Reworked TLS fingerprint calcolation

Modified TLS memory free

5 files changed, 19 insertions, 29 deletions

diff --git a/example/reader_util.c b/example/reader_util.c
index c7acd90f0..9c03daaa8 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1164,7 +1164,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 
     if(flow->ndpi_flow->l4.tcp.tls.fingerprint_set) {
       memcpy(flow->ssh_tls.sha1_cert_fingerprint,
-	     flow->ndpi_flow->l4.tcp.tls.sha1_certificate_fingerprint, 20);
+	     flow->ndpi_flow->protos.stun_ssl.ssl.sha1_certificate_fingerprint, 20);
       flow->ssh_tls.sha1_cert_fingerprint_set = 1;
     }
 
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 76f9198da..7a1d0d9bd 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -672,13 +672,11 @@ struct ndpi_flow_tcp_struct {
       u_int buffer_len, buffer_used;
       u_int32_t next_seq[2]; /* Directions */
     } message;
-    
-    void* srv_cert_fingerprint_ctx; /* SHA-1 */
   
     /* NDPI_PROTOCOL_TLS */
     u_int8_t hello_processed:1, certificate_processed:1, subprotocol_detected:1,
 	fingerprint_set:1, _pad:4;
-    u_int8_t sha1_certificate_fingerprint[20], num_tls_blocks;
+    u_int8_t num_tls_blocks;
     int16_t tls_application_blocks_len[NDPI_MAX_NUM_TLS_APPL_BLOCKS]; /* + = src->dst, - = dst->src */
   } tls;
   
@@ -1264,7 +1262,8 @@ struct ndpi_flow_struct {
 	u_int32_t notBefore, notAfter;
 	char ja3_client[33], ja3_server[33];
 	u_int16_t server_cipher;
-
+	u_int8_t sha1_certificate_fingerprint[20];
+	
 	struct {
 	  u_int16_t cipher_suite;
 	  char *esni;
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 45caa56ce..e4616b4cb 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -6341,19 +6341,14 @@ void ndpi_free_flow_data(struct ndpi_flow_struct *flow) {
       if(flow->protos.stun_ssl.ssl.tls_supported_versions)
         ndpi_free(flow->protos.stun_ssl.ssl.tls_supported_versions);
 	
-      if(!is_quic) {
-	if(flow->protos.stun_ssl.ssl.issuerDN)
-	  ndpi_free(flow->protos.stun_ssl.ssl.issuerDN);
-	
-	if(flow->protos.stun_ssl.ssl.subjectDN)
-	  ndpi_free(flow->protos.stun_ssl.ssl.subjectDN);
-	
-	if(flow->l4.tcp.tls.srv_cert_fingerprint_ctx)
-	  ndpi_free(flow->l4.tcp.tls.srv_cert_fingerprint_ctx);
-	
-	if(flow->protos.stun_ssl.ssl.encrypted_sni.esni)
-	  ndpi_free(flow->protos.stun_ssl.ssl.encrypted_sni.esni);
-      }
+      if(flow->protos.stun_ssl.ssl.issuerDN)
+	ndpi_free(flow->protos.stun_ssl.ssl.issuerDN);
+      
+      if(flow->protos.stun_ssl.ssl.subjectDN)
+	ndpi_free(flow->protos.stun_ssl.ssl.subjectDN);
+      
+      if(flow->protos.stun_ssl.ssl.encrypted_sni.esni)
+	ndpi_free(flow->protos.stun_ssl.ssl.encrypted_sni.esni);
     }
 
     if(flow->l4_proto == IPPROTO_TCP) {
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 4f31369af..294be770a 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1318,10 +1318,10 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct,
 	if(flow->protos.stun_ssl.ssl.tls_supported_versions)
 	  ndpi_serialize_string_string(serializer, "tls_supported_versions", flow->protos.stun_ssl.ssl.tls_supported_versions);	
 	
-	if(flow->l4.tcp.tls.sha1_certificate_fingerprint[0] != '\0') {
+	if(flow->protos.stun_ssl.ssl.sha1_certificate_fingerprint[0] != '\0') {
 	  for(i=0, off=0; i<20; i++) {
 	    int rc = snprintf(&buf[off], sizeof(buf)-off,"%s%02X", (i > 0) ? ":" : "",
-			      flow->l4.tcp.tls.sha1_certificate_fingerprint[i] & 0xFF);
+			      flow->protos.stun_ssl.ssl.sha1_certificate_fingerprint[i] & 0xFF);
 	    
 	    if(rc <= 0) break; else off += rc;
 	  }
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 9933ca8b2..344a85d6b 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -540,7 +540,8 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
   u_int32_t certificates_length, length = (packet->payload[1] << 16) + (packet->payload[2] << 8) + packet->payload[3];
   u_int16_t certificates_offset = 7;
   u_int8_t num_certificates_found = 0;
-
+  SHA1_CTX srv_cert_fingerprint_ctx ;
+  
 #ifdef DEBUG_TLS
   printf("[TLS] %s() [payload_packet_len=%u][direction: %u][%02X %02X %02X %02X %02X %02X...]\n",
 	 __FUNCTION__, packet->payload_packet_len,
@@ -561,11 +562,6 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
     return(-2); /* Invalid length */
   }
 
-  if(!flow->l4.tcp.tls.srv_cert_fingerprint_ctx) {
-    if((flow->l4.tcp.tls.srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX))) == NULL)
-      return(-3); /* Not enough memory */
-  }
-
   /* Now let's process each individual certificates */
   while(certificates_offset < certificates_length) {
     u_int32_t certificate_len = (packet->payload[certificates_offset] << 16) + (packet->payload[certificates_offset+1] << 8) + packet->payload[certificates_offset+2];
@@ -595,7 +591,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
     if(num_certificates_found++ == 0) /* Dissect only the first certificate that is the one we care */ {
       /* For SHA-1 we take into account only the first certificate and not all of them */
 
-      SHA1Init(flow->l4.tcp.tls.srv_cert_fingerprint_ctx);
+      SHA1Init(&srv_cert_fingerprint_ctx);
 
 #ifdef DEBUG_CERTIFICATE_HASH
       {
@@ -608,11 +604,11 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
       }
 #endif
 
-      SHA1Update(flow->l4.tcp.tls.srv_cert_fingerprint_ctx,
+      SHA1Update(&srv_cert_fingerprint_ctx,
 		 &packet->payload[certificates_offset],
 		 certificate_len);
 
-      SHA1Final(flow->l4.tcp.tls.sha1_certificate_fingerprint, flow->l4.tcp.tls.srv_cert_fingerprint_ctx);
+      SHA1Final(flow->protos.stun_ssl.ssl.sha1_certificate_fingerprint, &srv_cert_fingerprint_ctx);
 
       flow->l4.tcp.tls.fingerprint_set = 1;