aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-tls-utils.c
AgeCommit message (Collapse)AuthorFilesLines
2018-12-13Add new "rsa_keys" UAT for storage of RSA private keysPeter Wu1-1/+2
This should eventually replace the "ssl_keys" UAT which additionally contains a useless address, port and protocol field. This prepares for HSM support through PKCS #11. Change-Id: I59409c98aeedf260d19266d18e14ef7d9b40b582 Reviewed-on: https://code.wireshark.org/review/30977 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-12-01TLS: really delay key lookup until it is necessaryPeter Wu1-42/+19
Even if the certificate has a RSA public key, be sure to lookup the key only if it is an actual RSA key exchange. Move the hashtable to the secrets module to enable reuse. Change-Id: I39010831079d3b65d5d4368ec97d02491c1615a5 Reviewed-on: https://code.wireshark.org/review/30854 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-29tls-utils: use GnuTLS for RSA decryptionPeter Wu1-41/+54
Switch from RSA decryption using Libgcrypt to GnuTLS. This prepares for decryption using a PKCS#11 token. Requires GnuTLS 3.0.2 (or newer). Change-Id: Ic42d84c825488e1f45b443a3e56d01600dd594c9 Reviewed-on: https://code.wireshark.org/review/30833 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-29(D)TLS: defer RSA private key lookup until it is really neededPeter Wu1-25/+37
RSA private keys can only be used for decrypting TLS sessions with a full handshake that use the RSA key exchange. However currently the RSA private key is always looked up even if it cannot be used (for example, due to an (EC)DHE cipher or due to a resumed session). Defer lookup of these private keys and make some more code conditional on the availability of GnuTLS at compile time since future changes switch to GnuTLS for RSA decryption. Change-Id: I31dfd6cdfbd733818c798b1fb0e895cf5a987c5a Reviewed-on: https://code.wireshark.org/review/30831 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-20Add new Secrets API and allow TLS to use pcapng decryption secretsPeter Wu1-7/+8
Add a new secrets API to the core, one that can outlive the lifetime of a single capture file. Expose decryption secrets from wiretap through a callback and let the secrets API route it to a dissector. Bug: 15252 Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7 Reviewed-on: https://code.wireshark.org/review/30705 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-01Follow SSL -> Follow TLSPascal Quantin1-2/+2
Change-Id: I6b89d07ee5b57d3f3b709d7af7e3362206518a62 Reviewed-on: https://code.wireshark.org/review/30471 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2018-10-31QUIC: add new Transport Parameter from draft-15Alexis La Goutte1-0/+15
* max_ack_delay (0x000c) * original_connection_id (0x000d) Change-Id: I95fb14cf337faef57525afe1ec1a2d6e79edd3c7 Ping-Bug: 13881 Reviewed-on: https://code.wireshark.org/review/30418 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-10-03TLS: support RFC 8449 - record_size_limit (28)Peter Wu1-0/+7
As seen in a capture from Firefox Nightly. Change-Id: I0bb69b716c02df565f91afa2606d0957c79ee6fc Reviewed-on: https://code.wireshark.org/review/29991 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-30TLS: Add compress_certificate Handshaketype (25)Alexis La Goutte1-0/+38
See https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03 the value is TEMPORARY registered to IANA (registered 2018-05-23, expires 2019-05-23 Change-Id: I5a91ad4f1366cd7f0fa077677f227a66591494b6 Reviewed-on: https://code.wireshark.org/review/29796 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-27TLS: split key log contents processing from file readingPeter Wu1-55/+68
In case the TLS key log file is provided by means other than a file, split the file reading part from the contents processing part. Adjust the line handling logic to allow immutable strings. Stick to fgets to avoid partial lines in case the read buffer is full. Rename some SSL -> TLS while at it. Change-Id: I28da96834833e6096074ce122a6ebc3484655d9f Reviewed-on: https://code.wireshark.org/review/29890 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-26TLS: Add compress_certificate ExtensionType (27)Alexis La Goutte1-0/+52
See https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03 The value is TEMPORARY registered to IANA (registered 2018-05-23, expires 2019-05-23): https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml Missing new HandshakeType Change-Id: Ie6aac3099a86310ffe91e45a8ce088d3c81dcd60 Reviewed-on: https://code.wireshark.org/review/29758 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2018-09-25Rename packet-ssl* to packet-tls*Gerald Combs1-0/+8928
Rename packet-ssl{,-utils}.[ch] to packet-tls{,-utils}.[ch]. Change-Id: I4732162ec131ddf0734b3dd191ccc9e48a76ce06 Reviewed-on: https://code.wireshark.org/review/29659 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 02:45:39 +0000