wolfSSL | Mbed

Users » sPymbed » Code » wolfSSL

src/sniffer.c@15:117db924cf7c, 2018-08-18 (annotated)

Committer:: wolfSSL
Date:: Sat Aug 18 22:20:43 2018 +0000
Revision:: 15:117db924cf7c
Child:: 17:ff9d1e86ad5f

wolfSSL 3.15.3

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	15:117db924cf7c	1	/* sniffer.c
wolfSSL	15:117db924cf7c	2	*
wolfSSL	15:117db924cf7c	3	* Copyright (C) 2006-2017 wolfSSL Inc.
wolfSSL	15:117db924cf7c	4	*
wolfSSL	15:117db924cf7c	5	* This file is part of wolfSSL.
wolfSSL	15:117db924cf7c	6	*
wolfSSL	15:117db924cf7c	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	15:117db924cf7c	8	* it under the terms of the GNU General Public License as published by
wolfSSL	15:117db924cf7c	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	15:117db924cf7c	10	* (at your option) any later version.
wolfSSL	15:117db924cf7c	11	*
wolfSSL	15:117db924cf7c	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	15:117db924cf7c	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	15:117db924cf7c	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	15:117db924cf7c	15	* GNU General Public License for more details.
wolfSSL	15:117db924cf7c	16	*
wolfSSL	15:117db924cf7c	17	* You should have received a copy of the GNU General Public License
wolfSSL	15:117db924cf7c	18	* along with this program; if not, write to the Free Software
wolfSSL	15:117db924cf7c	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	15:117db924cf7c	20	*/
wolfSSL	15:117db924cf7c	21
wolfSSL	15:117db924cf7c	22
wolfSSL	15:117db924cf7c	23	#ifdef HAVE_CONFIG_H
wolfSSL	15:117db924cf7c	24	#include <config.h>
wolfSSL	15:117db924cf7c	25	#endif
wolfSSL	15:117db924cf7c	26
wolfSSL	15:117db924cf7c	27	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	15:117db924cf7c	28
wolfSSL	15:117db924cf7c	29	#ifndef WOLFCRYPT_ONLY
wolfSSL	15:117db924cf7c	30	#ifdef WOLFSSL_SNIFFER
wolfSSL	15:117db924cf7c	31
wolfSSL	15:117db924cf7c	32	#include <assert.h>
wolfSSL	15:117db924cf7c	33	#include <time.h>
wolfSSL	15:117db924cf7c	34
wolfSSL	15:117db924cf7c	35	#ifndef _WIN32
wolfSSL	15:117db924cf7c	36	#include <arpa/inet.h>
wolfSSL	15:117db924cf7c	37	#endif
wolfSSL	15:117db924cf7c	38
wolfSSL	15:117db924cf7c	39	#ifdef _WIN32
wolfSSL	15:117db924cf7c	40	#define SNPRINTF _snprintf
wolfSSL	15:117db924cf7c	41	#else
wolfSSL	15:117db924cf7c	42	#define SNPRINTF snprintf
wolfSSL	15:117db924cf7c	43	#endif
wolfSSL	15:117db924cf7c	44
wolfSSL	15:117db924cf7c	45	#include <wolfssl/openssl/ssl.h>
wolfSSL	15:117db924cf7c	46	#include <wolfssl/internal.h>
wolfSSL	15:117db924cf7c	47	#include <wolfssl/error-ssl.h>
wolfSSL	15:117db924cf7c	48	#include <wolfssl/sniffer.h>
wolfSSL	15:117db924cf7c	49	#include <wolfssl/sniffer_error.h>
wolfSSL	15:117db924cf7c	50	#ifdef NO_INLINE
wolfSSL	15:117db924cf7c	51	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	15:117db924cf7c	52	#else
wolfSSL	15:117db924cf7c	53	#define WOLFSSL_MISC_INCLUDED
wolfSSL	15:117db924cf7c	54	#include <wolfcrypt/src/misc.c>
wolfSSL	15:117db924cf7c	55	#endif
wolfSSL	15:117db924cf7c	56
wolfSSL	15:117db924cf7c	57
wolfSSL	15:117db924cf7c	58	#ifndef WOLFSSL_SNIFFER_TIMEOUT
wolfSSL	15:117db924cf7c	59	#define WOLFSSL_SNIFFER_TIMEOUT 900
wolfSSL	15:117db924cf7c	60	/* Cache unclosed Sessions for 15 minutes since last used */
wolfSSL	15:117db924cf7c	61	#endif
wolfSSL	15:117db924cf7c	62
wolfSSL	15:117db924cf7c	63	/* Misc constants */
wolfSSL	15:117db924cf7c	64	enum {
wolfSSL	15:117db924cf7c	65	MAX_SERVER_ADDRESS = 128, /* maximum server address length */
wolfSSL	15:117db924cf7c	66	MAX_SERVER_NAME = 128, /* maximum server name length */
wolfSSL	15:117db924cf7c	67	MAX_ERROR_LEN = 80, /* maximum error length */
wolfSSL	15:117db924cf7c	68	ETHER_IF_ADDR_LEN = 6, /* ethernet interface address length */
wolfSSL	15:117db924cf7c	69	LOCAL_IF_ADDR_LEN = 4, /* localhost interface address length, !windows */
wolfSSL	15:117db924cf7c	70	TCP_PROTO = 6, /* TCP_PROTOCOL */
wolfSSL	15:117db924cf7c	71	IP_HDR_SZ = 20, /* IP header length, min */
wolfSSL	15:117db924cf7c	72	TCP_HDR_SZ = 20, /* TCP header length, min */
wolfSSL	15:117db924cf7c	73	IPV4 = 4, /* IP version 4 */
wolfSSL	15:117db924cf7c	74	TCP_PROTOCOL = 6, /* TCP Protocol id */
wolfSSL	15:117db924cf7c	75	TRACE_MSG_SZ = 80, /* Trace Message buffer size */
wolfSSL	15:117db924cf7c	76	HASH_SIZE = 499, /* Session Hash Table Rows */
wolfSSL	15:117db924cf7c	77	PSEUDO_HDR_SZ = 12, /* TCP Pseudo Header size in bytes */
wolfSSL	15:117db924cf7c	78	FATAL_ERROR_STATE = 1, /* SnifferSession fatal error state */
wolfSSL	15:117db924cf7c	79	TICKET_HINT_LEN = 4, /* Session Ticket Hint length */
wolfSSL	15:117db924cf7c	80	EXT_TYPE_SZ = 2, /* Extension length */
wolfSSL	15:117db924cf7c	81	MAX_INPUT_SZ = MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA +
wolfSSL	15:117db924cf7c	82	MTU_EXTRA, /* Max input sz of reassembly */
wolfSSL	15:117db924cf7c	83	EXT_MASTER_SECRET = 0x17, /* Extended Master Secret Extension ID */
wolfSSL	15:117db924cf7c	84	TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
wolfSSL	15:117db924cf7c	85	};
wolfSSL	15:117db924cf7c	86
wolfSSL	15:117db924cf7c	87
wolfSSL	15:117db924cf7c	88	#ifdef _WIN32
wolfSSL	15:117db924cf7c	89
wolfSSL	15:117db924cf7c	90	static HMODULE dllModule; /* for error string resources */
wolfSSL	15:117db924cf7c	91
wolfSSL	15:117db924cf7c	92	BOOL APIENTRY DllMain( HMODULE hModule,
wolfSSL	15:117db924cf7c	93	DWORD ul_reason_for_call,
wolfSSL	15:117db924cf7c	94	LPVOID lpReserved
wolfSSL	15:117db924cf7c	95	)
wolfSSL	15:117db924cf7c	96	{
wolfSSL	15:117db924cf7c	97	static int didInit = 0;
wolfSSL	15:117db924cf7c	98
wolfSSL	15:117db924cf7c	99	switch (ul_reason_for_call)
wolfSSL	15:117db924cf7c	100	{
wolfSSL	15:117db924cf7c	101	case DLL_PROCESS_ATTACH:
wolfSSL	15:117db924cf7c	102	if (didInit == 0) {
wolfSSL	15:117db924cf7c	103	dllModule = hModule;
wolfSSL	15:117db924cf7c	104	ssl_InitSniffer();
wolfSSL	15:117db924cf7c	105	didInit = 1;
wolfSSL	15:117db924cf7c	106	}
wolfSSL	15:117db924cf7c	107	break;
wolfSSL	15:117db924cf7c	108	case DLL_THREAD_ATTACH:
wolfSSL	15:117db924cf7c	109	break;
wolfSSL	15:117db924cf7c	110	case DLL_THREAD_DETACH:
wolfSSL	15:117db924cf7c	111	break;
wolfSSL	15:117db924cf7c	112	case DLL_PROCESS_DETACH:
wolfSSL	15:117db924cf7c	113	if (didInit) {
wolfSSL	15:117db924cf7c	114	ssl_FreeSniffer();
wolfSSL	15:117db924cf7c	115	didInit = 0;
wolfSSL	15:117db924cf7c	116	}
wolfSSL	15:117db924cf7c	117	break;
wolfSSL	15:117db924cf7c	118	}
wolfSSL	15:117db924cf7c	119	return TRUE;
wolfSSL	15:117db924cf7c	120	}
wolfSSL	15:117db924cf7c	121
wolfSSL	15:117db924cf7c	122	#endif /* _WIN32 */
wolfSSL	15:117db924cf7c	123
wolfSSL	15:117db924cf7c	124
wolfSSL	15:117db924cf7c	125	static int TraceOn = 0; /* Trace is off by default */
wolfSSL	15:117db924cf7c	126	static FILE* TraceFile = 0;
wolfSSL	15:117db924cf7c	127
wolfSSL	15:117db924cf7c	128
wolfSSL	15:117db924cf7c	129	/* windows uses .rc table for this */
wolfSSL	15:117db924cf7c	130	#ifndef _WIN32
wolfSSL	15:117db924cf7c	131
wolfSSL	15:117db924cf7c	132	static const char* const msgTable[] =
wolfSSL	15:117db924cf7c	133	{
wolfSSL	15:117db924cf7c	134	/* 1 */
wolfSSL	15:117db924cf7c	135	"Out of Memory",
wolfSSL	15:117db924cf7c	136	"New SSL Sniffer Server Registered",
wolfSSL	15:117db924cf7c	137	"Checking IP Header",
wolfSSL	15:117db924cf7c	138	"SSL Sniffer Server Not Registered",
wolfSSL	15:117db924cf7c	139	"Checking TCP Header",
wolfSSL	15:117db924cf7c	140
wolfSSL	15:117db924cf7c	141	/* 6 */
wolfSSL	15:117db924cf7c	142	"SSL Sniffer Server Port Not Registered",
wolfSSL	15:117db924cf7c	143	"RSA Private Decrypt Error",
wolfSSL	15:117db924cf7c	144	"RSA Private Decode Error",
wolfSSL	15:117db924cf7c	145	"Set Cipher Spec Error",
wolfSSL	15:117db924cf7c	146	"Server Hello Input Malformed",
wolfSSL	15:117db924cf7c	147
wolfSSL	15:117db924cf7c	148	/* 11 */
wolfSSL	15:117db924cf7c	149	"Couldn't Resume Session Error",
wolfSSL	15:117db924cf7c	150	"Server Did Resumption",
wolfSSL	15:117db924cf7c	151	"Client Hello Input Malformed",
wolfSSL	15:117db924cf7c	152	"Client Trying to Resume",
wolfSSL	15:117db924cf7c	153	"Handshake Input Malformed",
wolfSSL	15:117db924cf7c	154
wolfSSL	15:117db924cf7c	155	/* 16 */
wolfSSL	15:117db924cf7c	156	"Got Hello Verify msg",
wolfSSL	15:117db924cf7c	157	"Got Server Hello msg",
wolfSSL	15:117db924cf7c	158	"Got Cert Request msg",
wolfSSL	15:117db924cf7c	159	"Got Server Key Exchange msg",
wolfSSL	15:117db924cf7c	160	"Got Cert msg",
wolfSSL	15:117db924cf7c	161
wolfSSL	15:117db924cf7c	162	/* 21 */
wolfSSL	15:117db924cf7c	163	"Got Server Hello Done msg",
wolfSSL	15:117db924cf7c	164	"Got Finished msg",
wolfSSL	15:117db924cf7c	165	"Got Client Hello msg",
wolfSSL	15:117db924cf7c	166	"Got Client Key Exchange msg",
wolfSSL	15:117db924cf7c	167	"Got Cert Verify msg",
wolfSSL	15:117db924cf7c	168
wolfSSL	15:117db924cf7c	169	/* 26 */
wolfSSL	15:117db924cf7c	170	"Got Unknown Handshake msg",
wolfSSL	15:117db924cf7c	171	"New SSL Sniffer Session created",
wolfSSL	15:117db924cf7c	172	"Couldn't create new SSL",
wolfSSL	15:117db924cf7c	173	"Got a Packet to decode",
wolfSSL	15:117db924cf7c	174	"No data present",
wolfSSL	15:117db924cf7c	175
wolfSSL	15:117db924cf7c	176	/* 31 */
wolfSSL	15:117db924cf7c	177	"Session Not Found",
wolfSSL	15:117db924cf7c	178	"Got an Old Client Hello msg",
wolfSSL	15:117db924cf7c	179	"Old Client Hello Input Malformed",
wolfSSL	15:117db924cf7c	180	"Old Client Hello OK",
wolfSSL	15:117db924cf7c	181	"Bad Old Client Hello",
wolfSSL	15:117db924cf7c	182
wolfSSL	15:117db924cf7c	183	/* 36 */
wolfSSL	15:117db924cf7c	184	"Bad Record Header",
wolfSSL	15:117db924cf7c	185	"Record Header Input Malformed",
wolfSSL	15:117db924cf7c	186	"Got a HandShake msg",
wolfSSL	15:117db924cf7c	187	"Bad HandShake msg",
wolfSSL	15:117db924cf7c	188	"Got a Change Cipher Spec msg",
wolfSSL	15:117db924cf7c	189
wolfSSL	15:117db924cf7c	190	/* 41 */
wolfSSL	15:117db924cf7c	191	"Got Application Data msg",
wolfSSL	15:117db924cf7c	192	"Bad Application Data",
wolfSSL	15:117db924cf7c	193	"Got an Alert msg",
wolfSSL	15:117db924cf7c	194	"Another msg to Process",
wolfSSL	15:117db924cf7c	195	"Removing Session From Table",
wolfSSL	15:117db924cf7c	196
wolfSSL	15:117db924cf7c	197	/* 46 */
wolfSSL	15:117db924cf7c	198	"Bad Key File",
wolfSSL	15:117db924cf7c	199	"Wrong IP Version",
wolfSSL	15:117db924cf7c	200	"Wrong Protocol type",
wolfSSL	15:117db924cf7c	201	"Packet Short for header processing",
wolfSSL	15:117db924cf7c	202	"Got Unknown Record Type",
wolfSSL	15:117db924cf7c	203
wolfSSL	15:117db924cf7c	204	/* 51 */
wolfSSL	15:117db924cf7c	205	"Can't Open Trace File",
wolfSSL	15:117db924cf7c	206	"Session in Fatal Error State",
wolfSSL	15:117db924cf7c	207	"Partial SSL record received",
wolfSSL	15:117db924cf7c	208	"Buffer Error, malformed input",
wolfSSL	15:117db924cf7c	209	"Added to Partial Input",
wolfSSL	15:117db924cf7c	210
wolfSSL	15:117db924cf7c	211	/* 56 */
wolfSSL	15:117db924cf7c	212	"Received a Duplicate Packet",
wolfSSL	15:117db924cf7c	213	"Received an Out of Order Packet",
wolfSSL	15:117db924cf7c	214	"Received an Overlap Duplicate Packet",
wolfSSL	15:117db924cf7c	215	"Received an Overlap Reassembly Begin Duplicate Packet",
wolfSSL	15:117db924cf7c	216	"Received an Overlap Reassembly End Duplicate Packet",
wolfSSL	15:117db924cf7c	217
wolfSSL	15:117db924cf7c	218	/* 61 */
wolfSSL	15:117db924cf7c	219	"Missed the Client Hello Entirely",
wolfSSL	15:117db924cf7c	220	"Got Hello Request msg",
wolfSSL	15:117db924cf7c	221	"Got Session Ticket msg",
wolfSSL	15:117db924cf7c	222	"Bad Input",
wolfSSL	15:117db924cf7c	223	"Bad Decrypt Type",
wolfSSL	15:117db924cf7c	224
wolfSSL	15:117db924cf7c	225	/* 66 */
wolfSSL	15:117db924cf7c	226	"Bad Finished Message Processing",
wolfSSL	15:117db924cf7c	227	"Bad Compression Type",
wolfSSL	15:117db924cf7c	228	"Bad DeriveKeys Error",
wolfSSL	15:117db924cf7c	229	"Saw ACK for Missing Packet Error",
wolfSSL	15:117db924cf7c	230	"Bad Decrypt Operation",
wolfSSL	15:117db924cf7c	231
wolfSSL	15:117db924cf7c	232	/* 71 */
wolfSSL	15:117db924cf7c	233	"Decrypt Keys Not Set Up",
wolfSSL	15:117db924cf7c	234	"Late Key Load Error",
wolfSSL	15:117db924cf7c	235	"Got Certificate Status msg",
wolfSSL	15:117db924cf7c	236	"RSA Key Missing Error",
wolfSSL	15:117db924cf7c	237	"Secure Renegotiation Not Supported",
wolfSSL	15:117db924cf7c	238
wolfSSL	15:117db924cf7c	239	/* 76 */
wolfSSL	15:117db924cf7c	240	"Get Session Stats Failure",
wolfSSL	15:117db924cf7c	241	"Reassembly Buffer Size Exceeded",
wolfSSL	15:117db924cf7c	242	"Dropping Lost Fragment",
wolfSSL	15:117db924cf7c	243	"Dropping Partial Record",
wolfSSL	15:117db924cf7c	244	"Clear ACK Fault",
wolfSSL	15:117db924cf7c	245
wolfSSL	15:117db924cf7c	246	/* 81 */
wolfSSL	15:117db924cf7c	247	"Bad Decrypt Size",
wolfSSL	15:117db924cf7c	248	"Extended Master Secret Hash Error"
wolfSSL	15:117db924cf7c	249	};
wolfSSL	15:117db924cf7c	250
wolfSSL	15:117db924cf7c	251
wolfSSL	15:117db924cf7c	252	/* nix version uses table above /
wolfSSL	15:117db924cf7c	253	static void GetError(int idx, char* str)
wolfSSL	15:117db924cf7c	254	{
wolfSSL	15:117db924cf7c	255	XSTRNCPY(str, msgTable[idx - 1], MAX_ERROR_LEN);
wolfSSL	15:117db924cf7c	256	}
wolfSSL	15:117db924cf7c	257
wolfSSL	15:117db924cf7c	258
wolfSSL	15:117db924cf7c	259	#else /* _WIN32 */
wolfSSL	15:117db924cf7c	260
wolfSSL	15:117db924cf7c	261
wolfSSL	15:117db924cf7c	262	/* Windows version uses .rc table */
wolfSSL	15:117db924cf7c	263	static void GetError(int idx, char* buffer)
wolfSSL	15:117db924cf7c	264	{
wolfSSL	15:117db924cf7c	265	if (!LoadStringA(dllModule, idx, buffer, MAX_ERROR_LEN))
wolfSSL	15:117db924cf7c	266	buffer[0] = 0;
wolfSSL	15:117db924cf7c	267	}
wolfSSL	15:117db924cf7c	268
wolfSSL	15:117db924cf7c	269
wolfSSL	15:117db924cf7c	270	#endif /* _WIN32 */
wolfSSL	15:117db924cf7c	271
wolfSSL	15:117db924cf7c	272
wolfSSL	15:117db924cf7c	273	/* Packet Buffer for reassembly list and ready list */
wolfSSL	15:117db924cf7c	274	typedef struct PacketBuffer {
wolfSSL	15:117db924cf7c	275	word32 begin; /* relative sequence begin */
wolfSSL	15:117db924cf7c	276	word32 end; /* relative sequence end */
wolfSSL	15:117db924cf7c	277	byte* data; /* actual data */
wolfSSL	15:117db924cf7c	278	struct PacketBuffer* next; /* next on reassembly list or ready list */
wolfSSL	15:117db924cf7c	279	} PacketBuffer;
wolfSSL	15:117db924cf7c	280
wolfSSL	15:117db924cf7c	281
wolfSSL	15:117db924cf7c	282	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	283
wolfSSL	15:117db924cf7c	284	/* NamedKey maps a SNI name to a specific private key */
wolfSSL	15:117db924cf7c	285	typedef struct NamedKey {
wolfSSL	15:117db924cf7c	286	char name[MAX_SERVER_NAME]; /* server DNS name */
wolfSSL	15:117db924cf7c	287	word32 nameSz; /* size of server DNS name */
wolfSSL	15:117db924cf7c	288	byte* key; /* DER private key */
wolfSSL	15:117db924cf7c	289	word32 keySz; /* size of DER private key */
wolfSSL	15:117db924cf7c	290	struct NamedKey* next; /* for list */
wolfSSL	15:117db924cf7c	291	} NamedKey;
wolfSSL	15:117db924cf7c	292
wolfSSL	15:117db924cf7c	293	#endif
wolfSSL	15:117db924cf7c	294
wolfSSL	15:117db924cf7c	295
wolfSSL	15:117db924cf7c	296	/* Sniffer Server holds info for each server/port monitored */
wolfSSL	15:117db924cf7c	297	typedef struct SnifferServer {
wolfSSL	15:117db924cf7c	298	SSL_CTX* ctx; /* SSL context */
wolfSSL	15:117db924cf7c	299	char address[MAX_SERVER_ADDRESS]; /* passed in server address */
wolfSSL	15:117db924cf7c	300	word32 server; /* netowrk order address */
wolfSSL	15:117db924cf7c	301	int port; /* server port */
wolfSSL	15:117db924cf7c	302	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	303	NamedKey* namedKeys; /* mapping of names and keys */
wolfSSL	15:117db924cf7c	304	wolfSSL_Mutex namedKeysMutex; /* mutex for namedKey list */
wolfSSL	15:117db924cf7c	305	#endif
wolfSSL	15:117db924cf7c	306	struct SnifferServer* next; /* for list */
wolfSSL	15:117db924cf7c	307	} SnifferServer;
wolfSSL	15:117db924cf7c	308
wolfSSL	15:117db924cf7c	309
wolfSSL	15:117db924cf7c	310	/* Session Flags */
wolfSSL	15:117db924cf7c	311	typedef struct Flags {
wolfSSL	15:117db924cf7c	312	byte side; /* which end is current packet headed */
wolfSSL	15:117db924cf7c	313	byte serverCipherOn; /* indicates whether cipher is active */
wolfSSL	15:117db924cf7c	314	byte clientCipherOn; /* indicates whether cipher is active */
wolfSSL	15:117db924cf7c	315	byte resuming; /* did this session come from resumption */
wolfSSL	15:117db924cf7c	316	byte cached; /* have we cached this session yet */
wolfSSL	15:117db924cf7c	317	byte clientHello; /* processed client hello yet, for SSLv2 */
wolfSSL	15:117db924cf7c	318	byte finCount; /* get both FINs before removing */
wolfSSL	15:117db924cf7c	319	byte fatalError; /* fatal error state */
wolfSSL	15:117db924cf7c	320	byte cliAckFault; /* client acked unseen data from server */
wolfSSL	15:117db924cf7c	321	byte srvAckFault; /* server acked unseen data from client */
wolfSSL	15:117db924cf7c	322	byte cliSkipPartial; /* client skips partial data to catch up */
wolfSSL	15:117db924cf7c	323	byte srvSkipPartial; /* server skips partial data to catch up */
wolfSSL	15:117db924cf7c	324	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	325	byte expectEms; /* expect extended master secret */
wolfSSL	15:117db924cf7c	326	#endif
wolfSSL	15:117db924cf7c	327	} Flags;
wolfSSL	15:117db924cf7c	328
wolfSSL	15:117db924cf7c	329
wolfSSL	15:117db924cf7c	330	/* Out of Order FIN caputre */
wolfSSL	15:117db924cf7c	331	typedef struct FinCaputre {
wolfSSL	15:117db924cf7c	332	word32 cliFinSeq; /* client relative sequence FIN 0 is no */
wolfSSL	15:117db924cf7c	333	word32 srvFinSeq; /* server relative sequence FIN, 0 is no */
wolfSSL	15:117db924cf7c	334	byte cliCounted; /* did we count yet, detects duplicates */
wolfSSL	15:117db924cf7c	335	byte srvCounted; /* did we count yet, detects duplicates */
wolfSSL	15:117db924cf7c	336	} FinCaputre;
wolfSSL	15:117db924cf7c	337
wolfSSL	15:117db924cf7c	338
wolfSSL	15:117db924cf7c	339	typedef struct HsHashes {
wolfSSL	15:117db924cf7c	340	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	341	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	342	wc_Sha hashSha;
wolfSSL	15:117db924cf7c	343	#endif
wolfSSL	15:117db924cf7c	344	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	345	wc_Md5 hashMd5;
wolfSSL	15:117db924cf7c	346	#endif
wolfSSL	15:117db924cf7c	347	#endif
wolfSSL	15:117db924cf7c	348	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	349	wc_Sha256 hashSha256;
wolfSSL	15:117db924cf7c	350	#endif
wolfSSL	15:117db924cf7c	351	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	352	wc_Sha384 hashSha384;
wolfSSL	15:117db924cf7c	353	#endif
wolfSSL	15:117db924cf7c	354	} HsHashes;
wolfSSL	15:117db924cf7c	355
wolfSSL	15:117db924cf7c	356
wolfSSL	15:117db924cf7c	357	/* Sniffer Session holds info for each client/server SSL/TLS session */
wolfSSL	15:117db924cf7c	358	typedef struct SnifferSession {
wolfSSL	15:117db924cf7c	359	SnifferServer* context; /* server context */
wolfSSL	15:117db924cf7c	360	SSL* sslServer; /* SSL server side decode */
wolfSSL	15:117db924cf7c	361	SSL* sslClient; /* SSL client side decode */
wolfSSL	15:117db924cf7c	362	word32 server; /* server address in network byte order */
wolfSSL	15:117db924cf7c	363	word32 client; /* client address in network byte order */
wolfSSL	15:117db924cf7c	364	word16 srvPort; /* server port */
wolfSSL	15:117db924cf7c	365	word16 cliPort; /* client port */
wolfSSL	15:117db924cf7c	366	word32 cliSeqStart; /* client start sequence */
wolfSSL	15:117db924cf7c	367	word32 srvSeqStart; /* server start sequence */
wolfSSL	15:117db924cf7c	368	word32 cliExpected; /* client expected sequence (relative) */
wolfSSL	15:117db924cf7c	369	word32 srvExpected; /* server expected sequence (relative) */
wolfSSL	15:117db924cf7c	370	FinCaputre finCaputre; /* retain out of order FIN s */
wolfSSL	15:117db924cf7c	371	Flags flags; /* session flags */
wolfSSL	15:117db924cf7c	372	time_t lastUsed; /* last used ticks */
wolfSSL	15:117db924cf7c	373	PacketBuffer* cliReassemblyList; /* client out of order packets */
wolfSSL	15:117db924cf7c	374	PacketBuffer* srvReassemblyList; /* server out of order packets */
wolfSSL	15:117db924cf7c	375	word32 cliReassemblyMemory; /* client packet memory used */
wolfSSL	15:117db924cf7c	376	word32 srvReassemblyMemory; /* server packet memory used */
wolfSSL	15:117db924cf7c	377	struct SnifferSession* next; /* for hash table list */
wolfSSL	15:117db924cf7c	378	byte* ticketID; /* mac ID of session ticket */
wolfSSL	15:117db924cf7c	379	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	380	HsHashes* hash;
wolfSSL	15:117db924cf7c	381	#endif
wolfSSL	15:117db924cf7c	382	} SnifferSession;
wolfSSL	15:117db924cf7c	383
wolfSSL	15:117db924cf7c	384
wolfSSL	15:117db924cf7c	385	/* Sniffer Server List and mutex */
wolfSSL	15:117db924cf7c	386	static SnifferServer* ServerList = 0;
wolfSSL	15:117db924cf7c	387	static wolfSSL_Mutex ServerListMutex;
wolfSSL	15:117db924cf7c	388
wolfSSL	15:117db924cf7c	389
wolfSSL	15:117db924cf7c	390	/* Session Hash Table, mutex, and count */
wolfSSL	15:117db924cf7c	391	static SnifferSession* SessionTable[HASH_SIZE];
wolfSSL	15:117db924cf7c	392	static wolfSSL_Mutex SessionMutex;
wolfSSL	15:117db924cf7c	393	static int SessionCount = 0;
wolfSSL	15:117db924cf7c	394
wolfSSL	15:117db924cf7c	395	/* Recovery of missed data switches and stats */
wolfSSL	15:117db924cf7c	396	static wolfSSL_Mutex RecoveryMutex; /* for stats */
wolfSSL	15:117db924cf7c	397	static int RecoveryEnabled = 0; /* global switch */
wolfSSL	15:117db924cf7c	398	static int MaxRecoveryMemory = -1; /* per session max recovery memory */
wolfSSL	15:117db924cf7c	399	static word32 MissedDataSessions = 0; /* # of sessions with missed data */
wolfSSL	15:117db924cf7c	400
wolfSSL	15:117db924cf7c	401
wolfSSL	15:117db924cf7c	402	static void UpdateMissedDataSessions(void)
wolfSSL	15:117db924cf7c	403	{
wolfSSL	15:117db924cf7c	404	wc_LockMutex(&RecoveryMutex);
wolfSSL	15:117db924cf7c	405	MissedDataSessions += 1;
wolfSSL	15:117db924cf7c	406	wc_UnLockMutex(&RecoveryMutex);
wolfSSL	15:117db924cf7c	407	}
wolfSSL	15:117db924cf7c	408
wolfSSL	15:117db924cf7c	409
wolfSSL	15:117db924cf7c	410	/* Initialize overall Sniffer */
wolfSSL	15:117db924cf7c	411	void ssl_InitSniffer(void)
wolfSSL	15:117db924cf7c	412	{
wolfSSL	15:117db924cf7c	413	wolfSSL_Init();
wolfSSL	15:117db924cf7c	414	wc_InitMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	415	wc_InitMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	416	wc_InitMutex(&RecoveryMutex);
wolfSSL	15:117db924cf7c	417	}
wolfSSL	15:117db924cf7c	418
wolfSSL	15:117db924cf7c	419
wolfSSL	15:117db924cf7c	420	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	421
wolfSSL	15:117db924cf7c	422	/* Free Named Key and the zero out the private key it holds */
wolfSSL	15:117db924cf7c	423	static void FreeNamedKey(NamedKey* in)
wolfSSL	15:117db924cf7c	424	{
wolfSSL	15:117db924cf7c	425	if (in) {
wolfSSL	15:117db924cf7c	426	if (in->key) {
wolfSSL	15:117db924cf7c	427	ForceZero(in->key, in->keySz);
wolfSSL	15:117db924cf7c	428	free(in->key);
wolfSSL	15:117db924cf7c	429	}
wolfSSL	15:117db924cf7c	430	free(in);
wolfSSL	15:117db924cf7c	431	}
wolfSSL	15:117db924cf7c	432	}
wolfSSL	15:117db924cf7c	433
wolfSSL	15:117db924cf7c	434
wolfSSL	15:117db924cf7c	435	static void FreeNamedKeyList(NamedKey* in)
wolfSSL	15:117db924cf7c	436	{
wolfSSL	15:117db924cf7c	437	NamedKey* next;
wolfSSL	15:117db924cf7c	438
wolfSSL	15:117db924cf7c	439	while (in) {
wolfSSL	15:117db924cf7c	440	next = in->next;
wolfSSL	15:117db924cf7c	441	FreeNamedKey(in);
wolfSSL	15:117db924cf7c	442	in = next;
wolfSSL	15:117db924cf7c	443	}
wolfSSL	15:117db924cf7c	444	}
wolfSSL	15:117db924cf7c	445
wolfSSL	15:117db924cf7c	446	#endif
wolfSSL	15:117db924cf7c	447
wolfSSL	15:117db924cf7c	448
wolfSSL	15:117db924cf7c	449	/* Free Sniffer Server's resources/self */
wolfSSL	15:117db924cf7c	450	static void FreeSnifferServer(SnifferServer* srv)
wolfSSL	15:117db924cf7c	451	{
wolfSSL	15:117db924cf7c	452	if (srv) {
wolfSSL	15:117db924cf7c	453	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	454	wc_LockMutex(&srv->namedKeysMutex);
wolfSSL	15:117db924cf7c	455	FreeNamedKeyList(srv->namedKeys);
wolfSSL	15:117db924cf7c	456	wc_UnLockMutex(&srv->namedKeysMutex);
wolfSSL	15:117db924cf7c	457	wc_FreeMutex(&srv->namedKeysMutex);
wolfSSL	15:117db924cf7c	458	#endif
wolfSSL	15:117db924cf7c	459	SSL_CTX_free(srv->ctx);
wolfSSL	15:117db924cf7c	460	}
wolfSSL	15:117db924cf7c	461	free(srv);
wolfSSL	15:117db924cf7c	462	}
wolfSSL	15:117db924cf7c	463
wolfSSL	15:117db924cf7c	464
wolfSSL	15:117db924cf7c	465	/* free PacketBuffer's resources/self */
wolfSSL	15:117db924cf7c	466	static void FreePacketBuffer(PacketBuffer* del)
wolfSSL	15:117db924cf7c	467	{
wolfSSL	15:117db924cf7c	468	if (del) {
wolfSSL	15:117db924cf7c	469	free(del->data);
wolfSSL	15:117db924cf7c	470	free(del);
wolfSSL	15:117db924cf7c	471	}
wolfSSL	15:117db924cf7c	472	}
wolfSSL	15:117db924cf7c	473
wolfSSL	15:117db924cf7c	474
wolfSSL	15:117db924cf7c	475	/* remove PacketBuffer List */
wolfSSL	15:117db924cf7c	476	static void FreePacketList(PacketBuffer* in)
wolfSSL	15:117db924cf7c	477	{
wolfSSL	15:117db924cf7c	478	if (in) {
wolfSSL	15:117db924cf7c	479	PacketBuffer* del;
wolfSSL	15:117db924cf7c	480	PacketBuffer* packet = in;
wolfSSL	15:117db924cf7c	481
wolfSSL	15:117db924cf7c	482	while (packet) {
wolfSSL	15:117db924cf7c	483	del = packet;
wolfSSL	15:117db924cf7c	484	packet = packet->next;
wolfSSL	15:117db924cf7c	485	FreePacketBuffer(del);
wolfSSL	15:117db924cf7c	486	}
wolfSSL	15:117db924cf7c	487	}
wolfSSL	15:117db924cf7c	488	}
wolfSSL	15:117db924cf7c	489
wolfSSL	15:117db924cf7c	490
wolfSSL	15:117db924cf7c	491	/* Free Sniffer Session's resources/self */
wolfSSL	15:117db924cf7c	492	static void FreeSnifferSession(SnifferSession* session)
wolfSSL	15:117db924cf7c	493	{
wolfSSL	15:117db924cf7c	494	if (session) {
wolfSSL	15:117db924cf7c	495	SSL_free(session->sslClient);
wolfSSL	15:117db924cf7c	496	SSL_free(session->sslServer);
wolfSSL	15:117db924cf7c	497
wolfSSL	15:117db924cf7c	498	FreePacketList(session->cliReassemblyList);
wolfSSL	15:117db924cf7c	499	FreePacketList(session->srvReassemblyList);
wolfSSL	15:117db924cf7c	500
wolfSSL	15:117db924cf7c	501	free(session->ticketID);
wolfSSL	15:117db924cf7c	502	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	503	free(session->hash);
wolfSSL	15:117db924cf7c	504	#endif
wolfSSL	15:117db924cf7c	505	}
wolfSSL	15:117db924cf7c	506	free(session);
wolfSSL	15:117db924cf7c	507	}
wolfSSL	15:117db924cf7c	508
wolfSSL	15:117db924cf7c	509
wolfSSL	15:117db924cf7c	510	/* Free overall Sniffer */
wolfSSL	15:117db924cf7c	511	void ssl_FreeSniffer(void)
wolfSSL	15:117db924cf7c	512	{
wolfSSL	15:117db924cf7c	513	SnifferServer* srv;
wolfSSL	15:117db924cf7c	514	SnifferServer* removeServer;
wolfSSL	15:117db924cf7c	515	SnifferSession* session;
wolfSSL	15:117db924cf7c	516	SnifferSession* removeSession;
wolfSSL	15:117db924cf7c	517	int i;
wolfSSL	15:117db924cf7c	518
wolfSSL	15:117db924cf7c	519	wc_LockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	520	wc_LockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	521
wolfSSL	15:117db924cf7c	522	srv = ServerList;
wolfSSL	15:117db924cf7c	523	while (srv) {
wolfSSL	15:117db924cf7c	524	removeServer = srv;
wolfSSL	15:117db924cf7c	525	srv = srv->next;
wolfSSL	15:117db924cf7c	526	FreeSnifferServer(removeServer);
wolfSSL	15:117db924cf7c	527	}
wolfSSL	15:117db924cf7c	528
wolfSSL	15:117db924cf7c	529	for (i = 0; i < HASH_SIZE; i++) {
wolfSSL	15:117db924cf7c	530	session = SessionTable[i];
wolfSSL	15:117db924cf7c	531	while (session) {
wolfSSL	15:117db924cf7c	532	removeSession = session;
wolfSSL	15:117db924cf7c	533	session = session->next;
wolfSSL	15:117db924cf7c	534	FreeSnifferSession(removeSession);
wolfSSL	15:117db924cf7c	535	}
wolfSSL	15:117db924cf7c	536	}
wolfSSL	15:117db924cf7c	537
wolfSSL	15:117db924cf7c	538	wc_UnLockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	539	wc_UnLockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	540
wolfSSL	15:117db924cf7c	541	wc_FreeMutex(&RecoveryMutex);
wolfSSL	15:117db924cf7c	542	wc_FreeMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	543	wc_FreeMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	544
wolfSSL	15:117db924cf7c	545	if (TraceFile) {
wolfSSL	15:117db924cf7c	546	TraceOn = 0;
wolfSSL	15:117db924cf7c	547	fclose(TraceFile);
wolfSSL	15:117db924cf7c	548	TraceFile = NULL;
wolfSSL	15:117db924cf7c	549	}
wolfSSL	15:117db924cf7c	550
wolfSSL	15:117db924cf7c	551	wolfSSL_Cleanup();
wolfSSL	15:117db924cf7c	552	}
wolfSSL	15:117db924cf7c	553
wolfSSL	15:117db924cf7c	554
wolfSSL	15:117db924cf7c	555	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	556
wolfSSL	15:117db924cf7c	557	static int HashInit(HsHashes* hash)
wolfSSL	15:117db924cf7c	558	{
wolfSSL	15:117db924cf7c	559	int ret = 0;
wolfSSL	15:117db924cf7c	560
wolfSSL	15:117db924cf7c	561	XMEMSET(hash, 0, sizeof(HsHashes));
wolfSSL	15:117db924cf7c	562
wolfSSL	15:117db924cf7c	563	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	564	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	565	if (ret == 0)
wolfSSL	15:117db924cf7c	566	ret = wc_InitSha(&hash->hashSha);
wolfSSL	15:117db924cf7c	567	#endif
wolfSSL	15:117db924cf7c	568	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	569	if (ret == 0) {
wolfSSL	15:117db924cf7c	570	ret = wc_InitMd5(&hash->hashMd5);
wolfSSL	15:117db924cf7c	571	}
wolfSSL	15:117db924cf7c	572	#endif
wolfSSL	15:117db924cf7c	573	#endif
wolfSSL	15:117db924cf7c	574	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	575	if (ret == 0)
wolfSSL	15:117db924cf7c	576	ret = wc_InitSha256(&hash->hashSha256);
wolfSSL	15:117db924cf7c	577	#endif
wolfSSL	15:117db924cf7c	578	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	579	if (ret == 0)
wolfSSL	15:117db924cf7c	580	ret = wc_InitSha384(&hash->hashSha384);
wolfSSL	15:117db924cf7c	581	#endif
wolfSSL	15:117db924cf7c	582
wolfSSL	15:117db924cf7c	583	return ret;
wolfSSL	15:117db924cf7c	584	}
wolfSSL	15:117db924cf7c	585
wolfSSL	15:117db924cf7c	586
wolfSSL	15:117db924cf7c	587	static int HashUpdate(HsHashes* hash, const byte* input, int sz)
wolfSSL	15:117db924cf7c	588	{
wolfSSL	15:117db924cf7c	589	int ret = 0;
wolfSSL	15:117db924cf7c	590
wolfSSL	15:117db924cf7c	591	input -= HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	592	sz += HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	593
wolfSSL	15:117db924cf7c	594	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	595	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	596	if (ret == 0)
wolfSSL	15:117db924cf7c	597	ret = wc_ShaUpdate(&hash->hashSha, input, sz);
wolfSSL	15:117db924cf7c	598	#endif
wolfSSL	15:117db924cf7c	599	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	600	if (ret == 0) {
wolfSSL	15:117db924cf7c	601	ret = wc_Md5Update(&hash->hashMd5, input, sz);
wolfSSL	15:117db924cf7c	602	}
wolfSSL	15:117db924cf7c	603	#endif
wolfSSL	15:117db924cf7c	604	#endif
wolfSSL	15:117db924cf7c	605	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	606	if (ret == 0)
wolfSSL	15:117db924cf7c	607	ret = wc_Sha256Update(&hash->hashSha256, input, sz);
wolfSSL	15:117db924cf7c	608	#endif
wolfSSL	15:117db924cf7c	609	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	610	if (ret == 0)
wolfSSL	15:117db924cf7c	611	ret = wc_Sha384Update(&hash->hashSha384, input, sz);
wolfSSL	15:117db924cf7c	612	#endif
wolfSSL	15:117db924cf7c	613
wolfSSL	15:117db924cf7c	614	return ret;
wolfSSL	15:117db924cf7c	615	}
wolfSSL	15:117db924cf7c	616
wolfSSL	15:117db924cf7c	617
wolfSSL	15:117db924cf7c	618	static int HashCopy(HS_Hashes* d, HsHashes* s)
wolfSSL	15:117db924cf7c	619	{
wolfSSL	15:117db924cf7c	620	#ifndef NO_OLD_TLS
wolfSSL	15:117db924cf7c	621	#ifndef NO_SHA
wolfSSL	15:117db924cf7c	622	XMEMCPY(&d->hashSha, &s->hashSha, sizeof(wc_Sha));
wolfSSL	15:117db924cf7c	623	#endif
wolfSSL	15:117db924cf7c	624	#ifndef NO_MD5
wolfSSL	15:117db924cf7c	625	XMEMCPY(&d->hashMd5, &s->hashMd5, sizeof(wc_Md5));
wolfSSL	15:117db924cf7c	626	#endif
wolfSSL	15:117db924cf7c	627	#endif
wolfSSL	15:117db924cf7c	628
wolfSSL	15:117db924cf7c	629	#ifndef NO_SHA256
wolfSSL	15:117db924cf7c	630	XMEMCPY(&d->hashSha256, &s->hashSha256, sizeof(wc_Sha256));
wolfSSL	15:117db924cf7c	631	#endif
wolfSSL	15:117db924cf7c	632	#ifdef WOLFSSL_SHA384
wolfSSL	15:117db924cf7c	633	XMEMCPY(&d->hashSha384, &s->hashSha384, sizeof(wc_Sha384));
wolfSSL	15:117db924cf7c	634	#endif
wolfSSL	15:117db924cf7c	635
wolfSSL	15:117db924cf7c	636	return 0;
wolfSSL	15:117db924cf7c	637	}
wolfSSL	15:117db924cf7c	638
wolfSSL	15:117db924cf7c	639	#endif
wolfSSL	15:117db924cf7c	640
wolfSSL	15:117db924cf7c	641
wolfSSL	15:117db924cf7c	642	/* Initialize a SnifferServer */
wolfSSL	15:117db924cf7c	643	static void InitSnifferServer(SnifferServer* sniffer)
wolfSSL	15:117db924cf7c	644	{
wolfSSL	15:117db924cf7c	645	sniffer->ctx = 0;
wolfSSL	15:117db924cf7c	646	XMEMSET(sniffer->address, 0, MAX_SERVER_ADDRESS);
wolfSSL	15:117db924cf7c	647	sniffer->server = 0;
wolfSSL	15:117db924cf7c	648	sniffer->port = 0;
wolfSSL	15:117db924cf7c	649	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	650	sniffer->namedKeys = 0;
wolfSSL	15:117db924cf7c	651	wc_InitMutex(&sniffer->namedKeysMutex);
wolfSSL	15:117db924cf7c	652	#endif
wolfSSL	15:117db924cf7c	653	sniffer->next = 0;
wolfSSL	15:117db924cf7c	654	}
wolfSSL	15:117db924cf7c	655
wolfSSL	15:117db924cf7c	656
wolfSSL	15:117db924cf7c	657	/* Initialize session flags */
wolfSSL	15:117db924cf7c	658	static void InitFlags(Flags* flags)
wolfSSL	15:117db924cf7c	659	{
wolfSSL	15:117db924cf7c	660	flags->side = 0;
wolfSSL	15:117db924cf7c	661	flags->serverCipherOn = 0;
wolfSSL	15:117db924cf7c	662	flags->clientCipherOn = 0;
wolfSSL	15:117db924cf7c	663	flags->resuming = 0;
wolfSSL	15:117db924cf7c	664	flags->cached = 0;
wolfSSL	15:117db924cf7c	665	flags->clientHello = 0;
wolfSSL	15:117db924cf7c	666	flags->finCount = 0;
wolfSSL	15:117db924cf7c	667	flags->fatalError = 0;
wolfSSL	15:117db924cf7c	668	flags->cliAckFault = 0;
wolfSSL	15:117db924cf7c	669	flags->srvAckFault = 0;
wolfSSL	15:117db924cf7c	670	flags->cliSkipPartial = 0;
wolfSSL	15:117db924cf7c	671	flags->srvSkipPartial = 0;
wolfSSL	15:117db924cf7c	672	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	673	flags->expectEms = 0;
wolfSSL	15:117db924cf7c	674	#endif
wolfSSL	15:117db924cf7c	675	}
wolfSSL	15:117db924cf7c	676
wolfSSL	15:117db924cf7c	677
wolfSSL	15:117db924cf7c	678	/* Initialize FIN Capture */
wolfSSL	15:117db924cf7c	679	static void InitFinCapture(FinCaputre* cap)
wolfSSL	15:117db924cf7c	680	{
wolfSSL	15:117db924cf7c	681	cap->cliFinSeq = 0;
wolfSSL	15:117db924cf7c	682	cap->srvFinSeq = 0;
wolfSSL	15:117db924cf7c	683	cap->cliCounted = 0;
wolfSSL	15:117db924cf7c	684	cap->srvCounted = 0;
wolfSSL	15:117db924cf7c	685	}
wolfSSL	15:117db924cf7c	686
wolfSSL	15:117db924cf7c	687
wolfSSL	15:117db924cf7c	688	/* Initialize a Sniffer Session */
wolfSSL	15:117db924cf7c	689	static void InitSession(SnifferSession* session)
wolfSSL	15:117db924cf7c	690	{
wolfSSL	15:117db924cf7c	691	session->context = 0;
wolfSSL	15:117db924cf7c	692	session->sslServer = 0;
wolfSSL	15:117db924cf7c	693	session->sslClient = 0;
wolfSSL	15:117db924cf7c	694	session->server = 0;
wolfSSL	15:117db924cf7c	695	session->client = 0;
wolfSSL	15:117db924cf7c	696	session->srvPort = 0;
wolfSSL	15:117db924cf7c	697	session->cliPort = 0;
wolfSSL	15:117db924cf7c	698	session->cliSeqStart = 0;
wolfSSL	15:117db924cf7c	699	session->srvSeqStart = 0;
wolfSSL	15:117db924cf7c	700	session->cliExpected = 0;
wolfSSL	15:117db924cf7c	701	session->srvExpected = 0;
wolfSSL	15:117db924cf7c	702	session->lastUsed = 0;
wolfSSL	15:117db924cf7c	703	session->cliReassemblyList = 0;
wolfSSL	15:117db924cf7c	704	session->srvReassemblyList = 0;
wolfSSL	15:117db924cf7c	705	session->cliReassemblyMemory = 0;
wolfSSL	15:117db924cf7c	706	session->srvReassemblyMemory = 0;
wolfSSL	15:117db924cf7c	707	session->next = 0;
wolfSSL	15:117db924cf7c	708	session->ticketID = 0;
wolfSSL	15:117db924cf7c	709
wolfSSL	15:117db924cf7c	710	InitFlags(&session->flags);
wolfSSL	15:117db924cf7c	711	InitFinCapture(&session->finCaputre);
wolfSSL	15:117db924cf7c	712	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	713	session->hash = 0;
wolfSSL	15:117db924cf7c	714	#endif
wolfSSL	15:117db924cf7c	715	}
wolfSSL	15:117db924cf7c	716
wolfSSL	15:117db924cf7c	717
wolfSSL	15:117db924cf7c	718	/* IP Info from IP Header */
wolfSSL	15:117db924cf7c	719	typedef struct IpInfo {
wolfSSL	15:117db924cf7c	720	int length; /* length of this header */
wolfSSL	15:117db924cf7c	721	int total; /* total length of fragment */
wolfSSL	15:117db924cf7c	722	word32 src; /* network order source address */
wolfSSL	15:117db924cf7c	723	word32 dst; /* network order destination address */
wolfSSL	15:117db924cf7c	724	} IpInfo;
wolfSSL	15:117db924cf7c	725
wolfSSL	15:117db924cf7c	726
wolfSSL	15:117db924cf7c	727	/* TCP Info from TCP Header */
wolfSSL	15:117db924cf7c	728	typedef struct TcpInfo {
wolfSSL	15:117db924cf7c	729	int srcPort; /* source port */
wolfSSL	15:117db924cf7c	730	int dstPort; /* source port */
wolfSSL	15:117db924cf7c	731	int length; /* length of this header */
wolfSSL	15:117db924cf7c	732	word32 sequence; /* sequence number */
wolfSSL	15:117db924cf7c	733	word32 ackNumber; /* ack number */
wolfSSL	15:117db924cf7c	734	byte fin; /* FIN set */
wolfSSL	15:117db924cf7c	735	byte rst; /* RST set */
wolfSSL	15:117db924cf7c	736	byte syn; /* SYN set */
wolfSSL	15:117db924cf7c	737	byte ack; /* ACK set */
wolfSSL	15:117db924cf7c	738	} TcpInfo;
wolfSSL	15:117db924cf7c	739
wolfSSL	15:117db924cf7c	740
wolfSSL	15:117db924cf7c	741	/* Tcp Pseudo Header for Checksum calculation */
wolfSSL	15:117db924cf7c	742	typedef struct TcpPseudoHdr {
wolfSSL	15:117db924cf7c	743	word32 src; /* source address */
wolfSSL	15:117db924cf7c	744	word32 dst; /* destination address */
wolfSSL	15:117db924cf7c	745	byte rsv; /* reserved, always 0 */
wolfSSL	15:117db924cf7c	746	byte protocol; /* IP protocol */
wolfSSL	15:117db924cf7c	747	word16 length; /* tcp header length + data length (doesn't include */
wolfSSL	15:117db924cf7c	748	/* pseudo header length) network order */
wolfSSL	15:117db924cf7c	749	} TcpPseudoHdr;
wolfSSL	15:117db924cf7c	750
wolfSSL	15:117db924cf7c	751
wolfSSL	15:117db924cf7c	752	/* Password Setting Callback */
wolfSSL	15:117db924cf7c	753	static int SetPassword(char* passwd, int sz, int rw, void* userdata)
wolfSSL	15:117db924cf7c	754	{
wolfSSL	15:117db924cf7c	755	(void)rw;
wolfSSL	15:117db924cf7c	756	XSTRNCPY(passwd, (const char*)userdata, sz);
wolfSSL	15:117db924cf7c	757	return (int)XSTRLEN((const char*)userdata);
wolfSSL	15:117db924cf7c	758	}
wolfSSL	15:117db924cf7c	759
wolfSSL	15:117db924cf7c	760
wolfSSL	15:117db924cf7c	761	/* Ethernet Header */
wolfSSL	15:117db924cf7c	762	typedef struct EthernetHdr {
wolfSSL	15:117db924cf7c	763	byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */
wolfSSL	15:117db924cf7c	764	byte src[ETHER_IF_ADDR_LEN]; /* source host address */
wolfSSL	15:117db924cf7c	765	word16 type; /* IP, ARP, etc */
wolfSSL	15:117db924cf7c	766	} EthernetHdr;
wolfSSL	15:117db924cf7c	767
wolfSSL	15:117db924cf7c	768
wolfSSL	15:117db924cf7c	769	/* IP Header */
wolfSSL	15:117db924cf7c	770	typedef struct IpHdr {
wolfSSL	15:117db924cf7c	771	byte ver_hl; /* version/header length */
wolfSSL	15:117db924cf7c	772	byte tos; /* type of service */
wolfSSL	15:117db924cf7c	773	word16 length; /* total length */
wolfSSL	15:117db924cf7c	774	word16 id; /* identification */
wolfSSL	15:117db924cf7c	775	word16 offset; /* fragment offset field */
wolfSSL	15:117db924cf7c	776	byte ttl; /* time to live */
wolfSSL	15:117db924cf7c	777	byte protocol; /* protocol */
wolfSSL	15:117db924cf7c	778	word16 sum; /* checksum */
wolfSSL	15:117db924cf7c	779	word32 src; /* source address */
wolfSSL	15:117db924cf7c	780	word32 dst; /* destination address */
wolfSSL	15:117db924cf7c	781	} IpHdr;
wolfSSL	15:117db924cf7c	782
wolfSSL	15:117db924cf7c	783
wolfSSL	15:117db924cf7c	784	#define IP_HL(ip) ( (((ip)->ver_hl) & 0x0f) * 4)
wolfSSL	15:117db924cf7c	785	#define IP_V(ip) ( ((ip)->ver_hl) >> 4)
wolfSSL	15:117db924cf7c	786
wolfSSL	15:117db924cf7c	787	/* TCP Header */
wolfSSL	15:117db924cf7c	788	typedef struct TcpHdr {
wolfSSL	15:117db924cf7c	789	word16 srcPort; /* source port */
wolfSSL	15:117db924cf7c	790	word16 dstPort; /* destination port */
wolfSSL	15:117db924cf7c	791	word32 sequence; /* sequence number */
wolfSSL	15:117db924cf7c	792	word32 ack; /* acknoledgment number */
wolfSSL	15:117db924cf7c	793	byte offset; /* data offset, reserved */
wolfSSL	15:117db924cf7c	794	byte flags; /* option flags */
wolfSSL	15:117db924cf7c	795	word16 window; /* window */
wolfSSL	15:117db924cf7c	796	word16 sum; /* checksum */
wolfSSL	15:117db924cf7c	797	word16 urgent; /* urgent pointer */
wolfSSL	15:117db924cf7c	798	} TcpHdr;
wolfSSL	15:117db924cf7c	799
wolfSSL	15:117db924cf7c	800	#define TCP_LEN(tcp) ( (((tcp)->offset & 0xf0) >> 4) * 4)
wolfSSL	15:117db924cf7c	801	#define TCP_FIN 0x01
wolfSSL	15:117db924cf7c	802	#define TCP_SYN 0x02
wolfSSL	15:117db924cf7c	803	#define TCP_RST 0x04
wolfSSL	15:117db924cf7c	804	#define TCP_ACK 0x10
wolfSSL	15:117db924cf7c	805
wolfSSL	15:117db924cf7c	806
wolfSSL	15:117db924cf7c	807
wolfSSL	15:117db924cf7c	808
wolfSSL	15:117db924cf7c	809
wolfSSL	15:117db924cf7c	810	/* Use platform specific GetError to write to tracfile if tracing */
wolfSSL	15:117db924cf7c	811	static void Trace(int idx)
wolfSSL	15:117db924cf7c	812	{
wolfSSL	15:117db924cf7c	813	if (TraceOn) {
wolfSSL	15:117db924cf7c	814	char myBuffer[MAX_ERROR_LEN];
wolfSSL	15:117db924cf7c	815	GetError(idx, myBuffer);
wolfSSL	15:117db924cf7c	816	fprintf(TraceFile, "\t%s\n", myBuffer);
wolfSSL	15:117db924cf7c	817	#ifdef DEBUG_SNIFFER
wolfSSL	15:117db924cf7c	818	fprintf(stderr, "\t%s\n", myBuffer);
wolfSSL	15:117db924cf7c	819	#endif
wolfSSL	15:117db924cf7c	820	}
wolfSSL	15:117db924cf7c	821	}
wolfSSL	15:117db924cf7c	822
wolfSSL	15:117db924cf7c	823
wolfSSL	15:117db924cf7c	824	/* Show TimeStamp for beginning of packet Trace */
wolfSSL	15:117db924cf7c	825	static void TraceHeader(void)
wolfSSL	15:117db924cf7c	826	{
wolfSSL	15:117db924cf7c	827	if (TraceOn) {
wolfSSL	15:117db924cf7c	828	time_t ticks = time(NULL);
wolfSSL	15:117db924cf7c	829	fprintf(TraceFile, "\n%s", ctime(&ticks));
wolfSSL	15:117db924cf7c	830	}
wolfSSL	15:117db924cf7c	831	}
wolfSSL	15:117db924cf7c	832
wolfSSL	15:117db924cf7c	833
wolfSSL	15:117db924cf7c	834	/* Show Set Server info for Trace */
wolfSSL	15:117db924cf7c	835	static void TraceSetServer(const char* srv, int port, const char* keyFile)
wolfSSL	15:117db924cf7c	836	{
wolfSSL	15:117db924cf7c	837	if (TraceOn) {
wolfSSL	15:117db924cf7c	838	fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n");
wolfSSL	15:117db924cf7c	839	fprintf(TraceFile, "\tserver: %s, port: %d, keyFile: %s\n", srv, port,
wolfSSL	15:117db924cf7c	840	keyFile);
wolfSSL	15:117db924cf7c	841	}
wolfSSL	15:117db924cf7c	842	}
wolfSSL	15:117db924cf7c	843
wolfSSL	15:117db924cf7c	844
wolfSSL	15:117db924cf7c	845	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	846
wolfSSL	15:117db924cf7c	847	/* Show Set Named Server info for Trace */
wolfSSL	15:117db924cf7c	848	static void TraceSetNamedServer(const char* name,
wolfSSL	15:117db924cf7c	849	const char* srv, int port, const char* keyFile)
wolfSSL	15:117db924cf7c	850	{
wolfSSL	15:117db924cf7c	851	if (TraceOn) {
wolfSSL	15:117db924cf7c	852	fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n");
wolfSSL	15:117db924cf7c	853	fprintf(TraceFile, "\tname: %s, server: %s, port: %d, keyFile: %s\n",
wolfSSL	15:117db924cf7c	854	name, srv, port, keyFile);
wolfSSL	15:117db924cf7c	855	}
wolfSSL	15:117db924cf7c	856	}
wolfSSL	15:117db924cf7c	857
wolfSSL	15:117db924cf7c	858	#endif
wolfSSL	15:117db924cf7c	859
wolfSSL	15:117db924cf7c	860
wolfSSL	15:117db924cf7c	861	/* Trace got packet number */
wolfSSL	15:117db924cf7c	862	static void TracePacket(void)
wolfSSL	15:117db924cf7c	863	{
wolfSSL	15:117db924cf7c	864	if (TraceOn) {
wolfSSL	15:117db924cf7c	865	static word32 packetNumber = 0;
wolfSSL	15:117db924cf7c	866	fprintf(TraceFile, "\tGot a Packet to decode, packet %u\n",
wolfSSL	15:117db924cf7c	867	++packetNumber);
wolfSSL	15:117db924cf7c	868	}
wolfSSL	15:117db924cf7c	869	}
wolfSSL	15:117db924cf7c	870
wolfSSL	15:117db924cf7c	871
wolfSSL	15:117db924cf7c	872	/* Convert network byte order address into human readable */
wolfSSL	15:117db924cf7c	873	static char* IpToS(word32 addr, char* str)
wolfSSL	15:117db924cf7c	874	{
wolfSSL	15:117db924cf7c	875	byte* p = (byte*)&addr;
wolfSSL	15:117db924cf7c	876
wolfSSL	15:117db924cf7c	877	SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
wolfSSL	15:117db924cf7c	878
wolfSSL	15:117db924cf7c	879	return str;
wolfSSL	15:117db924cf7c	880	}
wolfSSL	15:117db924cf7c	881
wolfSSL	15:117db924cf7c	882
wolfSSL	15:117db924cf7c	883	/* Show destination and source address from Ip Hdr for packet Trace */
wolfSSL	15:117db924cf7c	884	static void TraceIP(IpHdr* iphdr)
wolfSSL	15:117db924cf7c	885	{
wolfSSL	15:117db924cf7c	886	if (TraceOn) {
wolfSSL	15:117db924cf7c	887	char src[TRACE_MSG_SZ];
wolfSSL	15:117db924cf7c	888	char dst[TRACE_MSG_SZ];
wolfSSL	15:117db924cf7c	889	fprintf(TraceFile, "\tdst:%s src:%s\n", IpToS(iphdr->dst, dst),
wolfSSL	15:117db924cf7c	890	IpToS(iphdr->src, src));
wolfSSL	15:117db924cf7c	891	}
wolfSSL	15:117db924cf7c	892	}
wolfSSL	15:117db924cf7c	893
wolfSSL	15:117db924cf7c	894
wolfSSL	15:117db924cf7c	895	/* Show destination and source port from Tcp Hdr for packet Trace */
wolfSSL	15:117db924cf7c	896	static void TraceTcp(TcpHdr* tcphdr)
wolfSSL	15:117db924cf7c	897	{
wolfSSL	15:117db924cf7c	898	if (TraceOn) {
wolfSSL	15:117db924cf7c	899	fprintf(TraceFile, "\tdstPort:%u srcPort:%u\n", ntohs(tcphdr->dstPort),
wolfSSL	15:117db924cf7c	900	ntohs(tcphdr->srcPort));
wolfSSL	15:117db924cf7c	901	}
wolfSSL	15:117db924cf7c	902	}
wolfSSL	15:117db924cf7c	903
wolfSSL	15:117db924cf7c	904
wolfSSL	15:117db924cf7c	905	/* Show sequence and payload length for Trace */
wolfSSL	15:117db924cf7c	906	static void TraceSequence(word32 seq, int len)
wolfSSL	15:117db924cf7c	907	{
wolfSSL	15:117db924cf7c	908	if (TraceOn) {
wolfSSL	15:117db924cf7c	909	fprintf(TraceFile, "\tSequence:%u, payload length:%d\n", seq, len);
wolfSSL	15:117db924cf7c	910	}
wolfSSL	15:117db924cf7c	911	}
wolfSSL	15:117db924cf7c	912
wolfSSL	15:117db924cf7c	913
wolfSSL	15:117db924cf7c	914	/* Show sequence and payload length for Trace */
wolfSSL	15:117db924cf7c	915	static void TraceAck(word32 ack, word32 expected)
wolfSSL	15:117db924cf7c	916	{
wolfSSL	15:117db924cf7c	917	if (TraceOn) {
