From c90990068ff2f442bdfb2475dc9dd3a55cdb2e46 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Sat, 14 Nov 2015 13:33:02 +0100 Subject: ssl,dtls: use a single field to track ProtocolVersion The SslSession struct contains a "version" field for displaying purposes in the protocol column while the SslDecryptSession struct has a "version_netorder" field for use in TLS hash functions (for secrets calculations). As these are strongly associated with each other, remove the version_netorder field and its associated constants, let the SslSession version field store this value instead. All SSL_VER_* are renamed to appropriate *_VERSION macros (via search & replace), SSL_VER_UNKNOWN is kept though. The PCT and SSLv2 protocols had no wire value (*_VERSION), so SSL_VER_PCT and SSL_VER_SSLv2 are assigned with some arbitrary values. Warning: external plugins using the ssl_set_master_secret function must now pass the wire version (TLSV1_VERSION) instead of the (now removed) internal macros (SSL_VER_TLSv1). Change-Id: Icd8ef15adae9c62eb21eab1c3b812166e451936f Reviewed-on: https://code.wireshark.org/review/11820 Reviewed-by: Michael Mann Petri-Dish: Michael Mann Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu --- epan/dissectors/packet-ssl-utils.h | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) (limited to 'epan/dissectors/packet-ssl-utils.h') diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index dcf1f8b515..5ccaf8abd0 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -47,18 +47,6 @@ #endif /* HAVE_LIBGCRYPT */ -/* version state tables */ -#define SSL_VER_UNKNOWN 0 -#define SSL_VER_SSLv2 1 -#define SSL_VER_SSLv3 2 -#define SSL_VER_TLS 3 -#define SSL_VER_TLSv1DOT1 4 -#define SSL_VER_DTLS 5 -#define SSL_VER_DTLS1DOT2 8 -#define SSL_VER_DTLS_OPENSSL 9 -#define SSL_VER_PCT 6 -#define SSL_VER_TLSv1DOT2 7 - /* other defines */ typedef enum { SSL_ID_CHG_CIPHER_SPEC = 0x14, @@ -219,14 +207,19 @@ typedef struct _StringInfo { #define SSL_WRITE_KEY 1 +#define SSL_VER_UNKNOWN 0 +#define PCT_VERSION 0x8001 /* PCT_VERSION_1 from http://graphcomp.com/info/specs/ms/pct.htm */ +#define SSLV2_VERSION 0x0002 /* not in record layer, SSL_CLIENT_SERVER from + http://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html */ #define SSLV3_VERSION 0x300 #define TLSV1_VERSION 0x301 #define TLSV1DOT1_VERSION 0x302 #define TLSV1DOT2_VERSION 0x303 #define DTLSV1DOT0_VERSION 0xfeff -#define DTLSV1DOT0_VERSION_NOT 0x100 +#define DTLSV1DOT0_OPENSSL_VERSION 0x100 #define DTLSV1DOT2_VERSION 0xfefd + #define SSL_CLIENT_RANDOM (1<<0) #define SSL_SERVER_RANDOM (1<<1) #define SSL_CIPHER (1<<2) @@ -356,7 +349,7 @@ typedef struct { typedef struct _SslSession { gint cipher; gint compression; - guint32 version; + guint16 version; gint8 client_cert_type; gint8 server_cert_type; @@ -404,7 +397,6 @@ typedef struct _SslDecryptSession { gcry_sexp_t private_key; #endif StringInfo psk; - guint16 version_netorder; StringInfo app_data_segment; SslSession session; -- cgit v1.2.3