| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bug: 13522
Change-Id: I0dfe30e086c3ef1a4f96f22e2db46e4d4cc7dffa
Reviewed-on: https://code.wireshark.org/review/20771
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I80b05bc81e77a70f2e0c8e1fe706ce5bd0a33981
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/20593
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It changed from an alert to a handshake message.
Change-Id: Ic24776e612a291153290543ba1ec8680d9d74264
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/20586
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Ping-Bug: 12779
Change-Id: Ic21869f73ffa1ac29b6a50102030eca85f533d37
Reviewed-on: https://code.wireshark.org/review/20589
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Also rename the fields for consistency.
Change-Id: I49f4c9b1d308264e7849df92e1b1ac4a93a94766
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/20590
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Added new max_early_data_size for NewSessionTicket.
Change-Id: I6886415d03ffdce983b49649ad52ff0f897f2f77
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/20591
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Adds support for dissecting the Signed Certificate Timestamp List
in the TLS Hello, X.509v3 Certificate and OCSP Response extensions.
Tested with tls-sct.pcap (TLS extension, OCSP) and x509-sct.pcap (cert).
Bug: 13372
Change-Id: I127dbf5cfe9a8dd9ed13741322273c4841b0f582
Reviewed-on: https://code.wireshark.org/review/20110
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Refactor DigitallySigned dissection to return the length and make it
accept a version integer instead of Session pointer. Hopefully this
makes it easier to use the routine for SCT dissection in X.509 certs.
While at it, convert it to use ssl_add_vector.
Change-Id: I64afecc65ff597fda50d208d8f96ca0b97bfcbde
Reviewed-on: https://code.wireshark.org/review/20111
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Process NewSessionTicket and CertificateRequest extensions for TLS 1.3.
CertificateExtension in draft -18 is replaced by Extension in the next
draft, so anticipate for that and start decoding this extensions vector.
Rename ssl_dissect_hnd_hello_ext to reflect extended functionality.
(Certificate Extensions SCT is still not dissected though, but at least
OCSP (status_request(_v2)) is supported now.)
Change-Id: I3cae58dbde600e82598b3c2f8e29e92e38cd1db1
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/20104
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The plaintext length is limited to 2^14, but the actual record length
(TLSCiphertext) may be larger due to expansion from compression and the
cipher (like AEAD auth tags). The wrong check led to false expert infos.
Change-Id: I3a56f1b0af05ecc1d97c4f1f0bcf35ff4d0fad42
Fixes: v2.3.0rc0-1584-gff0371e898 ("ssl,dtls: add expert info for overly large record lengths")
Reviewed-on: https://code.wireshark.org/review/20099
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Removed all guards for HAVE_LIBGCRYPT, change autotools and CMake to
error out if it is not available. Update release notes, developer
documentation and README with the new status. Clarify relation with
GnuTLS in macosx-setup.sh. Install Libgcrypt via brew script.
Motivation for this change is that many dissectors depend on Libgcrypt
and having it optional increases the maintenance burden (there have been
several compile issues in the past due to the optional status).
Furthermore, wsutil has crypto code that can be replaced by Libgcrypt.
Change-Id: Idf0021b8c4cd5db70b8766f7dcc2a8b3acbf042f
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20030
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Generate new key upon receipt of Key Update message. Untested.
Note that the "traffic_secret" field in SslDecryptSession was unused and
since the client and server have two different encryption states, store
the application traffic secret in SslDecoder.
Change-Id: Iefca3f6cb75745a996fecb0fe7769c876dc9c4ee
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/20013
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Actual decryption support will be added later.
Ping-Bug: 12779
Change-Id: I3ff1f243fd0bd1467e84d8a6a5433c1fe71bbebf
Reviewed-on: https://code.wireshark.org/review/20012
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
This also introduces a new macro, "G_MAXUINT24" as symbol for 2^24-1
(this name does not exist in GLib and uncommon in Google).
Change-Id: If000f41f6286161e3a7697357fc33ae16c1e11db
Reviewed-on: https://code.wireshark.org/review/20003
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Select the full message instead of just the first 12 bytes (as was the
case in previous TLS versions. No check is added since it is too much
work for little gain (it would require looking up the hash length for
the cipher suite).
