tls: prepare for client cert parsing

3 years ago · 10f5e6cb66
parent 6d4cc39c02
commit 10f5e6cb66
1 changed files with 12 additions and 15 deletions
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@ -462,29 +462,26 @@ static void TlsDecodeHSCertificateErrSetEvent(SSLState *ssl_state, uint32_t err)
    }
 }

-static inline int TlsDecodeHSCertificateFingerprint(SSLState *ssl_state,
-                                                    const uint8_t *input,
-                                                    uint32_t cert_len)
+static inline int TlsDecodeHSCertificateFingerprint(
+        SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
 {
-    if (unlikely(ssl_state->server_connp.cert0_fingerprint != NULL))
+    if (unlikely(connp->cert0_fingerprint != NULL))
        return 0;

-    ssl_state->server_connp.cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH *
-                                                         sizeof(char));
-    if (ssl_state->server_connp.cert0_fingerprint == NULL)
+    connp->cert0_fingerprint = SCCalloc(1, SHA1_STRING_LENGTH * sizeof(char));
+    if (connp->cert0_fingerprint == NULL)
        return -1;

    uint8_t hash[SC_SHA1_LEN];
    if (SCSha1HashBuffer(input, cert_len, hash, sizeof(hash)) == 1) {
-        rs_to_hex_sep((uint8_t *)ssl_state->server_connp.cert0_fingerprint, SHA1_STRING_LENGTH, ':',
-                hash, SC_SHA1_LEN);
+        rs_to_hex_sep(
+                (uint8_t *)connp->cert0_fingerprint, SHA1_STRING_LENGTH, ':', hash, SC_SHA1_LEN);
    }
    return 0;
 }

-static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
-                                                       const uint8_t *input,
-                                                       uint32_t cert_len)
+static inline int TlsDecodeHSCertificateAddCertToChain(
+        SSLStateConnp *connp, const uint8_t *input, uint32_t cert_len)
 {
    SSLCertsChain *cert = SCCalloc(1, sizeof(SSLCertsChain));
    if (cert == NULL)
@ -492,7 +489,7 @@ static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,

    cert->cert_data = (uint8_t *)input;
    cert->cert_len = cert_len;
-    TAILQ_INSERT_TAIL(&ssl_state->server_connp.certs, cert, next);
+    TAILQ_INSERT_TAIL(&connp->certs, cert, next);

    return 0;
 }
@ -573,14 +570,14 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state, SSLStateConnp *connp,
            rs_x509_free(x509);
            x509 = NULL;

-            rc = TlsDecodeHSCertificateFingerprint(ssl_state, input, cert_len);
+            rc = TlsDecodeHSCertificateFingerprint(connp, input, cert_len);
            if (rc != 0) {
                SCLogDebug("TlsDecodeHSCertificateFingerprint failed with %d", rc);
                goto error;
            }
        }

-        rc = TlsDecodeHSCertificateAddCertToChain(ssl_state, input, cert_len);
+        rc = TlsDecodeHSCertificateAddCertToChain(connp, input, cert_len);
        if (rc != 0) {
            SCLogDebug("TlsDecodeHSCertificateAddCertToChain failed with %d", rc);
            goto error;