Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@gmail.com>
ep_address_to_str() doesn't crash if called outside packet scope, but
it's still not correct to use outside packet scope. Use
address_to_str(NULL, ...) to allocate those strings, and then explicitly
free them when we're done; exceptions don't get thrown between the
allocate and free, so there's no risk of a leak.
Change-Id: Iea2af93b0757e648d399e2ba64249224eb7e9e3c
Reviewed-on: https://code.wireshark.org/review/2438
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Most (all?) of these functions are being called within GUI, so they can't have packet_scope, which is why they weren't already converted (I made this mistake once already)
This reverts commit 7fea55a054.
Change-Id: I4bf29b206e5e1f5daefcec131309a8f6e78e1eb1
Reviewed-on: https://code.wireshark.org/review/2428
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead, explicitly allocate and free the address string.
Using packet scope was causing test failures.
Change-Id: Ie18d2da44d2eec8a92a6a86b0ba883a5525f49cd
Reviewed-on: https://code.wireshark.org/review/2387
Reviewed-by: Guy Harris <guy@alum.mit.edu>
No exceptions can be thrown when loading a key from a file, so it's safe.
Change-Id: I14ee8569bb516fcb45b72f07f76d28ef4b32065c
Reviewed-on: https://code.wireshark.org/review/2243
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add better reference to IANA list of all extensions.
Add newer "channel_id" extension (0x7550) as used by current Chrome versions.
Change-Id: Ia5b2515c557fbaf42d320ede918120f83b2e02dd
Reviewed-on: https://code.wireshark.org/review/1924
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Instead of X.509 certificates now also Raw public keys are supported
and shown correctly.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ibe7610aace31a19791b02e71ccd8d9ceb8cf979d
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1372
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This analyses the certificate type extensions and then stores the
certificate type in the ssl session. This way we can later show the
certificate in the correct from.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ifdda165807bc29f1fc138da000a9a538ecd18b6e
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1371
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This structure is used to store information about a SSL session which
is not only needed for decrypting the session, but also to show nice
dissection information.
In an other patch I will add some more members to the struct because
the old way of passing them to the function does not scale.
Change-Id: I88e7f2896e0364a41d4538752dad291de83bfbca
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1819
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This moves the keyfile and psk options from the ssl code into ssl-utils
and then uses them also for dtls.
This is the last missing part for bug 9499 from my side.
Change-Id: Ie2fe5bc565eabe1e6ce62498c985b8a36e913b0f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1369
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Both "any port" and "any address" are supported separatedly, but not the
combination of both. This also has the effect that the combination of
any address with the special keyword "start_tls" did not work.
Fix this by checking for a private key with the combination of any
address and port.
Change-Id: Icb49d6728f032a05007dcb7ac73ec0528778441a
Reviewed-on: https://code.wireshark.org/review/1368
Reviewed-by: Evan Huus <eapache@gmail.com>
There is no need to check for private keys if there are none. In
addition, print the number of keys for debugging purposes.
Change-Id: Idc9d650e0bf087c0f647dba4e5bd4920b4f6e228
Reviewed-on: https://code.wireshark.org/review/1367
Reviewed-by: Evan Huus <eapache@gmail.com>
The wildcard address contains all zeroes, resulting in the same hash
for 0.0.0.0 and ::. Not really problematic, but it does not sound
great either.
Change-Id: I099128973a1bd8bb5c88d0abcab3ea4ecc3a96c9
Reviewed-on: https://code.wireshark.org/review/1366
Reviewed-by: Evan Huus <eapache@gmail.com>
No caller checks its return value (which is always 0).
Change-Id: I18461ee6e5d369722c8c2b2ea1e409423aa5d631
Reviewed-on: https://code.wireshark.org/review/1365
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
The same file pointer is used for both IPv4 and IPv6.
Change-Id: I448ee10426882dcd5bcddf6b005ca1d07fe9572c
Reviewed-on: https://code.wireshark.org/review/1345
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Partially reverts "Convert SSL and TCP dissectors to wmem (with the
exception of UAT)." (960a461c8a).
ssl_load_pkcs12 is called in UAT context via
ssldecrypt_uat_fld_password_chk_cb and ssl_parse_key_list (dtls/ssl).
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10038
Change-Id: I22220fd128b17e273c5ed572a83edbfb8261bda9
Reviewed-on: https://code.wireshark.org/review/1344
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Also fixed a comment for a #endif for the same defines.
Change-Id: Icbbf619dbaeb1d4d154a5f1a8273f252d35c6981
Reviewed-on: https://code.wireshark.org/review/1070
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
wmem_packet_scope() cannot be used outside of a packet treatment
Change-Id: I6e545bbb51f325b366288f17358f9d2347a7d7c4
Reviewed-on: https://code.wireshark.org/review/977
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Change-Id: I7489e2fb3a1f2630ca17b0a5fe1aa873992f1061
Reviewed-on: https://code.wireshark.org/review/975
Reviewed-by: Michael Mann <mmann78@netscape.net>
This extension is defined in RFC 6962.
Change-Id: I3aa7321c60baef59ccb59ded6b91f3e42c854bfa
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/970
Reviewed-by: Michael Mann <mmann78@netscape.net>
This adds detection for the named brainpool ecc curves defined in RFC7027.
Change-Id: I125ddbf74068888f4989781d274dbc74feb8b20c
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/968
Reviewed-by: Michael Mann <mmann78@netscape.net>
This adds basic detection of Supplemental Data as defined in RFC4680.
Change-Id: I8dac99bf243a6bd176585d1fe70f82abcae70c7f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/967
Reviewed-by: Michael Mann <mmann78@netscape.net>
this was broken in 21aa7168c7
to be on the safe side, we assue that return value >= 0 means success,
< 0 means failure
Change-Id: I1d03000e6b6d70fac6bef8766d28990d953c8e27
Reviewed-on: https://code.wireshark.org/review/609
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
don't make private key and keylog file mutually exclusive
if we find a private key that does not match or is not usable for
getting the pre-master secret (e.g. because we're using an ephemeral
cipher suite), don't give up and exit with an error
continue reading the keylog file and search for our master secret there
Change-Id: I59fb460339e3e606a077b3a902fa1f9777b5e118
Reviewed-on: https://code.wireshark.org/review/590
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
This patch adds some more ciphers to the list of ciphers that can be
decrypted by wireshark. Most of them are PSK based ciphers. To do the a
actually decryption in most cases the TLS pre master secret or the
master secret is needed.
In the changed lines just a comment with the name of the cipher was
added.
This was generated with the help of Peter Wu's generate-wireshark-cs
script from https://git.lekensteyn.nl/peter/wireshark-notes.git .
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Change-Id: I347dc5a530380a04cc00418640f00bbda0db8de8
Reviewed-on: https://code.wireshark.org/review/558
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ib8779b0db790a78fff8bd1970a7240bbd8f49f75
Reviewed-on: https://code.wireshark.org/review/537
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
ssl: move TLS ext dissect code to packet-ssl-utils.c
This moves the code used to parse the TLS extension into packet-
ssl-utils.c and adds an architecture that this code could be used by
dtls in the next patch. This patch should not change anything in the
functionality.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
svn path=/trunk/; revision=54418
versions, so do the same. Plain old memmove appears to be specified in C90, so
I'm not sure why they ever needed a compat function in the first place...
svn path=/trunk/; revision=54295
