rpms / wireshark

Clone
Source Code
GIT

Blame SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta
  1.   a65ffbd4662fa47a63754ccabbab5287fb9d14a7
  2.   SOURCES
  3.   wireshark-1.10.3-tls-ext-master-secret.patch
Blob History Raw
dbc6ab 
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
dbc6ab 
index efb170a..8f85f11 100644
dbc6ab 
--- a/epan/dissectors/packet-ssl-utils.c
dbc6ab 
+++ b/epan/dissectors/packet-ssl-utils.c
dbc6ab 
@@ -1034,6 +1034,7 @@ const value_string tls_hello_extension_types[] = {
dbc6ab 
     { 13, "signature_algorithms" },  /* RFC 5246 */
dbc6ab 
     { 14, "use_srtp" },
dbc6ab 
     { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" },  /* RFC 6520 */
dbc6ab 
+    { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
dbc6ab 
     { 35, "SessionTicket TLS" },  /* RFC 4507 */
dbc6ab 
     { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */
dbc6ab 
     { SSL_HND_HELLO_EXT_RENEG_INFO, "renegotiation_info" }, /* RFC 5746 */
dbc6ab 
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
dbc6ab 
index 1ba1598..5968b8e 100644
dbc6ab 
--- a/epan/dissectors/packet-ssl-utils.h
dbc6ab 
+++ b/epan/dissectors/packet-ssl-utils.h
dbc6ab 
@@ -148,14 +148,15 @@
dbc6ab 
 #define PCT_ERR_SERVER_AUTH_FAILED     0x05
dbc6ab 
 #define PCT_ERR_SPECS_MISMATCH         0x06
dbc6ab
dbc6ab 
-#define SSL_HND_HELLO_EXT_SERVER_NAME        0x0
dbc6ab 
-#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES    0x000a
dbc6ab 
-#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS   0x000b
dbc6ab 
-#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS      0x000d
dbc6ab 
-#define SSL_HND_HELLO_EXT_HEARTBEAT          0x000f
dbc6ab 
-#define SSL_HND_HELLO_EXT_RENEG_INFO         0xff01
dbc6ab 
-#define SSL_HND_HELLO_EXT_NPN                0x3374
dbc6ab 
-#define SSL_HND_CERT_STATUS_TYPE_OCSP  1
dbc6ab 
+#define SSL_HND_HELLO_EXT_SERVER_NAME                 0x0
dbc6ab 
+#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES             0x000a
dbc6ab 
+#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS            0x000b
dbc6ab 
+#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS               0x000d
dbc6ab 
+#define SSL_HND_HELLO_EXT_HEARTBEAT                   0x000f
dbc6ab 
+#define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE 0x0017
dbc6ab 
+#define SSL_HND_HELLO_EXT_RENEG_INFO                  0xff01
dbc6ab 
+#define SSL_HND_HELLO_EXT_NPN                         0x3374
dbc6ab 
+#define SSL_HND_CERT_STATUS_TYPE_OCSP                 1
dbc6ab
dbc6ab 
 /*
dbc6ab 
  * Lookup tables
dbc6ab 
@@ -211,13 +212,16 @@ typedef struct _StringInfo {
dbc6ab 
 #define DTLSV1DOT0_VERSION_NOT 0x100
dbc6ab 
 #define DTLSV1DOT2_VERSION     0xfefd
dbc6ab
dbc6ab 
-#define SSL_CLIENT_RANDOM       (1<<0)
dbc6ab 
-#define SSL_SERVER_RANDOM       (1<<1)
dbc6ab 
-#define SSL_CIPHER              (1<<2)
dbc6ab 
-#define SSL_HAVE_SESSION_KEY    (1<<3)
dbc6ab 
-#define SSL_VERSION             (1<<4)
dbc6ab 
-#define SSL_MASTER_SECRET       (1<<5)
dbc6ab 
-#define SSL_PRE_MASTER_SECRET   (1<<6)
dbc6ab 
+#define SSL_CLIENT_RANDOM                 (1<<0)
dbc6ab 
+#define SSL_SERVER_RANDOM                 (1<<1)
dbc6ab 
+#define SSL_CIPHER                        (1<<2)
dbc6ab 
+#define SSL_HAVE_SESSION_KEY              (1<<3)
dbc6ab 
+#define SSL_VERSION                       (1<<4)
dbc6ab 
+#define SSL_MASTER_SECRET                 (1<<5)
dbc6ab 
+#define SSL_PRE_MASTER_SECRET             (1<<6)