wolfSSL	15:117db924cf7c	918	fprintf(TraceFile, "\tAck:%u Expected:%u\n", ack, expected);
wolfSSL	15:117db924cf7c	919	}
wolfSSL	15:117db924cf7c	920	}
wolfSSL	15:117db924cf7c	921
wolfSSL	15:117db924cf7c	922
wolfSSL	15:117db924cf7c	923	/* Show relative expected and relative received sequences */
wolfSSL	15:117db924cf7c	924	static void TraceRelativeSequence(word32 expected, word32 got)
wolfSSL	15:117db924cf7c	925	{
wolfSSL	15:117db924cf7c	926	if (TraceOn) {
wolfSSL	15:117db924cf7c	927	fprintf(TraceFile, "\tExpected sequence:%u, received sequence:%u\n",
wolfSSL	15:117db924cf7c	928	expected, got);
wolfSSL	15:117db924cf7c	929	}
wolfSSL	15:117db924cf7c	930	}
wolfSSL	15:117db924cf7c	931
wolfSSL	15:117db924cf7c	932
wolfSSL	15:117db924cf7c	933	/* Show server sequence startup from SYN */
wolfSSL	15:117db924cf7c	934	static void TraceServerSyn(word32 seq)
wolfSSL	15:117db924cf7c	935	{
wolfSSL	15:117db924cf7c	936	if (TraceOn) {
wolfSSL	15:117db924cf7c	937	fprintf(TraceFile, "\tServer SYN, Sequence Start:%u\n", seq);
wolfSSL	15:117db924cf7c	938	}
wolfSSL	15:117db924cf7c	939	}
wolfSSL	15:117db924cf7c	940
wolfSSL	15:117db924cf7c	941
wolfSSL	15:117db924cf7c	942	/* Show client sequence startup from SYN */
wolfSSL	15:117db924cf7c	943	static void TraceClientSyn(word32 seq)
wolfSSL	15:117db924cf7c	944	{
wolfSSL	15:117db924cf7c	945	if (TraceOn) {
wolfSSL	15:117db924cf7c	946	fprintf(TraceFile, "\tClient SYN, Sequence Start:%u\n", seq);
wolfSSL	15:117db924cf7c	947	}
wolfSSL	15:117db924cf7c	948	}
wolfSSL	15:117db924cf7c	949
wolfSSL	15:117db924cf7c	950
wolfSSL	15:117db924cf7c	951	/* Show client FIN capture */
wolfSSL	15:117db924cf7c	952	static void TraceClientFin(word32 finSeq, word32 relSeq)
wolfSSL	15:117db924cf7c	953	{
wolfSSL	15:117db924cf7c	954	if (TraceOn) {
wolfSSL	15:117db924cf7c	955	fprintf(TraceFile, "\tClient FIN capture:%u, current SEQ:%u\n",
wolfSSL	15:117db924cf7c	956	finSeq, relSeq);
wolfSSL	15:117db924cf7c	957	}
wolfSSL	15:117db924cf7c	958	}
wolfSSL	15:117db924cf7c	959
wolfSSL	15:117db924cf7c	960
wolfSSL	15:117db924cf7c	961	/* Show server FIN capture */
wolfSSL	15:117db924cf7c	962	static void TraceServerFin(word32 finSeq, word32 relSeq)
wolfSSL	15:117db924cf7c	963	{
wolfSSL	15:117db924cf7c	964	if (TraceOn) {
wolfSSL	15:117db924cf7c	965	fprintf(TraceFile, "\tServer FIN capture:%u, current SEQ:%u\n",
wolfSSL	15:117db924cf7c	966	finSeq, relSeq);
wolfSSL	15:117db924cf7c	967	}
wolfSSL	15:117db924cf7c	968	}
wolfSSL	15:117db924cf7c	969
wolfSSL	15:117db924cf7c	970
wolfSSL	15:117db924cf7c	971	/* Show number of SSL data bytes decoded, could be 0 (ok) */
wolfSSL	15:117db924cf7c	972	static void TraceGotData(int bytes)
wolfSSL	15:117db924cf7c	973	{
wolfSSL	15:117db924cf7c	974	if (TraceOn) {
wolfSSL	15:117db924cf7c	975	fprintf(TraceFile, "\t%d bytes of SSL App data processed\n", bytes);
wolfSSL	15:117db924cf7c	976	}
wolfSSL	15:117db924cf7c	977	}
wolfSSL	15:117db924cf7c	978
wolfSSL	15:117db924cf7c	979
wolfSSL	15:117db924cf7c	980	/* Show bytes added to old SSL App data */
wolfSSL	15:117db924cf7c	981	static void TraceAddedData(int newBytes, int existingBytes)
wolfSSL	15:117db924cf7c	982	{
wolfSSL	15:117db924cf7c	983	if (TraceOn) {
wolfSSL	15:117db924cf7c	984	fprintf(TraceFile,
wolfSSL	15:117db924cf7c	985	"\t%d bytes added to %d existing bytes in User Buffer\n",
wolfSSL	15:117db924cf7c	986	newBytes, existingBytes);
wolfSSL	15:117db924cf7c	987	}
wolfSSL	15:117db924cf7c	988	}
wolfSSL	15:117db924cf7c	989
wolfSSL	15:117db924cf7c	990
wolfSSL	15:117db924cf7c	991	/* Show Stale Session */
wolfSSL	15:117db924cf7c	992	static void TraceStaleSession(void)
wolfSSL	15:117db924cf7c	993	{
wolfSSL	15:117db924cf7c	994	if (TraceOn) {
wolfSSL	15:117db924cf7c	995	fprintf(TraceFile, "\tFound a stale session\n");
wolfSSL	15:117db924cf7c	996	}
wolfSSL	15:117db924cf7c	997	}
wolfSSL	15:117db924cf7c	998
wolfSSL	15:117db924cf7c	999
wolfSSL	15:117db924cf7c	1000	/* Show Finding Stale Sessions */
wolfSSL	15:117db924cf7c	1001	static void TraceFindingStale(void)
wolfSSL	15:117db924cf7c	1002	{
wolfSSL	15:117db924cf7c	1003	if (TraceOn) {
wolfSSL	15:117db924cf7c	1004	fprintf(TraceFile, "\tTrying to find Stale Sessions\n");
wolfSSL	15:117db924cf7c	1005	}
wolfSSL	15:117db924cf7c	1006	}
wolfSSL	15:117db924cf7c	1007
wolfSSL	15:117db924cf7c	1008
wolfSSL	15:117db924cf7c	1009	/* Show Removed Session */
wolfSSL	15:117db924cf7c	1010	static void TraceRemovedSession(void)
wolfSSL	15:117db924cf7c	1011	{
wolfSSL	15:117db924cf7c	1012	if (TraceOn) {
wolfSSL	15:117db924cf7c	1013	fprintf(TraceFile, "\tRemoved it\n");
wolfSSL	15:117db924cf7c	1014	}
wolfSSL	15:117db924cf7c	1015	}
wolfSSL	15:117db924cf7c	1016
wolfSSL	15:117db924cf7c	1017
wolfSSL	15:117db924cf7c	1018	/* Set user error string */
wolfSSL	15:117db924cf7c	1019	static void SetError(int idx, char* error, SnifferSession* session, int fatal)
wolfSSL	15:117db924cf7c	1020	{
wolfSSL	15:117db924cf7c	1021	GetError(idx, error);
wolfSSL	15:117db924cf7c	1022	Trace(idx);
wolfSSL	15:117db924cf7c	1023	if (session && fatal == FATAL_ERROR_STATE)
wolfSSL	15:117db924cf7c	1024	session->flags.fatalError = 1;
wolfSSL	15:117db924cf7c	1025	}
wolfSSL	15:117db924cf7c	1026
wolfSSL	15:117db924cf7c	1027
wolfSSL	15:117db924cf7c	1028	/* See if this IPV4 network order address has been registered */
wolfSSL	15:117db924cf7c	1029	/* return 1 is true, 0 is false */
wolfSSL	15:117db924cf7c	1030	static int IsServerRegistered(word32 addr)
wolfSSL	15:117db924cf7c	1031	{
wolfSSL	15:117db924cf7c	1032	int ret = 0; /* false */
wolfSSL	15:117db924cf7c	1033	SnifferServer* sniffer;
wolfSSL	15:117db924cf7c	1034
wolfSSL	15:117db924cf7c	1035	wc_LockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1036
wolfSSL	15:117db924cf7c	1037	sniffer = ServerList;
wolfSSL	15:117db924cf7c	1038	while (sniffer) {
wolfSSL	15:117db924cf7c	1039	if (sniffer->server == addr) {
wolfSSL	15:117db924cf7c	1040	ret = 1;
wolfSSL	15:117db924cf7c	1041	break;
wolfSSL	15:117db924cf7c	1042	}
wolfSSL	15:117db924cf7c	1043	sniffer = sniffer->next;
wolfSSL	15:117db924cf7c	1044	}
wolfSSL	15:117db924cf7c	1045
wolfSSL	15:117db924cf7c	1046	wc_UnLockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1047
wolfSSL	15:117db924cf7c	1048	return ret;
wolfSSL	15:117db924cf7c	1049	}
wolfSSL	15:117db924cf7c	1050
wolfSSL	15:117db924cf7c	1051
wolfSSL	15:117db924cf7c	1052	/* See if this port has been registered to watch */
wolfSSL	15:117db924cf7c	1053	/* return 1 is true, 0 is false */
wolfSSL	15:117db924cf7c	1054	static int IsPortRegistered(word32 port)
wolfSSL	15:117db924cf7c	1055	{
wolfSSL	15:117db924cf7c	1056	int ret = 0; /* false */
wolfSSL	15:117db924cf7c	1057	SnifferServer* sniffer;
wolfSSL	15:117db924cf7c	1058
wolfSSL	15:117db924cf7c	1059	wc_LockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1060
wolfSSL	15:117db924cf7c	1061	sniffer = ServerList;
wolfSSL	15:117db924cf7c	1062	while (sniffer) {
wolfSSL	15:117db924cf7c	1063	if (sniffer->port == (int)port) {
wolfSSL	15:117db924cf7c	1064	ret = 1;
wolfSSL	15:117db924cf7c	1065	break;
wolfSSL	15:117db924cf7c	1066	}
wolfSSL	15:117db924cf7c	1067	sniffer = sniffer->next;
wolfSSL	15:117db924cf7c	1068	}
wolfSSL	15:117db924cf7c	1069
wolfSSL	15:117db924cf7c	1070	wc_UnLockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1071
wolfSSL	15:117db924cf7c	1072	return ret;
wolfSSL	15:117db924cf7c	1073	}
wolfSSL	15:117db924cf7c	1074
wolfSSL	15:117db924cf7c	1075
wolfSSL	15:117db924cf7c	1076	/* Get SnifferServer from IP and Port */
wolfSSL	15:117db924cf7c	1077	static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL	15:117db924cf7c	1078	{
wolfSSL	15:117db924cf7c	1079	SnifferServer* sniffer;
wolfSSL	15:117db924cf7c	1080
wolfSSL	15:117db924cf7c	1081	wc_LockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1082
wolfSSL	15:117db924cf7c	1083	sniffer = ServerList;
wolfSSL	15:117db924cf7c	1084	while (sniffer) {
wolfSSL	15:117db924cf7c	1085	if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src)
wolfSSL	15:117db924cf7c	1086	break;
wolfSSL	15:117db924cf7c	1087	if (sniffer->port == tcpInfo->dstPort && sniffer->server == ipInfo->dst)
wolfSSL	15:117db924cf7c	1088	break;
wolfSSL	15:117db924cf7c	1089	sniffer = sniffer->next;
wolfSSL	15:117db924cf7c	1090	}
wolfSSL	15:117db924cf7c	1091
wolfSSL	15:117db924cf7c	1092	wc_UnLockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1093
wolfSSL	15:117db924cf7c	1094	return sniffer;
wolfSSL	15:117db924cf7c	1095	}
wolfSSL	15:117db924cf7c	1096
wolfSSL	15:117db924cf7c	1097
wolfSSL	15:117db924cf7c	1098	/* Hash the Session Info, return hash row */
wolfSSL	15:117db924cf7c	1099	static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL	15:117db924cf7c	1100	{
wolfSSL	15:117db924cf7c	1101	word32 hash = ipInfo->src * ipInfo->dst;
wolfSSL	15:117db924cf7c	1102	hash = tcpInfo->srcPort tcpInfo->dstPort;
wolfSSL	15:117db924cf7c	1103
wolfSSL	15:117db924cf7c	1104	return hash % HASH_SIZE;
wolfSSL	15:117db924cf7c	1105	}
wolfSSL	15:117db924cf7c	1106
wolfSSL	15:117db924cf7c	1107
wolfSSL	15:117db924cf7c	1108	/* Get Exisiting SnifferSession from IP and Port */
wolfSSL	15:117db924cf7c	1109	static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL	15:117db924cf7c	1110	{
wolfSSL	15:117db924cf7c	1111	SnifferSession* session;
wolfSSL	15:117db924cf7c	1112	time_t currTime = time(NULL);
wolfSSL	15:117db924cf7c	1113	word32 row = SessionHash(ipInfo, tcpInfo);
wolfSSL	15:117db924cf7c	1114
wolfSSL	15:117db924cf7c	1115	assert(row <= HASH_SIZE);
wolfSSL	15:117db924cf7c	1116
wolfSSL	15:117db924cf7c	1117	wc_LockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	1118
wolfSSL	15:117db924cf7c	1119	session = SessionTable[row];
wolfSSL	15:117db924cf7c	1120	while (session) {
wolfSSL	15:117db924cf7c	1121	if (session->server == ipInfo->src && session->client == ipInfo->dst &&
wolfSSL	15:117db924cf7c	1122	session->srvPort == tcpInfo->srcPort &&
wolfSSL	15:117db924cf7c	1123	session->cliPort == tcpInfo->dstPort)
wolfSSL	15:117db924cf7c	1124	break;
wolfSSL	15:117db924cf7c	1125	if (session->client == ipInfo->src && session->server == ipInfo->dst &&
wolfSSL	15:117db924cf7c	1126	session->cliPort == tcpInfo->srcPort &&
wolfSSL	15:117db924cf7c	1127	session->srvPort == tcpInfo->dstPort)
wolfSSL	15:117db924cf7c	1128	break;
wolfSSL	15:117db924cf7c	1129
wolfSSL	15:117db924cf7c	1130	session = session->next;
wolfSSL	15:117db924cf7c	1131	}
wolfSSL	15:117db924cf7c	1132
wolfSSL	15:117db924cf7c	1133	if (session)
wolfSSL	15:117db924cf7c	1134	session->lastUsed= currTime; /* keep session alive, remove stale will */
wolfSSL	15:117db924cf7c	1135	/* leave alone */
wolfSSL	15:117db924cf7c	1136	wc_UnLockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	1137
wolfSSL	15:117db924cf7c	1138	/* determine side */
wolfSSL	15:117db924cf7c	1139	if (session) {
wolfSSL	15:117db924cf7c	1140	if (ipInfo->dst == session->context->server &&
wolfSSL	15:117db924cf7c	1141	tcpInfo->dstPort == session->context->port)
wolfSSL	15:117db924cf7c	1142	session->flags.side = WOLFSSL_SERVER_END;
wolfSSL	15:117db924cf7c	1143	else
wolfSSL	15:117db924cf7c	1144	session->flags.side = WOLFSSL_CLIENT_END;
wolfSSL	15:117db924cf7c	1145	}
wolfSSL	15:117db924cf7c	1146
wolfSSL	15:117db924cf7c	1147	return session;
wolfSSL	15:117db924cf7c	1148	}
wolfSSL	15:117db924cf7c	1149
wolfSSL	15:117db924cf7c	1150
wolfSSL	15:117db924cf7c	1151	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1152
wolfSSL	15:117db924cf7c	1153	static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
wolfSSL	15:117db924cf7c	1154	const char* keyFile, int typeKey,
wolfSSL	15:117db924cf7c	1155	const char* password)
wolfSSL	15:117db924cf7c	1156	{
wolfSSL	15:117db924cf7c	1157	byte* loadBuf;
wolfSSL	15:117db924cf7c	1158	long fileSz = 0;
wolfSSL	15:117db924cf7c	1159	XFILE file;
wolfSSL	15:117db924cf7c	1160	int ret;
wolfSSL	15:117db924cf7c	1161
wolfSSL	15:117db924cf7c	1162	if (keyBuf == NULL \|\| keyBufSz == NULL \|\| keyFile == NULL) {
wolfSSL	15:117db924cf7c	1163	return -1;
wolfSSL	15:117db924cf7c	1164	}
wolfSSL	15:117db924cf7c	1165
wolfSSL	15:117db924cf7c	1166	file = XFOPEN(keyFile, "rb");
wolfSSL	15:117db924cf7c	1167	if (file == XBADFILE) return -1;
wolfSSL	15:117db924cf7c	1168	XFSEEK(file, 0, XSEEK_END);
wolfSSL	15:117db924cf7c	1169	fileSz = XFTELL(file);
wolfSSL	15:117db924cf7c	1170	XREWIND(file);
wolfSSL	15:117db924cf7c	1171
wolfSSL	15:117db924cf7c	1172	loadBuf = (byte*)malloc(fileSz);
wolfSSL	15:117db924cf7c	1173	if (loadBuf == NULL) {
wolfSSL	15:117db924cf7c	1174	XFCLOSE(file);
wolfSSL	15:117db924cf7c	1175	return -1;
wolfSSL	15:117db924cf7c	1176	}
wolfSSL	15:117db924cf7c	1177
wolfSSL	15:117db924cf7c	1178	ret = (int)XFREAD(loadBuf, 1, fileSz, file);
wolfSSL	15:117db924cf7c	1179	XFCLOSE(file);
wolfSSL	15:117db924cf7c	1180
wolfSSL	15:117db924cf7c	1181	if (ret != fileSz) {
wolfSSL	15:117db924cf7c	1182	free(loadBuf);
wolfSSL	15:117db924cf7c	1183	return -1;
wolfSSL	15:117db924cf7c	1184	}
wolfSSL	15:117db924cf7c	1185
wolfSSL	15:117db924cf7c	1186	if (typeKey == WOLFSSL_FILETYPE_PEM) {
wolfSSL	15:117db924cf7c	1187	byte* saveBuf = (byte*)malloc(fileSz);
wolfSSL	15:117db924cf7c	1188	int saveBufSz = 0;
wolfSSL	15:117db924cf7c	1189
wolfSSL	15:117db924cf7c	1190	ret = -1;
wolfSSL	15:117db924cf7c	1191	if (saveBuf != NULL) {
wolfSSL	15:117db924cf7c	1192	saveBufSz = wc_KeyPemToDer(loadBuf, (int)fileSz,
wolfSSL	15:117db924cf7c	1193	saveBuf, (int)fileSz, password);
wolfSSL	15:117db924cf7c	1194	if (saveBufSz < 0) {
wolfSSL	15:117db924cf7c	1195	saveBufSz = 0;
wolfSSL	15:117db924cf7c	1196	free(saveBuf);
wolfSSL	15:117db924cf7c	1197	saveBuf = NULL;
wolfSSL	15:117db924cf7c	1198	}
wolfSSL	15:117db924cf7c	1199	else
wolfSSL	15:117db924cf7c	1200	ret = 0;
wolfSSL	15:117db924cf7c	1201	}
wolfSSL	15:117db924cf7c	1202
wolfSSL	15:117db924cf7c	1203	ForceZero(loadBuf, (word32)fileSz);
wolfSSL	15:117db924cf7c	1204	free(loadBuf);
wolfSSL	15:117db924cf7c	1205
wolfSSL	15:117db924cf7c	1206	if (saveBuf) {
wolfSSL	15:117db924cf7c	1207	*keyBuf = saveBuf;
wolfSSL	15:117db924cf7c	1208	*keyBufSz = (word32)saveBufSz;
wolfSSL	15:117db924cf7c	1209	}
wolfSSL	15:117db924cf7c	1210	}
wolfSSL	15:117db924cf7c	1211	else {
wolfSSL	15:117db924cf7c	1212	*keyBuf = loadBuf;
wolfSSL	15:117db924cf7c	1213	*keyBufSz = (word32)fileSz;
wolfSSL	15:117db924cf7c	1214	}
wolfSSL	15:117db924cf7c	1215
wolfSSL	15:117db924cf7c	1216	if (ret < 0) {
wolfSSL	15:117db924cf7c	1217	return -1;
wolfSSL	15:117db924cf7c	1218	}
wolfSSL	15:117db924cf7c	1219
wolfSSL	15:117db924cf7c	1220	return ret;
wolfSSL	15:117db924cf7c	1221	}
wolfSSL	15:117db924cf7c	1222
wolfSSL	15:117db924cf7c	1223	#endif
wolfSSL	15:117db924cf7c	1224
wolfSSL	15:117db924cf7c	1225
wolfSSL	15:117db924cf7c	1226	static int SetNamedPrivateKey(const char* name, const char* address, int port,
wolfSSL	15:117db924cf7c	1227	const char* keyFile, int typeKey, const char* password, char* error)
wolfSSL	15:117db924cf7c	1228	{
wolfSSL	15:117db924cf7c	1229	SnifferServer* sniffer;
wolfSSL	15:117db924cf7c	1230	int ret;
wolfSSL	15:117db924cf7c	1231	int type = (typeKey == FILETYPE_PEM) ? WOLFSSL_FILETYPE_PEM :
wolfSSL	15:117db924cf7c	1232	WOLFSSL_FILETYPE_ASN1;
wolfSSL	15:117db924cf7c	1233	int isNew = 0;
wolfSSL	15:117db924cf7c	1234	word32 serverIp;
wolfSSL	15:117db924cf7c	1235
wolfSSL	15:117db924cf7c	1236	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1237	NamedKey* namedKey = NULL;
wolfSSL	15:117db924cf7c	1238	#endif
wolfSSL	15:117db924cf7c	1239
wolfSSL	15:117db924cf7c	1240	(void)name;
wolfSSL	15:117db924cf7c	1241	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1242	if (name != NULL) {
wolfSSL	15:117db924cf7c	1243	namedKey = (NamedKey*)malloc(sizeof(NamedKey));
wolfSSL	15:117db924cf7c	1244	if (namedKey == NULL) {
wolfSSL	15:117db924cf7c	1245	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1246	return -1;
wolfSSL	15:117db924cf7c	1247	}
wolfSSL	15:117db924cf7c	1248	XMEMSET(namedKey, 0, sizeof(NamedKey));
wolfSSL	15:117db924cf7c	1249
wolfSSL	15:117db924cf7c	1250	namedKey->nameSz = (word32)XSTRLEN(name);
wolfSSL	15:117db924cf7c	1251	if (namedKey->nameSz > sizeof(namedKey->name)-1)
wolfSSL	15:117db924cf7c	1252	namedKey->nameSz = sizeof(namedKey->name)-1;
wolfSSL	15:117db924cf7c	1253	XSTRNCPY(namedKey->name, name, namedKey->nameSz);
wolfSSL	15:117db924cf7c	1254	namedKey->name[MAX_SERVER_NAME-1] = '\0';
wolfSSL	15:117db924cf7c	1255
wolfSSL	15:117db924cf7c	1256	ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
wolfSSL	15:117db924cf7c	1257	keyFile, type, password);
wolfSSL	15:117db924cf7c	1258	if (ret < 0) {
wolfSSL	15:117db924cf7c	1259	SetError(KEY_FILE_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1260	FreeNamedKey(namedKey);
wolfSSL	15:117db924cf7c	1261	return -1;
wolfSSL	15:117db924cf7c	1262	}
wolfSSL	15:117db924cf7c	1263	}
wolfSSL	15:117db924cf7c	1264	#endif
wolfSSL	15:117db924cf7c	1265
wolfSSL	15:117db924cf7c	1266	serverIp = inet_addr(address);
wolfSSL	15:117db924cf7c	1267	sniffer = ServerList;
wolfSSL	15:117db924cf7c	1268	while (sniffer != NULL &&
wolfSSL	15:117db924cf7c	1269	(sniffer->server != serverIp \|\| sniffer->port != port)) {
wolfSSL	15:117db924cf7c	1270	sniffer = sniffer->next;
wolfSSL	15:117db924cf7c	1271	}
wolfSSL	15:117db924cf7c	1272
wolfSSL	15:117db924cf7c	1273	if (sniffer == NULL) {
wolfSSL	15:117db924cf7c	1274	isNew = 1;
wolfSSL	15:117db924cf7c	1275	sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
wolfSSL	15:117db924cf7c	1276	if (sniffer == NULL) {
wolfSSL	15:117db924cf7c	1277	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1278	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1279	FreeNamedKey(namedKey);
wolfSSL	15:117db924cf7c	1280	#endif
wolfSSL	15:117db924cf7c	1281	return -1;
wolfSSL	15:117db924cf7c	1282	}
wolfSSL	15:117db924cf7c	1283	InitSnifferServer(sniffer);
wolfSSL	15:117db924cf7c	1284
wolfSSL	15:117db924cf7c	1285	XSTRNCPY(sniffer->address, address, MAX_SERVER_ADDRESS-1);
wolfSSL	15:117db924cf7c	1286	sniffer->address[MAX_SERVER_ADDRESS-1] = '\0';
wolfSSL	15:117db924cf7c	1287	sniffer->server = serverIp;
wolfSSL	15:117db924cf7c	1288	sniffer->port = port;
wolfSSL	15:117db924cf7c	1289
wolfSSL	15:117db924cf7c	1290	sniffer->ctx = SSL_CTX_new(TLSv1_2_client_method());
wolfSSL	15:117db924cf7c	1291	if (!sniffer->ctx) {
wolfSSL	15:117db924cf7c	1292	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1293	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1294	FreeNamedKey(namedKey);
wolfSSL	15:117db924cf7c	1295	#endif
wolfSSL	15:117db924cf7c	1296	FreeSnifferServer(sniffer);
wolfSSL	15:117db924cf7c	1297	return -1;
wolfSSL	15:117db924cf7c	1298	}
wolfSSL	15:117db924cf7c	1299	}
wolfSSL	15:117db924cf7c	1300
wolfSSL	15:117db924cf7c	1301	if (name == NULL) {
wolfSSL	15:117db924cf7c	1302	if (password) {
wolfSSL	15:117db924cf7c	1303	#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL	15:117db924cf7c	1304	SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
wolfSSL	15:117db924cf7c	1305	SSL_CTX_set_default_passwd_cb_userdata(
wolfSSL	15:117db924cf7c	1306	sniffer->ctx, (void*)password);
wolfSSL	15:117db924cf7c	1307	#endif
wolfSSL	15:117db924cf7c	1308	}
wolfSSL	15:117db924cf7c	1309	ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
wolfSSL	15:117db924cf7c	1310	if (ret != WOLFSSL_SUCCESS) {
wolfSSL	15:117db924cf7c	1311	SetError(KEY_FILE_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1312	if (isNew)
wolfSSL	15:117db924cf7c	1313	FreeSnifferServer(sniffer);
wolfSSL	15:117db924cf7c	1314	return -1;
wolfSSL	15:117db924cf7c	1315	}
wolfSSL	15:117db924cf7c	1316	}
wolfSSL	15:117db924cf7c	1317	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1318	else {
wolfSSL	15:117db924cf7c	1319	wc_LockMutex(&sniffer->namedKeysMutex);
wolfSSL	15:117db924cf7c	1320	namedKey->next = sniffer->namedKeys;
wolfSSL	15:117db924cf7c	1321	sniffer->namedKeys = namedKey;
wolfSSL	15:117db924cf7c	1322	wc_UnLockMutex(&sniffer->namedKeysMutex);
wolfSSL	15:117db924cf7c	1323	}
wolfSSL	15:117db924cf7c	1324	#endif
wolfSSL	15:117db924cf7c	1325
wolfSSL	15:117db924cf7c	1326	if (isNew) {
wolfSSL	15:117db924cf7c	1327	sniffer->next = ServerList;
wolfSSL	15:117db924cf7c	1328	ServerList = sniffer;
wolfSSL	15:117db924cf7c	1329	}
wolfSSL	15:117db924cf7c	1330
wolfSSL	15:117db924cf7c	1331	return 0;
wolfSSL	15:117db924cf7c	1332	}
wolfSSL	15:117db924cf7c	1333
wolfSSL	15:117db924cf7c	1334
wolfSSL	15:117db924cf7c	1335	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1336
wolfSSL	15:117db924cf7c	1337	/* Sets the private key for a specific name, server and port */
wolfSSL	15:117db924cf7c	1338	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	1339	int ssl_SetNamedPrivateKey(const char* name,
wolfSSL	15:117db924cf7c	1340	const char* address, int port,
wolfSSL	15:117db924cf7c	1341	const char* keyFile, int typeKey,
wolfSSL	15:117db924cf7c	1342	const char* password, char* error)
wolfSSL	15:117db924cf7c	1343	{
wolfSSL	15:117db924cf7c	1344	int ret;
wolfSSL	15:117db924cf7c	1345
wolfSSL	15:117db924cf7c	1346	TraceHeader();
wolfSSL	15:117db924cf7c	1347	TraceSetNamedServer(name, address, port, keyFile);
wolfSSL	15:117db924cf7c	1348
wolfSSL	15:117db924cf7c	1349	wc_LockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1350	ret = SetNamedPrivateKey(name, address, port, keyFile,
wolfSSL	15:117db924cf7c	1351	typeKey, password, error);
wolfSSL	15:117db924cf7c	1352	wc_UnLockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1353
wolfSSL	15:117db924cf7c	1354	if (ret == 0)
wolfSSL	15:117db924cf7c	1355	Trace(NEW_SERVER_STR);
wolfSSL	15:117db924cf7c	1356
wolfSSL	15:117db924cf7c	1357	return ret;
wolfSSL	15:117db924cf7c	1358	}
wolfSSL	15:117db924cf7c	1359
wolfSSL	15:117db924cf7c	1360	#endif
wolfSSL	15:117db924cf7c	1361
wolfSSL	15:117db924cf7c	1362
wolfSSL	15:117db924cf7c	1363	/* Sets the private key for a specific server and port */
wolfSSL	15:117db924cf7c	1364	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	1365	int ssl_SetPrivateKey(const char* address, int port, const char* keyFile,
wolfSSL	15:117db924cf7c	1366	int typeKey, const char* password, char* error)
wolfSSL	15:117db924cf7c	1367	{
wolfSSL	15:117db924cf7c	1368	int ret;
wolfSSL	15:117db924cf7c	1369
wolfSSL	15:117db924cf7c	1370	TraceHeader();
wolfSSL	15:117db924cf7c	1371	TraceSetServer(address, port, keyFile);
wolfSSL	15:117db924cf7c	1372
wolfSSL	15:117db924cf7c	1373	wc_LockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1374	ret = SetNamedPrivateKey(NULL, address, port, keyFile,
wolfSSL	15:117db924cf7c	1375	typeKey, password, error);
wolfSSL	15:117db924cf7c	1376	wc_UnLockMutex(&ServerListMutex);
wolfSSL	15:117db924cf7c	1377
wolfSSL	15:117db924cf7c	1378	if (ret == 0)
wolfSSL	15:117db924cf7c	1379	Trace(NEW_SERVER_STR);
wolfSSL	15:117db924cf7c	1380
wolfSSL	15:117db924cf7c	1381	return ret;
wolfSSL	15:117db924cf7c	1382	}
wolfSSL	15:117db924cf7c	1383
wolfSSL	15:117db924cf7c	1384
wolfSSL	15:117db924cf7c	1385	/* Check IP Header for IPV4, TCP, and a registered server address */
wolfSSL	15:117db924cf7c	1386	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	1387	static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
wolfSSL	15:117db924cf7c	1388	{
wolfSSL	15:117db924cf7c	1389	int version = IP_V(iphdr);
wolfSSL	15:117db924cf7c	1390
wolfSSL	15:117db924cf7c	1391	TraceIP(iphdr);
wolfSSL	15:117db924cf7c	1392	Trace(IP_CHECK_STR);
wolfSSL	15:117db924cf7c	1393
wolfSSL	15:117db924cf7c	1394	if (version != IPV4) {
