Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Remove intermediate cipher vectors in ssl-analyzer.pac

Browse source
This commit is contained in:
Tim Wojtulewicz 2025-07-28 09:14:53 -07:00
parent 2cfa5e79fa
commit d021845079
1 changed files with 19 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/analyzer/protocol/ssl/ssl-analyzer.pac
View file

@ -22,30 +22,28 @@ refine connection SSL_Conn += {
if ( ssl_client_hello )
{
vector<int> cipher_suites;
if ( cipher_suites16 )
std::ranges::copy(*cipher_suites16, std::back_inserter(cipher_suites));
else
std::ranges::transform(*cipher_suites24, std::back_inserter(cipher_suites), to_int());
auto cipher_vec = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
for ( unsigned int i = 0; i < cipher_suites.size(); ++i )
if ( cipher_suites16 )
{
auto cipher = zeek::val_mgr->Count(cipher_suites[i]);
cipher_vec->Assign(i, std::move(cipher));
cipher_vec->Reserve(cipher_suites16->size());
for ( uint32_t cipher : *cipher_suites16 )
cipher_vec->Append(zeek::val_mgr->Count(cipher));
}
else
{
cipher_vec->Reserve(cipher_suites24->size());
for ( auto cipher : *cipher_suites24 )
cipher_vec->Append(zeek::val_mgr->Count(to_int()(cipher)));
}
auto comp_vec = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
if ( compression_methods )
{
for ( unsigned int i = 0; i < compression_methods->size(); ++i )
{
auto comp = zeek::val_mgr->Count((*compression_methods)[i]);
comp_vec->Assign(i, comp);
}
comp_vec->Reserve(compression_methods->size());
for ( auto method : *compression_methods )
comp_vec->Append(zeek::val_mgr->Count(method));
}
zeek::BifEvent::enqueue_ssl_client_hello(zeek_analyzer(), zeek_analyzer()->Conn(),
@ -75,12 +73,11 @@ refine connection SSL_Conn += {
if ( ssl_server_hello )
{
vector<int>* ciphers = new vector<int>();
if ( cipher_suites16 )
std::ranges::copy(*cipher_suites16, std::back_inserter(*ciphers));
else
std::ranges::transform(*cipher_suites24, std::back_inserter(*ciphers), to_int());
int first_cipher = 0;
if ( cipher_suites16 && ! cipher_suites16->empty() )
first_cipher = cipher_suites16->front();
else if ( cipher_suites24 && ! cipher_suites24->empty() )
first_cipher = to_int()(cipher_suites24->front());
uint32 ts = 0;
if ( v2 == 0 && server_random.length() >= 4 )
@ -92,9 +89,7 @@ refine connection SSL_Conn += {
zeek::make_intrusive<zeek::StringVal>(server_random.length(),
(const char*) server_random.data()),
{zeek::AdoptRef{}, to_string_val(session_id)},
ciphers->size()==0 ? 0 : ciphers->at(0), comp_method);
delete ciphers;
first_cipher, comp_method);
}
return true;