Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

analyzer/ssl: defensive key length check + more debug logging

Browse source
This commit is contained in:
Florian Wilkens 2021-06-23 17:34:41 +02:00
parent a7fe2bd9c5
commit aaaff39e12
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/analyzer/protocol/ssl/SSL.cc
View file

@ -228,12 +228,16 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
// save derived keys // save derived keys
SetKeys(keybuf, sizeof(keybuf)); SetKeys(keybuf, sizeof(keybuf));
#else
DBG_LOG(DBG_ANALYZER, "Cannot derive TLS keys as Zeek was compiled without <openssl/kdf.h>");
#endif #endif
} }
// Keys present: decrypt TLS application data // Keys present: decrypt TLS application data
if ( keys != nullptr && keys->Len() != 0 ) if ( keys != nullptr && keys->Len() == 72 )
{ {
// FIXME: could also print keys or conn id here
DBG_LOG(DBG_ANALYZER, "Decrypting application data");
// session keys & AEAD data // session keys & AEAD data
u_char c_wk[32]; u_char c_wk[32];
u_char s_wk[32]; u_char s_wk[32];
@ -305,6 +309,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
return false; return false;
} }
DBG_LOG(DBG_ANALYZER, "Successfully decrypted %d bytes.", decrypted_len);
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
ForwardDecryptedData(decrypted_len, reinterpret_cast<const u_char*>(decrypted), is_orig); ForwardDecryptedData(decrypted_len, reinterpret_cast<const u_char*>(decrypted), is_orig);