wolfSSL	15:117db924cf7c	1395	SetError(BAD_IPVER_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1396	return -1;
wolfSSL	15:117db924cf7c	1397	}
wolfSSL	15:117db924cf7c	1398
wolfSSL	15:117db924cf7c	1399	if (iphdr->protocol != TCP_PROTOCOL) {
wolfSSL	15:117db924cf7c	1400	SetError(BAD_PROTO_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1401	return -1;
wolfSSL	15:117db924cf7c	1402	}
wolfSSL	15:117db924cf7c	1403
wolfSSL	15:117db924cf7c	1404	if (!IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) {
wolfSSL	15:117db924cf7c	1405	SetError(SERVER_NOT_REG_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1406	return -1;
wolfSSL	15:117db924cf7c	1407	}
wolfSSL	15:117db924cf7c	1408
wolfSSL	15:117db924cf7c	1409	info->length = IP_HL(iphdr);
wolfSSL	15:117db924cf7c	1410	info->total = ntohs(iphdr->length);
wolfSSL	15:117db924cf7c	1411	info->src = iphdr->src;
wolfSSL	15:117db924cf7c	1412	info->dst = iphdr->dst;
wolfSSL	15:117db924cf7c	1413
wolfSSL	15:117db924cf7c	1414	if (info->total == 0)
wolfSSL	15:117db924cf7c	1415	info->total = length; /* reassembled may be off */
wolfSSL	15:117db924cf7c	1416
wolfSSL	15:117db924cf7c	1417	return 0;
wolfSSL	15:117db924cf7c	1418	}
wolfSSL	15:117db924cf7c	1419
wolfSSL	15:117db924cf7c	1420
wolfSSL	15:117db924cf7c	1421	/* Check TCP Header for a registered port */
wolfSSL	15:117db924cf7c	1422	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	1423	static int CheckTcpHdr(TcpHdr* tcphdr, TcpInfo* info, char* error)
wolfSSL	15:117db924cf7c	1424	{
wolfSSL	15:117db924cf7c	1425	TraceTcp(tcphdr);
wolfSSL	15:117db924cf7c	1426	Trace(TCP_CHECK_STR);
wolfSSL	15:117db924cf7c	1427	info->srcPort = ntohs(tcphdr->srcPort);
wolfSSL	15:117db924cf7c	1428	info->dstPort = ntohs(tcphdr->dstPort);
wolfSSL	15:117db924cf7c	1429	info->length = TCP_LEN(tcphdr);
wolfSSL	15:117db924cf7c	1430	info->sequence = ntohl(tcphdr->sequence);
wolfSSL	15:117db924cf7c	1431	info->fin = tcphdr->flags & TCP_FIN;
wolfSSL	15:117db924cf7c	1432	info->rst = tcphdr->flags & TCP_RST;
wolfSSL	15:117db924cf7c	1433	info->syn = tcphdr->flags & TCP_SYN;
wolfSSL	15:117db924cf7c	1434	info->ack = tcphdr->flags & TCP_ACK;
wolfSSL	15:117db924cf7c	1435	if (info->ack)
wolfSSL	15:117db924cf7c	1436	info->ackNumber = ntohl(tcphdr->ack);
wolfSSL	15:117db924cf7c	1437
wolfSSL	15:117db924cf7c	1438	if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) {
wolfSSL	15:117db924cf7c	1439	SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	1440	return -1;
wolfSSL	15:117db924cf7c	1441	}
wolfSSL	15:117db924cf7c	1442
wolfSSL	15:117db924cf7c	1443	return 0;
wolfSSL	15:117db924cf7c	1444	}
wolfSSL	15:117db924cf7c	1445
wolfSSL	15:117db924cf7c	1446
wolfSSL	15:117db924cf7c	1447	/* Decode Record Layer Header */
wolfSSL	15:117db924cf7c	1448	static int GetRecordHeader(const byte* input, RecordLayerHeader* rh, int* size)
wolfSSL	15:117db924cf7c	1449	{
wolfSSL	15:117db924cf7c	1450	XMEMCPY(rh, input, RECORD_HEADER_SZ);
wolfSSL	15:117db924cf7c	1451	*size = (rh->length[0] << 8) \| rh->length[1];
wolfSSL	15:117db924cf7c	1452
wolfSSL	15:117db924cf7c	1453	if (*size > (MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL	15:117db924cf7c	1454	return LENGTH_ERROR;
wolfSSL	15:117db924cf7c	1455
wolfSSL	15:117db924cf7c	1456	return 0;
wolfSSL	15:117db924cf7c	1457	}
wolfSSL	15:117db924cf7c	1458
wolfSSL	15:117db924cf7c	1459
wolfSSL	15:117db924cf7c	1460	/* Process Client Key Exchange, RSA only */
wolfSSL	15:117db924cf7c	1461	static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
wolfSSL	15:117db924cf7c	1462	SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	1463	{
wolfSSL	15:117db924cf7c	1464	word32 idx = 0;
wolfSSL	15:117db924cf7c	1465	RsaKey key;
wolfSSL	15:117db924cf7c	1466	int ret;
wolfSSL	15:117db924cf7c	1467
wolfSSL	15:117db924cf7c	1468	if (session->sslServer->buffers.key == NULL \|\|
wolfSSL	15:117db924cf7c	1469	session->sslServer->buffers.key->buffer == NULL \|\|
wolfSSL	15:117db924cf7c	1470	session->sslServer->buffers.key->length == 0) {
wolfSSL	15:117db924cf7c	1471
wolfSSL	15:117db924cf7c	1472	SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1473	return -1;
wolfSSL	15:117db924cf7c	1474	}
wolfSSL	15:117db924cf7c	1475	ret = wc_InitRsaKey(&key, 0);
wolfSSL	15:117db924cf7c	1476	if (ret == 0)
wolfSSL	15:117db924cf7c	1477	ret = wc_RsaPrivateKeyDecode(session->sslServer->buffers.key->buffer,
wolfSSL	15:117db924cf7c	1478	&idx, &key, session->sslServer->buffers.key->length);
wolfSSL	15:117db924cf7c	1479	if (ret == 0) {
wolfSSL	15:117db924cf7c	1480	int length = wc_RsaEncryptSize(&key);
wolfSSL	15:117db924cf7c	1481
wolfSSL	15:117db924cf7c	1482	if (IsTLS(session->sslServer))
wolfSSL	15:117db924cf7c	1483	input += 2; /* tls pre length */
wolfSSL	15:117db924cf7c	1484
wolfSSL	15:117db924cf7c	1485	if (length > *sslBytes) {
wolfSSL	15:117db924cf7c	1486	SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1487	wc_FreeRsaKey(&key);
wolfSSL	15:117db924cf7c	1488	return -1;
wolfSSL	15:117db924cf7c	1489	}
wolfSSL	15:117db924cf7c	1490	#ifdef WC_RSA_BLINDING
wolfSSL	15:117db924cf7c	1491	ret = wc_RsaSetRNG(&key, session->sslServer->rng);
wolfSSL	15:117db924cf7c	1492	if (ret != 0) {
wolfSSL	15:117db924cf7c	1493	SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1494	return -1;
wolfSSL	15:117db924cf7c	1495	}
wolfSSL	15:117db924cf7c	1496	#endif
wolfSSL	15:117db924cf7c	1497	do {
wolfSSL	15:117db924cf7c	1498	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	15:117db924cf7c	1499	ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL	15:117db924cf7c	1500	#endif
wolfSSL	15:117db924cf7c	1501	if (ret >= 0) {
wolfSSL	15:117db924cf7c	1502	ret = wc_RsaPrivateDecrypt(input, length,
wolfSSL	15:117db924cf7c	1503	session->sslServer->arrays->preMasterSecret, SECRET_LEN,
wolfSSL	15:117db924cf7c	1504	&key);
wolfSSL	15:117db924cf7c	1505	}
wolfSSL	15:117db924cf7c	1506	} while (ret == WC_PENDING_E);
wolfSSL	15:117db924cf7c	1507	if (ret != SECRET_LEN) {
wolfSSL	15:117db924cf7c	1508	SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1509	wc_FreeRsaKey(&key);
wolfSSL	15:117db924cf7c	1510	return -1;
wolfSSL	15:117db924cf7c	1511	}
wolfSSL	15:117db924cf7c	1512	session->sslServer->arrays->preMasterSz = SECRET_LEN;
wolfSSL	15:117db924cf7c	1513
wolfSSL	15:117db924cf7c	1514	/* store for client side as well */
wolfSSL	15:117db924cf7c	1515	XMEMCPY(session->sslClient->arrays->preMasterSecret,
wolfSSL	15:117db924cf7c	1516	session->sslServer->arrays->preMasterSecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	1517	session->sslClient->arrays->preMasterSz = SECRET_LEN;
wolfSSL	15:117db924cf7c	1518
wolfSSL	15:117db924cf7c	1519	#ifdef SHOW_SECRETS
wolfSSL	15:117db924cf7c	1520	{
wolfSSL	15:117db924cf7c	1521	int i;
wolfSSL	15:117db924cf7c	1522	printf("pre master secret: ");
wolfSSL	15:117db924cf7c	1523	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	15:117db924cf7c	1524	printf("%02x", session->sslServer->arrays->preMasterSecret[i]);
wolfSSL	15:117db924cf7c	1525	printf("\n");
wolfSSL	15:117db924cf7c	1526	}
wolfSSL	15:117db924cf7c	1527	#endif
wolfSSL	15:117db924cf7c	1528	}
wolfSSL	15:117db924cf7c	1529	else {
wolfSSL	15:117db924cf7c	1530	SetError(RSA_DECODE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1531	wc_FreeRsaKey(&key);
wolfSSL	15:117db924cf7c	1532	return -1;
wolfSSL	15:117db924cf7c	1533	}
wolfSSL	15:117db924cf7c	1534
wolfSSL	15:117db924cf7c	1535	if (SetCipherSpecs(session->sslServer) != 0) {
wolfSSL	15:117db924cf7c	1536	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1537	wc_FreeRsaKey(&key);
wolfSSL	15:117db924cf7c	1538	return -1;
wolfSSL	15:117db924cf7c	1539	}
wolfSSL	15:117db924cf7c	1540
wolfSSL	15:117db924cf7c	1541	if (SetCipherSpecs(session->sslClient) != 0) {
wolfSSL	15:117db924cf7c	1542	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1543	wc_FreeRsaKey(&key);
wolfSSL	15:117db924cf7c	1544	return -1;
wolfSSL	15:117db924cf7c	1545	}
wolfSSL	15:117db924cf7c	1546
wolfSSL	15:117db924cf7c	1547	ret = MakeMasterSecret(session->sslServer);
wolfSSL	15:117db924cf7c	1548	ret += MakeMasterSecret(session->sslClient);
wolfSSL	15:117db924cf7c	1549	ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	15:117db924cf7c	1550	ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	15:117db924cf7c	1551
wolfSSL	15:117db924cf7c	1552	if (ret != 0) {
wolfSSL	15:117db924cf7c	1553	SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1554	return -1;
wolfSSL	15:117db924cf7c	1555	}
wolfSSL	15:117db924cf7c	1556
wolfSSL	15:117db924cf7c	1557	#ifdef SHOW_SECRETS
wolfSSL	15:117db924cf7c	1558	{
wolfSSL	15:117db924cf7c	1559	int i;
wolfSSL	15:117db924cf7c	1560	printf("server master secret: ");
wolfSSL	15:117db924cf7c	1561	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	15:117db924cf7c	1562	printf("%02x", session->sslServer->arrays->masterSecret[i]);
wolfSSL	15:117db924cf7c	1563	printf("\n");
wolfSSL	15:117db924cf7c	1564
wolfSSL	15:117db924cf7c	1565	printf("client master secret: ");
wolfSSL	15:117db924cf7c	1566	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	15:117db924cf7c	1567	printf("%02x", session->sslClient->arrays->masterSecret[i]);
wolfSSL	15:117db924cf7c	1568	printf("\n");
wolfSSL	15:117db924cf7c	1569
wolfSSL	15:117db924cf7c	1570	printf("server suite = %d\n", session->sslServer->options.cipherSuite);
wolfSSL	15:117db924cf7c	1571	printf("client suite = %d\n", session->sslClient->options.cipherSuite);
wolfSSL	15:117db924cf7c	1572	}
wolfSSL	15:117db924cf7c	1573	#endif
wolfSSL	15:117db924cf7c	1574
wolfSSL	15:117db924cf7c	1575	wc_FreeRsaKey(&key);
wolfSSL	15:117db924cf7c	1576	return ret;
wolfSSL	15:117db924cf7c	1577	}
wolfSSL	15:117db924cf7c	1578
wolfSSL	15:117db924cf7c	1579
wolfSSL	15:117db924cf7c	1580	/* Process Session Ticket */
wolfSSL	15:117db924cf7c	1581	static int ProcessSessionTicket(const byte* input, int* sslBytes,
wolfSSL	15:117db924cf7c	1582	SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	1583	{
wolfSSL	15:117db924cf7c	1584	word16 len;
wolfSSL	15:117db924cf7c	1585
wolfSSL	15:117db924cf7c	1586	/* make sure can read through hint and len */
wolfSSL	15:117db924cf7c	1587	if (TICKET_HINT_LEN + LENGTH_SZ > *sslBytes) {
wolfSSL	15:117db924cf7c	1588	SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1589	return -1;
wolfSSL	15:117db924cf7c	1590	}
wolfSSL	15:117db924cf7c	1591
wolfSSL	15:117db924cf7c	1592	input += TICKET_HINT_LEN; /* skip over hint */
wolfSSL	15:117db924cf7c	1593	*sslBytes -= TICKET_HINT_LEN;
wolfSSL	15:117db924cf7c	1594
wolfSSL	15:117db924cf7c	1595	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	15:117db924cf7c	1596	input += LENGTH_SZ;
wolfSSL	15:117db924cf7c	1597	*sslBytes -= LENGTH_SZ;
wolfSSL	15:117db924cf7c	1598
wolfSSL	15:117db924cf7c	1599	/* make sure can read through ticket */
wolfSSL	15:117db924cf7c	1600	if (len > *sslBytes \|\| len < ID_LEN) {
wolfSSL	15:117db924cf7c	1601	SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1602	return -1;
wolfSSL	15:117db924cf7c	1603	}
wolfSSL	15:117db924cf7c	1604
wolfSSL	15:117db924cf7c	1605	/* store session with macID as sessionID */
wolfSSL	15:117db924cf7c	1606	session->sslServer->options.haveSessionId = 1;
wolfSSL	15:117db924cf7c	1607	XMEMCPY(session->sslServer->arrays->sessionID, input + len - ID_LEN,ID_LEN);
wolfSSL	15:117db924cf7c	1608
wolfSSL	15:117db924cf7c	1609	return 0;
wolfSSL	15:117db924cf7c	1610	}
wolfSSL	15:117db924cf7c	1611
wolfSSL	15:117db924cf7c	1612
wolfSSL	15:117db924cf7c	1613	/* Process Server Hello */
wolfSSL	15:117db924cf7c	1614	static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
wolfSSL	15:117db924cf7c	1615	SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	1616	{
wolfSSL	15:117db924cf7c	1617	ProtocolVersion pv;
wolfSSL	15:117db924cf7c	1618	byte b;
wolfSSL	15:117db924cf7c	1619	int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
wolfSSL	15:117db924cf7c	1620	int doResume = 0;
wolfSSL	15:117db924cf7c	1621	int initialBytes = *sslBytes;
wolfSSL	15:117db924cf7c	1622
wolfSSL	15:117db924cf7c	1623	(void)msgSz;
wolfSSL	15:117db924cf7c	1624	(void)initialBytes;
wolfSSL	15:117db924cf7c	1625
wolfSSL	15:117db924cf7c	1626	/* make sure we didn't miss ClientHello */
wolfSSL	15:117db924cf7c	1627	if (session->flags.clientHello == 0) {
wolfSSL	15:117db924cf7c	1628	SetError(MISSED_CLIENT_HELLO_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1629	return -1;
wolfSSL	15:117db924cf7c	1630	}
wolfSSL	15:117db924cf7c	1631
wolfSSL	15:117db924cf7c	1632	/* make sure can read through session len */
wolfSSL	15:117db924cf7c	1633	if (toRead > *sslBytes) {
wolfSSL	15:117db924cf7c	1634	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1635	return -1;
wolfSSL	15:117db924cf7c	1636	}
wolfSSL	15:117db924cf7c	1637
wolfSSL	15:117db924cf7c	1638	XMEMCPY(&pv, input, VERSION_SZ);
wolfSSL	15:117db924cf7c	1639	input += VERSION_SZ;
wolfSSL	15:117db924cf7c	1640	*sslBytes -= VERSION_SZ;
wolfSSL	15:117db924cf7c	1641
wolfSSL	15:117db924cf7c	1642	session->sslServer->version = pv;
wolfSSL	15:117db924cf7c	1643	session->sslClient->version = pv;
wolfSSL	15:117db924cf7c	1644
wolfSSL	15:117db924cf7c	1645	XMEMCPY(session->sslServer->arrays->serverRandom, input, RAN_LEN);
wolfSSL	15:117db924cf7c	1646	XMEMCPY(session->sslClient->arrays->serverRandom, input, RAN_LEN);
wolfSSL	15:117db924cf7c	1647	input += RAN_LEN;
wolfSSL	15:117db924cf7c	1648	*sslBytes -= RAN_LEN;
wolfSSL	15:117db924cf7c	1649
wolfSSL	15:117db924cf7c	1650	b = *input++;
wolfSSL	15:117db924cf7c	1651	*sslBytes -= 1;
wolfSSL	15:117db924cf7c	1652
wolfSSL	15:117db924cf7c	1653	/* make sure can read through compression */
wolfSSL	15:117db924cf7c	1654	if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) {
wolfSSL	15:117db924cf7c	1655	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1656	return -1;
wolfSSL	15:117db924cf7c	1657	}
wolfSSL	15:117db924cf7c	1658	if (b) {
wolfSSL	15:117db924cf7c	1659	XMEMCPY(session->sslServer->arrays->sessionID, input, ID_LEN);
wolfSSL	15:117db924cf7c	1660	session->sslServer->options.haveSessionId = 1;
wolfSSL	15:117db924cf7c	1661	}
wolfSSL	15:117db924cf7c	1662	input += b;
wolfSSL	15:117db924cf7c	1663	*sslBytes -= b;
wolfSSL	15:117db924cf7c	1664
wolfSSL	15:117db924cf7c	1665	/* cipher suite */
wolfSSL	15:117db924cf7c	1666	b = input++; / first byte, ECC or not */
wolfSSL	15:117db924cf7c	1667	session->sslServer->options.cipherSuite0 = b;
wolfSSL	15:117db924cf7c	1668	session->sslClient->options.cipherSuite0 = b;
wolfSSL	15:117db924cf7c	1669	b = *input++;
wolfSSL	15:117db924cf7c	1670	session->sslServer->options.cipherSuite = b;
wolfSSL	15:117db924cf7c	1671	session->sslClient->options.cipherSuite = b;
wolfSSL	15:117db924cf7c	1672	*sslBytes -= SUITE_LEN;
wolfSSL	15:117db924cf7c	1673
wolfSSL	15:117db924cf7c	1674	/* compression */
wolfSSL	15:117db924cf7c	1675	b = *input++;
wolfSSL	15:117db924cf7c	1676	*sslBytes -= ENUM_LEN;
wolfSSL	15:117db924cf7c	1677
wolfSSL	15:117db924cf7c	1678	if (b) {
wolfSSL	15:117db924cf7c	1679	SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1680	return -1;
wolfSSL	15:117db924cf7c	1681	}
wolfSSL	15:117db924cf7c	1682
wolfSSL	15:117db924cf7c	1683	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	1684	/* extensions */
wolfSSL	15:117db924cf7c	1685	if ((initialBytes - *sslBytes) < msgSz) {
wolfSSL	15:117db924cf7c	1686	word16 len;
wolfSSL	15:117db924cf7c	1687
wolfSSL	15:117db924cf7c	1688	/* skip extensions until extended master secret */
wolfSSL	15:117db924cf7c	1689	/* make sure can read len */
wolfSSL	15:117db924cf7c	1690	if (SUITE_LEN > *sslBytes) {
wolfSSL	15:117db924cf7c	1691	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1692	return -1;
wolfSSL	15:117db924cf7c	1693	}
wolfSSL	15:117db924cf7c	1694	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	15:117db924cf7c	1695	input += SUITE_LEN;
wolfSSL	15:117db924cf7c	1696	*sslBytes -= SUITE_LEN;
wolfSSL	15:117db924cf7c	1697	/* make sure can read through all extensions */
wolfSSL	15:117db924cf7c	1698	if (len > *sslBytes) {
wolfSSL	15:117db924cf7c	1699	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1700	return -1;
wolfSSL	15:117db924cf7c	1701	}
wolfSSL	15:117db924cf7c	1702
wolfSSL	15:117db924cf7c	1703	while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
wolfSSL	15:117db924cf7c	1704	byte extType[EXT_TYPE_SZ];
wolfSSL	15:117db924cf7c	1705	word16 extLen;
wolfSSL	15:117db924cf7c	1706
wolfSSL	15:117db924cf7c	1707	extType[0] = input[0];
wolfSSL	15:117db924cf7c	1708	extType[1] = input[1];
wolfSSL	15:117db924cf7c	1709	input += EXT_TYPE_SZ;
wolfSSL	15:117db924cf7c	1710	*sslBytes -= EXT_TYPE_SZ;
wolfSSL	15:117db924cf7c	1711
wolfSSL	15:117db924cf7c	1712	extLen = (word16)((input[0] << 8) \| input[1]);
wolfSSL	15:117db924cf7c	1713	input += LENGTH_SZ;
wolfSSL	15:117db924cf7c	1714	*sslBytes -= LENGTH_SZ;
wolfSSL	15:117db924cf7c	1715
wolfSSL	15:117db924cf7c	1716	/* make sure can read through individual extension */
wolfSSL	15:117db924cf7c	1717	if (extLen > *sslBytes) {
wolfSSL	15:117db924cf7c	1718	SetError(SERVER_HELLO_INPUT_STR, error, session,
wolfSSL	15:117db924cf7c	1719	FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1720	return -1;
wolfSSL	15:117db924cf7c	1721	}
wolfSSL	15:117db924cf7c	1722
wolfSSL	15:117db924cf7c	1723	if (extType[0] == 0x00 && extType[1] == EXT_MASTER_SECRET) {
wolfSSL	15:117db924cf7c	1724	session->flags.expectEms = 1;
wolfSSL	15:117db924cf7c	1725	}
wolfSSL	15:117db924cf7c	1726
wolfSSL	15:117db924cf7c	1727	input += extLen;
wolfSSL	15:117db924cf7c	1728	*sslBytes -= extLen;
wolfSSL	15:117db924cf7c	1729	len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
wolfSSL	15:117db924cf7c	1730	}
wolfSSL	15:117db924cf7c	1731	}
wolfSSL	15:117db924cf7c	1732
wolfSSL	15:117db924cf7c	1733	if (!session->flags.expectEms) {
wolfSSL	15:117db924cf7c	1734	free(session->hash);
wolfSSL	15:117db924cf7c	1735	session->hash = NULL;
wolfSSL	15:117db924cf7c	1736	}
wolfSSL	15:117db924cf7c	1737	#endif
wolfSSL	15:117db924cf7c	1738
wolfSSL	15:117db924cf7c	1739	if (session->sslServer->options.haveSessionId &&
wolfSSL	15:117db924cf7c	1740	XMEMCMP(session->sslServer->arrays->sessionID,
wolfSSL	15:117db924cf7c	1741	session->sslClient->arrays->sessionID, ID_LEN) == 0)
wolfSSL	15:117db924cf7c	1742	doResume = 1;
wolfSSL	15:117db924cf7c	1743	else if (session->sslClient->options.haveSessionId == 0 &&
wolfSSL	15:117db924cf7c	1744	session->sslServer->options.haveSessionId == 0 &&
wolfSSL	15:117db924cf7c	1745	session->ticketID)
wolfSSL	15:117db924cf7c	1746	doResume = 1;
wolfSSL	15:117db924cf7c	1747
wolfSSL	15:117db924cf7c	1748	if (session->ticketID && doResume) {
wolfSSL	15:117db924cf7c	1749	/* use ticketID to retrieve from session, prefer over sessionID */
wolfSSL	15:117db924cf7c	1750	XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
wolfSSL	15:117db924cf7c	1751	session->sslServer->options.haveSessionId = 1; /* may not have
wolfSSL	15:117db924cf7c	1752	actual sessionID */
wolfSSL	15:117db924cf7c	1753	}
wolfSSL	15:117db924cf7c	1754
wolfSSL	15:117db924cf7c	1755	if (doResume ) {
wolfSSL	15:117db924cf7c	1756	int ret = 0;
wolfSSL	15:117db924cf7c	1757	SSL_SESSION* resume = GetSession(session->sslServer,
wolfSSL	15:117db924cf7c	1758	session->sslServer->arrays->masterSecret, 0);
wolfSSL	15:117db924cf7c	1759	if (resume == NULL) {
wolfSSL	15:117db924cf7c	1760	SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1761	return -1;
wolfSSL	15:117db924cf7c	1762	}
wolfSSL	15:117db924cf7c	1763	/* make sure client has master secret too */
wolfSSL	15:117db924cf7c	1764	XMEMCPY(session->sslClient->arrays->masterSecret,
wolfSSL	15:117db924cf7c	1765	session->sslServer->arrays->masterSecret, SECRET_LEN);
wolfSSL	15:117db924cf7c	1766	session->flags.resuming = 1;
wolfSSL	15:117db924cf7c	1767
wolfSSL	15:117db924cf7c	1768	Trace(SERVER_DID_RESUMPTION_STR);
wolfSSL	15:117db924cf7c	1769	if (SetCipherSpecs(session->sslServer) != 0) {
wolfSSL	15:117db924cf7c	1770	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1771	return -1;
wolfSSL	15:117db924cf7c	1772	}
wolfSSL	15:117db924cf7c	1773
wolfSSL	15:117db924cf7c	1774	if (SetCipherSpecs(session->sslClient) != 0) {
wolfSSL	15:117db924cf7c	1775	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1776	return -1;
wolfSSL	15:117db924cf7c	1777	}
wolfSSL	15:117db924cf7c	1778
wolfSSL	15:117db924cf7c	1779	if (session->sslServer->options.tls) {
wolfSSL	15:117db924cf7c	1780	ret = DeriveTlsKeys(session->sslServer);
wolfSSL	15:117db924cf7c	1781	ret += DeriveTlsKeys(session->sslClient);
wolfSSL	15:117db924cf7c	1782	}
wolfSSL	15:117db924cf7c	1783	else {
wolfSSL	15:117db924cf7c	1784	ret = DeriveKeys(session->sslServer);
wolfSSL	15:117db924cf7c	1785	ret += DeriveKeys(session->sslClient);
wolfSSL	15:117db924cf7c	1786	}
wolfSSL	15:117db924cf7c	1787	ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	15:117db924cf7c	1788	ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	15:117db924cf7c	1789
wolfSSL	15:117db924cf7c	1790	if (ret != 0) {
wolfSSL	15:117db924cf7c	1791	SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1792	return -1;
wolfSSL	15:117db924cf7c	1793	}
wolfSSL	15:117db924cf7c	1794	}
wolfSSL	15:117db924cf7c	1795	#ifdef SHOW_SECRETS
wolfSSL	15:117db924cf7c	1796	{
wolfSSL	15:117db924cf7c	1797	int i;
wolfSSL	15:117db924cf7c	1798	printf("cipher suite = 0x%02x\n",
wolfSSL	15:117db924cf7c	1799	session->sslServer->options.cipherSuite);
wolfSSL	15:117db924cf7c	1800	printf("server random: ");
wolfSSL	15:117db924cf7c	1801	for (i = 0; i < RAN_LEN; i++)
wolfSSL	15:117db924cf7c	1802	printf("%02x", session->sslServer->arrays->serverRandom[i]);
wolfSSL	15:117db924cf7c	1803	printf("\n");
wolfSSL	15:117db924cf7c	1804	}
wolfSSL	15:117db924cf7c	1805	#endif
wolfSSL	15:117db924cf7c	1806	return 0;
wolfSSL	15:117db924cf7c	1807	}
wolfSSL	15:117db924cf7c	1808
wolfSSL	15:117db924cf7c	1809
wolfSSL	15:117db924cf7c	1810	/* Process normal Client Hello */
wolfSSL	15:117db924cf7c	1811	static int ProcessClientHello(const byte* input, int* sslBytes,
wolfSSL	15:117db924cf7c	1812	SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	1813	{
wolfSSL	15:117db924cf7c	1814	byte bLen;
wolfSSL	15:117db924cf7c	1815	word16 len;
wolfSSL	15:117db924cf7c	1816	int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
wolfSSL	15:117db924cf7c	1817
wolfSSL	15:117db924cf7c	1818	#ifdef HAVE_SNI
wolfSSL	15:117db924cf7c	1819	{
wolfSSL	15:117db924cf7c	1820	byte name[MAX_SERVER_NAME];
wolfSSL	15:117db924cf7c	1821	word32 nameSz = sizeof(name);
wolfSSL	15:117db924cf7c	1822	int ret;
wolfSSL	15:117db924cf7c	1823
wolfSSL	15:117db924cf7c	1824	ret = wolfSSL_SNI_GetFromBuffer(
wolfSSL	15:117db924cf7c	1825	input - HANDSHAKE_HEADER_SZ - RECORD_HEADER_SZ,
wolfSSL	15:117db924cf7c	1826	*sslBytes + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ,
wolfSSL	15:117db924cf7c	1827	WOLFSSL_SNI_HOST_NAME, name, &nameSz);
wolfSSL	15:117db924cf7c	1828
wolfSSL	15:117db924cf7c	1829	if (ret == WOLFSSL_SUCCESS) {
wolfSSL	15:117db924cf7c	1830	NamedKey* namedKey;
wolfSSL	15:117db924cf7c	1831
wolfSSL	15:117db924cf7c	1832	if (nameSz > sizeof(name) - 1)
wolfSSL	15:117db924cf7c	1833	nameSz = sizeof(name) - 1;
wolfSSL	15:117db924cf7c	1834	name[nameSz] = 0;
wolfSSL	15:117db924cf7c	1835	wc_LockMutex(&session->context->namedKeysMutex);
wolfSSL	15:117db924cf7c	1836	namedKey = session->context->namedKeys;
wolfSSL	15:117db924cf7c	1837	while (namedKey != NULL) {
wolfSSL	15:117db924cf7c	1838	if (nameSz == namedKey->nameSz &&
