forked from osmocom/wireshark
b641febb1e
Lack of handshake reassembly caused Certificate handshake messages to be reported as "Encrypted Handshake Messages" and broke decryption in some cases. Fix this by properly tracking handshake fragments and delay dissection until all fragments are available. Now when a fragmented Handshake message is found: * The first fragment will have "(fragmented)" appended to the record tree item as well as the "Handshake Protocol" item. * "Reassembled Handshake Message in frame: X" is added for fragments. * The last reassembled handshake message will be displayed together with a fragment list. Note: Previously, handshake records with a message length larger than the available data was assumed to be encrypted. This restriction had to be lifted, but can now cause false positives (reporting encrypted data as unencrypted handshake fragments). The provided capture is not minimal but should be comprehensive as it is generated with randomly sized TLS record and TCP segment lengths using `./tls-handshake-fragments.py hs-frag.pcap --seed=1337 --count=100` and https://git.lekensteyn.nl/peter/wireshark-notes/tree/crafted-pkt/tls-handshake-fragments.py (A copy of this script is attached to bug 3303.) Bug: 3303 Bug: 15537 Bug: 15625 Change-Id: I779925aba30548a76c20e0e37b39d01d2c88a764 Reviewed-on: https://code.wireshark.org/review/32857 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Peter Wu <peter@lekensteyn.nl> |
||
|---|---|---|
| .. | ||
| arp.pcap | ||
| c1222_std_example8.pcap | ||
| dhcp-nanosecond.pcap | ||
| dhcp-nanosecond.pcapng | ||
| dhcp.pcap | ||
| dhcp.pcapng | ||
| dhe1.pcapng.gz | ||
| dmgr.pcapng | ||
| dns+icmp.pcapng.gz | ||
| dns-ooo.pcap | ||
| dns_port.pcap | ||
| dtls12-aes128ccm8-dsb.pcapng | ||
| dtls12-aes128ccm8.pcap | ||
| dvb-ci_UV1_0000.pcap | ||
| empty.pcap | ||
| esp-bug-12671.pcapng.gz | ||
| http-brotli.pcapng | ||
| http-ooo.pcap | ||
| http-ooo2.pcap | ||
| http.pcap | ||
| http2-brotli.pcapng | ||
| http2-data-reassembly.pcap | ||
| icmp.pcapng.gz | ||
| ikev1-bug-12610.pcapng.gz | ||
| ikev1-bug-12620.pcapng.gz | ||
| ikev1-certs.pcap | ||
| ikev2-decrypt-3des-sha1_160.pcap | ||
| ikev2-decrypt-aes128ccm12-2.pcap | ||
| ikev2-decrypt-aes128ccm12.pcap | ||
| ikev2-decrypt-aes192ctr.pcap | ||
| ikev2-decrypt-aes256cbc.pcapng | ||
| ikev2-decrypt-aes256ccm16.pcapng | ||
| ikev2-decrypt-aes256gcm8.pcap | ||
| ikev2-decrypt-aes256gcm16.pcap | ||
| ipv6.pcap | ||
| ipx_rip.pcap | ||
| knxip_DataSec.pcap | ||
| knxip_SecureWrapper.pcap | ||
| knxip_TimerNotify.pcap | ||
| krb-816.pcap.gz | ||
| many_interfaces.pcapng.1 | ||
| many_interfaces.pcapng.2 | ||
| many_interfaces.pcapng.3 | ||
| nfs.pcap | ||
| ntp.pcap | ||
| owe.pcapng.gz | ||
| packet-h2-14_headers.pcapng | ||
| retrans-tls.pcap | ||
| rsa-p-lt-q.pcap | ||
| rsasnakeoil2.pcap | ||
| sample_control4_2012-03-24.pcap | ||
| segmented_fpm.pcap | ||
| sip.pcapng | ||
| sipmsg.log | ||
| smb300-aes-128-ccm.pcap.gz | ||
| smb311-aes-128-ccm.pcap.gz | ||
| snakeoil-dtls.pcap | ||
| tcp-badsegments.pcap | ||
| text2pcap_hash_eol.txt | ||
| tftp.pcap | ||
| tls-fragmented-handshakes.pcap.gz | ||
| tls-renegotiation.pcap | ||
| tls12-aes128ccm.pcap | ||
| tls12-aes256gcm.pcap | ||
| tls12-chacha20poly1305.pcap | ||
| tls12-dsb.pcapng | ||
| tls13-20-chacha20poly1305.pcap | ||
| tls13-rfc8446.pcap | ||
| udt-dtls.pcapng.gz | ||
| wireguard-ping-tcp.pcap | ||
| wireguard-psk.pcap | ||
| wpa-Induction.pcap.gz | ||
| wpa-eap-tls.pcap.gz | ||
| wpa-test-decode-mgmt.pcap.gz | ||
| wpa-test-decode-tdls.pcap.gz | ||
| wpa-test-decode.pcap.gz | ||
| wpa1-gtk-rekey.pcapng.gz | ||
| wpa3-sae.pcapng.gz | ||