aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

app-layer-ssl: add better session id support

Browse Source 
Verify that the session id from both the client hello record and the
server hello record matches before marking the session as 'resumed'.
pull/3478/head
Mats Klepsland 7 years ago
parent f22bd5a75b
commit 21897a4d7a
2 changed files with 29 additions and 13 deletions
Show Stats Download Patch File Download Diff File

39
src/app-layer-ssl.c
Unescape Escape View File

@ -608,13 +608,31 @@ static inline int TLSDecodeHSHelloSessionID(SSLState *ssl_state,
uint8_t session_id_length = *input;
input += 1;
if (session_id_length != 0) {
ssl_state->flags |= SSL_AL_FLAG_SSL_CLIENT_SESSION_ID;
}
if (!(HAS_SPACE(session_id_length)))
goto invalid_length;
if (session_id_length != 0 && ssl_state->curr_connp->session_id == NULL) {
ssl_state->curr_connp->session_id = SCMalloc(session_id_length);
if (unlikely(ssl_state->curr_connp->session_id == NULL)) {
return -1;
}
memcpy(ssl_state->curr_connp->session_id, input, session_id_length);
ssl_state->curr_connp->session_id_length = session_id_length;
if ((ssl_state->current_flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
ssl_state->client_connp.session_id != NULL &&
ssl_state->server_connp.session_id != NULL) {
if ((ssl_state->client_connp.session_id_length ==
ssl_state->server_connp.session_id_length) &&
(memcmp(ssl_state->server_connp.session_id,
ssl_state->client_connp.session_id, session_id_length) == 0)) {
ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
}
}
}
input += session_id_length;
return (input - initial_input);
@ -1956,13 +1974,6 @@ static int SSLv3Decode(uint8_t direction, SSLState *ssl_state,
if (direction) {
ssl_state->flags |= SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC;
int server_cert_seen = (ssl_state->server_connp.cert0_issuerdn != NULL &&
ssl_state->server_connp.cert0_subject != NULL);
if (!server_cert_seen && (ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SESSION_ID) != 0) {
ssl_state->flags |= SSL_AL_FLAG_SESSION_RESUMED;
}
} else {
ssl_state->flags |= SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC;
}
@ -2313,6 +2324,8 @@ static void SSLStateFree(void *p)
SCFree(ssl_state->client_connp.cert0_fingerprint);
if (ssl_state->client_connp.sni)
SCFree(ssl_state->client_connp.sni);
if (ssl_state->client_connp.session_id)
SCFree(ssl_state->client_connp.session_id);
if (ssl_state->server_connp.trec)
SCFree(ssl_state->server_connp.trec);
@ -2324,6 +2337,8 @@ static void SSLStateFree(void *p)
SCFree(ssl_state->server_connp.cert0_fingerprint);
if (ssl_state->server_connp.sni)
SCFree(ssl_state->server_connp.sni);
if (ssl_state->server_connp.session_id)
SCFree(ssl_state->server_connp.session_id);
if (ssl_state->ja3_str)
Ja3BufferFree(&ssl_state->ja3_str);
@ -5056,7 +5071,7 @@ static int SSLParserTest26(void)
FAIL_IF_NULL(ssl_state);
FAIL_IF((ssl_state->flags & SSL_AL_FLAG_STATE_CLIENT_HELLO) == 0);
FAIL_IF((ssl_state->flags & SSL_AL_FLAG_SSL_CLIENT_SESSION_ID) == 0);
FAIL_IF_NULL(ssl_state->client_connp.session_id);
FLOWLOCK_WRLOCK(&f);
r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOCLIENT,

3
src/app-layer-ssl.h
Unescape Escape View File

@ -153,7 +153,6 @@ typedef struct SSLStateConnp_ {
/* the no of bytes processed in the currently parsed handshake */
uint16_t hs_bytes_processed;
/* sslv2 client hello session id length */
uint16_t session_id_length;
char *cert0_subject;
@ -166,6 +165,8 @@ typedef struct SSLStateConnp_ {
/* ssl server name indication extension */
char *sni;
char *session_id;
TAILQ_HEAD(, SSLCertsChain_) certs;
uint32_t cert_log_flag;

Write Preview
Loading…
Cancel
Save