wolfSSL	15:117db924cf7c	1839	XSTRNCMP((char*)name, namedKey->name, nameSz) == 0) {
wolfSSL	15:117db924cf7c	1840	if (wolfSSL_use_PrivateKey_buffer(session->sslServer,
wolfSSL	15:117db924cf7c	1841	namedKey->key, namedKey->keySz,
wolfSSL	15:117db924cf7c	1842	WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
wolfSSL	15:117db924cf7c	1843	wc_UnLockMutex(&session->context->namedKeysMutex);
wolfSSL	15:117db924cf7c	1844	SetError(CLIENT_HELLO_LATE_KEY_STR, error, session,
wolfSSL	15:117db924cf7c	1845	FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1846	return -1;
wolfSSL	15:117db924cf7c	1847	}
wolfSSL	15:117db924cf7c	1848	break;
wolfSSL	15:117db924cf7c	1849	}
wolfSSL	15:117db924cf7c	1850	else
wolfSSL	15:117db924cf7c	1851	namedKey = namedKey->next;
wolfSSL	15:117db924cf7c	1852	}
wolfSSL	15:117db924cf7c	1853	wc_UnLockMutex(&session->context->namedKeysMutex);
wolfSSL	15:117db924cf7c	1854	}
wolfSSL	15:117db924cf7c	1855	}
wolfSSL	15:117db924cf7c	1856	#endif
wolfSSL	15:117db924cf7c	1857
wolfSSL	15:117db924cf7c	1858	session->flags.clientHello = 1; /* don't process again */
wolfSSL	15:117db924cf7c	1859
wolfSSL	15:117db924cf7c	1860	/* make sure can read up to session len */
wolfSSL	15:117db924cf7c	1861	if (toRead > *sslBytes) {
wolfSSL	15:117db924cf7c	1862	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1863	return -1;
wolfSSL	15:117db924cf7c	1864	}
wolfSSL	15:117db924cf7c	1865
wolfSSL	15:117db924cf7c	1866	/* skip, get negotiated one from server hello */
wolfSSL	15:117db924cf7c	1867	input += VERSION_SZ;
wolfSSL	15:117db924cf7c	1868	*sslBytes -= VERSION_SZ;
wolfSSL	15:117db924cf7c	1869
wolfSSL	15:117db924cf7c	1870	XMEMCPY(session->sslServer->arrays->clientRandom, input, RAN_LEN);
wolfSSL	15:117db924cf7c	1871	XMEMCPY(session->sslClient->arrays->clientRandom, input, RAN_LEN);
wolfSSL	15:117db924cf7c	1872
wolfSSL	15:117db924cf7c	1873	input += RAN_LEN;
wolfSSL	15:117db924cf7c	1874	*sslBytes -= RAN_LEN;
wolfSSL	15:117db924cf7c	1875
wolfSSL	15:117db924cf7c	1876	/* store session in case trying to resume */
wolfSSL	15:117db924cf7c	1877	bLen = *input++;
wolfSSL	15:117db924cf7c	1878	*sslBytes -= ENUM_LEN;
wolfSSL	15:117db924cf7c	1879	if (bLen) {
wolfSSL	15:117db924cf7c	1880	if (ID_LEN > *sslBytes) {
wolfSSL	15:117db924cf7c	1881	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1882	return -1;
wolfSSL	15:117db924cf7c	1883	}
wolfSSL	15:117db924cf7c	1884	Trace(CLIENT_RESUME_TRY_STR);
wolfSSL	15:117db924cf7c	1885	XMEMCPY(session->sslClient->arrays->sessionID, input, ID_LEN);
wolfSSL	15:117db924cf7c	1886	session->sslClient->options.haveSessionId = 1;
wolfSSL	15:117db924cf7c	1887	}
wolfSSL	15:117db924cf7c	1888	#ifdef SHOW_SECRETS
wolfSSL	15:117db924cf7c	1889	{
wolfSSL	15:117db924cf7c	1890	int i;
wolfSSL	15:117db924cf7c	1891	printf("client random: ");
wolfSSL	15:117db924cf7c	1892	for (i = 0; i < RAN_LEN; i++)
wolfSSL	15:117db924cf7c	1893	printf("%02x", session->sslServer->arrays->clientRandom[i]);
wolfSSL	15:117db924cf7c	1894	printf("\n");
wolfSSL	15:117db924cf7c	1895	}
wolfSSL	15:117db924cf7c	1896	#endif
wolfSSL	15:117db924cf7c	1897
wolfSSL	15:117db924cf7c	1898	input += bLen;
wolfSSL	15:117db924cf7c	1899	*sslBytes -= bLen;
wolfSSL	15:117db924cf7c	1900
wolfSSL	15:117db924cf7c	1901	/* skip cipher suites */
wolfSSL	15:117db924cf7c	1902	/* make sure can read len */
wolfSSL	15:117db924cf7c	1903	if (SUITE_LEN > *sslBytes) {
wolfSSL	15:117db924cf7c	1904	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1905	return -1;
wolfSSL	15:117db924cf7c	1906	}
wolfSSL	15:117db924cf7c	1907	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	15:117db924cf7c	1908	input += SUITE_LEN;
wolfSSL	15:117db924cf7c	1909	*sslBytes -= SUITE_LEN;
wolfSSL	15:117db924cf7c	1910	/* make sure can read suites + comp len */
wolfSSL	15:117db924cf7c	1911	if (len + ENUM_LEN > *sslBytes) {
wolfSSL	15:117db924cf7c	1912	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1913	return -1;
wolfSSL	15:117db924cf7c	1914	}
wolfSSL	15:117db924cf7c	1915	input += len;
wolfSSL	15:117db924cf7c	1916	*sslBytes -= len;
wolfSSL	15:117db924cf7c	1917
wolfSSL	15:117db924cf7c	1918	/* skip compression */
wolfSSL	15:117db924cf7c	1919	bLen = *input++;
wolfSSL	15:117db924cf7c	1920	*sslBytes -= ENUM_LEN;
wolfSSL	15:117db924cf7c	1921	/* make sure can read len */
wolfSSL	15:117db924cf7c	1922	if (bLen > *sslBytes) {
wolfSSL	15:117db924cf7c	1923	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1924	return -1;
wolfSSL	15:117db924cf7c	1925	}
wolfSSL	15:117db924cf7c	1926	input += bLen;
wolfSSL	15:117db924cf7c	1927	*sslBytes -= bLen;
wolfSSL	15:117db924cf7c	1928
wolfSSL	15:117db924cf7c	1929	if (*sslBytes == 0) {
wolfSSL	15:117db924cf7c	1930	/* no extensions */
wolfSSL	15:117db924cf7c	1931	return 0;
wolfSSL	15:117db924cf7c	1932	}
wolfSSL	15:117db924cf7c	1933
wolfSSL	15:117db924cf7c	1934	/* skip extensions until session ticket */
wolfSSL	15:117db924cf7c	1935	/* make sure can read len */
wolfSSL	15:117db924cf7c	1936	if (SUITE_LEN > *sslBytes) {
wolfSSL	15:117db924cf7c	1937	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1938	return -1;
wolfSSL	15:117db924cf7c	1939	}
wolfSSL	15:117db924cf7c	1940	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	15:117db924cf7c	1941	input += SUITE_LEN;
wolfSSL	15:117db924cf7c	1942	*sslBytes -= SUITE_LEN;
wolfSSL	15:117db924cf7c	1943	/* make sure can read through all extensions */
wolfSSL	15:117db924cf7c	1944	if (len > *sslBytes) {
wolfSSL	15:117db924cf7c	1945	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1946	return -1;
wolfSSL	15:117db924cf7c	1947	}
wolfSSL	15:117db924cf7c	1948
wolfSSL	15:117db924cf7c	1949	while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
wolfSSL	15:117db924cf7c	1950	byte extType[EXT_TYPE_SZ];
wolfSSL	15:117db924cf7c	1951	word16 extLen;
wolfSSL	15:117db924cf7c	1952
wolfSSL	15:117db924cf7c	1953	extType[0] = input[0];
wolfSSL	15:117db924cf7c	1954	extType[1] = input[1];
wolfSSL	15:117db924cf7c	1955	input += EXT_TYPE_SZ;
wolfSSL	15:117db924cf7c	1956	*sslBytes -= EXT_TYPE_SZ;
wolfSSL	15:117db924cf7c	1957
wolfSSL	15:117db924cf7c	1958	extLen = (word16)((input[0] << 8) \| input[1]);
wolfSSL	15:117db924cf7c	1959	input += LENGTH_SZ;
wolfSSL	15:117db924cf7c	1960	*sslBytes -= LENGTH_SZ;
wolfSSL	15:117db924cf7c	1961
wolfSSL	15:117db924cf7c	1962	/* make sure can read through individual extension */
wolfSSL	15:117db924cf7c	1963	if (extLen > *sslBytes) {
wolfSSL	15:117db924cf7c	1964	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1965	return -1;
wolfSSL	15:117db924cf7c	1966	}
wolfSSL	15:117db924cf7c	1967
wolfSSL	15:117db924cf7c	1968	if (extType[0] == 0x00 && extType[1] == TICKET_EXT_ID) {
wolfSSL	15:117db924cf7c	1969
wolfSSL	15:117db924cf7c	1970	/* make sure can read through ticket if there is a non blank one */
wolfSSL	15:117db924cf7c	1971	if (extLen && extLen < ID_LEN) {
wolfSSL	15:117db924cf7c	1972	SetError(CLIENT_HELLO_INPUT_STR, error, session,
wolfSSL	15:117db924cf7c	1973	FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1974	return -1;
wolfSSL	15:117db924cf7c	1975	}
wolfSSL	15:117db924cf7c	1976
wolfSSL	15:117db924cf7c	1977	if (extLen) {
wolfSSL	15:117db924cf7c	1978	if (session->ticketID == 0) {
wolfSSL	15:117db924cf7c	1979	session->ticketID = (byte*)malloc(ID_LEN);
wolfSSL	15:117db924cf7c	1980	if (session->ticketID == 0) {
wolfSSL	15:117db924cf7c	1981	SetError(MEMORY_STR, error, session,
wolfSSL	15:117db924cf7c	1982	FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	1983	return -1;
wolfSSL	15:117db924cf7c	1984	}
wolfSSL	15:117db924cf7c	1985	}
wolfSSL	15:117db924cf7c	1986	XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN);
wolfSSL	15:117db924cf7c	1987	}
wolfSSL	15:117db924cf7c	1988	}
wolfSSL	15:117db924cf7c	1989
wolfSSL	15:117db924cf7c	1990	input += extLen;
wolfSSL	15:117db924cf7c	1991	*sslBytes -= extLen;
wolfSSL	15:117db924cf7c	1992	len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
wolfSSL	15:117db924cf7c	1993	}
wolfSSL	15:117db924cf7c	1994
wolfSSL	15:117db924cf7c	1995	return 0;
wolfSSL	15:117db924cf7c	1996	}
wolfSSL	15:117db924cf7c	1997
wolfSSL	15:117db924cf7c	1998
wolfSSL	15:117db924cf7c	1999	/* Process Finished */
wolfSSL	15:117db924cf7c	2000	static int ProcessFinished(const byte* input, int size, int* sslBytes,
wolfSSL	15:117db924cf7c	2001	SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	2002	{
wolfSSL	15:117db924cf7c	2003	SSL* ssl;
wolfSSL	15:117db924cf7c	2004	word32 inOutIdx = 0;
wolfSSL	15:117db924cf7c	2005	int ret;
wolfSSL	15:117db924cf7c	2006
wolfSSL	15:117db924cf7c	2007	if (session->flags.side == WOLFSSL_SERVER_END)
wolfSSL	15:117db924cf7c	2008	ssl = session->sslServer;
wolfSSL	15:117db924cf7c	2009	else
wolfSSL	15:117db924cf7c	2010	ssl = session->sslClient;
wolfSSL	15:117db924cf7c	2011
wolfSSL	15:117db924cf7c	2012	ret = DoFinished(ssl, input, &inOutIdx, (word32) size, (word32) *sslBytes,
wolfSSL	15:117db924cf7c	2013	SNIFF);
wolfSSL	15:117db924cf7c	2014	*sslBytes -= (int)inOutIdx;
wolfSSL	15:117db924cf7c	2015
wolfSSL	15:117db924cf7c	2016	if (ret < 0) {
wolfSSL	15:117db924cf7c	2017	SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2018	return ret;
wolfSSL	15:117db924cf7c	2019	}
wolfSSL	15:117db924cf7c	2020
wolfSSL	15:117db924cf7c	2021	if (ret == 0 && session->flags.cached == 0) {
wolfSSL	15:117db924cf7c	2022	if (session->sslServer->options.haveSessionId) {
wolfSSL	15:117db924cf7c	2023	WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0);
wolfSSL	15:117db924cf7c	2024	if (sess == NULL)
wolfSSL	15:117db924cf7c	2025	AddSession(session->sslServer); /* don't re add */
wolfSSL	15:117db924cf7c	2026	session->flags.cached = 1;
wolfSSL	15:117db924cf7c	2027	}
wolfSSL	15:117db924cf7c	2028	}
wolfSSL	15:117db924cf7c	2029
wolfSSL	15:117db924cf7c	2030	/* If receiving a finished message from one side, free the resources
wolfSSL	15:117db924cf7c	2031	* from the other side's tracker. */
wolfSSL	15:117db924cf7c	2032	if (session->flags.side == WOLFSSL_SERVER_END)
wolfSSL	15:117db924cf7c	2033	FreeHandshakeResources(session->sslClient);
wolfSSL	15:117db924cf7c	2034	else
wolfSSL	15:117db924cf7c	2035	FreeHandshakeResources(session->sslServer);
wolfSSL	15:117db924cf7c	2036
wolfSSL	15:117db924cf7c	2037	return ret;
wolfSSL	15:117db924cf7c	2038	}
wolfSSL	15:117db924cf7c	2039
wolfSSL	15:117db924cf7c	2040
wolfSSL	15:117db924cf7c	2041	/* Process HandShake input */
wolfSSL	15:117db924cf7c	2042	static int DoHandShake(const byte* input, int* sslBytes,
wolfSSL	15:117db924cf7c	2043	SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	2044	{
wolfSSL	15:117db924cf7c	2045	byte type;
wolfSSL	15:117db924cf7c	2046	int size;
wolfSSL	15:117db924cf7c	2047	int ret = 0;
wolfSSL	15:117db924cf7c	2048	int startBytes;
wolfSSL	15:117db924cf7c	2049
wolfSSL	15:117db924cf7c	2050	if (*sslBytes < HANDSHAKE_HEADER_SZ) {
wolfSSL	15:117db924cf7c	2051	SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2052	return -1;
wolfSSL	15:117db924cf7c	2053	}
wolfSSL	15:117db924cf7c	2054	type = input[0];
wolfSSL	15:117db924cf7c	2055	size = (input[1] << 16) \| (input[2] << 8) \| input[3];
wolfSSL	15:117db924cf7c	2056
wolfSSL	15:117db924cf7c	2057	input += HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	2058	*sslBytes -= HANDSHAKE_HEADER_SZ;
wolfSSL	15:117db924cf7c	2059	startBytes = *sslBytes;
wolfSSL	15:117db924cf7c	2060
wolfSSL	15:117db924cf7c	2061	if (*sslBytes < size) {
wolfSSL	15:117db924cf7c	2062	SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2063	return -1;
wolfSSL	15:117db924cf7c	2064	}
wolfSSL	15:117db924cf7c	2065
wolfSSL	15:117db924cf7c	2066	/* A session's arrays are released when the handshake is completed. */
wolfSSL	15:117db924cf7c	2067	if (session->sslServer->arrays == NULL &&
wolfSSL	15:117db924cf7c	2068	session->sslClient->arrays == NULL) {
wolfSSL	15:117db924cf7c	2069
wolfSSL	15:117db924cf7c	2070	SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2071	return -1;
wolfSSL	15:117db924cf7c	2072	}
wolfSSL	15:117db924cf7c	2073
wolfSSL	15:117db924cf7c	2074	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	2075	if (session->hash) {
wolfSSL	15:117db924cf7c	2076	if (HashUpdate(session->hash, input, size) != 0) {
wolfSSL	15:117db924cf7c	2077	SetError(EXTENDED_MASTER_HASH_STR, error,
wolfSSL	15:117db924cf7c	2078	session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2079	return -1;
wolfSSL	15:117db924cf7c	2080	}
wolfSSL	15:117db924cf7c	2081	}
wolfSSL	15:117db924cf7c	2082	#endif
wolfSSL	15:117db924cf7c	2083
wolfSSL	15:117db924cf7c	2084	switch (type) {
wolfSSL	15:117db924cf7c	2085	case hello_verify_request:
wolfSSL	15:117db924cf7c	2086	Trace(GOT_HELLO_VERIFY_STR);
wolfSSL	15:117db924cf7c	2087	break;
wolfSSL	15:117db924cf7c	2088	case hello_request:
wolfSSL	15:117db924cf7c	2089	Trace(GOT_HELLO_REQUEST_STR);
wolfSSL	15:117db924cf7c	2090	break;
wolfSSL	15:117db924cf7c	2091	case session_ticket:
wolfSSL	15:117db924cf7c	2092	Trace(GOT_SESSION_TICKET_STR);
wolfSSL	15:117db924cf7c	2093	ret = ProcessSessionTicket(input, sslBytes, session, error);
wolfSSL	15:117db924cf7c	2094	break;
wolfSSL	15:117db924cf7c	2095	case server_hello:
wolfSSL	15:117db924cf7c	2096	Trace(GOT_SERVER_HELLO_STR);
wolfSSL	15:117db924cf7c	2097	ret = ProcessServerHello(size, input, sslBytes, session, error);
wolfSSL	15:117db924cf7c	2098	break;
wolfSSL	15:117db924cf7c	2099	case certificate_request:
wolfSSL	15:117db924cf7c	2100	Trace(GOT_CERT_REQ_STR);
wolfSSL	15:117db924cf7c	2101	break;
wolfSSL	15:117db924cf7c	2102	case server_key_exchange:
wolfSSL	15:117db924cf7c	2103	Trace(GOT_SERVER_KEY_EX_STR);
wolfSSL	15:117db924cf7c	2104	/* can't know temp key passively */
wolfSSL	15:117db924cf7c	2105	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2106	ret = -1;
wolfSSL	15:117db924cf7c	2107	break;
wolfSSL	15:117db924cf7c	2108	case certificate:
wolfSSL	15:117db924cf7c	2109	Trace(GOT_CERT_STR);
wolfSSL	15:117db924cf7c	2110	break;
wolfSSL	15:117db924cf7c	2111	case server_hello_done:
wolfSSL	15:117db924cf7c	2112	Trace(GOT_SERVER_HELLO_DONE_STR);
wolfSSL	15:117db924cf7c	2113	break;
wolfSSL	15:117db924cf7c	2114	case finished:
wolfSSL	15:117db924cf7c	2115	Trace(GOT_FINISHED_STR);
wolfSSL	15:117db924cf7c	2116	ret = ProcessFinished(input, size, sslBytes, session, error);
wolfSSL	15:117db924cf7c	2117	break;
wolfSSL	15:117db924cf7c	2118	case client_hello:
wolfSSL	15:117db924cf7c	2119	Trace(GOT_CLIENT_HELLO_STR);
wolfSSL	15:117db924cf7c	2120	ret = ProcessClientHello(input, sslBytes, session, error);
wolfSSL	15:117db924cf7c	2121	break;
wolfSSL	15:117db924cf7c	2122	case client_key_exchange:
wolfSSL	15:117db924cf7c	2123	Trace(GOT_CLIENT_KEY_EX_STR);
wolfSSL	15:117db924cf7c	2124	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	2125	if (session->flags.expectEms && session->hash != NULL) {
wolfSSL	15:117db924cf7c	2126	if (HashCopy(session->sslServer->hsHashes,
wolfSSL	15:117db924cf7c	2127	session->hash) == 0 &&
wolfSSL	15:117db924cf7c	2128	HashCopy(session->sslClient->hsHashes,
wolfSSL	15:117db924cf7c	2129	session->hash) == 0) {
wolfSSL	15:117db924cf7c	2130
wolfSSL	15:117db924cf7c	2131	session->sslServer->options.haveEMS = 1;
wolfSSL	15:117db924cf7c	2132	session->sslClient->options.haveEMS = 1;
wolfSSL	15:117db924cf7c	2133	}
wolfSSL	15:117db924cf7c	2134	else {
wolfSSL	15:117db924cf7c	2135	SetError(EXTENDED_MASTER_HASH_STR, error,
wolfSSL	15:117db924cf7c	2136	session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2137	ret = -1;
wolfSSL	15:117db924cf7c	2138	}
wolfSSL	15:117db924cf7c	2139	XMEMSET(session->hash, 0, sizeof(HsHashes));
wolfSSL	15:117db924cf7c	2140	free(session->hash);
wolfSSL	15:117db924cf7c	2141	session->hash = NULL;
wolfSSL	15:117db924cf7c	2142	}
wolfSSL	15:117db924cf7c	2143	else {
wolfSSL	15:117db924cf7c	2144	session->sslServer->options.haveEMS = 0;
wolfSSL	15:117db924cf7c	2145	session->sslClient->options.haveEMS = 0;
wolfSSL	15:117db924cf7c	2146	}
wolfSSL	15:117db924cf7c	2147	#endif
wolfSSL	15:117db924cf7c	2148	if (ret == 0)
wolfSSL	15:117db924cf7c	2149	ret = ProcessClientKeyExchange(input, sslBytes, session, error);
wolfSSL	15:117db924cf7c	2150	break;
wolfSSL	15:117db924cf7c	2151	case certificate_verify:
wolfSSL	15:117db924cf7c	2152	Trace(GOT_CERT_VER_STR);
wolfSSL	15:117db924cf7c	2153	break;
wolfSSL	15:117db924cf7c	2154	case certificate_status:
wolfSSL	15:117db924cf7c	2155	Trace(GOT_CERT_STATUS_STR);
wolfSSL	15:117db924cf7c	2156	break;
wolfSSL	15:117db924cf7c	2157	default:
wolfSSL	15:117db924cf7c	2158	SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0);
wolfSSL	15:117db924cf7c	2159	return -1;
wolfSSL	15:117db924cf7c	2160	}
wolfSSL	15:117db924cf7c	2161
wolfSSL	15:117db924cf7c	2162	sslBytes = startBytes - size; / actual bytes of full process */
wolfSSL	15:117db924cf7c	2163
wolfSSL	15:117db924cf7c	2164	return ret;
wolfSSL	15:117db924cf7c	2165	}
wolfSSL	15:117db924cf7c	2166
wolfSSL	15:117db924cf7c	2167
wolfSSL	15:117db924cf7c	2168	/* Decrypt input into plain output, 0 on success */
wolfSSL	15:117db924cf7c	2169	static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
wolfSSL	15:117db924cf7c	2170	{
wolfSSL	15:117db924cf7c	2171	int ret = 0;
wolfSSL	15:117db924cf7c	2172
wolfSSL	15:117db924cf7c	2173	(void)output;
wolfSSL	15:117db924cf7c	2174	(void)input;
wolfSSL	15:117db924cf7c	2175	(void)sz;
wolfSSL	15:117db924cf7c	2176
wolfSSL	15:117db924cf7c	2177	switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL	15:117db924cf7c	2178	#ifdef BUILD_ARC4
wolfSSL	15:117db924cf7c	2179	case wolfssl_rc4:
wolfSSL	15:117db924cf7c	2180	wc_Arc4Process(ssl->decrypt.arc4, output, input, sz);
wolfSSL	15:117db924cf7c	2181	break;
wolfSSL	15:117db924cf7c	2182	#endif
wolfSSL	15:117db924cf7c	2183
wolfSSL	15:117db924cf7c	2184	#ifdef BUILD_DES3
wolfSSL	15:117db924cf7c	2185	case wolfssl_triple_des:
wolfSSL	15:117db924cf7c	2186	ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
wolfSSL	15:117db924cf7c	2187	break;
wolfSSL	15:117db924cf7c	2188	#endif
wolfSSL	15:117db924cf7c	2189
wolfSSL	15:117db924cf7c	2190	#ifdef BUILD_AES
wolfSSL	15:117db924cf7c	2191	case wolfssl_aes:
wolfSSL	15:117db924cf7c	2192	ret = wc_AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
wolfSSL	15:117db924cf7c	2193	break;
wolfSSL	15:117db924cf7c	2194	#endif
wolfSSL	15:117db924cf7c	2195
wolfSSL	15:117db924cf7c	2196	#ifdef HAVE_HC128
wolfSSL	15:117db924cf7c	2197	case wolfssl_hc128:
wolfSSL	15:117db924cf7c	2198	wc_Hc128_Process(ssl->decrypt.hc128, output, input, sz);
wolfSSL	15:117db924cf7c	2199	break;
wolfSSL	15:117db924cf7c	2200	#endif
wolfSSL	15:117db924cf7c	2201
wolfSSL	15:117db924cf7c	2202	#ifdef BUILD_RABBIT
wolfSSL	15:117db924cf7c	2203	case wolfssl_rabbit:
wolfSSL	15:117db924cf7c	2204	wc_RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
wolfSSL	15:117db924cf7c	2205	break;
wolfSSL	15:117db924cf7c	2206	#endif
wolfSSL	15:117db924cf7c	2207
wolfSSL	15:117db924cf7c	2208	#ifdef HAVE_CAMELLIA
wolfSSL	15:117db924cf7c	2209	case wolfssl_camellia:
wolfSSL	15:117db924cf7c	2210	wc_CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
wolfSSL	15:117db924cf7c	2211	break;
wolfSSL	15:117db924cf7c	2212	#endif
wolfSSL	15:117db924cf7c	2213
wolfSSL	15:117db924cf7c	2214	#ifdef HAVE_IDEA
wolfSSL	15:117db924cf7c	2215	case wolfssl_idea:
wolfSSL	15:117db924cf7c	2216	wc_IdeaCbcDecrypt(ssl->decrypt.idea, output, input, sz);
wolfSSL	15:117db924cf7c	2217	break;
wolfSSL	15:117db924cf7c	2218	#endif
wolfSSL	15:117db924cf7c	2219
wolfSSL	15:117db924cf7c	2220	#ifdef HAVE_AESGCM
wolfSSL	15:117db924cf7c	2221	case wolfssl_aes_gcm:
wolfSSL	15:117db924cf7c	2222	if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size))
wolfSSL	15:117db924cf7c	2223	{
wolfSSL	15:117db924cf7c	2224	/* scratch buffer, sniffer ignores auth tag*/
wolfSSL	15:117db924cf7c	2225	byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
wolfSSL	15:117db924cf7c	2226
wolfSSL	15:117db924cf7c	2227	byte nonce[AESGCM_NONCE_SZ];
wolfSSL	15:117db924cf7c	2228	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL	15:117db924cf7c	2229	XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
wolfSSL	15:117db924cf7c	2230
wolfSSL	15:117db924cf7c	2231	if (wc_AesGcmEncrypt(ssl->decrypt.aes,
wolfSSL	15:117db924cf7c	2232	output,
wolfSSL	15:117db924cf7c	2233	input + AESGCM_EXP_IV_SZ,
wolfSSL	15:117db924cf7c	2234	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	15:117db924cf7c	2235	nonce, AESGCM_NONCE_SZ,
wolfSSL	15:117db924cf7c	2236	authTag, sizeof(authTag),
wolfSSL	15:117db924cf7c	2237	NULL, 0) < 0) {
wolfSSL	15:117db924cf7c	2238	Trace(BAD_DECRYPT);
wolfSSL	15:117db924cf7c	2239	ret = -1;
wolfSSL	15:117db924cf7c	2240	}
wolfSSL	15:117db924cf7c	2241	ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL	15:117db924cf7c	2242	}
wolfSSL	15:117db924cf7c	2243	else {
wolfSSL	15:117db924cf7c	2244	Trace(BAD_DECRYPT_SIZE);
wolfSSL	15:117db924cf7c	2245	ret = -1;
wolfSSL	15:117db924cf7c	2246	}
wolfSSL	15:117db924cf7c	2247	break;
wolfSSL	15:117db924cf7c	2248	#endif
wolfSSL	15:117db924cf7c	2249
wolfSSL	15:117db924cf7c	2250	default:
wolfSSL	15:117db924cf7c	2251	Trace(BAD_DECRYPT_TYPE);
wolfSSL	15:117db924cf7c	2252	ret = -1;
wolfSSL	15:117db924cf7c	2253	break;
wolfSSL	15:117db924cf7c	2254	}
wolfSSL	15:117db924cf7c	2255
wolfSSL	15:117db924cf7c	2256	return ret;
wolfSSL	15:117db924cf7c	2257	}
wolfSSL	15:117db924cf7c	2258
wolfSSL	15:117db924cf7c	2259
wolfSSL	15:117db924cf7c	2260	/* Decrypt input message into output, adjust output steam if needed */
wolfSSL	15:117db924cf7c	2261	static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
wolfSSL	15:117db924cf7c	2262	byte* output, int* error, int* advance)
wolfSSL	15:117db924cf7c	2263	{
wolfSSL	15:117db924cf7c	2264	int ivExtra = 0;
wolfSSL	15:117db924cf7c	2265
wolfSSL	15:117db924cf7c	2266	int ret = Decrypt(ssl, output, input, sz);
wolfSSL	15:117db924cf7c	2267	if (ret != 0) {
wolfSSL	15:117db924cf7c	2268	*error = ret;
wolfSSL	15:117db924cf7c	2269	return NULL;
wolfSSL	15:117db924cf7c	2270	}
wolfSSL	15:117db924cf7c	2271	ssl->keys.encryptSz = sz;
wolfSSL	15:117db924cf7c	2272	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
wolfSSL	15:117db924cf7c	2273	output += ssl->specs.block_size; /* go past TLSv1.1 IV */
wolfSSL	15:117db924cf7c	2274	ivExtra = ssl->specs.block_size;
wolfSSL	15:117db924cf7c	2275	*advance = ssl->specs.block_size;
wolfSSL	15:117db924cf7c	2276	}
wolfSSL	15:117db924cf7c	2277
wolfSSL	15:117db924cf7c	2278	if (ssl->specs.cipher_type == aead) {
wolfSSL	15:117db924cf7c	2279	*advance = ssl->specs.aead_mac_size;
wolfSSL	15:117db924cf7c	2280	ssl->keys.padSz = ssl->specs.aead_mac_size;
wolfSSL	15:117db924cf7c	2281	}
wolfSSL	15:117db924cf7c	2282	else
wolfSSL	15:117db924cf7c	2283	ssl->keys.padSz = ssl->specs.hash_size;
wolfSSL	15:117db924cf7c	2284
wolfSSL	15:117db924cf7c	2285	if (ssl->specs.cipher_type == block)
wolfSSL	15:117db924cf7c	2286	ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
wolfSSL	15:117db924cf7c	2287
wolfSSL	15:117db924cf7c	2288	return output;
wolfSSL	15:117db924cf7c	2289	}
wolfSSL	15:117db924cf7c	2290
wolfSSL	15:117db924cf7c	2291
wolfSSL	15:117db924cf7c	2292	/* remove session from table, use rowHint if no info (means we have a lock) */
wolfSSL	15:117db924cf7c	2293	static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
wolfSSL	15:117db924cf7c	2294	TcpInfo* tcpInfo, word32 rowHint)
wolfSSL	15:117db924cf7c	2295	{
wolfSSL	15:117db924cf7c	2296	SnifferSession* previous = 0;
wolfSSL	15:117db924cf7c	2297	SnifferSession* current;
wolfSSL	15:117db924cf7c	2298	word32 row = rowHint;
wolfSSL	15:117db924cf7c	2299	int haveLock = 0;
wolfSSL	15:117db924cf7c	2300
wolfSSL	15:117db924cf7c	2301	if (ipInfo && tcpInfo)
wolfSSL	15:117db924cf7c	2302	row = SessionHash(ipInfo, tcpInfo);
wolfSSL	15:117db924cf7c	2303	else
wolfSSL	15:117db924cf7c	2304	haveLock = 1;
wolfSSL	15:117db924cf7c	2305
wolfSSL	15:117db924cf7c	2306	assert(row <= HASH_SIZE);
wolfSSL	15:117db924cf7c	2307	Trace(REMOVE_SESSION_STR);
wolfSSL	15:117db924cf7c	2308
wolfSSL	15:117db924cf7c	2309	if (!haveLock)
wolfSSL	15:117db924cf7c	2310	wc_LockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	2311
wolfSSL	15:117db924cf7c	2312	current = SessionTable[row];
wolfSSL	15:117db924cf7c	2313
wolfSSL	15:117db924cf7c	2314	while (current) {
wolfSSL	15:117db924cf7c	2315	if (current == session) {
wolfSSL	15:117db924cf7c	2316	if (previous)
wolfSSL	15:117db924cf7c	2317	previous->next = current->next;
wolfSSL	15:117db924cf7c	2318	else
wolfSSL	15:117db924cf7c	2319	SessionTable[row] = current->next;
wolfSSL	15:117db924cf7c	2320	FreeSnifferSession(session);
wolfSSL	15:117db924cf7c	2321	TraceRemovedSession();
wolfSSL	15:117db924cf7c	2322	break;
wolfSSL	15:117db924cf7c	2323	}
wolfSSL	15:117db924cf7c	2324	previous = current;
wolfSSL	15:117db924cf7c	2325	current = current->next;
wolfSSL	15:117db924cf7c	2326	}
wolfSSL	15:117db924cf7c	2327
wolfSSL	15:117db924cf7c	2328	if (!haveLock)
wolfSSL	15:117db924cf7c	2329	wc_UnLockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	2330	}
wolfSSL	15:117db924cf7c	2331
wolfSSL	15:117db924cf7c	2332
wolfSSL	15:117db924cf7c	2333	/* Remove stale sessions from the Session Table, have a lock */
wolfSSL	15:117db924cf7c	2334	static void RemoveStaleSessions(void)
wolfSSL	15:117db924cf7c	2335	{
wolfSSL	15:117db924cf7c	2336	word32 i;
wolfSSL	15:117db924cf7c	2337	SnifferSession* session;
wolfSSL	15:117db924cf7c	2338
wolfSSL	15:117db924cf7c	2339	for (i = 0; i < HASH_SIZE; i++) {
wolfSSL	15:117db924cf7c	2340	session = SessionTable[i];
wolfSSL	15:117db924cf7c	2341	while (session) {
wolfSSL	15:117db924cf7c	2342	SnifferSession* next = session->next;
wolfSSL	15:117db924cf7c	2343	if (time(NULL) >= session->lastUsed + WOLFSSL_SNIFFER_TIMEOUT) {
wolfSSL	15:117db924cf7c	2344	TraceStaleSession();
wolfSSL	15:117db924cf7c	2345	RemoveSession(session, NULL, NULL, i);
wolfSSL	15:117db924cf7c	2346	}
wolfSSL	15:117db924cf7c	2347	session = next;
wolfSSL	15:117db924cf7c	2348	}
wolfSSL	15:117db924cf7c	2349	}
wolfSSL	15:117db924cf7c	2350	}
wolfSSL	15:117db924cf7c	2351
wolfSSL	15:117db924cf7c	2352
wolfSSL	15:117db924cf7c	2353	/* Create a new Sniffer Session */
wolfSSL	15:117db924cf7c	2354	static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	15:117db924cf7c	2355	char* error)
wolfSSL	15:117db924cf7c	2356	{
wolfSSL	15:117db924cf7c	2357	SnifferSession* session = 0;
wolfSSL	15:117db924cf7c	2358	int row;
wolfSSL	15:117db924cf7c	2359
wolfSSL	15:117db924cf7c	2360	Trace(NEW_SESSION_STR);
wolfSSL	15:117db924cf7c	2361	/* create a new one */
wolfSSL	15:117db924cf7c	2362	session = (SnifferSession*)malloc(sizeof(SnifferSession));
wolfSSL	15:117db924cf7c	2363	if (session == NULL) {
wolfSSL	15:117db924cf7c	2364	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2365	return 0;
wolfSSL	15:117db924cf7c	2366	}
wolfSSL	15:117db924cf7c	2367	InitSession(session);
wolfSSL	15:117db924cf7c	2368	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	15:117db924cf7c	2369	{
wolfSSL	15:117db924cf7c	2370	HsHashes* newHash = (HsHashes*)malloc(sizeof(HsHashes));
wolfSSL	15:117db924cf7c	2371	if (newHash == NULL) {
wolfSSL	15:117db924cf7c	2372	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2373	free(session);
wolfSSL	15:117db924cf7c	2374	return 0;
wolfSSL	15:117db924cf7c	2375	}
wolfSSL	15:117db924cf7c	2376	if (HashInit(newHash) != 0) {
wolfSSL	15:117db924cf7c	2377	SetError(EXTENDED_MASTER_HASH_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2378	free(session);
wolfSSL	15:117db924cf7c	2379	return 0;
wolfSSL	15:117db924cf7c	2380	}
wolfSSL	15:117db924cf7c	2381	session->hash = newHash;
wolfSSL	15:117db924cf7c	2382	}
wolfSSL	15:117db924cf7c	2383	#endif
wolfSSL	15:117db924cf7c	2384	session->server = ipInfo->dst;
wolfSSL	15:117db924cf7c	2385	session->client = ipInfo->src;
wolfSSL	15:117db924cf7c	2386	session->srvPort = (word16)tcpInfo->dstPort;
wolfSSL	15:117db924cf7c	2387	session->cliPort = (word16)tcpInfo->srcPort;
wolfSSL	15:117db924cf7c	2388	session->cliSeqStart = tcpInfo->sequence;
wolfSSL	15:117db924cf7c	2389	session->cliExpected = 1; /* relative */
wolfSSL	15:117db924cf7c	2390	session->lastUsed= time(NULL);
wolfSSL	15:117db924cf7c	2391
wolfSSL	15:117db924cf7c	2392	session->context = GetSnifferServer(ipInfo, tcpInfo);
wolfSSL	15:117db924cf7c	2393	if (session->context == NULL) {
wolfSSL	15:117db924cf7c	2394	SetError(SERVER_NOT_REG_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2395	free(session);
wolfSSL	15:117db924cf7c	2396	return 0;
wolfSSL	15:117db924cf7c	2397	}
wolfSSL	15:117db924cf7c	2398
wolfSSL	15:117db924cf7c	2399	session->sslServer = SSL_new(session->context->ctx);
wolfSSL	15:117db924cf7c	2400	if (session->sslServer == NULL) {
wolfSSL	15:117db924cf7c	2401	SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2402	free(session);
wolfSSL	15:117db924cf7c	2403	return 0;
wolfSSL	15:117db924cf7c	2404	}
wolfSSL	15:117db924cf7c	2405	session->sslClient = SSL_new(session->context->ctx);
wolfSSL	15:117db924cf7c	2406	if (session->sslClient == NULL) {
wolfSSL	15:117db924cf7c	2407	SSL_free(session->sslServer);
wolfSSL	15:117db924cf7c	2408	session->sslServer = 0;
wolfSSL	15:117db924cf7c	2409
wolfSSL	15:117db924cf7c	2410	SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2411	free(session);
wolfSSL	15:117db924cf7c	2412	return 0;
wolfSSL	15:117db924cf7c	2413	}
wolfSSL	15:117db924cf7c	2414	/* put server back into server mode */
wolfSSL	15:117db924cf7c	2415	session->sslServer->options.side = WOLFSSL_SERVER_END;
wolfSSL	15:117db924cf7c	2416
wolfSSL	15:117db924cf7c	2417	row = SessionHash(ipInfo, tcpInfo);
wolfSSL	15:117db924cf7c	2418
wolfSSL	15:117db924cf7c	2419	/* add it to the session table */
wolfSSL	15:117db924cf7c	2420	wc_LockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	2421
wolfSSL	15:117db924cf7c	2422	session->next = SessionTable[row];
wolfSSL	15:117db924cf7c	2423	SessionTable[row] = session;
wolfSSL	15:117db924cf7c	2424
wolfSSL	15:117db924cf7c	2425	SessionCount++;
wolfSSL	15:117db924cf7c	2426
wolfSSL	15:117db924cf7c	2427	if ( (SessionCount % HASH_SIZE) == 0) {
wolfSSL	15:117db924cf7c	2428	TraceFindingStale();
wolfSSL	15:117db924cf7c	2429	RemoveStaleSessions();
wolfSSL	15:117db924cf7c	2430	}
wolfSSL	15:117db924cf7c	2431
wolfSSL	15:117db924cf7c	2432	wc_UnLockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	2433
wolfSSL	15:117db924cf7c	2434	/* determine headed side */
wolfSSL	15:117db924cf7c	2435	if (ipInfo->dst == session->context->server &&
wolfSSL	15:117db924cf7c	2436	tcpInfo->dstPort == session->context->port)
wolfSSL	15:117db924cf7c	2437	session->flags.side = WOLFSSL_SERVER_END;
wolfSSL	15:117db924cf7c	2438	else
wolfSSL	15:117db924cf7c	2439	session->flags.side = WOLFSSL_CLIENT_END;
wolfSSL	15:117db924cf7c	2440
wolfSSL	15:117db924cf7c	2441	return session;
wolfSSL	15:117db924cf7c	2442	}
wolfSSL	15:117db924cf7c	2443
wolfSSL	15:117db924cf7c	2444
wolfSSL	15:117db924cf7c	2445	#ifdef OLD_HELLO_ALLOWED
wolfSSL	15:117db924cf7c	2446
wolfSSL	15:117db924cf7c	2447	/* Process Old Client Hello Input */
wolfSSL	15:117db924cf7c	2448	static int DoOldHello(SnifferSession* session, const byte* sslFrame,
wolfSSL	15:117db924cf7c	2449	int* rhSize, int* sslBytes, char* error)
wolfSSL	15:117db924cf7c	2450	{
wolfSSL	15:117db924cf7c	2451	const byte* input = sslFrame;
wolfSSL	15:117db924cf7c	2452	byte b0, b1;
wolfSSL	15:117db924cf7c	2453	word32 idx = 0;
wolfSSL	15:117db924cf7c	2454	int ret;
wolfSSL	15:117db924cf7c	2455
wolfSSL	15:117db924cf7c	2456	Trace(GOT_OLD_CLIENT_HELLO_STR);
wolfSSL	15:117db924cf7c	2457	session->flags.clientHello = 1; /* don't process again */
wolfSSL	15:117db924cf7c	2458	b0 = *input++;
wolfSSL	15:117db924cf7c	2459	b1 = *input++;
wolfSSL	15:117db924cf7c	2460	*sslBytes -= 2;
wolfSSL	15:117db924cf7c	2461	*rhSize = ((b0 & 0x7f) << 8) \| b1;
wolfSSL	15:117db924cf7c	2462
wolfSSL	15:117db924cf7c	2463	if (rhSize > sslBytes) {
wolfSSL	15:117db924cf7c	2464	SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2465	return -1;
wolfSSL	15:117db924cf7c	2466	}
wolfSSL	15:117db924cf7c	2467
wolfSSL	15:117db924cf7c	2468	ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
wolfSSL	15:117db924cf7c	2469	(word16)*rhSize);
wolfSSL	15:117db924cf7c	2470	if (ret < 0 && ret != MATCH_SUITE_ERROR) {
wolfSSL	15:117db924cf7c	2471	SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2472	return -1;
wolfSSL	15:117db924cf7c	2473	}
wolfSSL	15:117db924cf7c	2474
wolfSSL	15:117db924cf7c	2475	Trace(OLD_CLIENT_OK_STR);
wolfSSL	15:117db924cf7c	2476	XMEMCPY(session->sslClient->arrays->clientRandom,
wolfSSL	15:117db924cf7c	2477	session->sslServer->arrays->clientRandom, RAN_LEN);
wolfSSL	15:117db924cf7c	2478
wolfSSL	15:117db924cf7c	2479	sslBytes -= rhSize;
wolfSSL	15:117db924cf7c	2480	return 0;
wolfSSL	15:117db924cf7c	2481	}
wolfSSL	15:117db924cf7c	2482
wolfSSL	15:117db924cf7c	2483	#endif /* OLD_HELLO_ALLOWED */
wolfSSL	15:117db924cf7c	2484
wolfSSL	15:117db924cf7c	2485
wolfSSL	15:117db924cf7c	2486	#if 0
wolfSSL	15:117db924cf7c	2487	/* Calculate the TCP checksum, see RFC 1071 */
wolfSSL	15:117db924cf7c	2488	/* return 0 for success, -1 on error */
wolfSSL	15:117db924cf7c	2489	/* can be called from decode() with
wolfSSL	15:117db924cf7c	2490	TcpChecksum(&ipInfo, &tcpInfo, sslBytes, packet + ipInfo.length);
wolfSSL	15:117db924cf7c	2491	could also add a 64bit version if type available and using this
wolfSSL	15:117db924cf7c	2492	*/
wolfSSL	15:117db924cf7c	2493	int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
wolfSSL	15:117db924cf7c	2494	const byte* packet)
wolfSSL	15:117db924cf7c	2495	{
wolfSSL	15:117db924cf7c	2496	TcpPseudoHdr pseudo;
wolfSSL	15:117db924cf7c	2497	int count = PSEUDO_HDR_SZ;
wolfSSL	15:117db924cf7c	2498	const word16* data = (word16*)&pseudo;
wolfSSL	15:117db924cf7c	2499	word32 sum = 0;
wolfSSL	15:117db924cf7c	2500	word16 checksum;
wolfSSL	15:117db924cf7c	2501
wolfSSL	15:117db924cf7c	2502	pseudo.src = ipInfo->src;
wolfSSL	15:117db924cf7c	2503	pseudo.dst = ipInfo->dst;
wolfSSL	15:117db924cf7c	2504	pseudo.rsv = 0;
wolfSSL	15:117db924cf7c	2505	pseudo.protocol = TCP_PROTO;
wolfSSL	15:117db924cf7c	2506	pseudo.length = htons(tcpInfo->length + dataLen);
wolfSSL	15:117db924cf7c	2507
wolfSSL	15:117db924cf7c	2508	/* pseudo header sum */
wolfSSL	15:117db924cf7c	2509	while (count >= 2) {
wolfSSL	15:117db924cf7c	2510	sum += *data++;
wolfSSL	15:117db924cf7c	2511	count -= 2;
wolfSSL	15:117db924cf7c	2512	}
wolfSSL	15:117db924cf7c	2513
wolfSSL	15:117db924cf7c	2514	count = tcpInfo->length + dataLen;
wolfSSL	15:117db924cf7c	2515	data = (word16*)packet;
wolfSSL	15:117db924cf7c	2516
wolfSSL	15:117db924cf7c	2517	/* main sum */
wolfSSL	15:117db924cf7c	2518	while (count > 1) {
wolfSSL	15:117db924cf7c	2519	sum += *data++;
wolfSSL	15:117db924cf7c	2520	count -=2;
wolfSSL	15:117db924cf7c	2521	}
wolfSSL	15:117db924cf7c	2522
wolfSSL	15:117db924cf7c	2523	/* get left-over, if any */
wolfSSL	15:117db924cf7c	2524	packet = (byte*)data;
wolfSSL	15:117db924cf7c	2525	if (count > 0) {
wolfSSL	15:117db924cf7c	2526	sum += *packet;
wolfSSL	15:117db924cf7c	2527	}
wolfSSL	15:117db924cf7c	2528
wolfSSL	15:117db924cf7c	2529	/* fold 32bit sum into 16 bits */
wolfSSL	15:117db924cf7c	2530	while (sum >> 16)
wolfSSL	15:117db924cf7c	2531	sum = (sum & 0xffff) + (sum >> 16);
wolfSSL	15:117db924cf7c	2532
wolfSSL	15:117db924cf7c	2533	checksum = (word16)~sum;
wolfSSL	15:117db924cf7c	2534	/* checksum should now equal 0, since included already calcd checksum */
wolfSSL	15:117db924cf7c	2535	/* field, but tcp checksum offloading could negate calculation */
wolfSSL	15:117db924cf7c	2536	if (checksum == 0)
wolfSSL	15:117db924cf7c	2537	return 0;
wolfSSL	15:117db924cf7c	2538	return -1;
wolfSSL	15:117db924cf7c	2539	}
wolfSSL	15:117db924cf7c	2540	#endif
wolfSSL	15:117db924cf7c	2541
wolfSSL	15:117db924cf7c	2542
wolfSSL	15:117db924cf7c	2543	/* Check IP and TCP headers, set payload */
wolfSSL	15:117db924cf7c	2544	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	2545	static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
wolfSSL	15:117db924cf7c	2546	int length, const byte** sslFrame, int* sslBytes, char* error)
wolfSSL	15:117db924cf7c	2547	{
wolfSSL	15:117db924cf7c	2548	TraceHeader();
wolfSSL	15:117db924cf7c	2549	TracePacket();
wolfSSL	15:117db924cf7c	2550
wolfSSL	15:117db924cf7c	2551	/* ip header */
wolfSSL	15:117db924cf7c	2552	if (length < IP_HDR_SZ) {
wolfSSL	15:117db924cf7c	2553	SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2554	return -1;
wolfSSL	15:117db924cf7c	2555	}
wolfSSL	15:117db924cf7c	2556	if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
wolfSSL	15:117db924cf7c	2557	return -1;
wolfSSL	15:117db924cf7c	2558
wolfSSL	15:117db924cf7c	2559	/* tcp header */
wolfSSL	15:117db924cf7c	2560	if (length < (ipInfo->length + TCP_HDR_SZ)) {
wolfSSL	15:117db924cf7c	2561	SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2562	return -1;
wolfSSL	15:117db924cf7c	2563	}
wolfSSL	15:117db924cf7c	2564	if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
wolfSSL	15:117db924cf7c	2565	return -1;
wolfSSL	15:117db924cf7c	2566
wolfSSL	15:117db924cf7c	2567	/* setup */
wolfSSL	15:117db924cf7c	2568	*sslFrame = packet + ipInfo->length + tcpInfo->length;
wolfSSL	15:117db924cf7c	2569	if (*sslFrame > packet + length) {
wolfSSL	15:117db924cf7c	2570	SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2571	return -1;
wolfSSL	15:117db924cf7c	2572	}
wolfSSL	15:117db924cf7c	2573	sslBytes = (int)(packet + length - sslFrame);
wolfSSL	15:117db924cf7c	2574
wolfSSL	15:117db924cf7c	2575	return 0;
wolfSSL	15:117db924cf7c	2576	}
wolfSSL	15:117db924cf7c	2577
wolfSSL	15:117db924cf7c	2578
wolfSSL	15:117db924cf7c	2579	/* Create or Find existing session */
wolfSSL	15:117db924cf7c	2580	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	15:117db924cf7c	2581	static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
wolfSSL	15:117db924cf7c	2582	SnifferSession** session, char* error)
wolfSSL	15:117db924cf7c	2583	{
wolfSSL	15:117db924cf7c	2584	/* create a new SnifferSession on client SYN */
wolfSSL	15:117db924cf7c	2585	if (tcpInfo->syn && !tcpInfo->ack) {
wolfSSL	15:117db924cf7c	2586	TraceClientSyn(tcpInfo->sequence);
wolfSSL	15:117db924cf7c	2587	*session = CreateSession(ipInfo, tcpInfo, error);
wolfSSL	15:117db924cf7c	2588	if (*session == NULL) {
wolfSSL	15:117db924cf7c	2589	*session = GetSnifferSession(ipInfo, tcpInfo);
wolfSSL	15:117db924cf7c	2590	/* already had existing, so OK */
wolfSSL	15:117db924cf7c	2591	if (*session)
wolfSSL	15:117db924cf7c	2592	return 1;
wolfSSL	15:117db924cf7c	2593
wolfSSL	15:117db924cf7c	2594	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2595	return -1;
wolfSSL	15:117db924cf7c	2596	}
wolfSSL	15:117db924cf7c	2597	return 1;
wolfSSL	15:117db924cf7c	2598	}
wolfSSL	15:117db924cf7c	2599	/* get existing sniffer session */
wolfSSL	15:117db924cf7c	2600	else {
wolfSSL	15:117db924cf7c	2601	*session = GetSnifferSession(ipInfo, tcpInfo);
wolfSSL	15:117db924cf7c	2602	if (*session == NULL) {
wolfSSL	15:117db924cf7c	2603	/* don't worry about extraneous RST or duplicate FINs */
wolfSSL	15:117db924cf7c	2604	if (tcpInfo->fin \|\| tcpInfo->rst)
wolfSSL	15:117db924cf7c	2605	return 1;
wolfSSL	15:117db924cf7c	2606	/* don't worry about duplicate ACKs either */
wolfSSL	15:117db924cf7c	2607	if (sslBytes == 0 && tcpInfo->ack)
wolfSSL	15:117db924cf7c	2608	return 1;
wolfSSL	15:117db924cf7c	2609
wolfSSL	15:117db924cf7c	2610	SetError(BAD_SESSION_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	2611	return -1;
wolfSSL	15:117db924cf7c	2612	}
wolfSSL	15:117db924cf7c	2613	}
wolfSSL	15:117db924cf7c	2614	return 0;
wolfSSL	15:117db924cf7c	2615	}
wolfSSL	15:117db924cf7c	2616
wolfSSL	15:117db924cf7c	2617
wolfSSL	15:117db924cf7c	2618	/* Create a Packet Buffer from begin - end, adjust new begin and bytesLeft */
wolfSSL	15:117db924cf7c	2619	static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
wolfSSL	15:117db924cf7c	2620	int* bytesLeft)
wolfSSL	15:117db924cf7c	2621	{
wolfSSL	15:117db924cf7c	2622	PacketBuffer* pb;
wolfSSL	15:117db924cf7c	2623
wolfSSL	15:117db924cf7c	2624	int added = end - *begin + 1;
wolfSSL	15:117db924cf7c	2625	assert(*begin <= end);
wolfSSL	15:117db924cf7c	2626
wolfSSL	15:117db924cf7c	2627	pb = (PacketBuffer*)malloc(sizeof(PacketBuffer));
wolfSSL	15:117db924cf7c	2628	if (pb == NULL) return NULL;
wolfSSL	15:117db924cf7c	2629
wolfSSL	15:117db924cf7c	2630	pb->next = 0;
wolfSSL	15:117db924cf7c	2631	pb->begin = *begin;
wolfSSL	15:117db924cf7c	2632	pb->end = end;
wolfSSL	15:117db924cf7c	2633	pb->data = (byte*)malloc(added);
wolfSSL	15:117db924cf7c	2634
wolfSSL	15:117db924cf7c	2635	if (pb->data == NULL) {
wolfSSL	15:117db924cf7c	2636	free(pb);
wolfSSL	15:117db924cf7c	2637	return NULL;
wolfSSL	15:117db924cf7c	2638	}
wolfSSL	15:117db924cf7c	2639	XMEMCPY(pb->data, data, added);
wolfSSL	15:117db924cf7c	2640
wolfSSL	15:117db924cf7c	2641	*bytesLeft -= added;
wolfSSL	15:117db924cf7c	2642	*begin = pb->end + 1;
wolfSSL	15:117db924cf7c	2643
wolfSSL	15:117db924cf7c	2644	return pb;
wolfSSL	15:117db924cf7c	2645	}
wolfSSL	15:117db924cf7c	2646
wolfSSL	15:117db924cf7c	2647
wolfSSL	15:117db924cf7c	2648	/* Add sslFrame to Reassembly List */
wolfSSL	15:117db924cf7c	2649	/* returns 1 (end) on success, -1, on error */
wolfSSL	15:117db924cf7c	2650	static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
wolfSSL	15:117db924cf7c	2651	int sslBytes, SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	2652	{
wolfSSL	15:117db924cf7c	2653	PacketBuffer* add;
wolfSSL	15:117db924cf7c	2654	PacketBuffer** front = (from == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2655	&session->cliReassemblyList: &session->srvReassemblyList;
wolfSSL	15:117db924cf7c	2656	PacketBuffer* curr = *front;
wolfSSL	15:117db924cf7c	2657	PacketBuffer* prev = curr;
wolfSSL	15:117db924cf7c	2658
wolfSSL	15:117db924cf7c	2659	word32* reassemblyMemory = (from == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2660	&session->cliReassemblyMemory : &session->srvReassemblyMemory;
wolfSSL	15:117db924cf7c	2661	word32 startSeq = seq;
wolfSSL	15:117db924cf7c	2662	word32 added;
wolfSSL	15:117db924cf7c	2663	int bytesLeft = sslBytes; /* could be overlapping fragment */
wolfSSL	15:117db924cf7c	2664
wolfSSL	15:117db924cf7c	2665	/* if list is empty add full frame to front */
wolfSSL	15:117db924cf7c	2666	if (!curr) {
wolfSSL	15:117db924cf7c	2667	if (MaxRecoveryMemory != -1 &&
wolfSSL	15:117db924cf7c	2668	(int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
wolfSSL	15:117db924cf7c	2669	SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2670	return -1;
wolfSSL	15:117db924cf7c	2671	}
wolfSSL	15:117db924cf7c	2672	add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft);
wolfSSL	15:117db924cf7c	2673	if (add == NULL) {
wolfSSL	15:117db924cf7c	2674	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2675	return -1;
wolfSSL	15:117db924cf7c	2676	}
wolfSSL	15:117db924cf7c	2677	*front = add;
wolfSSL	15:117db924cf7c	2678	*reassemblyMemory += sslBytes;
wolfSSL	15:117db924cf7c	2679	return 1;
wolfSSL	15:117db924cf7c	2680	}
wolfSSL	15:117db924cf7c	2681
wolfSSL	15:117db924cf7c	2682	/* add to front if before current front, up to next->begin */
wolfSSL	15:117db924cf7c	2683	if (seq < curr->begin) {
wolfSSL	15:117db924cf7c	2684	word32 end = seq + sslBytes - 1;
wolfSSL	15:117db924cf7c	2685
wolfSSL	15:117db924cf7c	2686	if (end >= curr->begin)
wolfSSL	15:117db924cf7c	2687	end = curr->begin - 1;
wolfSSL	15:117db924cf7c	2688
wolfSSL	15:117db924cf7c	2689	if (MaxRecoveryMemory -1 &&
wolfSSL	15:117db924cf7c	2690	(int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
wolfSSL	15:117db924cf7c	2691	SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2692	return -1;
wolfSSL	15:117db924cf7c	2693	}
wolfSSL	15:117db924cf7c	2694	add = CreateBuffer(&seq, end, sslFrame, &bytesLeft);
wolfSSL	15:117db924cf7c	2695	if (add == NULL) {
wolfSSL	15:117db924cf7c	2696	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2697	return -1;
wolfSSL	15:117db924cf7c	2698	}
wolfSSL	15:117db924cf7c	2699	add->next = curr;
wolfSSL	15:117db924cf7c	2700	*front = add;
wolfSSL	15:117db924cf7c	2701	*reassemblyMemory += sslBytes;
wolfSSL	15:117db924cf7c	2702	}
wolfSSL	15:117db924cf7c	2703
wolfSSL	15:117db924cf7c	2704	/* while we have bytes left, try to find a gap to fill */
wolfSSL	15:117db924cf7c	2705	while (bytesLeft > 0) {
wolfSSL	15:117db924cf7c	2706	/* get previous packet in list */
wolfSSL	15:117db924cf7c	2707	while (curr && (seq >= curr->begin)) {
wolfSSL	15:117db924cf7c	2708	prev = curr;
wolfSSL	15:117db924cf7c	2709	curr = curr->next;
wolfSSL	15:117db924cf7c	2710	}
wolfSSL	15:117db924cf7c	2711
wolfSSL	15:117db924cf7c	2712	/* don't add duplicate data */
wolfSSL	15:117db924cf7c	2713	if (prev->end >= seq) {
wolfSSL	15:117db924cf7c	2714	if ( (seq + bytesLeft - 1) <= prev->end)
wolfSSL	15:117db924cf7c	2715	return 1;
wolfSSL	15:117db924cf7c	2716	seq = prev->end + 1;
wolfSSL	15:117db924cf7c	2717	bytesLeft = startSeq + sslBytes - seq;
wolfSSL	15:117db924cf7c	2718	}
wolfSSL	15:117db924cf7c	2719
wolfSSL	15:117db924cf7c	2720	if (!curr)
wolfSSL	15:117db924cf7c	2721	/* we're at the end */
wolfSSL	15:117db924cf7c	2722	added = bytesLeft;
wolfSSL	15:117db924cf7c	2723	else
wolfSSL	15:117db924cf7c	2724	/* we're in between two frames */
wolfSSL	15:117db924cf7c	2725	added = min((word32)bytesLeft, curr->begin - seq);
wolfSSL	15:117db924cf7c	2726
wolfSSL	15:117db924cf7c	2727	/* data already there */
wolfSSL	15:117db924cf7c	2728	if (added == 0)
wolfSSL	15:117db924cf7c	2729	continue;
wolfSSL	15:117db924cf7c	2730
wolfSSL	15:117db924cf7c	2731	if (MaxRecoveryMemory != -1 &&
wolfSSL	15:117db924cf7c	2732	(int)(*reassemblyMemory + added) > MaxRecoveryMemory) {
wolfSSL	15:117db924cf7c	2733	SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2734	return -1;
wolfSSL	15:117db924cf7c	2735	}
wolfSSL	15:117db924cf7c	2736	add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq],
wolfSSL	15:117db924cf7c	2737	&bytesLeft);
wolfSSL	15:117db924cf7c	2738	if (add == NULL) {
wolfSSL	15:117db924cf7c	2739	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2740	return -1;
wolfSSL	15:117db924cf7c	2741	}
wolfSSL	15:117db924cf7c	2742	add->next = prev->next;
wolfSSL	15:117db924cf7c	2743	prev->next = add;
wolfSSL	15:117db924cf7c	2744	*reassemblyMemory += added;
wolfSSL	15:117db924cf7c	2745	}
wolfSSL	15:117db924cf7c	2746	return 1;
wolfSSL	15:117db924cf7c	2747	}
wolfSSL	15:117db924cf7c	2748
wolfSSL	15:117db924cf7c	2749
wolfSSL	15:117db924cf7c	2750	/* Add out of order FIN capture */
wolfSSL	15:117db924cf7c	2751	/* returns 1 for success (end) */
wolfSSL	15:117db924cf7c	2752	static int AddFinCapture(SnifferSession* session, word32 sequence)
wolfSSL	15:117db924cf7c	2753	{
wolfSSL	15:117db924cf7c	2754	if (session->flags.side == WOLFSSL_SERVER_END) {
wolfSSL	15:117db924cf7c	2755	if (session->finCaputre.cliCounted == 0)
wolfSSL	15:117db924cf7c	2756	session->finCaputre.cliFinSeq = sequence;
wolfSSL	15:117db924cf7c	2757	}
wolfSSL	15:117db924cf7c	2758	else {
wolfSSL	15:117db924cf7c	2759	if (session->finCaputre.srvCounted == 0)
wolfSSL	15:117db924cf7c	2760	session->finCaputre.srvFinSeq = sequence;
wolfSSL	15:117db924cf7c	2761	}
wolfSSL	15:117db924cf7c	2762	return 1;
wolfSSL	15:117db924cf7c	2763	}
wolfSSL	15:117db924cf7c	2764
wolfSSL	15:117db924cf7c	2765
wolfSSL	15:117db924cf7c	2766	/* Adjust incoming sequence based on side */
wolfSSL	15:117db924cf7c	2767	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	15:117db924cf7c	2768	static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
wolfSSL	15:117db924cf7c	2769	int* sslBytes, const byte** sslFrame, char* error)
wolfSSL	15:117db924cf7c	2770	{
wolfSSL	15:117db924cf7c	2771	word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2772	session->cliSeqStart :session->srvSeqStart;
wolfSSL	15:117db924cf7c	2773	word32 real = tcpInfo->sequence - seqStart;
wolfSSL	15:117db924cf7c	2774	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2775	&session->cliExpected : &session->srvExpected;
wolfSSL	15:117db924cf7c	2776	PacketBuffer* reassemblyList = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2777	session->cliReassemblyList : session->srvReassemblyList;
wolfSSL	15:117db924cf7c	2778	byte skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2779	session->flags.srvSkipPartial :
wolfSSL	15:117db924cf7c	2780	session->flags.cliSkipPartial;
wolfSSL	15:117db924cf7c	2781
wolfSSL	15:117db924cf7c	2782	/* handle rollover of sequence */
wolfSSL	15:117db924cf7c	2783	if (tcpInfo->sequence < seqStart)
wolfSSL	15:117db924cf7c	2784	real = 0xffffffffU - seqStart + tcpInfo->sequence;
wolfSSL	15:117db924cf7c	2785
wolfSSL	15:117db924cf7c	2786	TraceRelativeSequence(*expected, real);
wolfSSL	15:117db924cf7c	2787
wolfSSL	15:117db924cf7c	2788	if (real < *expected) {
wolfSSL	15:117db924cf7c	2789	Trace(DUPLICATE_STR);
wolfSSL	15:117db924cf7c	2790	if (real + sslBytes > expected) {
wolfSSL	15:117db924cf7c	2791	int overlap = *expected - real;
wolfSSL	15:117db924cf7c	2792	Trace(OVERLAP_DUPLICATE_STR);
wolfSSL	15:117db924cf7c	2793
wolfSSL	15:117db924cf7c	2794	/* adjust to expected, remove duplicate */
wolfSSL	15:117db924cf7c	2795	*sslFrame += overlap;
wolfSSL	15:117db924cf7c	2796	*sslBytes -= overlap;
wolfSSL	15:117db924cf7c	2797
wolfSSL	15:117db924cf7c	2798	/* The following conditional block is duplicated below. It is the
wolfSSL	15:117db924cf7c	2799	* same action but for a different setup case. If changing this
wolfSSL	15:117db924cf7c	2800	* block be sure to also update the block below. */
wolfSSL	15:117db924cf7c	2801	if (reassemblyList) {
wolfSSL	15:117db924cf7c	2802	word32 newEnd = expected + sslBytes;
wolfSSL	15:117db924cf7c	2803
wolfSSL	15:117db924cf7c	2804	if (newEnd > reassemblyList->begin) {
wolfSSL	15:117db924cf7c	2805	Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
wolfSSL	15:117db924cf7c	2806
wolfSSL	15:117db924cf7c	2807	/* remove bytes already on reassembly list */
wolfSSL	15:117db924cf7c	2808	*sslBytes -= newEnd - reassemblyList->begin;
wolfSSL	15:117db924cf7c	2809	}
wolfSSL	15:117db924cf7c	2810	if (newEnd > reassemblyList->end) {
wolfSSL	15:117db924cf7c	2811	Trace(OVERLAP_REASSEMBLY_END_STR);
wolfSSL	15:117db924cf7c	2812
wolfSSL	15:117db924cf7c	2813	/* may be past reassembly list end (could have more on list)
wolfSSL	15:117db924cf7c	2814	so try to add what's past the front->end */
wolfSSL	15:117db924cf7c	2815	AddToReassembly(session->flags.side, reassemblyList->end +1,
wolfSSL	15:117db924cf7c	2816	sslFrame + reassemblyList->end - expected + 1,
wolfSSL	15:117db924cf7c	2817	newEnd - reassemblyList->end, session, error);
wolfSSL	15:117db924cf7c	2818	}
wolfSSL	15:117db924cf7c	2819	}
wolfSSL	15:117db924cf7c	2820	}
wolfSSL	15:117db924cf7c	2821	else
wolfSSL	15:117db924cf7c	2822	return 1;
wolfSSL	15:117db924cf7c	2823	}
wolfSSL	15:117db924cf7c	2824	else if (real > *expected) {
wolfSSL	15:117db924cf7c	2825	Trace(OUT_OF_ORDER_STR);
wolfSSL	15:117db924cf7c	2826	if (*sslBytes > 0) {
wolfSSL	15:117db924cf7c	2827	int addResult = AddToReassembly(session->flags.side, real,
wolfSSL	15:117db924cf7c	2828	sslFrame, sslBytes, session, error);
wolfSSL	15:117db924cf7c	2829	if (skipPartial) {
wolfSSL	15:117db924cf7c	2830	*sslBytes = 0;
wolfSSL	15:117db924cf7c	2831	return 0;
wolfSSL	15:117db924cf7c	2832	}
wolfSSL	15:117db924cf7c	2833	else
wolfSSL	15:117db924cf7c	2834	return addResult;
wolfSSL	15:117db924cf7c	2835	}
wolfSSL	15:117db924cf7c	2836	else if (tcpInfo->fin)
wolfSSL	15:117db924cf7c	2837	return AddFinCapture(session, real);
wolfSSL	15:117db924cf7c	2838	}
wolfSSL	15:117db924cf7c	2839	else if (*sslBytes > 0) {
wolfSSL	15:117db924cf7c	2840	if (skipPartial) {
wolfSSL	15:117db924cf7c	2841	AddToReassembly(session->flags.side, real,
wolfSSL	15:117db924cf7c	2842	sslFrame, sslBytes, session, error);
wolfSSL	15:117db924cf7c	2843	expected += sslBytes;
wolfSSL	15:117db924cf7c	2844	*sslBytes = 0;
wolfSSL	15:117db924cf7c	2845	if (tcpInfo->fin)
wolfSSL	15:117db924cf7c	2846	*expected += 1;
wolfSSL	15:117db924cf7c	2847	return 0;
wolfSSL	15:117db924cf7c	2848	}
wolfSSL	15:117db924cf7c	2849	/* The following conditional block is duplicated above. It is the
wolfSSL	15:117db924cf7c	2850	* same action but for a different setup case. If changing this
wolfSSL	15:117db924cf7c	2851	* block be sure to also update the block above. */
wolfSSL	15:117db924cf7c	2852	else if (reassemblyList) {
wolfSSL	15:117db924cf7c	2853	word32 newEnd = expected + sslBytes;
wolfSSL	15:117db924cf7c	2854
wolfSSL	15:117db924cf7c	2855	if (newEnd > reassemblyList->begin) {
wolfSSL	15:117db924cf7c	2856	Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
wolfSSL	15:117db924cf7c	2857
wolfSSL	15:117db924cf7c	2858	/* remove bytes already on reassembly list */
wolfSSL	15:117db924cf7c	2859	*sslBytes -= newEnd - reassemblyList->begin;
wolfSSL	15:117db924cf7c	2860	}
wolfSSL	15:117db924cf7c	2861	if (newEnd > reassemblyList->end) {
wolfSSL	15:117db924cf7c	2862	Trace(OVERLAP_REASSEMBLY_END_STR);
wolfSSL	15:117db924cf7c	2863
wolfSSL	15:117db924cf7c	2864	/* may be past reassembly list end (could have more on list)
wolfSSL	15:117db924cf7c	2865	so try to add what's past the front->end */
wolfSSL	15:117db924cf7c	2866	AddToReassembly(session->flags.side, reassemblyList->end +1,
wolfSSL	15:117db924cf7c	2867	sslFrame + reassemblyList->end - expected + 1,
wolfSSL	15:117db924cf7c	2868	newEnd - reassemblyList->end, session, error);
wolfSSL	15:117db924cf7c	2869	}
wolfSSL	15:117db924cf7c	2870	}
wolfSSL	15:117db924cf7c	2871	}
wolfSSL	15:117db924cf7c	2872	/* got expected sequence */
wolfSSL	15:117db924cf7c	2873	expected += sslBytes;
wolfSSL	15:117db924cf7c	2874	if (tcpInfo->fin)
wolfSSL	15:117db924cf7c	2875	*expected += 1;
wolfSSL	15:117db924cf7c	2876
wolfSSL	15:117db924cf7c	2877	return 0;
wolfSSL	15:117db924cf7c	2878	}
wolfSSL	15:117db924cf7c	2879
wolfSSL	15:117db924cf7c	2880
wolfSSL	15:117db924cf7c	2881	static int FindNextRecordInAssembly(SnifferSession* session,
wolfSSL	15:117db924cf7c	2882	const byte** sslFrame, int* sslBytes,
wolfSSL	15:117db924cf7c	2883	const byte** end, char* error)
wolfSSL	15:117db924cf7c	2884	{
wolfSSL	15:117db924cf7c	2885	PacketBuffer** front = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2886	&session->cliReassemblyList :
wolfSSL	15:117db924cf7c	2887	&session->srvReassemblyList;
wolfSSL	15:117db924cf7c	2888	PacketBuffer* curr = *front;
wolfSSL	15:117db924cf7c	2889	PacketBuffer* prev = NULL;
wolfSSL	15:117db924cf7c	2890	byte* skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2891	&session->flags.srvSkipPartial :
wolfSSL	15:117db924cf7c	2892	&session->flags.cliSkipPartial;
wolfSSL	15:117db924cf7c	2893	word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2894	&session->cliReassemblyMemory :
wolfSSL	15:117db924cf7c	2895	&session->srvReassemblyMemory;
wolfSSL	15:117db924cf7c	2896	SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2897	session->sslServer :
wolfSSL	15:117db924cf7c	2898	session->sslClient;
wolfSSL	15:117db924cf7c	2899	ProtocolVersion pv = ssl->version;
wolfSSL	15:117db924cf7c	2900	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2901	&session->cliExpected :
wolfSSL	15:117db924cf7c	2902	&session->srvExpected;
wolfSSL	15:117db924cf7c	2903
wolfSSL	15:117db924cf7c	2904	while (curr != NULL) {
wolfSSL	15:117db924cf7c	2905	*expected = curr->end + 1;
wolfSSL	15:117db924cf7c	2906
wolfSSL	15:117db924cf7c	2907	if (curr->data[0] == application_data &&
wolfSSL	15:117db924cf7c	2908	curr->data[1] == pv.major &&
wolfSSL	15:117db924cf7c	2909	curr->data[2] == pv.minor) {
wolfSSL	15:117db924cf7c	2910
wolfSSL	15:117db924cf7c	2911	if (ssl->buffers.inputBuffer.length > 0)
wolfSSL	15:117db924cf7c	2912	Trace(DROPPING_PARTIAL_RECORD);
wolfSSL	15:117db924cf7c	2913
wolfSSL	15:117db924cf7c	2914	*sslBytes = curr->end - curr->begin + 1;
wolfSSL	15:117db924cf7c	2915	if ( (word32)*sslBytes > ssl->buffers.inputBuffer.bufferSize) {
wolfSSL	15:117db924cf7c	2916	if (GrowInputBuffer(ssl, *sslBytes, 0) < 0) {
wolfSSL	15:117db924cf7c	2917	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	2918	return -1;
wolfSSL	15:117db924cf7c	2919	}
wolfSSL	15:117db924cf7c	2920	}
wolfSSL	15:117db924cf7c	2921
wolfSSL	15:117db924cf7c	2922	XMEMCPY(ssl->buffers.inputBuffer.buffer, curr->data, *sslBytes);
wolfSSL	15:117db924cf7c	2923
wolfSSL	15:117db924cf7c	2924	*front = curr->next;
wolfSSL	15:117db924cf7c	2925	reassemblyMemory -= sslBytes;
wolfSSL	15:117db924cf7c	2926	FreePacketBuffer(curr);
wolfSSL	15:117db924cf7c	2927
wolfSSL	15:117db924cf7c	2928	ssl->buffers.inputBuffer.length = *sslBytes;
wolfSSL	15:117db924cf7c	2929	*sslFrame = ssl->buffers.inputBuffer.buffer;
wolfSSL	15:117db924cf7c	2930	end = sslFrame + *sslBytes;
wolfSSL	15:117db924cf7c	2931	*skipPartial = 0;
wolfSSL	15:117db924cf7c	2932
wolfSSL	15:117db924cf7c	2933	return 0;
wolfSSL	15:117db924cf7c	2934	}
wolfSSL	15:117db924cf7c	2935	else if (ssl->specs.cipher_type == block) {
wolfSSL	15:117db924cf7c	2936	if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes) {
wolfSSL	15:117db924cf7c	2937	#ifdef BUILD_AES
wolfSSL	15:117db924cf7c	2938	wc_AesSetIV(ssl->decrypt.aes,
wolfSSL	15:117db924cf7c	2939	curr->data + curr->end - curr->begin
wolfSSL	15:117db924cf7c	2940	- ssl->specs.block_size + 1);
wolfSSL	15:117db924cf7c	2941	#endif
wolfSSL	15:117db924cf7c	2942	}
wolfSSL	15:117db924cf7c	2943	else if (ssl->specs.bulk_cipher_algorithm == wolfssl_triple_des) {
wolfSSL	15:117db924cf7c	2944	#ifdef BUILD_DES3
wolfSSL	15:117db924cf7c	2945	wc_Des3_SetIV(ssl->decrypt.des3,
wolfSSL	15:117db924cf7c	2946	curr->data + curr->end - curr->begin
wolfSSL	15:117db924cf7c	2947	- ssl->specs.block_size + 1);
wolfSSL	15:117db924cf7c	2948	#endif
wolfSSL	15:117db924cf7c	2949	}
wolfSSL	15:117db924cf7c	2950	}
wolfSSL	15:117db924cf7c	2951
wolfSSL	15:117db924cf7c	2952	Trace(DROPPING_LOST_FRAG_STR);
wolfSSL	15:117db924cf7c	2953	prev = curr;
wolfSSL	15:117db924cf7c	2954	curr = curr->next;
wolfSSL	15:117db924cf7c	2955	*reassemblyMemory -= (prev->end - prev->begin + 1);
wolfSSL	15:117db924cf7c	2956	FreePacketBuffer(prev);
wolfSSL	15:117db924cf7c	2957	}
wolfSSL	15:117db924cf7c	2958
wolfSSL	15:117db924cf7c	2959	*front = curr;
wolfSSL	15:117db924cf7c	2960
wolfSSL	15:117db924cf7c	2961	return 0;
wolfSSL	15:117db924cf7c	2962	}
wolfSSL	15:117db924cf7c	2963
wolfSSL	15:117db924cf7c	2964
wolfSSL	15:117db924cf7c	2965	static int FixSequence(TcpInfo* tcpInfo, SnifferSession* session)
wolfSSL	15:117db924cf7c	2966	{
wolfSSL	15:117db924cf7c	2967	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2968	&session->srvExpected : &session->cliExpected;
wolfSSL	15:117db924cf7c	2969	PacketBuffer* list = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2970	session->srvReassemblyList :
wolfSSL	15:117db924cf7c	2971	session->cliReassemblyList;
wolfSSL	15:117db924cf7c	2972	byte* skipPartial = (session->flags.side != WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2973	&session->flags.srvSkipPartial :
wolfSSL	15:117db924cf7c	2974	&session->flags.cliSkipPartial;
wolfSSL	15:117db924cf7c	2975
wolfSSL	15:117db924cf7c	2976	*skipPartial = 1;
wolfSSL	15:117db924cf7c	2977	if (list != NULL)
wolfSSL	15:117db924cf7c	2978	*expected = list->begin;
wolfSSL	15:117db924cf7c	2979	else {
wolfSSL	15:117db924cf7c	2980	word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2981	session->srvSeqStart : session->cliSeqStart;
wolfSSL	15:117db924cf7c	2982	word32 real = tcpInfo->ackNumber - seqStart;
wolfSSL	15:117db924cf7c	2983
wolfSSL	15:117db924cf7c	2984	*expected = real;
wolfSSL	15:117db924cf7c	2985	}
wolfSSL	15:117db924cf7c	2986
wolfSSL	15:117db924cf7c	2987	return 1;
wolfSSL	15:117db924cf7c	2988	}
wolfSSL	15:117db924cf7c	2989
wolfSSL	15:117db924cf7c	2990
wolfSSL	15:117db924cf7c	2991	/* Check latest ack number for missing packets
wolfSSL	15:117db924cf7c	2992	return 0 ok, <0 on error */
wolfSSL	15:117db924cf7c	2993	static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
wolfSSL	15:117db924cf7c	2994	{
wolfSSL	15:117db924cf7c	2995	if (tcpInfo->ack) {
wolfSSL	15:117db924cf7c	2996	word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	2997	session->srvSeqStart :session->cliSeqStart;
wolfSSL	15:117db924cf7c	2998	word32 real = tcpInfo->ackNumber - seqStart;
wolfSSL	15:117db924cf7c	2999	word32 expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3000	session->srvExpected : session->cliExpected;
wolfSSL	15:117db924cf7c	3001
wolfSSL	15:117db924cf7c	3002	/* handle rollover of sequence */
wolfSSL	15:117db924cf7c	3003	if (tcpInfo->ackNumber < seqStart)
wolfSSL	15:117db924cf7c	3004	real = 0xffffffffU - seqStart + tcpInfo->ackNumber;
wolfSSL	15:117db924cf7c	3005
wolfSSL	15:117db924cf7c	3006	TraceAck(real, expected);
wolfSSL	15:117db924cf7c	3007
wolfSSL	15:117db924cf7c	3008	if (real > expected)
wolfSSL	15:117db924cf7c	3009	return -1; /* we missed a packet, ACKing data we never saw */
wolfSSL	15:117db924cf7c	3010	}
wolfSSL	15:117db924cf7c	3011	return 0;
wolfSSL	15:117db924cf7c	3012	}
wolfSSL	15:117db924cf7c	3013
wolfSSL	15:117db924cf7c	3014
wolfSSL	15:117db924cf7c	3015	/* Check TCP Sequence status */
wolfSSL	15:117db924cf7c	3016	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	15:117db924cf7c	3017	static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	15:117db924cf7c	3018	SnifferSession* session, int* sslBytes,
wolfSSL	15:117db924cf7c	3019	const byte** sslFrame, char* error)
wolfSSL	15:117db924cf7c	3020	{
wolfSSL	15:117db924cf7c	3021	int actualLen;
wolfSSL	15:117db924cf7c	3022	byte* ackFault = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3023	&session->flags.cliAckFault :
wolfSSL	15:117db924cf7c	3024	&session->flags.srvAckFault;
wolfSSL	15:117db924cf7c	3025
wolfSSL	15:117db924cf7c	3026	/* init SEQ from server to client */
wolfSSL	15:117db924cf7c	3027	if (tcpInfo->syn && tcpInfo->ack) {
wolfSSL	15:117db924cf7c	3028	session->srvSeqStart = tcpInfo->sequence;
wolfSSL	15:117db924cf7c	3029	session->srvExpected = 1;
wolfSSL	15:117db924cf7c	3030	TraceServerSyn(tcpInfo->sequence);
wolfSSL	15:117db924cf7c	3031	return 1;
wolfSSL	15:117db924cf7c	3032	}
wolfSSL	15:117db924cf7c	3033
wolfSSL	15:117db924cf7c	3034	/* adjust potential ethernet trailer */
wolfSSL	15:117db924cf7c	3035	actualLen = ipInfo->total - ipInfo->length - tcpInfo->length;
wolfSSL	15:117db924cf7c	3036	if (*sslBytes > actualLen) {
wolfSSL	15:117db924cf7c	3037	*sslBytes = actualLen;
wolfSSL	15:117db924cf7c	3038	}
wolfSSL	15:117db924cf7c	3039
wolfSSL	15:117db924cf7c	3040	TraceSequence(tcpInfo->sequence, *sslBytes);
wolfSSL	15:117db924cf7c	3041	if (CheckAck(tcpInfo, session) < 0) {
wolfSSL	15:117db924cf7c	3042	if (!RecoveryEnabled) {
wolfSSL	15:117db924cf7c	3043	UpdateMissedDataSessions();
wolfSSL	15:117db924cf7c	3044	SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3045	return -1;
wolfSSL	15:117db924cf7c	3046	}
wolfSSL	15:117db924cf7c	3047	else {
wolfSSL	15:117db924cf7c	3048	SetError(ACK_MISSED_STR, error, session, 0);
wolfSSL	15:117db924cf7c	3049	if (*ackFault == 0) {
wolfSSL	15:117db924cf7c	3050	*ackFault = 1;
wolfSSL	15:117db924cf7c	3051	UpdateMissedDataSessions();
wolfSSL	15:117db924cf7c	3052	}
wolfSSL	15:117db924cf7c	3053	return FixSequence(tcpInfo, session);
wolfSSL	15:117db924cf7c	3054	}
wolfSSL	15:117db924cf7c	3055	}
wolfSSL	15:117db924cf7c	3056
wolfSSL	15:117db924cf7c	3057	if (*ackFault) {
wolfSSL	15:117db924cf7c	3058	Trace(CLEAR_ACK_FAULT);
wolfSSL	15:117db924cf7c	3059	*ackFault = 0;
wolfSSL	15:117db924cf7c	3060	}
wolfSSL	15:117db924cf7c	3061
wolfSSL	15:117db924cf7c	3062	return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error);
wolfSSL	15:117db924cf7c	3063	}
wolfSSL	15:117db924cf7c	3064
wolfSSL	15:117db924cf7c	3065
wolfSSL	15:117db924cf7c	3066	/* Check Status before record processing */
wolfSSL	15:117db924cf7c	3067	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	15:117db924cf7c	3068	static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	15:117db924cf7c	3069	const byte sslFrame, SnifferSession session,
wolfSSL	15:117db924cf7c	3070	int* sslBytes, const byte** end, char* error)
wolfSSL	15:117db924cf7c	3071	{
wolfSSL	15:117db924cf7c	3072	word32 length;
wolfSSL	15:117db924cf7c	3073	SSL* ssl = ((*session)->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3074	(session)->sslServer : (session)->sslClient;
wolfSSL	15:117db924cf7c	3075	byte skipPartial = ((*session)->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3076	(*session)->flags.srvSkipPartial :
wolfSSL	15:117db924cf7c	3077	(*session)->flags.cliSkipPartial;
wolfSSL	15:117db924cf7c	3078	/* remove SnifferSession on 2nd FIN or RST */
wolfSSL	15:117db924cf7c	3079	if (tcpInfo->fin \|\| tcpInfo->rst) {
wolfSSL	15:117db924cf7c	3080	/* flag FIN and RST */
wolfSSL	15:117db924cf7c	3081	if (tcpInfo->fin)
wolfSSL	15:117db924cf7c	3082	(*session)->flags.finCount += 1;
wolfSSL	15:117db924cf7c	3083	else if (tcpInfo->rst)
wolfSSL	15:117db924cf7c	3084	(*session)->flags.finCount += 2;
wolfSSL	15:117db924cf7c	3085
wolfSSL	15:117db924cf7c	3086	if ((*session)->flags.finCount >= 2) {
wolfSSL	15:117db924cf7c	3087	RemoveSession(*session, ipInfo, tcpInfo, 0);
wolfSSL	15:117db924cf7c	3088	*session = NULL;
wolfSSL	15:117db924cf7c	3089	return 1;
wolfSSL	15:117db924cf7c	3090	}
wolfSSL	15:117db924cf7c	3091	}
wolfSSL	15:117db924cf7c	3092
wolfSSL	15:117db924cf7c	3093	if ((*session)->flags.fatalError == FATAL_ERROR_STATE) {
wolfSSL	15:117db924cf7c	3094	SetError(FATAL_ERROR_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	3095	return -1;
wolfSSL	15:117db924cf7c	3096	}
wolfSSL	15:117db924cf7c	3097
wolfSSL	15:117db924cf7c	3098	if (skipPartial) {
wolfSSL	15:117db924cf7c	3099	if (FindNextRecordInAssembly(*session,
wolfSSL	15:117db924cf7c	3100	sslFrame, sslBytes, end, error) < 0) {
wolfSSL	15:117db924cf7c	3101	return -1;
wolfSSL	15:117db924cf7c	3102	}
wolfSSL	15:117db924cf7c	3103	}
wolfSSL	15:117db924cf7c	3104
wolfSSL	15:117db924cf7c	3105	if (*sslBytes == 0) {
wolfSSL	15:117db924cf7c	3106	Trace(NO_DATA_STR);
wolfSSL	15:117db924cf7c	3107	return 1;
wolfSSL	15:117db924cf7c	3108	}
wolfSSL	15:117db924cf7c	3109
wolfSSL	15:117db924cf7c	3110	/* if current partial data, add to end of partial */
wolfSSL	15:117db924cf7c	3111	/* if skipping, the data is already at the end of partial */
wolfSSL	15:117db924cf7c	3112	if ( !skipPartial &&
wolfSSL	15:117db924cf7c	3113	(length = ssl->buffers.inputBuffer.length) ) {
wolfSSL	15:117db924cf7c	3114	Trace(PARTIAL_ADD_STR);
wolfSSL	15:117db924cf7c	3115
wolfSSL	15:117db924cf7c	3116	if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
wolfSSL	15:117db924cf7c	3117	if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
wolfSSL	15:117db924cf7c	3118	SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3119	return -1;
wolfSSL	15:117db924cf7c	3120	}
wolfSSL	15:117db924cf7c	3121	}
wolfSSL	15:117db924cf7c	3122	XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], sslFrame, sslBytes);
wolfSSL	15:117db924cf7c	3123	*sslBytes += length;
wolfSSL	15:117db924cf7c	3124	ssl->buffers.inputBuffer.length = *sslBytes;
wolfSSL	15:117db924cf7c	3125	*sslFrame = ssl->buffers.inputBuffer.buffer;
wolfSSL	15:117db924cf7c	3126	end = sslFrame + *sslBytes;
wolfSSL	15:117db924cf7c	3127	}
wolfSSL	15:117db924cf7c	3128
wolfSSL	15:117db924cf7c	3129	if ((session)->flags.clientHello == 0 && *sslFrame != handshake) {
wolfSSL	15:117db924cf7c	3130	/* Sanity check the packet for an old style client hello. */
wolfSSL	15:117db924cf7c	3131	int rhSize = (((sslFrame)[0] & 0x7f) << 8) \| ((sslFrame)[1]);
wolfSSL	15:117db924cf7c	3132
wolfSSL	15:117db924cf7c	3133	if ((rhSize <= (*sslBytes - 2)) &&
wolfSSL	15:117db924cf7c	3134	(sslFrame)[2] == OLD_HELLO_ID && (sslFrame)[3] == SSLv3_MAJOR) {
wolfSSL	15:117db924cf7c	3135	#ifdef OLD_HELLO_ALLOWED
wolfSSL	15:117db924cf7c	3136	int ret = DoOldHello(session, sslFrame, &rhSize, sslBytes, error);
wolfSSL	15:117db924cf7c	3137	if (ret < 0)
wolfSSL	15:117db924cf7c	3138	return -1; /* error already set */
wolfSSL	15:117db924cf7c	3139	if (*sslBytes <= 0)
wolfSSL	15:117db924cf7c	3140	return 1;
wolfSSL	15:117db924cf7c	3141	#endif
wolfSSL	15:117db924cf7c	3142	}
wolfSSL	15:117db924cf7c	3143	else {
wolfSSL	15:117db924cf7c	3144	#ifdef STARTTLS_ALLOWED
wolfSSL	15:117db924cf7c	3145	return 1;
wolfSSL	15:117db924cf7c	3146	#endif
wolfSSL	15:117db924cf7c	3147	}
wolfSSL	15:117db924cf7c	3148	}
wolfSSL	15:117db924cf7c	3149
wolfSSL	15:117db924cf7c	3150	return 0;
wolfSSL	15:117db924cf7c	3151	}
wolfSSL	15:117db924cf7c	3152
wolfSSL	15:117db924cf7c	3153
wolfSSL	15:117db924cf7c	3154	/* See if input on the reassembly list is ready for consuming */
wolfSSL	15:117db924cf7c	3155	/* returns 1 for TRUE, 0 for FALSE */
wolfSSL	15:117db924cf7c	3156	static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
wolfSSL	15:117db924cf7c	3157	int* sslBytes, const byte** end, char* error)
wolfSSL	15:117db924cf7c	3158	{
wolfSSL	15:117db924cf7c	3159	/* sequence and reassembly based on from, not to */
wolfSSL	15:117db924cf7c	3160	int moreInput = 0;
wolfSSL	15:117db924cf7c	3161	PacketBuffer** front = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3162	&session->cliReassemblyList : &session->srvReassemblyList;
wolfSSL	15:117db924cf7c	3163	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3164	&session->cliExpected : &session->srvExpected;
wolfSSL	15:117db924cf7c	3165	/* buffer is on receiving end */
wolfSSL	15:117db924cf7c	3166	word32* length = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3167	&session->sslServer->buffers.inputBuffer.length :
wolfSSL	15:117db924cf7c	3168	&session->sslClient->buffers.inputBuffer.length;
wolfSSL	15:117db924cf7c	3169	byte** myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3170	&session->sslServer->buffers.inputBuffer.buffer :
wolfSSL	15:117db924cf7c	3171	&session->sslClient->buffers.inputBuffer.buffer;
wolfSSL	15:117db924cf7c	3172	word32* bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3173	&session->sslServer->buffers.inputBuffer.bufferSize :
wolfSSL	15:117db924cf7c	3174	&session->sslClient->buffers.inputBuffer.bufferSize;
wolfSSL	15:117db924cf7c	3175	SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3176	session->sslServer : session->sslClient;
wolfSSL	15:117db924cf7c	3177	word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3178	&session->cliReassemblyMemory : &session->srvReassemblyMemory;
wolfSSL	15:117db924cf7c	3179
wolfSSL	15:117db924cf7c	3180	while (front && ((front)->begin == *expected) ) {
wolfSSL	15:117db924cf7c	3181	word32 room = bufferSize - length;
wolfSSL	15:117db924cf7c	3182	word32 packetLen = (front)->end - (front)->begin + 1;
wolfSSL	15:117db924cf7c	3183
wolfSSL	15:117db924cf7c	3184	if (packetLen > room && *bufferSize < MAX_INPUT_SZ) {
wolfSSL	15:117db924cf7c	3185	if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
wolfSSL	15:117db924cf7c	3186	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3187	return 0;
wolfSSL	15:117db924cf7c	3188	}
wolfSSL	15:117db924cf7c	3189	room = bufferSize - length; /* bufferSize is now bigger */
wolfSSL	15:117db924cf7c	3190	}
wolfSSL	15:117db924cf7c	3191
wolfSSL	15:117db924cf7c	3192	if (packetLen <= room) {
wolfSSL	15:117db924cf7c	3193	PacketBuffer* del = *front;
wolfSSL	15:117db924cf7c	3194	byte* buf = *myBuffer;
wolfSSL	15:117db924cf7c	3195
wolfSSL	15:117db924cf7c	3196	XMEMCPY(&buf[length], (front)->data, packetLen);
wolfSSL	15:117db924cf7c	3197	*length += packetLen;
wolfSSL	15:117db924cf7c	3198	*expected += packetLen;
wolfSSL	15:117db924cf7c	3199
wolfSSL	15:117db924cf7c	3200	/* remove used packet */
wolfSSL	15:117db924cf7c	3201	front = (front)->next;
wolfSSL	15:117db924cf7c	3202
wolfSSL	15:117db924cf7c	3203	*reassemblyMemory -= packetLen;
wolfSSL	15:117db924cf7c	3204	FreePacketBuffer(del);
wolfSSL	15:117db924cf7c	3205
wolfSSL	15:117db924cf7c	3206	moreInput = 1;
wolfSSL	15:117db924cf7c	3207	}
wolfSSL	15:117db924cf7c	3208	else
wolfSSL	15:117db924cf7c	3209	break;
wolfSSL	15:117db924cf7c	3210	}
wolfSSL	15:117db924cf7c	3211	if (moreInput) {
wolfSSL	15:117db924cf7c	3212	sslFrame = myBuffer;
wolfSSL	15:117db924cf7c	3213	sslBytes = length;
wolfSSL	15:117db924cf7c	3214	end = myBuffer + *length;
wolfSSL	15:117db924cf7c	3215	}
wolfSSL	15:117db924cf7c	3216	return moreInput;
wolfSSL	15:117db924cf7c	3217	}
wolfSSL	15:117db924cf7c	3218
wolfSSL	15:117db924cf7c	3219
wolfSSL	15:117db924cf7c	3220
wolfSSL	15:117db924cf7c	3221	/* Process Message(s) from sslFrame */
wolfSSL	15:117db924cf7c	3222	/* return Number of bytes on success, 0 for no data yet, and -1 on error */
wolfSSL	15:117db924cf7c	3223	static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
wolfSSL	15:117db924cf7c	3224	int sslBytes, byte** data, const byte* end,
wolfSSL	15:117db924cf7c	3225	char* error)
wolfSSL	15:117db924cf7c	3226	{
wolfSSL	15:117db924cf7c	3227	const byte* sslBegin = sslFrame;
wolfSSL	15:117db924cf7c	3228	const byte* recordEnd; /* end of record indicator */
wolfSSL	15:117db924cf7c	3229	const byte* inRecordEnd; /* indicator from input stream not decrypt */
wolfSSL	15:117db924cf7c	3230	RecordLayerHeader rh;
wolfSSL	15:117db924cf7c	3231	int rhSize = 0;
wolfSSL	15:117db924cf7c	3232	int ret;
wolfSSL	15:117db924cf7c	3233	int errCode = 0;
wolfSSL	15:117db924cf7c	3234	int decoded = 0; /* bytes stored for user in data */
wolfSSL	15:117db924cf7c	3235	int notEnough; /* notEnough bytes yet flag */
wolfSSL	15:117db924cf7c	3236	int decrypted = 0; /* was current msg decrypted */
wolfSSL	15:117db924cf7c	3237	SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	15:117db924cf7c	3238	session->sslServer : session->sslClient;
wolfSSL	15:117db924cf7c	3239	doMessage:
wolfSSL	15:117db924cf7c	3240	notEnough = 0;
wolfSSL	15:117db924cf7c	3241	if (sslBytes < 0) {
wolfSSL	15:117db924cf7c	3242	SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3243	return -1;
wolfSSL	15:117db924cf7c	3244	}
wolfSSL	15:117db924cf7c	3245	if (sslBytes >= RECORD_HEADER_SZ) {
wolfSSL	15:117db924cf7c	3246	if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
wolfSSL	15:117db924cf7c	3247	SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3248	return -1;
wolfSSL	15:117db924cf7c	3249	}
wolfSSL	15:117db924cf7c	3250	}
wolfSSL	15:117db924cf7c	3251	else
wolfSSL	15:117db924cf7c	3252	notEnough = 1;
wolfSSL	15:117db924cf7c	3253
wolfSSL	15:117db924cf7c	3254	if (notEnough \|\| rhSize > (sslBytes - RECORD_HEADER_SZ)) {
wolfSSL	15:117db924cf7c	3255	/* don't have enough input yet to process full SSL record */
wolfSSL	15:117db924cf7c	3256	Trace(PARTIAL_INPUT_STR);
wolfSSL	15:117db924cf7c	3257
wolfSSL	15:117db924cf7c	3258	/* store partial if not there already or we advanced */
wolfSSL	15:117db924cf7c	3259	if (ssl->buffers.inputBuffer.length == 0 \|\| sslBegin != sslFrame) {
wolfSSL	15:117db924cf7c	3260	if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
wolfSSL	15:117db924cf7c	3261	if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
wolfSSL	15:117db924cf7c	3262	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3263	return -1;
wolfSSL	15:117db924cf7c	3264	}
wolfSSL	15:117db924cf7c	3265	}
wolfSSL	15:117db924cf7c	3266	XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
wolfSSL	15:117db924cf7c	3267	ssl->buffers.inputBuffer.length = sslBytes;
wolfSSL	15:117db924cf7c	3268	}
wolfSSL	15:117db924cf7c	3269	if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
wolfSSL	15:117db924cf7c	3270	goto doMessage;
wolfSSL	15:117db924cf7c	3271	return decoded;
wolfSSL	15:117db924cf7c	3272	}
wolfSSL	15:117db924cf7c	3273	sslFrame += RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	3274	sslBytes -= RECORD_HEADER_SZ;
wolfSSL	15:117db924cf7c	3275	recordEnd = sslFrame + rhSize; /* may have more than one record */
wolfSSL	15:117db924cf7c	3276	inRecordEnd = recordEnd;
wolfSSL	15:117db924cf7c	3277
wolfSSL	15:117db924cf7c	3278	/* decrypt if needed */
wolfSSL	15:117db924cf7c	3279	if ((session->flags.side == WOLFSSL_SERVER_END &&
wolfSSL	15:117db924cf7c	3280	session->flags.serverCipherOn)
wolfSSL	15:117db924cf7c	3281	\|\| (session->flags.side == WOLFSSL_CLIENT_END &&
wolfSSL	15:117db924cf7c	3282	session->flags.clientCipherOn)) {
wolfSSL	15:117db924cf7c	3283	int ivAdvance = 0; /* TLSv1.1 advance amount */
wolfSSL	15:117db924cf7c	3284	if (ssl->decrypt.setup != 1) {
wolfSSL	15:117db924cf7c	3285	SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3286	return -1;
wolfSSL	15:117db924cf7c	3287	}
wolfSSL	15:117db924cf7c	3288	if (CheckAvailableSize(ssl, rhSize) < 0) {
wolfSSL	15:117db924cf7c	3289	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3290	return -1;
wolfSSL	15:117db924cf7c	3291	}
wolfSSL	15:117db924cf7c	3292	sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
wolfSSL	15:117db924cf7c	3293	ssl->buffers.outputBuffer.buffer, &errCode,
wolfSSL	15:117db924cf7c	3294	&ivAdvance);
wolfSSL	15:117db924cf7c	3295	recordEnd = sslFrame - ivAdvance + rhSize; /* sslFrame moved so
wolfSSL	15:117db924cf7c	3296	should recordEnd */
wolfSSL	15:117db924cf7c	3297	decrypted = 1;
wolfSSL	15:117db924cf7c	3298	if (errCode != 0) {
wolfSSL	15:117db924cf7c	3299	SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3300	return -1;
wolfSSL	15:117db924cf7c	3301	}
wolfSSL	15:117db924cf7c	3302	}
wolfSSL	15:117db924cf7c	3303
wolfSSL	15:117db924cf7c	3304	doPart:
wolfSSL	15:117db924cf7c	3305
wolfSSL	15:117db924cf7c	3306	switch ((enum ContentType)rh.type) {
wolfSSL	15:117db924cf7c	3307	case handshake:
wolfSSL	15:117db924cf7c	3308	{
wolfSSL	15:117db924cf7c	3309	int startIdx = sslBytes;
wolfSSL	15:117db924cf7c	3310	int used;
wolfSSL	15:117db924cf7c	3311
wolfSSL	15:117db924cf7c	3312	Trace(GOT_HANDSHAKE_STR);
wolfSSL	15:117db924cf7c	3313	ret = DoHandShake(sslFrame, &sslBytes, session, error);
wolfSSL	15:117db924cf7c	3314	if (ret != 0) {
wolfSSL	15:117db924cf7c	3315	if (session->flags.fatalError == 0)
wolfSSL	15:117db924cf7c	3316	SetError(BAD_HANDSHAKE_STR, error, session,
wolfSSL	15:117db924cf7c	3317	FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3318	return -1;
wolfSSL	15:117db924cf7c	3319	}
wolfSSL	15:117db924cf7c	3320
wolfSSL	15:117db924cf7c	3321	/* DoHandShake now fully decrements sslBytes to remaining */
wolfSSL	15:117db924cf7c	3322	used = startIdx - sslBytes;
wolfSSL	15:117db924cf7c	3323	sslFrame += used;
wolfSSL	15:117db924cf7c	3324	if (decrypted)
wolfSSL	15:117db924cf7c	3325	sslFrame += ssl->keys.padSz;
wolfSSL	15:117db924cf7c	3326	}
wolfSSL	15:117db924cf7c	3327	break;
wolfSSL	15:117db924cf7c	3328	case change_cipher_spec:
wolfSSL	15:117db924cf7c	3329	if (session->flags.side == WOLFSSL_SERVER_END)
wolfSSL	15:117db924cf7c	3330	session->flags.serverCipherOn = 1;
wolfSSL	15:117db924cf7c	3331	else
wolfSSL	15:117db924cf7c	3332	session->flags.clientCipherOn = 1;
wolfSSL	15:117db924cf7c	3333	Trace(GOT_CHANGE_CIPHER_STR);
wolfSSL	15:117db924cf7c	3334	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	15:117db924cf7c	3335	ssl->options.handShakeDone = 1;
wolfSSL	15:117db924cf7c	3336
wolfSSL	15:117db924cf7c	3337	sslFrame += 1;
wolfSSL	15:117db924cf7c	3338	sslBytes -= 1;
wolfSSL	15:117db924cf7c	3339
wolfSSL	15:117db924cf7c	3340	break;
wolfSSL	15:117db924cf7c	3341	case application_data:
wolfSSL	15:117db924cf7c	3342	Trace(GOT_APP_DATA_STR);
wolfSSL	15:117db924cf7c	3343	{
wolfSSL	15:117db924cf7c	3344	word32 inOutIdx = 0;
wolfSSL	15:117db924cf7c	3345
wolfSSL	15:117db924cf7c	3346	ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx);
wolfSSL	15:117db924cf7c	3347	if (ret == 0) {
wolfSSL	15:117db924cf7c	3348	ret = ssl->buffers.clearOutputBuffer.length;
wolfSSL	15:117db924cf7c	3349	TraceGotData(ret);
wolfSSL	15:117db924cf7c	3350	if (ret) { /* may be blank message */
wolfSSL	15:117db924cf7c	3351	byte* tmpData; /* don't leak on realloc free */
wolfSSL	15:117db924cf7c	3352	/* add an extra byte at end of allocation in case user
wolfSSL	15:117db924cf7c	3353	* wants to null terminate plaintext */
wolfSSL	15:117db924cf7c	3354	tmpData = (byte)realloc(data, decoded + ret + 1);
wolfSSL	15:117db924cf7c	3355	if (tmpData == NULL) {
wolfSSL	15:117db924cf7c	3356	ForceZero(*data, decoded);
wolfSSL	15:117db924cf7c	3357	free(*data);
wolfSSL	15:117db924cf7c	3358	*data = NULL;
wolfSSL	15:117db924cf7c	3359	SetError(MEMORY_STR, error, session,
wolfSSL	15:117db924cf7c	3360	FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3361	return -1;
wolfSSL	15:117db924cf7c	3362	}
wolfSSL	15:117db924cf7c	3363	*data = tmpData;
wolfSSL	15:117db924cf7c	3364	XMEMCPY(*data + decoded,
wolfSSL	15:117db924cf7c	3365	ssl->buffers.clearOutputBuffer.buffer, ret);
wolfSSL	15:117db924cf7c	3366	TraceAddedData(ret, decoded);
wolfSSL	15:117db924cf7c	3367	decoded += ret;
wolfSSL	15:117db924cf7c	3368	ssl->buffers.clearOutputBuffer.length = 0;
wolfSSL	15:117db924cf7c	3369	}
wolfSSL	15:117db924cf7c	3370	}
wolfSSL	15:117db924cf7c	3371	else {
wolfSSL	15:117db924cf7c	3372	SetError(BAD_APP_DATA_STR, error,session,FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3373	return -1;
wolfSSL	15:117db924cf7c	3374	}
wolfSSL	15:117db924cf7c	3375	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	3376	ShrinkOutputBuffer(ssl);
wolfSSL	15:117db924cf7c	3377
wolfSSL	15:117db924cf7c	3378	sslFrame += inOutIdx;
wolfSSL	15:117db924cf7c	3379	sslBytes -= inOutIdx;
wolfSSL	15:117db924cf7c	3380	}
wolfSSL	15:117db924cf7c	3381	break;
wolfSSL	15:117db924cf7c	3382	case alert:
wolfSSL	15:117db924cf7c	3383	Trace(GOT_ALERT_STR);
wolfSSL	15:117db924cf7c	3384	sslFrame += rhSize;
wolfSSL	15:117db924cf7c	3385	sslBytes -= rhSize;
wolfSSL	15:117db924cf7c	3386	break;
wolfSSL	15:117db924cf7c	3387	case no_type:
wolfSSL	15:117db924cf7c	3388	default:
wolfSSL	15:117db924cf7c	3389	SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	15:117db924cf7c	3390	return -1;
wolfSSL	15:117db924cf7c	3391	}
wolfSSL	15:117db924cf7c	3392
wolfSSL	15:117db924cf7c	3393	/* do we have another msg in record ? */
wolfSSL	15:117db924cf7c	3394	if (sslFrame < recordEnd) {
wolfSSL	15:117db924cf7c	3395	Trace(ANOTHER_MSG_STR);
wolfSSL	15:117db924cf7c	3396	goto doPart;
wolfSSL	15:117db924cf7c	3397	}
wolfSSL	15:117db924cf7c	3398
wolfSSL	15:117db924cf7c	3399	/* back to input stream instead of potential decrypt buffer */
wolfSSL	15:117db924cf7c	3400	recordEnd = inRecordEnd;
wolfSSL	15:117db924cf7c	3401
wolfSSL	15:117db924cf7c	3402	/* do we have more records ? */
wolfSSL	15:117db924cf7c	3403	if (recordEnd < end) {
wolfSSL	15:117db924cf7c	3404	Trace(ANOTHER_MSG_STR);
wolfSSL	15:117db924cf7c	3405	sslFrame = recordEnd;
wolfSSL	15:117db924cf7c	3406	sslBytes = (int)(end - recordEnd);
wolfSSL	15:117db924cf7c	3407	goto doMessage;
wolfSSL	15:117db924cf7c	3408	}
wolfSSL	15:117db924cf7c	3409
wolfSSL	15:117db924cf7c	3410	/* clear used input */
wolfSSL	15:117db924cf7c	3411	ssl->buffers.inputBuffer.length = 0;
wolfSSL	15:117db924cf7c	3412
wolfSSL	15:117db924cf7c	3413	/* could have more input ready now */
wolfSSL	15:117db924cf7c	3414	if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
wolfSSL	15:117db924cf7c	3415	goto doMessage;
wolfSSL	15:117db924cf7c	3416
wolfSSL	15:117db924cf7c	3417	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	15:117db924cf7c	3418	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	15:117db924cf7c	3419
wolfSSL	15:117db924cf7c	3420	return decoded;
wolfSSL	15:117db924cf7c	3421	}
wolfSSL	15:117db924cf7c	3422
wolfSSL	15:117db924cf7c	3423
wolfSSL	15:117db924cf7c	3424	/* See if we need to process any pending FIN captures */
wolfSSL	15:117db924cf7c	3425	static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	15:117db924cf7c	3426	SnifferSession* session)
wolfSSL	15:117db924cf7c	3427	{
wolfSSL	15:117db924cf7c	3428	if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <=
wolfSSL	15:117db924cf7c	3429	session->cliExpected) {
wolfSSL	15:117db924cf7c	3430	if (session->finCaputre.cliCounted == 0) {
wolfSSL	15:117db924cf7c	3431	session->flags.finCount += 1;
wolfSSL	15:117db924cf7c	3432	session->finCaputre.cliCounted = 1;
wolfSSL	15:117db924cf7c	3433	TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected);
wolfSSL	15:117db924cf7c	3434	}
wolfSSL	15:117db924cf7c	3435	}
wolfSSL	15:117db924cf7c	3436
wolfSSL	15:117db924cf7c	3437	if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <=
wolfSSL	15:117db924cf7c	3438	session->srvExpected) {
wolfSSL	15:117db924cf7c	3439	if (session->finCaputre.srvCounted == 0) {
wolfSSL	15:117db924cf7c	3440	session->flags.finCount += 1;
wolfSSL	15:117db924cf7c	3441	session->finCaputre.srvCounted = 1;
wolfSSL	15:117db924cf7c	3442	TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected);
wolfSSL	15:117db924cf7c	3443	}
wolfSSL	15:117db924cf7c	3444	}
wolfSSL	15:117db924cf7c	3445
wolfSSL	15:117db924cf7c	3446	if (session->flags.finCount >= 2)
wolfSSL	15:117db924cf7c	3447	RemoveSession(session, ipInfo, tcpInfo, 0);
wolfSSL	15:117db924cf7c	3448	}
wolfSSL	15:117db924cf7c	3449
wolfSSL	15:117db924cf7c	3450
wolfSSL	15:117db924cf7c	3451	/* If session is in fatal error state free resources now
wolfSSL	15:117db924cf7c	3452	return true if removed, 0 otherwise */
wolfSSL	15:117db924cf7c	3453	static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	15:117db924cf7c	3454	SnifferSession* session, char* error)
wolfSSL	15:117db924cf7c	3455	{
wolfSSL	15:117db924cf7c	3456	if (session && session->flags.fatalError == FATAL_ERROR_STATE) {
wolfSSL	15:117db924cf7c	3457	RemoveSession(session, ipInfo, tcpInfo, 0);
wolfSSL	15:117db924cf7c	3458	SetError(FATAL_ERROR_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	3459	return 1;
wolfSSL	15:117db924cf7c	3460	}
wolfSSL	15:117db924cf7c	3461	return 0;
wolfSSL	15:117db924cf7c	3462	}
wolfSSL	15:117db924cf7c	3463
wolfSSL	15:117db924cf7c	3464
wolfSSL	15:117db924cf7c	3465	/* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
wolfSSL	15:117db924cf7c	3466	/* returns Number of bytes on success, 0 for no data yet, and -1 on error */
wolfSSL	15:117db924cf7c	3467	int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
wolfSSL	15:117db924cf7c	3468	{
wolfSSL	15:117db924cf7c	3469	TcpInfo tcpInfo;
wolfSSL	15:117db924cf7c	3470	IpInfo ipInfo;
wolfSSL	15:117db924cf7c	3471	const byte* sslFrame;
wolfSSL	15:117db924cf7c	3472	const byte* end = packet + length;
wolfSSL	15:117db924cf7c	3473	int sslBytes; /* ssl bytes unconsumed */
wolfSSL	15:117db924cf7c	3474	int ret;
wolfSSL	15:117db924cf7c	3475	SnifferSession* session = 0;
wolfSSL	15:117db924cf7c	3476
wolfSSL	15:117db924cf7c	3477	if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
wolfSSL	15:117db924cf7c	3478	error) != 0)
wolfSSL	15:117db924cf7c	3479	return -1;
wolfSSL	15:117db924cf7c	3480
wolfSSL	15:117db924cf7c	3481	ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
wolfSSL	15:117db924cf7c	3482	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	15:117db924cf7c	3483	else if (ret == -1) return -1;
wolfSSL	15:117db924cf7c	3484	else if (ret == 1) return 0; /* done for now */
wolfSSL	15:117db924cf7c	3485
wolfSSL	15:117db924cf7c	3486	ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
wolfSSL	15:117db924cf7c	3487	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	15:117db924cf7c	3488	else if (ret == -1) return -1;
wolfSSL	15:117db924cf7c	3489	else if (ret == 1) return 0; /* done for now */
wolfSSL	15:117db924cf7c	3490
wolfSSL	15:117db924cf7c	3491	ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
wolfSSL	15:117db924cf7c	3492	&end, error);
wolfSSL	15:117db924cf7c	3493	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	15:117db924cf7c	3494	else if (ret == -1) return -1;
wolfSSL	15:117db924cf7c	3495	else if (ret == 1) return 0; /* done for now */
wolfSSL	15:117db924cf7c	3496
wolfSSL	15:117db924cf7c	3497	ret = ProcessMessage(sslFrame, session, sslBytes, data, end, error);
wolfSSL	15:117db924cf7c	3498	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	15:117db924cf7c	3499	CheckFinCapture(&ipInfo, &tcpInfo, session);
wolfSSL	15:117db924cf7c	3500	return ret;
wolfSSL	15:117db924cf7c	3501	}
wolfSSL	15:117db924cf7c	3502
wolfSSL	15:117db924cf7c	3503
wolfSSL	15:117db924cf7c	3504	/* Deallocator for the decoded data buffer. */
wolfSSL	15:117db924cf7c	3505	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	3506	int ssl_FreeDecodeBuffer(byte** data, char* error)
wolfSSL	15:117db924cf7c	3507	{
wolfSSL	15:117db924cf7c	3508	return ssl_FreeZeroDecodeBuffer(data, 0, error);
wolfSSL	15:117db924cf7c	3509	}
wolfSSL	15:117db924cf7c	3510
wolfSSL	15:117db924cf7c	3511
wolfSSL	15:117db924cf7c	3512	/* Deallocator for the decoded data buffer, zeros out buffer. */
wolfSSL	15:117db924cf7c	3513	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	3514	int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error)
wolfSSL	15:117db924cf7c	3515	{
wolfSSL	15:117db924cf7c	3516	(void)error;
wolfSSL	15:117db924cf7c	3517
wolfSSL	15:117db924cf7c	3518	if (sz < 0) {
wolfSSL	15:117db924cf7c	3519	return -1;
wolfSSL	15:117db924cf7c	3520	}
wolfSSL	15:117db924cf7c	3521
wolfSSL	15:117db924cf7c	3522	if (data != NULL) {
wolfSSL	15:117db924cf7c	3523	ForceZero(*data, (word32)sz);
wolfSSL	15:117db924cf7c	3524	free(*data);
wolfSSL	15:117db924cf7c	3525	*data = NULL;
wolfSSL	15:117db924cf7c	3526	}
wolfSSL	15:117db924cf7c	3527
wolfSSL	15:117db924cf7c	3528	return 0;
wolfSSL	15:117db924cf7c	3529	}
wolfSSL	15:117db924cf7c	3530
wolfSSL	15:117db924cf7c	3531
wolfSSL	15:117db924cf7c	3532	/* Enables (if traceFile)/ Disables debug tracing */
wolfSSL	15:117db924cf7c	3533	/* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	3534	int ssl_Trace(const char* traceFile, char* error)
wolfSSL	15:117db924cf7c	3535	{
wolfSSL	15:117db924cf7c	3536	if (traceFile) {
wolfSSL	15:117db924cf7c	3537	TraceFile = fopen(traceFile, "a");
wolfSSL	15:117db924cf7c	3538	if (!TraceFile) {
wolfSSL	15:117db924cf7c	3539	SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
wolfSSL	15:117db924cf7c	3540	return -1;
wolfSSL	15:117db924cf7c	3541	}
wolfSSL	15:117db924cf7c	3542	TraceOn = 1;
wolfSSL	15:117db924cf7c	3543	}
wolfSSL	15:117db924cf7c	3544	else
wolfSSL	15:117db924cf7c	3545	TraceOn = 0;
wolfSSL	15:117db924cf7c	3546
wolfSSL	15:117db924cf7c	3547	return 0;
wolfSSL	15:117db924cf7c	3548	}
wolfSSL	15:117db924cf7c	3549
wolfSSL	15:117db924cf7c	3550
wolfSSL	15:117db924cf7c	3551	/* Enables/Disables Recovery of missed data if later packets allow
wolfSSL	15:117db924cf7c	3552	* maxMemory is number of bytes to use for reassembly buffering per session,
wolfSSL	15:117db924cf7c	3553	* -1 means unlimited
wolfSSL	15:117db924cf7c	3554	* returns 0 on success, -1 on error */
wolfSSL	15:117db924cf7c	3555	int ssl_EnableRecovery(int onOff, int maxMemory, char* error)
wolfSSL	15:117db924cf7c	3556	{
wolfSSL	15:117db924cf7c	3557	(void)error;
wolfSSL	15:117db924cf7c	3558
wolfSSL	15:117db924cf7c	3559	RecoveryEnabled = onOff;
wolfSSL	15:117db924cf7c	3560	if (onOff)
wolfSSL	15:117db924cf7c	3561	MaxRecoveryMemory = maxMemory;
wolfSSL	15:117db924cf7c	3562
wolfSSL	15:117db924cf7c	3563	return 0;
wolfSSL	15:117db924cf7c	3564	}
wolfSSL	15:117db924cf7c	3565
wolfSSL	15:117db924cf7c	3566
wolfSSL	15:117db924cf7c	3567
wolfSSL	15:117db924cf7c	3568	int ssl_GetSessionStats(unsigned int* active, unsigned int* total,
wolfSSL	15:117db924cf7c	3569	unsigned int* peak, unsigned int* maxSessions,
wolfSSL	15:117db924cf7c	3570	unsigned int* missedData, unsigned int* reassemblyMem,
wolfSSL	15:117db924cf7c	3571	char* error)
wolfSSL	15:117db924cf7c	3572	{
wolfSSL	15:117db924cf7c	3573	int ret;
wolfSSL	15:117db924cf7c	3574
wolfSSL	15:117db924cf7c	3575	if (missedData) {
wolfSSL	15:117db924cf7c	3576	wc_LockMutex(&RecoveryMutex);
wolfSSL	15:117db924cf7c	3577	*missedData = MissedDataSessions;
wolfSSL	15:117db924cf7c	3578	wc_UnLockMutex(&RecoveryMutex);
wolfSSL	15:117db924cf7c	3579	}
wolfSSL	15:117db924cf7c	3580
wolfSSL	15:117db924cf7c	3581	if (reassemblyMem) {
wolfSSL	15:117db924cf7c	3582	SnifferSession* session;
wolfSSL	15:117db924cf7c	3583	int i;
wolfSSL	15:117db924cf7c	3584
wolfSSL	15:117db924cf7c	3585	*reassemblyMem = 0;
wolfSSL	15:117db924cf7c	3586	wc_LockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	3587	for (i = 0; i < HASH_SIZE; i++) {
wolfSSL	15:117db924cf7c	3588	session = SessionTable[i];
wolfSSL	15:117db924cf7c	3589	while (session) {
wolfSSL	15:117db924cf7c	3590	*reassemblyMem += session->cliReassemblyMemory;
wolfSSL	15:117db924cf7c	3591	*reassemblyMem += session->srvReassemblyMemory;
wolfSSL	15:117db924cf7c	3592	session = session->next;
wolfSSL	15:117db924cf7c	3593	}
wolfSSL	15:117db924cf7c	3594	}
wolfSSL	15:117db924cf7c	3595	wc_UnLockMutex(&SessionMutex);
wolfSSL	15:117db924cf7c	3596	}
wolfSSL	15:117db924cf7c	3597
wolfSSL	15:117db924cf7c	3598	ret = wolfSSL_get_session_stats(active, total, peak, maxSessions);
wolfSSL	15:117db924cf7c	3599
wolfSSL	15:117db924cf7c	3600	if (ret == WOLFSSL_SUCCESS)
wolfSSL	15:117db924cf7c	3601	return 0;
wolfSSL	15:117db924cf7c	3602	else {
wolfSSL	15:117db924cf7c	3603	SetError(BAD_SESSION_STATS, error, NULL, 0);
wolfSSL	15:117db924cf7c	3604	return -1;
wolfSSL	15:117db924cf7c	3605	}
wolfSSL	15:117db924cf7c	3606	}
wolfSSL	15:117db924cf7c	3607
wolfSSL	15:117db924cf7c	3608
wolfSSL	15:117db924cf7c	3609
wolfSSL	15:117db924cf7c	3610	#endif /* WOLFSSL_SNIFFER */
wolfSSL	15:117db924cf7c	3611	#endif /* WOLFCRYPT_ONLY */
wolfSSL	15:117db924cf7c	3612

Repository toolbox

Repository details

Type:	Library
Created:	19 Nov 2019
Imports:	7
Forks:	0
Commits:	18
Dependents:	1
Dependencies:	0
Followers:	1

Important changes to repositories hosted on mbed.com

src/sniffer.c@15:117db924cf7c, 2018-08-18 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Important changes to repositories hosted on mbed.com

src/sniffer.c@15:117db924cf7c, 2018-08-18 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning