Age | Commit message (Collapse) | Author | Files | Lines |
|
Store all handshake mesages in a buffer so that we can hash them
correctly when generating the master secret.
This change does not work correctly for DTLS retransmitted packets; that
are in the handshake as they will be hashed twice; which is bad. Looking
for ideas to implement this.
Bug: 10686
Change-Id: Ied01d4cc37b4270f325070a8d1630d3123577a0d
Reviewed-on: https://code.wireshark.org/review/5168
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I434da226c842298f4fb2a4335d06d51e164af2af
Reviewed-on: https://code.wireshark.org/review/4394
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Patch "ssl,dtls: simplify keyfile handling" did not account for the use
case where packets are captured and decrypted on the fly using
SSLKEYLOGFILE.
This patch restores that functionality by reading additional lines from
the keylog file when needed (to preserve the benefit of not having to
read the full file) and by watching the open file for deletions.
"Deletion" is detected by comparing st_dev and st_ino. Since these may
be useless on Windows, the size is also checked.
Change-Id: Ieadaef1426a9270587293db28f4dda33b3d17334
Reviewed-on: https://code.wireshark.org/review/3190
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Previously, the keylog file would be fully parsed when an encrypted
pre-master secret is encountered or in the ChangeCipherSpec stage. There
was also a lot of duplication in the key logfile parsing.
This patch simplifies the key logfile parsing by using regular
expressions. Rather than scanning the key logfile for a specific key,
do this scan once at ssl init and save the results to a hashtable. The
map for session ID/tickets to master keys already existed, another one
for client random to master key and encrypted pre-master to pre-master
was added. This could later also be wired to the "Export SSL Keys"
menu item for improved reliability (when no session ID or tickets are
available, the client random could be used).
The ssl_{save,restore}_session{,_ticket} functions have been converted
to a single function that looks up a key (sid / client random / encr.
pre-master) to a (pre-)master secret.
Other minor changes: return booleans for some functions that can only
fail/pass. Remove some functions from the ssl-utils header that have
become private a few commits ago. Remove some outstanding issues
from the comments in packet-ssl as they are already done, add myself
to the ssl-utils header.
These changes pass the test suite and the sample Session Ticket-enabled
capture from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5963
On-the-fly decryption are broken with this patch since keylog files are
read once at the start of a capture. This will be solved in a future
patch.
Change-Id: Idb343abe161950b5f3ff61bee093d0f4ef9655bd
Reviewed-on: https://code.wireshark.org/review/3057
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib4bd5712cb85cd2671f67fe035747b88d5b4f186
Reviewed-on: https://code.wireshark.org/review/3034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Changes:
- dtls: also support saving session tickets.
- Drop the length check and let proto_tree_add_item throw exceptions
on length errors.
- Use proto_tree_add_item instead of proto_tree_add_uint.
- Drop "TLS" from header field descriptions, the RFC does not name it
as such and DTLS can also use it (a draft is in progress that extends
DTLS with Session Tickets,
draft-hummen-dtls-extended-session-resumption-01).
Change-Id: I11195217368b7200821d11289b1c5870a1ffe637
Reviewed-on: https://code.wireshark.org/review/3029
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Changes to ClientHello dissection:
- Move ssl_find_private_key (and its pre-req, ssl_set_server) outside
ssl_dissect_hnd_cli_hello. It has not really something to do with
dissection, but state tracking and decoder param feeding.
- dtls: add expert info for bad cipher suites len.
- ssl: remove bad cipher suites len text label which is also
available as expert info. Attach expert info to a the length proto
item (which is converted to use add_item instead of add_uint).
- Remove `if (tree || ssl)` since expert info seems not to apply
otherwise (this also needs changes in common and handshake
dissection).
- ssl: remove tvb_ensure_bytes_exist so we can dissect more
compression methods and cipher suites.
- Since DTLS has an additional Cookie field which TLS does not have,
pass these additional header fields through a struct whose type is
defined in ssl-utils.
