You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options
chrisc wrote:In the code you referenced above, the encrypted data can't be used as input, so it is decrypted by the "DecryptMessage()" function and stored into the output buffer. After this, sslFrame is re-pointed to the output buffer (our decrypted data).
Hi Chris,
That's going to cause a problem if some of the later code does something like memcpy(data, sslFrame, s), right? Do we just have to write the rest of the code with that in mind?
Cheers
Hi there,
Thanks for fixing that so quickly. I'm doing a uni project on SSL/TLS parsing using your embedded SSL library, and your SSLsniffer came up.
I'm also confused by this code
static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
byte* output)
{
Decrypt(ssl, output, input, sz);
ssl->keys.encryptSz = sz;
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
return output + ssl->specs.block_size; /* go past TLSv1.1 IV */
return output;
}
if (session->flags.side == SERVER_END && session->flags.serverCipherOn)
sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
ssl->buffers.outputBuffer.buffer);
else if (session->flags.side == CLIENT_END && session->flags.clientCipherOn)
sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
ssl->buffers.outputBuffer.buffer);
This code seems to take the "return output;" from DecryptMessage and store it in "sslFrame", which I thought was the input buffer. Can you explain this bit?
Thanks loads,
Sam
Hi there,
There appears to be some bugs in the sniffer.c file - is this the right place to report it?
-------------------------------- src/sniffer.c --------------------------------
index 80b9068..12714ef 100644
@@ -1905,7 +1905,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
if ( (length = ssl->buffers.inputBuffer.length) ) {
Trace(PARTIAL_ADD_STR);
- if ( (*sslBytes + length) > sizeof(ssl->buffers.inputBuffer.buffer)) {
+ if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
SetError(BUFFER_ERROR_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
@@ -2010,7 +2010,7 @@ doMessage:
/* store partial if not there already or we advanced */
if (ssl->buffers.inputBuffer.length == 0 || sslBegin != sslFrame) {
- if (sslBytes > sizeof(ssl->buffers.inputBuffer.buffer)) {
+ if (sslBytes > ssl->buffers.inputBuffer.bufferSize) {
SetError(BUFFER_ERROR_STR, error, session, FATAL_ERROR_STATE);
return -1;
}
Posts found: 3
Generated in 0.016 seconds (95% PHP - 5% DB) with 4 queries