Change-Id: Iea13d5abe6a7e55b04fabacfa8919a02acd8517d
Reviewed-on: https://code.wireshark.org/review/20011
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Update references, rename the old "elliptic_curves" name to
"supported_groups". Fix a wrong field name (EC Point Format now has its
own hf). Add length validation for "elliptic_curve_list".
Change-Id: I554ebb259ba7561b48dfe1cc9162a0b3b3bcdba4
Reviewed-on: https://code.wireshark.org/review/20007
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change "length" to "offset_end" parameter for consistency. Clarify
applicable TLS version in comments. Remove unnecessary check for length.
Change-Id: Icdc7edff9c8fdaf4c7d7349f65fed42f5344f2c3
Reviewed-on: https://code.wireshark.org/review/20001
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Use ssl_add_vector to process DTLS Cookie, cipher_suites,
compression_methods, client_hello_extension_list. Removed some checks
(like cipher_suite_length > 0) since (per specification) these must be
non-empty (if this is not the case, then at worst an empty tree is
visible).
Change-Id: I7ab2ef12e210d5878769478c7dfba33a799fb567
Reviewed-on: https://code.wireshark.org/review/19993
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
The new ticket_age_add field resulted in a dissector exception. With
this fixed, the tls13-18-picotls-earlydata.pcap capture can now be fully
decrypted.
Also add validation for the ticket length (using ssl_add_vector).
Change-Id: I167038f682b47b2d1da020a8f241daaf7af22017
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19992
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Update "early_data" extension to draft 18 (context field is gone).
Add support for "client_early_traffic_secret" to the keylog.
Support decryption of 0-RTT data (required handling cipher in Client
Hello and handling of "end_of_early_data" alert).
Tested with tls13-18-picotls-earlydata.pcap, early data decrypts
correctly. (The server data is messed up, but that is possibly the
result of broken NewSessionTicket handling which throws a dissector
exception and thus breaks the record sequence number.)
Ping-Bug: 12779
Change-Id: I9e6aeeb08111d5d977f2c0ab855f14d6d86ca87d
Reviewed-on: https://code.wireshark.org/review/19989
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Merge the length parsing into the SignatureAndHashAlgorithm vector
parsing. Remove extra expert info which are replaced by the generic
ones.
Tested with a mutated pcap where the signature length field is off by
one (too large = expert error, too small = expert warning, as expected).
Change-Id: I43350352ae00eb42bbe5c2ee81289fb592b88f86
Reviewed-on: https://code.wireshark.org/review/19933
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Currently variable length vectors are mostly unchecked with issues
ignored (see various "XXX - expert info"). In order to detect possible
attacks (and catch dissector issues), add helpers that extract the
vector length and that validate that a vector is correctly terminated.
Further dissection of a vector stops when not enough data is available.
The KeyShare extension and Extension itself are modified as a start,
more should follow. Future work should also ensure that the return value
represents the length after dissection (which should not exceed the
length). Also, the length field needs to be converted to an "offset_end"
value to ease overflow checking (length = offset_end - offset).
Change-Id: I6d757da2eb028f08a7b18661660313a6afd417e0
Reviewed-on: https://code.wireshark.org/review/19926
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.3.1
Change-Id: I35e049d991be4c242ef2b84db3a322c6a13d2f96
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19860
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Note that RPK (RFC 7250) is not well-defined and is left untouched.
https://github.com/tlswg/tls13-spec/issues/722
Certificate extensions dissections remains a task for later.
Change-Id: I62276e59db94429e4c09058aca3c08f390ec3af7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19864
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The bare essentials are now in place to perform decryption
(HKDF-Expand-Label, calculation of traffic secrets, AEAD integration).
Can successfully decrypt the initial handshake message. Only AES ciphers
are supported, ChaCha20-Poly1305 still needs to be added.
Note: "decryption" indeed works, but dissection needs to be updated. The
padding must be stripped and the content type extracted.
Ping-Bug: 12779
Change-Id: I3869c9ae5131e57519be99c5f439c4fa68841bae
Reviewed-on: https://code.wireshark.org/review/19858
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The current ssl_decrypt_record is hard to understand due to mixing CBC
concepts (MAC, padding) with AEAD. Extract the AEAD functionality and
use better variable naming.
The "Plaintext" debug print now includes just the plaintext (the auth
tag is stripped). A write_iv.data_len check is added just to be sure and
more prep work is done for auth tag validation and TLS 1.3 support.
Tested against the (D)TLS AEAD tests on Libgcrypt 1.4.5 (CentOS 6),
1.6.5 (Ubuntu 14.04), 1.7.6 (Arch Linux). Compile-tested w/o Libgcrypt.
Change-Id: I94dd2fd70e1281d85c954abfe523f7483d9ac68b
Reviewed-on: https://code.wireshark.org/review/19852
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The record sequence number is 64-bit, not 32-bit. This applies to all
SSLv3/TLS/DTLS versions. Without this fix, after about four million
records, the wrong MAC is calculated (for TLS 1.2) or decryption will
fail (for TLS 1.3).
Change-Id: I05e5e8bc4229ac443a1b06c5fe984fb885eab1ca
Reviewed-on: https://code.wireshark.org/review/19824
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Previously there was a distinction between decrypted handshake
Application Data records ("Decrypted SSL data") and some others (like
Alerts, Handshake and Heartbeat, "Decrypted SSL record"). Remove this
distinction and always decrypt the payload before passing it on and
always display a data sources for decrypted contents ("Decrypted SSL").
This is prepatory work for TLS 1.3 support where the content type is
located in the encrypted record, having the record decryption in one
place makes it easier to adapt.
Change-Id: I92c51c7f9e87e5c93231d28c39a8e896f5afd1ef
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19789
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Implemented by BoringSSL, an older description can be found at:
https://github.com/google/boringssl/commit/e776cc29568e520aaabc83188cc7db7991f0b776
Implementation pending at OpenSSL:
https://github.com/openssl/openssl/pull/2287
NSS bug (still open):
https://bugzilla.mozilla.org/show_bug.cgi?id=1287711
Proposal for PicoTLS:
https://github.com/h2o/picotls/issues/6
Change-Id: Ib597f48e296d286d8f6d30873ca03e7d6324a3c4
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19801
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Removed ke_modes and auth_modes fields, add
identity.obfuscated_ticket_age and binders fields. (Note that binders
field is not dissected further at this moment due to the lack of a pcap
for verification.)
Ping-Bug: 12779
Change-Id: I9af7d93feb2352a494be2d5bda66d124267cf464
Reviewed-on: https://code.wireshark.org/review/19462
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Ping-Bug: 12779
Change-Id: Ie797a437240e5530d74e3039f12a60a6f0395d0a
Reviewed-on: https://code.wireshark.org/review/18916
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Decryption support will be added later. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.
Change-Id: Ida1a2da754ef9aef16ad15ff64455b6f8e703ffd
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18996
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
All TLS and DTLS RFCs (and SSLv3) limit the record length to 2^14, so
add expert info if this is exceeded. Spotted in the wild via
https://ask.wireshark.org/questions/57641/tls12-record-length-gt-16k-valid
Tested with a synthetic pcap having length 2^14+1 using Python:
from scapy.all import IP, TCP, UDP, wrpcap
len_plus_frag = b'\x40\x01' + 0x4001 * b'\0'
wrpcap('bad-record-length.pcap', [
IP()/TCP(sport=2000, dport=443)/(b'\x17\x03\x03' + len_plus_frag),
IP()/UDP(sport=2000, dport=853)/(b'\x17\xfe\xfd' + 8*b'\0' + len_plus_frag)
])
Change-Id: I5eac48775333d8d222e013a24a6d06da79892b77
Reviewed-on: https://code.wireshark.org/review/18959
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
NPN is a legacy extension (superseded by ALPN), but there was still a
capture with this value. However, the decimal number is wrong. Adjust it
to the one in the draft -03 (the hex number is still correct).
