509_opaque_type = new OpaqueType("x509");
ocsp_req_opaque_type = new OpaqueType("ocsp_req"); ocsp_req_opaque_type = new OpaqueType("ocsp_req");
ocsp_resp_opaque_type = new OpaqueType("ocsp_resp"); ocsp_resp_opaque_type = new OpaqueType("ocsp_resp");
// The leak-checker tends to produce some false // The leak-checker tends to produce some false
// positives (memory which had already been // positives (memory which had already been
// allocated before we start the checking is // allocated before we start the checking is