Change-Id: I41bef04c1c3353e582e30f561d1d246a744e1d60
Reviewed-on: https://code.wireshark.org/review/3021
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Changes to ServerHello:
- Get rid of session parameter as the SslDecryptSession already
provides a reference to SslSession. Done for the new
ssl_dissect_hnd_srv_hello and ssl_dissect_hnd_hello_ext functions.
- No need to generate the keyring here, decryption is only needed after
ChangeCipherSpec and the keyring will be generated there provided
that there are enough params (cipher, version, master-secret, etc.)
- Get rid of labels and goto in favor of if/else.
- DTLS: SSL_HAVE_SESSION_KEY is implicitly set when
ssl_generate_keyring_material succeeds, no need to set it. Remove it.
- Remove `if (tree || ssl)` since expert info seems not to apply
otherwise (this also needs changes in common and handshake
dissection). (Expert info from the TLS extensions, not the
ServerHello itself.)
Other changes:
- ClientHello: renamed some fields shared with ServerHello.
Change-Id: I466b905d990489e03250bac97bf9d862ff82ce6c
Reviewed-on: https://code.wireshark.org/review/3020
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
My previous change removed master-key retrieval in the Server Hello.
This broke decryption when ClientKeyExchange is missing. That was done
because decryption is only needed after ChangeCipherSpec.
This patch moves the remaining initialization in ClientKeyExchange to
ChangeCipherSpec. In theory this could fix decryption of DTLS traffic
when an abbreviated handshake is used (and thus keyring material is
never generated in ClientKeyExchange since it is not called).
It also avoids saving a session ticket with an empty key which can
happen when no RSA key is present, but the NewSessionTicket message
is received. This could lead to garbage decryption.
Change-Id: If0f475232c270b1d7b006c1f9af0e8d8098c6b65
Reviewed-on: https://code.wireshark.org/review/3019
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Based on DTLS code with changes merged from SSL. Changes:
- Ignore large Session IDs, this was not harmful though since the
backing storage was 256 bytes in size.
- {ssl,dtls}.handshake.random: fixed description, it is not used like
a SSLv2 random challenge.
- dtls: also debug print client/server for random
- SSL: the common dissector now returns an offset rather than dissected
length.
- dtls: display actual Session ID bytes in the UI rather than the text
"Session ID (32 bytes)". The length field is already visible in the
preceding field.
Also changed is the handling of key material generation. The SSL
dissector previously generated key material based on the Session ID,
Session Ticket or a key logfile. (DTLS did not have this functionality.)
As decryption is needed only after ChangeCipherSpec, I have removed it
from the ServerHello handling. This will break decryption when a
ClientKeyExchange message is missing, but it will be restored proper in
a next patch.
(By the way, there was an inverted if-condition bug in DTLS that could
break decryption by not restoring the master key matching a SID. This
is gone in the refactoring because the faulty code is removed.)
Change-Id: Ida3de88adefe3f7691f85936c496977426c4d96e
Reviewed-on: https://code.wireshark.org/review/3018
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
This could lead to problems for fragmented DTLS packets.
Change-Id: I602c7e181ea3799a4a2e7bcfed05bfbb129f7df4
Reviewed-on: https://code.wireshark.org/review/3017
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Except for field/expert_info names, a redundant subtree assignment,
a different !tree check, a type confusion in DTLS (proto_tree *ti),
a check against a different DTLS/TLS version and a (void) retval cast,
the functions are exactly the same. Extract them to ssl-utils.
Change-Id: I2ca7089fe2cd23212ef78656506cb53768f55927
Reviewed-on: https://code.wireshark.org/review/2986
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
There are no dissection differences between DTLS and SSL, so move to
ssl-utils. While at it, skip dissection when the tree is NULL, remove
the plural from certificates length (the length is always larger than
ome), fix type of "ti" for dtls, get rid of "failsafe" subtree
assignment in ssl, get rid of tvb_ensure_bytes_exist in ssl.
Unrelated changes: fix param (tvb vs sub_tvb) for DTLS KeyExchange
handshake messages.
Change-Id: Iecaa45a7a601e55a52aa16180cf219a122fbe95a
Reviewed-on: https://code.wireshark.org/review/2985
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The DTLS dissector duplicated a handshake types check, this has been
eliminated. Convert HandshakeType and ContentType to enums to get the
benefit of compiler-checked switch cases. Move these checks to
ssl-utils.
Two default cases could never be reached since the dissector returns
immediately on an invalid ContentType.
Also fixed misleading debugging messages.
Change-Id: I07a2062564e073004dcc0401cd82538e5659fa0c
Reviewed-on: https://code.wireshark.org/review/2978
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Every occurrence of tvb_length* has been converted to
tvb_reported_length* except some dtls lines.
Change-Id: I0faac315cdf5d17c0af18be177aacd076ff86cff
Reviewed-on: https://code.wireshark.org/review/2977
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I2ea1892b5963cc5578cbdd2b03029ca8424f2267
Reviewed-on: https://code.wireshark.org/review/2640
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Hopefully that name makes it clear what the routiner's purpose is, and
will encourage people to use it rather than using dissector_add_uint()
with a bogus integer value.
Change-Id: Ic5be456d0ad40b176aab01712ab7b13aed5de2a8
Reviewed-on: https://code.wireshark.org/review/2483
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f
Reviewed-on: https://code.wireshark.org/review/2377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
tvb_new_subset -> tvb_new_subset_remaining it appears that's what the intention is.
Change-Id: I2334bbf3f10475b3c22391392fc8b6864454de2d
Reviewed-on: https://code.wireshark.org/review/1999
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Instead of X.509 certificates now also Raw public keys are supported
and shown correctly.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ibe7610aace31a19791b02e71ccd8d9ceb8cf979d
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1372
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This analyses the certificate type extensions and then stores the
certificate type in the ssl session. This way we can later show the
certificate in the correct from.
This is described in this draft:
https://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-11
Change-Id: Ifdda165807bc29f1fc138da000a9a538ecd18b6e
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1371
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Use the struct SslSession instead of passing the tls version and cipher
to each function.
Change-Id: I95ad8cb5857794608f0f8db5c2dfd4b16e6578d5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1820
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This structure is used to store information about a SSL session which
is not only needed for decrypting the session, but also to show nice
dissection information.
In an other patch I will add some more members to the struct because
the old way of passing them to the function does not scale.
Change-Id: I88e7f2896e0364a41d4538752dad291de83bfbca
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1819
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
which can be used to call the found heuristic dissector on the next pass.
Introduce call_heur_dissector_direct() to be used to call a heuristic
dissector which accepted the frame on the first pass.
Change-Id: I524edd717b7d92b510bd60acfeea686d5f2b4582
Reviewed-on: https://code.wireshark.org/review/1697
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This moves the keyfile and psk options from the ssl code into ssl-utils
and then uses them also for dtls.
This is the last missing part for bug 9499 from my side.
Change-Id: Ie2fe5bc565eabe1e6ce62498c985b8a36e913b0f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1369
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The dissector only ran through the server hello extensions for the tree
and not in the ssl decryption pass. This resulted in
ssl_dissect_hnd_hello_ext() being always called with ssl == NULL. For
SSL this was also called with ssl != NULL.
Change-Id: I22f7b1089731124b3ca1a2b8515f307c4a021b7f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1370
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: Idc9f105164919827a8a81c88b5a56de4fa25df0b
Reviewed-on: https://code.wireshark.org/review/1197
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Added an expert info for invalid payload length (heartbleed).
Change-Id: I9e09d1ae2b997091bbce2483c098dba7e6631859
Reviewed-on: https://code.wireshark.org/review/1067
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
dissectors
Change-Id: I7489e2fb3a1f2630ca17b0a5fe1aa873992f1061
Reviewed-on: https://code.wireshark.org/review/975
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iff14ec4d0297ec85f3597b33871fb0ab5256a597
Reviewed-on: https://code.wireshark.org/review/728
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Ia03a1cd4590aceda30ead4aa93ad413d90c6aea6
Reviewed-on: https://code.wireshark.org/review/372
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>
|
|
it only did the RSA MD5/SHA1 ones.
Change-Id: I7b16c7245dd1646f68479095540a8bef191d5fb2
Reviewed-on: https://code.wireshark.org/review/160
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
The majority of the fixes are for calls to uat_new(). Instead of
having each caller cast its private data to (void**), we use void*
in the uat_new() API itself. Inside uat_new(), we cast the void*
to void**.
Some dissectors use val64_string arrays, so a VALS64() macro was
added for those, to avoid using VALS(), which is useful only for
value_string arrays.
packet-mq.c was changed because dissect_nt_sid() requires
a char**, not a guint**. All other callers of dissect_nt_sid() use
char*'s (and take the address of it) for their local storage. So,
this was changed to follow the other practices.
A confusion between gint and absolute_time_display_e in packet-time.c
was cleared up.
The ugliest fix is the addition of ip6_guint8_to_str(), for exactly
one caller. The caller uses one type of ip6 address byte array,
while ip6_to_str() expects another. This new function is in place
until the various address implementations can be consolidated.
Add VALS64() to the developer documentation.
Change-Id: If93ff5c6c8c7cc3c9510d7fb78fa9108e4552805
Reviewed-on: https://code.wireshark.org/review/48
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add decryption for resumed TLS sessions with a session ticket.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5963
svn path=/trunk/; revision=54860
|
|
any ephemeral memory.
svn path=/trunk/; revision=54434
|
|
dtls: use generic ssl dissect code for TLS extensions
This makes the DTLS dissector use the now common TLS extensions
dissector from packet-ssl-utils.c instead of its own.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
svn path=/trunk/; revision=54419
|
|
svn path=/trunk/; revision=54332
|
|
DLTS: add cipher version for OpenSSL pre 0.9.8f
OpenSSL pre 0.9.8f uses the TLS version 0x0100 and is not completely
compatible with DTLS 1.0 or 1.2. One difference is that the encrypted
pre master from TLS 1.0 does not have an own length, which is needed by
TLS and DTLS 1.0, this makes decrypting impossible. This patch makes it
possible for the code to distinguish between this OpenSSL version and
real DTLS 1.0, because they are not using the same code any more. This
is needed to fix the snakeoil-dtls test.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
svn path=/trunk/; revision=54043
|
|
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9499)
From Hauke Mehrtens
1. dtls: set ssl_set_server() in DTLS dissector so wireshark knows if this is client or server
2. SSL: add decrypt support for CCM and CCM_8 Ciphers per rfc 6655
3. dtls: add psk decrypt support
svn path=/trunk/; revision=53836
|
|
9208 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9208)
1. Fix ECDH server key exchange for DTLS 1.2
2. Fix RSA server key exchange for DTLS 1.2
From Hauke Mehrtens
svn path=/trunk/; revision=52595
|
|
svn path=/trunk/; revision=52591
|
|
svn path=/trunk/; revision=52031
|
|
svn path=/trunk/; revision=51852
|
|
svn path=/trunk/; revision=51590
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9081 :
DTLS: fix detection of encrypted handshake messages in case of fragment
svn path=/trunk/; revision=51589
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9081 :
DTLS: improve detection of encrypted handshake messages
svn path=/trunk/; revision=51578
|
|
Break out Signature Hash Algorithm into hash and signature values
From me:
Cleanup all "saved" trees throughout the dissector as well as removing a few unnecessary NULL tree checks.
Removed most of the tvb_ensure_bytes_exist checks because the line that follows will through an exception anyway if there isn't enough bytes in the tvb.
svn path=/trunk/; revision=51574
|