Change-Id: I80ce468bcb653bc8ec87432d76d478cb0423b46f
Reviewed-on: https://code.wireshark.org/review/18744
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ied94f5fa5858fd6d9da7183eb05e32430554ec33
Reviewed-on: https://code.wireshark.org/review/18526
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Ping-Bug: 12779
Change-Id: Ia8dcfcb300f4da3bf270d9512fbcc85a7b1a8671
Reviewed-on: https://code.wireshark.org/review/18108
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I33820de49a43fceaacc2172068dde83eb0be5fdc
Reviewed-on: https://code.wireshark.org/review/18107
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|
|
Add also special case on hello key_share extension
Ping-Bug: 12779
Change-Id: Ib8e2dd060f322c2404a8afa9b8cb70de7c2c65b7
Reviewed-on: https://code.wireshark.org/review/18093
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Ping-Bug: 12779
Change-Id: I94d492d126050fdff6f98608f9d68d55c19e0a50
Reviewed-on: https://code.wireshark.org/review/18092
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug:12779
Change-Id: I97470c6e6be6e3df707cf2f3634f2c1e9da26bc2
Reviewed-on: https://code.wireshark.org/review/17885
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
use same name and display in dec from http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
Change-Id: Ia4a959571204b611dbf275311c9ce58c594b6716
Reviewed-on: https://code.wireshark.org/review/17886
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
also remove padding function (don't needed)
Bug: 12922
Change-Id: Ie049ee21193ec82b8dc873a7dff78e9d058c7935
Reviewed-on: https://code.wireshark.org/review/17825
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Bug: 12779
Change-Id: I64ef80db0a8b51ee569fed3b87099144e57eedc2
Reviewed-on: https://code.wireshark.org/review/17320
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Bug: 12779
Change-Id: I5cbc911f2c7818558c5182d2e3ccf9235be9281b
Reviewed-on: https://code.wireshark.org/review/17301
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
* Key share (40)
* Pre-Shared Key (41)
* Early Data (42)
* Cookie (44)
Bug: 12779
Change-Id: I16e3cf691ae66e244608db233db180e24538a68d
Reviewed-on: https://code.wireshark.org/review/17239
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Coming from https://github.com/tlswg/tls13-spec/wiki/Implementations#version-negotiation
Bug: 12779
Change-Id: Ieca74eac737b5ba6c101b719e2e5e3aecf931279
Reviewed-on: https://code.wireshark.org/review/17226
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
There is no session_id and compression method with TLS 1.3 Server Hello
Also no time on first bytes of random field
Bug: 12779
Change-Id: Id79221c2ad50695cf6d46cd5c9255deab99e2d2c
Reviewed-on: https://code.wireshark.org/review/17225
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Bug: 12779
Change-Id: I298ecf4a0537df2e88354aed6912d4298a094216
Reviewed-on: https://code.wireshark.org/review/17224
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
There was an implicit dependency between the block size in the cipher
suites table and the size expected by Libgcrypt. Just remove the block
size from the table and rely on the value from Libgcrypt to avoid the
risk of mismatching values (which could lead to a buffer overflow).
While at it, remove the size of the key ("bits") and the size of key
material ("eff_bits") too. Move the key material sizes for export
ciphers away from the table and use byte quantities instead of bits.
Additionally, this fixes an issue where 8 bytes of uninitialized stack
memory is written to the SSL debug log for stream ciphers like RC4.
The size of the Write Key is also corrected for export ciphers, now it
prints the actual (restricted) number of bytes that are used.
Change-Id: I71d3c83ece0f02b2e11e45455dc08c41740836be
Reviewed-on: https://code.wireshark.org/review/17714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
In a two-pass dissection with renegotiated sessions, the
is_session_resumed flag is not updated according to the current protocol
flow. Fix this by performing detection of abbreviated handshakes in
all cases, do not limit it to the decryption stage (where ssl != NULL).
Reset the resumption assumption after the first ChangeCipherSpec
(normally from the server side, but explicitly add this in case client
packets somehow arrive earlier in the capture). This should not have a
functional effect on normal TLS captures with Session Tickets.
Bug: 12793
Change-Id: I1eb2a8262b4e359b8c1d3d0a1e004a9e856bec8c
Reviewed-on: https://code.wireshark.org/review/17483
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
