"decoder->flow" could result in a NULL pointer dereference if a null
cipher was in use (caught by Clang static analyzer).
Answering the questions:
- DTLS records fragments do not need to be reassembled, thus there is no
flow. The Handshake messages have their own fragment_offset field and
thus there is no need to maintain an extra flow.
- Actually one datagram can contain multiple records (RFC 6347, 4.1.1),
but this is not implemented yet. The key can however not be "0"
though, it must match the offsets from ssl_get_record_info.
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
Change-Id: Iac367a68a2936559cd5d557f877c5598114cadca
Reviewed-on: https://code.wireshark.org/review/19892
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Current code is not able to detect missing mandatory information elements
because the macro will return once the end of the payload is reached.
Remove this check from all mandatory IE macros, and put it at the beginning
of optional IE ones. It should allow to detect any missing mandatory IE
while still stopping message dissection in case optional IEs are not
present.
Change-Id: Ie820740e25c1d03ee3462fa4a913c3a7870fcc2d
Reviewed-on: https://code.wireshark.org/review/19816
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Dissection of all new HCI command/events related with
Bluetooh 5.0 feature 'PHY update - LE 2M and LE Coded'
Change-Id: I212cb368d3295ba36eb0ca34329df566cae1611b
Signed-off-by: Allan Møller Madsen <almomadk@gmail.com>
Reviewed-on: https://code.wireshark.org/review/19849
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michal Labedzki <michal.tomasz.labedzki@gmail.com>
"default" frame information sets no retransmission or more fragments.
Bug: 13015
Change-Id: I1c8a29fe06d0b38abc789c8e454dc484490186f9
Reviewed-on: https://code.wireshark.org/review/19891
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Dear Microsoft: why did you choose not to support line buffering in
the MSVC "standard I/O library" routines?)
Change-Id: I5add94d2c83e73e9845fea0f355a1923fddf2deb
Reviewed-on: https://code.wireshark.org/review/19890
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: Iec574db8c28d2e02136e6c4119e5688b21112299
Reviewed-on: https://code.wireshark.org/review/19889
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Update comments to reflect the behaviour as well.
Update comment inside the
Change-Id: Id3629b217a2adc096fd6b0cb0221270e92ebd5da
Reviewed-on: https://code.wireshark.org/review/19875
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Per the Nasdaq TotalView-ITCH v2/3 protocol specifications the
NASDAQ-ITCH dissector needs be able to dissect a MoldUDP payload.
Change-Id: Id5194930025a9abdfb1663234233fd51e525a34b
Reviewed-on: https://code.wireshark.org/review/19847
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Shutdown communication is now also allowed on Admin Reset NOTIFICATION messages:
https://tools.ietf.org/rfcdiff?url2=draft-ietf-idr-shutdown-04.txt
Change-Id: I6450d3d5de5aef4bd709ba2b211ca717784b00a7
Reviewed-on: https://code.wireshark.org/review/19886
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I1b7dd1835fe60852b8c90f0ce5e240813cad89d1
Reviewed-on: https://code.wireshark.org/review/15574
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ic6de84a37b501e9c62a7d37071b2b081a1a1dd50
Reviewed-on: https://code.wireshark.org/review/19885
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
All cases of the "original" format_text have been handled to add the
proper wmem allocator scope. Remove the "original" format_text
and replace it with one that has a wmem allocator as a parameter.
Change-Id: I278b93bcb4a17ff396413b75cd332f5fc2666719
Reviewed-on: https://code.wireshark.org/review/19884
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The "Microsecond pcap-ng via stdin" and "Nanosecond pcap-ng via stdin"
tests work here on macOS and Windows (likely due to g8a141fe), so
enable them.
Change-Id: I148d02f0cc23162d782457e1d8f0e7c2c0dc6932
Reviewed-on: https://code.wireshark.org/review/19877
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Document structure, did not put much effort in there as the format is
subject to change (untested, no pcap available).
Change-Id: I2da8c4e005d65314158d038bc0af7411773d8fba
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19865
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.3.1
Change-Id: I35e049d991be4c242ef2b84db3a322c6a13d2f96
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19860
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Extract the content type and handle padding per
https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-5.2
When TLS 1.3 is detected, rename the "Content Type" field to "Opaque
[Content] Type" and add a new generated field for the content type that
was extracted from the decrypted contents.
Change-Id: I149a5d7e2493dded6e2c0190e170fa350f76466e
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19859
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Note that RPK (RFC 7250) is not well-defined and is left untouched.
https://github.com/tlswg/tls13-spec/issues/722
Certificate extensions dissections remains a task for later.
Change-Id: I62276e59db94429e4c09058aca3c08f390ec3af7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19864
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
digitally-signed is gone in TLS 1.3. ClientKeyExchange/ServerKeyExchange
are gone, so effectively modifying this function is good enough to cover
CertificateVerify dissection (ssl_dissect_hnd_cli_cert_verify).
See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#page-58
Change-Id: I07f621bc088d810a3f35343bec7a0a3303b1426b
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19866
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
TLS and DTLS share the same code for decryption of AEAD ciphers.
Add tests for all possible AEAD cipher modes (GCM, CCM, CCM_8).
PSK is used to reduce the handshake size (removing certificates).
The decryption suite passes these tests on:
* Libgcrypt 1.6.5 (Ubuntu 14.04)
* Libgcrypt 1.7.6 (Arch Linux)
* Libgcrypt 1.4.5 (CentOS 6). Note that the GnuTLS packages are too old,
so tests that depend on RSA keys fail here (but the new tests pass).
Change-Id: If0dc5b94223fb247062e23960ff66dfdd4f7a902
Reviewed-on: https://code.wireshark.org/review/19850
Reviewed-by: Anders Broman <a.broman58@gmail.com>
format_text_wmem uses NULL scope in GUI dialogs
Change-Id: Ifaa342e034de9f99b59169cdf0c7ddc52ff67597
Reviewed-on: https://code.wireshark.org/review/19882
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
It's only use is in dissectors or other tree creation APIs (where
packet scope is valid), so have it use format_text_wmem with
wmem_packet_scope().
Change-Id: I1f34e284a870c9844c6b27f4ae08a1e7efe54098
Reviewed-on: https://code.wireshark.org/review/19883
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The bare essentials are now in place to perform decryption
(HKDF-Expand-Label, calculation of traffic secrets, AEAD integration).
Can successfully decrypt the initial handshake message. Only AES ciphers
are supported, ChaCha20-Poly1305 still needs to be added.
Note: "decryption" indeed works, but dissection needs to be updated. The
padding must be stripped and the content type extracted.
Ping-Bug: 12779
Change-Id: I3869c9ae5131e57519be99c5f439c4fa68841bae
Reviewed-on: https://code.wireshark.org/review/19858
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Unauthenticated data should not be displayed as valid. Validate the
authentication tag, similar like how MAC checks are done for block
ciphers. This requires Libgcrypt 1.6 or newer.
Tested against the (D)TLS AEAD tests on Libgcrypt 1.4.5 (CentOS 6),
1.6.5 (Ubuntu 14.04), 1.7.6 (Arch Linux). Compile-tested w/o Libgcrypt.
Change-Id: Iee15f4ccc5bbe01a50677167fa9c50c1ffe382d3
Reviewed-on: https://code.wireshark.org/review/19853
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The current ssl_decrypt_record is hard to understand due to mixing CBC
concepts (MAC, padding) with AEAD. Extract the AEAD functionality and
use better variable naming.
The "Plaintext" debug print now includes just the plaintext (the auth
tag is stripped). A write_iv.data_len check is added just to be sure and
more prep work is done for auth tag validation and TLS 1.3 support.
Tested against the (D)TLS AEAD tests on Libgcrypt 1.4.5 (CentOS 6),
1.6.5 (Ubuntu 14.04), 1.7.6 (Arch Linux). Compile-tested w/o Libgcrypt.
Change-Id: I94dd2fd70e1281d85c954abfe523f7483d9ac68b
Reviewed-on: https://code.wireshark.org/review/19852
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use NULL scope to be safe.
Change-Id: I1967737cf6a1c90cc2e0476d3f2ace63aa0c9153
Reviewed-on: https://code.wireshark.org/review/19857
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
It's only use is in dissectors, so have it use
format_text_wmem with wmem_packet_scope().
Change-Id: I22121324fd47aee32174b65104458ad2ef329bd7
Reviewed-on: https://code.wireshark.org/review/19856
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This allows for a wmem_allocator for users of format_text who want
it (dissectors for wmem_packet_scope()). This lessens the role of
current format_text functionality in hopes that it will eventually
be replaced.
Change-Id: I970557a65e32aa79634a3fcc654ab641b871178e
Reviewed-on: https://code.wireshark.org/review/19855
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idf40de8bfa76cbe4437a157fc90bd994d4b2233e
Reviewed-on: https://code.wireshark.org/review/19872
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
coaps port is defined in RFC 7252, section 12.7.
CoAP (RFC 7252) is defined only for UDP, not TCP. For TCP, the frame
format is slightly different (draft-ietf-core-coap-tcp-tls-05) and
needs more dissector changes, so remove registration for now.
Change-Id: I1fc7163086f8fe66986565aa24b579ef24f72550
Ping-Bug: 13370
Reviewed-on: https://code.wireshark.org/review/19870
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Also unconditionally show the encrypted appdata record, matching the SSL
dissector. Now the bytes are always linked to a field.
Change-Id: Ie65cd5fc6620d53da46a94cdb1972863702b452c
Reviewed-on: https://code.wireshark.org/review/19868
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Dumpcap doesn't yet support capturing pcapng from stdin. On Windows,
make sure we invalidate our file handle so that instead of printing
"Error reading from pipe: The operation completed successfully. (error 0)"
we show the more useful
"Capturing from a pipe doesn't support pcapng format."
Change-Id: I472c1bf5c8520c9ee3fe4b6299a6e0250262ea51
Reviewed-on: https://code.wireshark.org/review/19876
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In extcap argument ExtArgTimestamp set DisplayFormat to system DateTimeFormat.
Change-Id: I281d6cc1aa59e785a75d6f1c8ff9780ba5ad9eba
Reviewed-on: https://code.wireshark.org/review/19863
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
The Great Britain Companion Specification specifies how energy meters
will communicate in the UK. This patch adds names for attributes and
commands from the Smart Energy Metering cluster that are used within
that specification.
Futhermore take care of Change 19481 for ZigBee Smart Energy.
Bug: 13360
Change-Id: Ia229265f9dc2168c8977303f3540c2ffc1bb5a0a
Reviewed-on: https://code.wireshark.org/review/19768
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
format_text_wsp is fed into by tvb_format_text_wsp and tvb_format_stringzpad_wsp
so those functions need to add a wmem allocated parameter as well.
Most of the changes came from tvb_format_text_wsp and tvb_format_stringzpad_wsp
being changed more so than format_text_wsp.
Change-Id: I52214ca107016f0e96371a9a8430aa89336f91d7
Reviewed-on: https://code.wireshark.org/review/19851
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Id749c41947c6300f2c82ed947352c336f9e45b72
Reviewed-on: https://code.wireshark.org/review/19838
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Guy Harris