dbc6ab 
+#define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
dbc6ab 
+#define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
dbc6ab 
+
dbc6ab
dbc6ab 
 #define SSL_CIPHER_MODE_STREAM  0
dbc6ab 
 #define SSL_CIPHER_MODE_CBC     1
dbc6ab 
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
dbc6ab 
index 6f22158..d774929 100644
dbc6ab 
--- a/epan/dissectors/packet-ssl.c
dbc6ab 
+++ b/epan/dissectors/packet-ssl.c
dbc6ab 
@@ -2396,7 +2396,8 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
dbc6ab
dbc6ab 
 static gint
dbc6ab 
 dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
dbc6ab 
-                           proto_tree *tree, guint32 offset, guint32 left)
dbc6ab 
+                           proto_tree *tree, guint32 offset, guint32 left,
dbc6ab 
+                           gboolean is_client, SslDecryptSession *ssl)
dbc6ab 
 {
dbc6ab 
     guint16     extension_length;
dbc6ab 
     guint16     ext_type;
dbc6ab 
@@ -2459,6 +2460,10 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
dbc6ab 
                                 tvb, offset, 1, ENC_BIG_ENDIAN);
dbc6ab 
             offset += ext_len;
dbc6ab 
             break;
dbc6ab 
+        case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE:
dbc6ab 
+            if (ssl)
dbc6ab 
+                ssl->state |= (is_client ? SSL_CLIENT_EXTENDED_MASTER_SECRET : SSL_SERVER_EXTENDED_MASTER_SECRET);
dbc6ab 
+            break;
dbc6ab 
         default:
dbc6ab 
             proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
dbc6ab 
                                         tvb, offset, ext_len, NULL,
dbc6ab 
@@ -2673,7 +2678,7 @@ dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb,
dbc6ab 
 static void
dbc6ab 
 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
dbc6ab 
        proto_tree *tree, guint32 offset, guint32 length,
dbc6ab 
-       SslDecryptSession*ssl)
dbc6ab 
+       SslDecryptSession *ssl)
dbc6ab 
 {
dbc6ab 
     /* struct {
dbc6ab 
      *     ProtocolVersion client_version;
dbc6ab 
@@ -2798,14 +2803,16 @@ dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
dbc6ab 
         if (length > offset - start_offset)
dbc6ab 
         {
dbc6ab 
             dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
dbc6ab 
-                                       length - (offset - start_offset));
dbc6ab 
+                                       length - (offset - start_offset), TRUE,
dbc6ab 
+                                       ssl);
dbc6ab 
         }
dbc6ab 
     }
dbc6ab 
 }
dbc6ab
dbc6ab 
 static void
dbc6ab 
 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
dbc6ab 
-                           proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession *ssl)
dbc6ab 
+                           proto_tree *tree, guint32 offset, guint32 length,
dbc6ab 
+                           SslDecryptSession *ssl)
dbc6ab 
 {
dbc6ab 
     /* struct {
dbc6ab 
      *     ProtocolVersion server_version;
dbc6ab 
@@ -2873,7 +2880,8 @@ no_cipher:
dbc6ab 
         if (length > offset - start_offset)
dbc6ab 
         {
dbc6ab 
             dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
dbc6ab 
-                                       length - (offset - start_offset));
dbc6ab 
+                                       length - (offset - start_offset), FALSE,
dbc6ab 
+                                       ssl);
dbc6ab 
         }
dbc6ab 
     }
dbc6ab 
 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation