mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 15:48:19 +00:00
Spicy TLS: fix parsing of no-extension hellos, port registration
Parsing of client/server hellos that do not contain extensions should now work correctly. The port registration is now done Zeek-side, wich fixes some test failures.
This commit is contained in:
Johanna Amann
parent
32d27b1b3f
commit
dda1bbb7fc
4 changed files with 20 additions and 19 deletions
|
|
@ -96,13 +96,13 @@ function describe_file(f: fa_file): string
|
||||||
|
|
||||||
event zeek_init() &priority=5
|
event zeek_init() &priority=5
|
||||||
{
|
{
|
||||||
# Files::register_protocol(Analyzer::ANALYZER_SSL,
|
Files::register_protocol(Analyzer::ANALYZER_SSL,
|
||||||
# [$get_file_handle = SSL::get_file_handle,
|
[$get_file_handle = SSL::get_file_handle,
|
||||||
# $describe = SSL::describe_file]);
|
$describe = SSL::describe_file]);
|
||||||
|
|
||||||
# Files::register_protocol(Analyzer::ANALYZER_DTLS,
|
Files::register_protocol(Analyzer::ANALYZER_DTLS,
|
||||||
# [$get_file_handle = SSL::get_file_handle,
|
[$get_file_handle = SSL::get_file_handle,
|
||||||
# $describe = SSL::describe_file]);
|
$describe = SSL::describe_file]);
|
||||||
|
|
||||||
|
|
||||||
local ssl_filter = Log::get_filter(SSL::LOG, "default");
|
local ssl_filter = Log::get_filter(SSL::LOG, "default");
|
||||||
|
|
|
||||||
|
|
@ -197,8 +197,8 @@ redef likely_server_ports += { ssl_ports, dtls_ports };
|
||||||
event zeek_init() &priority=6
|
event zeek_init() &priority=6
|
||||||
{
|
{
|
||||||
Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl", $policy=log_policy]);
|
Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl", $policy=log_policy]);
|
||||||
#Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports);
|
Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports);
|
||||||
#Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, dtls_ports);
|
Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, dtls_ports);
|
||||||
}
|
}
|
||||||
|
|
||||||
function set_session(c: connection)
|
function set_session(c: connection)
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,8 @@
|
||||||
protocol analyzer SSL over TCP:
|
protocol analyzer SSL over TCP:
|
||||||
parse with SSL::Message,
|
parse with SSL::Message;
|
||||||
port 443/tcp;
|
|
||||||
|
|
||||||
protocol analyzer DTLS over UDP:
|
protocol analyzer DTLS over UDP:
|
||||||
parse with SSL::Message,
|
parse with SSL::Message;
|
||||||
port 443/udp;
|
|
||||||
|
|
||||||
import SSL;
|
import SSL;
|
||||||
import zeek;
|
import zeek;
|
||||||
|
|
|
||||||
|
|
@ -846,6 +846,10 @@ type Handshake_message = unit(inout msg: Message, inout sh: Share) {
|
||||||
on unhandled {
|
on unhandled {
|
||||||
print "Unhandled handshake message of type ", self.msg_type;
|
print "Unhandled handshake message of type ", self.msg_type;
|
||||||
}
|
}
|
||||||
|
on %error(emsg: string) {
|
||||||
|
print "Error in handshake message of type", self.msg_type, self, emsg;
|
||||||
|
print self;
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
type HelloRequest = unit(inout sh: Share) {
|
type HelloRequest = unit(inout sh: Share) {
|
||||||
|
|
@ -910,9 +914,8 @@ type ClientHello = unit(len: uint64, msg: Message, inout sh: Share) {
|
||||||
cipher_suites: uint16[self.cipher_suites_length/2];
|
cipher_suites: uint16[self.cipher_suites_length/2];
|
||||||
compression_methods_length: uint8;
|
compression_methods_length: uint8;
|
||||||
compression_methods: uint8[self.compression_methods_length];
|
compression_methods: uint8[self.compression_methods_length];
|
||||||
extensions_length: uint16 if ( len > self.offset() );
|
extensions_length: uint16 if ( len > self.offset() + 2 );
|
||||||
extensions: Extension(sh, True)[] &size=self.extensions_length if ( len > self.offset() );
|
extensions: Extension(sh, True)[] &size=self.extensions_length if ( len > self.offset() + 2 );
|
||||||
|
|
||||||
on %error(emsg: string) {
|
on %error(emsg: string) {
|
||||||
print "Error in client hello", emsg;
|
print "Error in client hello", emsg;
|
||||||
print self;
|
print self;
|
||||||
|
|
@ -955,8 +958,8 @@ type ServerHelloOneThree = unit(len: uint64, msg: Message, inout sh: Share, serv
|
||||||
random_bytes: bytes &size=32;
|
random_bytes: bytes &size=32;
|
||||||
gmt_unix_time: uint32 &parse-from=self.random_bytes;
|
gmt_unix_time: uint32 &parse-from=self.random_bytes;
|
||||||
cipher_suite: uint16;
|
cipher_suite: uint16;
|
||||||
extensions_length: uint16 if ( len > self.offset() );
|
extensions_length: uint16 if ( len > self.offset() + 2 );
|
||||||
extensions: Extension(sh, False)[] &size=self.extensions_length if ( len > self.offset() );
|
extensions: Extension(sh, False)[] &size=self.extensions_length if ( len > self.offset() + 2);
|
||||||
|
|
||||||
on cipher_suite {
|
on cipher_suite {
|
||||||
sh.chosen_cipher = self.cipher_suite;
|
sh.chosen_cipher = self.cipher_suite;
|
||||||
|
|
@ -971,8 +974,8 @@ type ServerHello = unit(len: uint64, msg: Message, inout sh: Share, server_versi
|
||||||
session_id: bytes &size=self.session_id_length;
|
session_id: bytes &size=self.session_id_length;
|
||||||
cipher_suite: uint16;
|
cipher_suite: uint16;
|
||||||
compression_method: uint8;
|
compression_method: uint8;
|
||||||
extensions_length: uint16 if ( len > self.offset() );
|
extensions_length: uint16 if ( len > self.offset() + 2 );
|
||||||
extensions: Extension(sh, False)[] &size=self.extensions_length if ( len > self.offset() );
|
extensions: Extension(sh, False)[] &size=self.extensions_length if ( len > self.offset() + 2 );
|
||||||
|
|
||||||
on cipher_suite {
|
on cipher_suite {
|
||||||
sh.chosen_cipher = self.cipher_suite;
|
sh.chosen_cipher = self.cipher_suite;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue