Commit ec6b2bcc authored by Victor Seva's avatar Victor Seva

New upstream version 1.4.5

parent b52ec579
2018-01-19 Ivan Alonso <kaian@irontec.com>
* sngrep 1.4.5 released
* save: avoid crashing when multiple source inputs are used
* call list: fix buffer overflow in display filter with wide terminals
* capture: added new setting capture.tlsserver to only process TLS packets to tha address
* capture: fixed compatibility with OpenSSL >= 1.1.0
* capture: only read stdin when input file is '-'
2017-09-17 Ivan Alonso <kaian@irontec.com>
* sngrep 1.4.4 released
......
......@@ -72,7 +72,7 @@ See FAQ on [Github Wiki](https://github.com/irontec/sngrep/wiki#frequent-asked-q
## License
sngrep - SIP Messages flow viewer
Copyright (C) 2013-2017 Irontec S.L.
Copyright (C) 2013-2018 Irontec S.L.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
AC_PREREQ([2.59])
AC_INIT([sngrep], [1.4.4], [kaian@irontec.com], [sngrep], [http://www.irontec.com/])
AC_INIT([sngrep], [1.4.5], [kaian@irontec.com], [sngrep], [http://www.irontec.com/])
AM_INIT_AUTOMAKE([1.9])
AC_CONFIG_HEADERS([src/config.h])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
......
.\" Man page for the sngrep
.\"
.\" Copyright (c) 2013-2017 Ivan Alonso <kaian@irontec.com>
.\" Copyright (c) 2013-2017 Irontec S.L.
.\" Copyright (c) 2013-2018 Ivan Alonso <kaian@irontec.com>
.\" Copyright (c) 2013-2018 Irontec S.L.
.TH SNGREP 8 "September 2017" "sngrep 1.4.4"
.TH SNGREP 8 "September 2017" "sngrep 1.4.5"
.SH NAME
......@@ -87,7 +87,7 @@ in sngrep to manage hash table sizes.
.TP
.I -R
Remove oldest dialog when the capture limit has reached
Altough not recommended, this can be used to keep sngrep running during long
Although not recommended, this can be used to keep sngrep running during long
times with some control over consumed memory.
.TP
......
sngrep (1.4.5) experimental; urgency=low
* sngrep 1.4.5 released
-- Ivan Alonso <kaian@irontec.com> Fri, 22 Dec 2017 15:13:54 +0100
sngrep (1.4.4) experimental; urgency=low
* sngrep 1.4.4 releaed
......
......@@ -21,3 +21,15 @@ Description: Ncurses SIP Messages flow viewer
You can also create new PCAP files from captures or displayed dialogs.
.
Package: sngrep-dbg
Architecture: any
Section: debug
Priority: extra
Depends: sngrep (= ${binary:Version}), ${misc:Depends}
Description: Debugging symbols for sngrep SIP Messages flow viewer
sngrep displays SIP Messages grouped by Call-Id into flow
diagrams. It can be used as an offline PCAP viewer or online
capture using libpcap functions.
.
This package contains the debugging sysmbols.
.
#!/usr/bin/make -f
override_dh_auto_configure:
dh_auto_configure -- --with-gnutls --with-pcre --enable-unicode --enable-ipv6 --enable-eep
override_dh_strip:
dh_strip --dbg-package=sngrep-dbg
override_dh_auto_install:
dh_auto_install --destdir=debian/sngrep
override_dh_installdocs:
dh_installdocs --link-doc=sngrep
%:
dh $@ --with autoreconf
......@@ -2,7 +2,7 @@
Summary: SIP Messages flow viewer
Name: sngrep
Version: 1.4.4
Version: 1.4.5
Release: 0%{?dist}
License: GPLv3
Group: Applications/Engineering
......@@ -59,6 +59,8 @@ make %{?_smp_mflags}
%{__rm} -rf %{buildroot}
%changelog
* Fri Dec 22 2017 Ivan Alonso <kaian@irontec.com> - 1.4.5
- Version 1.4.5
* Sun Sep 17 2017 Ivan Alonso <kaian@irontec.com> - 1.4.4
- Version 1.4.4
* Wed May 10 2017 Ivan Alonso <kaian@irontec.com> - 1.4.3
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -99,3 +99,24 @@ address_is_local(address_t addr)
}
return false;
}
address_t
address_from_str(const char *ipport)
{
address_t ret = {};
char scanipport[256];
char address[256];
int port;
if (!ipport || strlen(ipport) > ADDRESSLEN + 6)
return ret;
strncpy(scanipport, ipport, strlen(ipport));
if (sscanf(scanipport, "%[^:]:%d", address, &port) == 2) {
strncpy(ret.ip, address, strlen(address));
ret.port = port;
}
return ret;
}
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -90,4 +90,14 @@ address_equals(address_t addr1, address_t addr2);
bool
address_is_local(address_t addr);
/**
* @brief Convert string IP:PORT to address structure
*
* @param string in format IP:PORT
* @return address structure
*/
address_t
address_from_str(const char *ipport);
#endif /* __SNGREP_ADDRESS_H */
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -71,6 +71,11 @@ capture_init(size_t limit, bool rtp_capture, bool rotate)
capture_cfg.storage = CAPTURE_STORAGE_DISK;
}
#if defined(WITH_GNUTLS) || defined(WITH_OPENSSL)
// Parse TLS Server setting
capture_cfg.tlsserver = address_from_str(setting_get_value(SETTING_CAPTURE_TLSSERVER));
#endif
// Initialize calls lock
pthread_mutexattr_t attr;
pthread_mutexattr_init(&attr);
......@@ -159,6 +164,7 @@ int
capture_offline(const char *infile, const char *outfile)
{
capture_info_t *capinfo;
FILE *fstdin;
// Error text (in case of file open error)
char errbuf[PCAP_ERRBUF_SIZE];
......@@ -172,6 +178,7 @@ capture_offline(const char *infile, const char *outfile)
// Check if file is standard input
if (strlen(infile) == 1 && *infile == '-') {
infile = "/dev/stdin";
fstdin = freopen("/dev/tty", "r", stdin);
}
// Set capture input file
......@@ -385,7 +392,7 @@ capture_packet_reasm_ip(capture_info_t *capinfo, const struct pcap_pkthdr *heade
frame_t *frame;
uint32_t len_data = 0;
//! Link + Extra header size
int8_t link_hl = capinfo->link_hl;
uint16_t link_hl = capinfo->link_hl;
// Skip VLAN header if present
if (capinfo->link == DLT_EN10MB) {
......@@ -404,7 +411,24 @@ capture_packet_reasm_ip(capture_info_t *capinfo, const struct pcap_pkthdr *heade
}
#endif
// Skip NFLOG header if present
if (capinfo->link == DLT_NFLOG) {
// Parse NFLOG TLV headers
while (link_hl + 8 <= *caplen) {
nflog_tlv_t *tlv = (nflog_tlv_t *) (packet + link_hl);
if (!tlv) break;
if (tlv->tlv_type == NFULA_PAYLOAD) {
link_hl += 4;
break;
}
if (tlv->tlv_length >= 4) {
link_hl += ((tlv->tlv_length + 3) & ~3); /* next TLV aligned to 4B */
}
}
}
// Get IP header
ip4 = (struct ip *) (packet + link_hl);
......@@ -783,8 +807,10 @@ capture_close()
while ((capinfo = vector_iterator_next(&it))) {
//Close PCAP file
if (capinfo->handle) {
pcap_breakloop(capinfo->handle);
pthread_join(capinfo->capture_t, NULL);
if (capinfo->running) {
pcap_breakloop(capinfo->handle);
pthread_join(capinfo->capture_t, NULL);
}
}
}
......@@ -818,7 +844,6 @@ capture_thread(void *info)
// Parse available packets
pcap_loop(capinfo->handle, -1, parse_packet, (u_char *) capinfo);
pcap_close(capinfo->handle);
capinfo->running = false;
}
......@@ -974,6 +999,18 @@ capture_set_keyfile(const char *keyfile)
capture_cfg.keyfile = keyfile;
}
address_t
capture_tls_server()
{
return capture_cfg.tlsserver;
}
int
capture_sources_count()
{
return vector_count(capture_cfg.sources);
}
char *
capture_last_error()
{
......@@ -1059,6 +1096,8 @@ datalink_size(int datalink)
return 21;
case DLT_ENC:
return 12;
case DLT_NFLOG:
return 4;
#ifdef DLT_LINUX_SLL
case DLT_LINUX_SLL:
return 16;
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -38,6 +38,7 @@
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include "address.h"
#ifndef __FAVOR_BSD
#define __FAVOR_BSD
......@@ -91,6 +92,15 @@
#define ETHERTYPE_8021Q 0x8100
#endif
//! NFLOG Support (for libpcap <1.6.0)
#define DLT_NFLOG 239
#define NFULA_PAYLOAD 9
typedef struct nflog_tlv {
u_int16_t tlv_length;
u_int16_t tlv_type;
} nflog_tlv_t;
//! Define Websocket Transport codes
#define WH_FIN 0x80
#define WH_RSV 0x70
......@@ -128,6 +138,8 @@ struct capture_config {
enum capture_storage storage;
//! Key file for TLS decrypt
const char *keyfile;
//! TLS Server address
address_t tlsserver;
//! capture filter expression text
const char *filter;
//! The compiled filter expression
......@@ -406,6 +418,20 @@ capture_keyfile();
void
capture_set_keyfile(const char *keyfile);
/**
* @brief Get TLS Server address if configured
* @return address scructure
*/
address_t
capture_tls_server();
/**
* @brief Return packet catprue sources count
* @return capture sources count
*/
int
capture_sources_count();
/**
* @brief Return the last capture error
*/
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
** Copyright (C) 2012 Homer Project (http://www.sipcapture.org)
**
** This program is free software: you can redistribute it and/or modify
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
** Copyright (C) 2012 Homer Project (http://www.sipcapture.org)
**
** This program is free software: you can redistribute it and/or modify
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -359,6 +359,7 @@ tls_process_segment(packet_t *packet, struct tcphdr *tcp)
struct in_addr ip_src, ip_dst;
uint16_t sport = packet->src.port;
uint16_t dport = packet->dst.port;
address_t tlsserver = capture_tls_server();
// Convert addresses
inet_pton(AF_INET, packet->src.ip, &ip_src);
......@@ -408,7 +409,13 @@ tls_process_segment(packet_t *packet, struct tcphdr *tcp)
break;
}
} else {
if (tcp->th_flags & TH_SYN & ~TH_ACK) {
// Only create new connections whose destination is tlsserver
if (tlsserver.port) {
if (addressport_equals(tlsserver, packet->dst)) {
// New connection, store it status and leave
tls_connection_create(ip_src, sport, ip_dst, dport);
}
} else {
// New connection, store it status and leave
tls_connection_create(ip_src, sport, ip_dst, dport);
}
......@@ -437,8 +444,7 @@ tls_process_record_ssl2(struct SSLConnection *conn, const uint8_t *payload,
const int len, uint8_t **out, uint32_t *outl)
{
int record_len_len;
uint16 record_len16;
uint24 record_len24;
uint32_t record_len;
uint8_t record_type;
const opaque *fragment;
int flen;
......@@ -452,18 +458,18 @@ tls_process_record_ssl2(struct SSLConnection *conn, const uint8_t *payload,
// Two bytes SSLv2 record length field
if (record_len_len == 2) {
record_len16.x[0] = (payload[0] & 0x7f) << 8;
record_len16.x[1] = (payload[1]);
record_len = (payload[0] & 0x7f) << 8;
record_len += (payload[1]);
record_type = payload[2];
fragment = payload + 3;
flen = UINT16_INT(record_len16) - 1 /* record type */;
flen = record_len - 1 /* record type */;
} else {
record_len24.x[0] = (payload[0] & 0x3f) << 8;
record_len24.x[1] = payload[1];
record_len24.x[2] = payload[2];
record_len = (payload[0] & 0x3f) << 8;
record_len += payload[1];
record_len += payload[2];
record_type = payload[3];
fragment = payload + 4;
flen = UINT24_INT(record_len24) - 1 /* record type */;
flen = record_len - 1 /* record type */;
}
// We only handle Client Hello handshake SSLv2 records
......@@ -496,7 +502,7 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
// No record data here!
if (len == 0)
return 0;
return 1;
// Get Record data
record = (struct TLSPlaintext *) payload;
......@@ -525,7 +531,7 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
}
break;
default:
break;
return 1;
}
}
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -82,7 +82,6 @@ P_hash(const char *digest, unsigned char *dest, int dlen, unsigned char *secret,
{
unsigned char hmac[48];
uint32_t hlen;
HMAC_CTX hm;
const EVP_MD *md = EVP_get_digestbyname(digest);
uint32_t tmpslen;
unsigned char tmpseed[slen];
......@@ -95,6 +94,8 @@ P_hash(const char *digest, unsigned char *dest, int dlen, unsigned char *secret,
// Calculate enough data to fill destination
while (pending > 0) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX hm;
HMAC_Init(&hm, secret, sslen, md);
HMAC_Update(&hm, tmpseed, tmpslen);
HMAC_Final(&hm, tmpseed, &tmpslen);
......@@ -104,12 +105,25 @@ P_hash(const char *digest, unsigned char *dest, int dlen, unsigned char *secret,
HMAC_Update(&hm, seed, slen);
HMAC_Final(&hm, hmac, &hlen);
HMAC_cleanup(&hm);
#else
HMAC_CTX *hm = HMAC_CTX_new();
HMAC_Init_ex(hm, secret, sslen, md, NULL);
HMAC_Update(hm, tmpseed, tmpslen);
HMAC_Final(hm, tmpseed, &tmpslen);
HMAC_Init_ex(hm, secret, sslen, md, NULL);
HMAC_Update(hm, tmpseed, tmpslen);
HMAC_Update(hm, seed, slen);
HMAC_Final(hm, hmac, &hlen);
HMAC_CTX_free(hm);
#endif
hlen = (hlen > pending) ? pending : hlen;
memcpy(out, hmac, hlen);
out += hlen;
pending -= hlen;
}
HMAC_cleanup(&hm);
return hlen;
}
......@@ -190,6 +204,8 @@ tls_connection_create(struct in_addr caddr, uint16_t cport, struct in_addr saddr
return NULL;
conn->server_private_key = SSL_get_privatekey(conn->ssl);
conn->client_cipher_ctx = EVP_CIPHER_CTX_new();
conn->server_cipher_ctx = EVP_CIPHER_CTX_new();
// Add this connection to the list
conn->next = connections;
......@@ -216,6 +232,8 @@ tls_connection_destroy(struct SSLConnection *conn)
}
// Deallocate connection memory
EVP_CIPHER_CTX_free(conn->client_cipher_ctx);
EVP_CIPHER_CTX_free(conn->server_cipher_ctx);
SSL_CTX_free(conn->ssl_ctx);
SSL_free(conn->ssl);
sng_free(conn);
......@@ -299,6 +317,7 @@ tls_process_segment(packet_t *packet, struct tcphdr *tcp)
struct in_addr ip_src, ip_dst;
uint16_t sport = packet->src.port;
uint16_t dport = packet->dst.port;
address_t tlsserver = capture_tls_server();
// Convert addresses
inet_pton(AF_INET, packet->src.ip, &ip_src);
......@@ -349,8 +368,16 @@ tls_process_segment(packet_t *packet, struct tcphdr *tcp)
}
} else {
if (tcp->th_flags & TH_SYN & ~TH_ACK) {
// New connection, store it status and leave
tls_connection_create(ip_src, sport, ip_dst, dport);
// Only create new connections whose destination is tlsserver
if (tlsserver.port) {
if (addressport_equals(tlsserver, packet->dst)) {
// New connection, store it status and leave
tls_connection_create(ip_src, sport, ip_dst, dport);
}
} else {
// New connection, store it status and leave
tls_connection_create(ip_src, sport, ip_dst, dport);
}
}
}
......@@ -377,33 +404,32 @@ tls_process_record_ssl2(struct SSLConnection *conn, const uint8_t *payload,
const int len, uint8_t **out, uint32_t *outl)
{
int record_len_len;
uint16 record_len16;
uint24 record_len24;
uint32_t record_len;
uint8_t record_type;
const opaque *fragment;
int flen;
// No record data here!
if (len == 0)
return 0;
return 1;
// Record header length
record_len_len = (payload[0] & 0x80) ? 2 : 3;
// Two bytes SSLv2 record length field
if (record_len_len == 2) {
record_len16.x[0] = (payload[0] & 0x7f) << 8;
record_len16.x[1] = (payload[1]);
record_len = (payload[0] & 0x7f) << 8;
record_len += (payload[1]);
record_type = payload[2];
fragment = payload + 3;
flen = UINT16_INT(record_len16) - 1 /* record type */;
flen = record_len - 1 /* record type */;
} else {
record_len24.x[0] = (payload[0] & 0x3f) << 8;
record_len24.x[1] = payload[1];
record_len24.x[2] = payload[2];
record_len = (payload[0] & 0x3f) << 8;
record_len += payload[1];
record_len += payload[2];
record_type = payload[3];
fragment = payload + 4;
flen = UINT24_INT(record_len24) - 1 /* record type */;
flen = record_len - 1 /* record type */;
}
// We only handle Client Hello handshake SSLv2 records
......@@ -450,7 +476,7 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
// No record data here!
if (len == 0)
return 0;
return 1;
// Get Record data
record = (struct TLSPlaintext *) payload;
......@@ -469,8 +495,14 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
break;
case change_cipher_spec:
// From now on, this connection will be encrypted using MasterSecret
if (conn->client_cipher_ctx.cipher && conn->server_cipher_ctx.cipher)
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (conn->client_cipher_ctx->cipher && conn->server_cipher_ctx->cipher)
conn->encrypted = 1;
#else
if (EVP_CIPHER_CTX_get_cipher_data(conn->client_cipher_ctx) &&
EVP_CIPHER_CTX_get_cipher_data(conn->server_cipher_ctx))
conn->encrypted = 1;
#endif
break;
case application_data:
if (conn->encrypted) {
......@@ -479,7 +511,7 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload,
}
break;
default:
break;
return 1;
}
}
......@@ -556,10 +588,17 @@ tls_process_record_handshake(struct SSLConnection *conn, const opaque *fragment,
// Decrypt PreMasterKey
clientkeyex = (struct ClientKeyExchange *) body;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RSA_private_decrypt(UINT16_INT(clientkeyex->length),
(const unsigned char *) &clientkeyex->exchange_keys,
(unsigned char *) &conn->pre_master_secret,
conn->server_private_key->pkey.rsa, RSA_PKCS1_PADDING);
#else
RSA_private_decrypt(UINT16_INT(clientkeyex->length),
(const unsigned char *) &clientkeyex->exchange_keys,
(unsigned char *) &conn->pre_master_secret,
EVP_PKEY_get0_RSA(conn->server_private_key), RSA_PKCS1_PADDING);
#endif
tls_debug_print_hex("client_random", &conn->client_random, 32);
tls_debug_print_hex("server_random", &conn->server_random, 32);
......@@ -605,13 +644,13 @@ tls_process_record_handshake(struct SSLConnection *conn, const opaque *fragment,
sng_free(seed);
// Create Client decoder
EVP_CIPHER_CTX_init(&conn->client_cipher_ctx);
EVP_CipherInit(&conn->client_cipher_ctx, conn->ciph,
EVP_CIPHER_CTX_init(conn->client_cipher_ctx);
EVP_CipherInit(conn->client_cipher_ctx, conn->ciph,
conn->key_material.client_write_key, conn->key_material.client_write_IV,
0);
EVP_CIPHER_CTX_init(&conn->server_cipher_ctx);
EVP_CipherInit(&conn->server_cipher_ctx, conn->ciph,
EVP_CIPHER_CTX_init(conn->server_cipher_ctx);
EVP_CipherInit(conn->server_cipher_ctx, conn->ciph,
conn->key_material.server_write_key, conn->key_material.server_write_IV,
0);
......@@ -647,9 +686,9 @@ tls_process_record_data(struct SSLConnection *conn, const opaque *fragment,
tls_debug_print_hex("Ciphertext", fragment, len);
if (conn->direction == 0) {
evp = &conn->client_cipher_ctx;
evp = conn->client_cipher_ctx;
} else {
evp = &conn->server_cipher_ctx;
evp = conn->server_cipher_ctx;
}
// TLS 1.1 and later extract explicit IV
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......@@ -238,8 +238,8 @@ struct SSLConnection {
uint8_t server_write_IV[16];
} key_material;
EVP_CIPHER_CTX client_cipher_ctx;
EVP_CIPHER_CTX server_cipher_ctx;
EVP_CIPHER_CTX *client_cipher_ctx;
EVP_CIPHER_CTX *server_cipher_ctx;
struct SSLConnection *next;
};
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2017 Ivan Alonso (Kaian)
** Copyright (C) 2013-2017 Irontec SL. All rights reserved.
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
......
......@@ -2,8 +2,8 @@
**
** sngrep - SIP Messages flow viewer