rpms / wireshark

Clone
Source Code
GIT

Blame SOURCES/wireshark-1.10.3-tls-ext-master-secret.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta
  1.   affdba9075fbaff001eb70260e16fcef7f43bf38
  2.   SOURCES
  3.   wireshark-1.10.3-tls-ext-master-secret.patch
Blob History Raw
affdba 
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
affdba 
index efb170a..8f85f11 100644
affdba 
--- a/epan/dissectors/packet-ssl-utils.c
affdba 
+++ b/epan/dissectors/packet-ssl-utils.c
affdba 
@@ -1034,6 +1034,7 @@ const value_string tls_hello_extension_types[] = {
affdba 
     { 13, "signature_algorithms" },  /* RFC 5246 */
affdba 
     { 14, "use_srtp" },
affdba 
     { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" },  /* RFC 6520 */
affdba 
+    { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
affdba 
     { 35, "SessionTicket TLS" },  /* RFC 4507 */
affdba 
     { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */
affdba 
     { SSL_HND_HELLO_EXT_RENEG_INFO, "renegotiation_info" }, /* RFC 5746 */
affdba 
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
affdba 
index 1ba1598..5968b8e 100644
affdba 
--- a/epan/dissectors/packet-ssl-utils.h
affdba 
+++ b/epan/dissectors/packet-ssl-utils.h
affdba 
@@ -148,14 +148,15 @@
affdba 
 #define PCT_ERR_SERVER_AUTH_FAILED     0x05
affdba 
 #define PCT_ERR_SPECS_MISMATCH         0x06
affdba
affdba 
-#define SSL_HND_HELLO_EXT_SERVER_NAME        0x0
affdba 
-#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES    0x000a
affdba 
-#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS   0x000b
affdba 
-#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS      0x000d
affdba 
-#define SSL_HND_HELLO_EXT_HEARTBEAT          0x000f
affdba 
-#define SSL_HND_HELLO_EXT_RENEG_INFO         0xff01
affdba 
-#define SSL_HND_HELLO_EXT_NPN                0x3374
affdba 
-#define SSL_HND_CERT_STATUS_TYPE_OCSP  1
affdba 
+#define SSL_HND_HELLO_EXT_SERVER_NAME                 0x0
affdba 
+#define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES             0x000a
affdba 
+#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS            0x000b
affdba 
+#define SSL_HND_HELLO_EXT_SIG_HASH_ALGS               0x000d
affdba 
+#define SSL_HND_HELLO_EXT_HEARTBEAT                   0x000f
affdba 
+#define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE 0x0017
affdba 
+#define SSL_HND_HELLO_EXT_RENEG_INFO                  0xff01
affdba 
+#define SSL_HND_HELLO_EXT_NPN                         0x3374
affdba 
+#define SSL_HND_CERT_STATUS_TYPE_OCSP                 1
affdba
affdba 
 /*
affdba 
  * Lookup tables
affdba 
@@ -211,13 +212,16 @@ typedef struct _StringInfo {
affdba 
 #define DTLSV1DOT0_VERSION_NOT 0x100
affdba 
 #define DTLSV1DOT2_VERSION     0xfefd
affdba
affdba 
-#define SSL_CLIENT_RANDOM       (1<<0)
affdba 
-#define SSL_SERVER_RANDOM       (1<<1)
affdba 
-#define SSL_CIPHER              (1<<2)
affdba 
-#define SSL_HAVE_SESSION_KEY    (1<<3)
affdba 
-#define SSL_VERSION             (1<<4)
affdba 
-#define SSL_MASTER_SECRET       (1<<5)
affdba 
-#define SSL_PRE_MASTER_SECRET   (1<<6)
affdba 
+#define SSL_CLIENT_RANDOM                 (1<<0)
affdba 
+#define SSL_SERVER_RANDOM                 (1<<1)
affdba 
+#define SSL_CIPHER                        (1<<2)
affdba 
+#define SSL_HAVE_SESSION_KEY              (1<<3)
affdba 
+#define SSL_VERSION                       (1<<4)
affdba 
+#define SSL_MASTER_SECRET                 (1<<5)
affdba 
+#define SSL_PRE_MASTER_SECRET             (1<<6)
affdba 
+#define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
affdba 
+#define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
affdba 
+
affdba
affdba 
 #define SSL_CIPHER_MODE_STREAM  0
affdba 
 #define SSL_CIPHER_MODE_CBC     1
affdba 
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
affdba 
index 6f22158..d774929 100644
affdba 
--- a/epan/dissectors/packet-ssl.c
affdba 
+++ b/epan/dissectors/packet-ssl.c
affdba 
@@ -2396,7 +2396,8 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
affdba
affdba 
 static gint
affdba 
 dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
affdba 
-                           proto_tree *tree, guint32 offset, guint32 left)
affdba 
+                           proto_tree *tree, guint32 offset, guint32 left,
affdba 
+                           gboolean is_client, SslDecryptSession *ssl)
affdba 
 {
affdba 
     guint16     extension_length;
affdba 
     guint16     ext_type;
affdba 
@@ -2459,6 +2460,10 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
affdba 
                                 tvb, offset, 1, ENC_BIG_ENDIAN);
affdba 
             offset += ext_len;
affdba 
             break;
affdba 
+        case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE:
affdba 
+            if (ssl)
affdba 
+                ssl->state |= (is_client ? SSL_CLIENT_EXTENDED_MASTER_SECRET : SSL_SERVER_EXTENDED_MASTER_SECRET);
affdba 
+            break;
affdba 
         default:
affdba 
             proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
affdba 
                                         tvb, offset, ext_len, NULL,
affdba 
@@ -2673,7 +2678,7 @@ dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb,
affdba 
 static void
affdba 
 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
affdba 
        proto_tree *tree, guint32 offset, guint32 length,
affdba 
-       SslDecryptSession*ssl)
affdba 
+       SslDecryptSession *ssl)
affdba 
 {
affdba 
     /* struct {
affdba 
      *     ProtocolVersion client_version;
affdba 
@@ -2798,14 +2803,16 @@ dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
affdba 
         if (length > offset - start_offset)
affdba 
         {
affdba 
             dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
affdba 
-                                       length - (offset - start_offset));
affdba 
+                                       length - (offset - start_offset), TRUE,
affdba 
+                                       ssl);
affdba 
         }
affdba 
     }
affdba 
 }
affdba
affdba 
 static void
affdba 
 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
affdba 
-                           proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession *ssl)
affdba 
+                           proto_tree *tree, guint32 offset, guint32 length,
affdba 
+                           SslDecryptSession *ssl)
affdba 
 {
affdba 
     /* struct {
affdba 
      *     ProtocolVersion server_version;
affdba 
@@ -2873,7 +2880,8 @@ no_cipher:
affdba 
         if (length > offset - start_offset)
affdba 
         {
affdba 
             dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
affdba 
-                                       length - (offset - start_offset));
affdba 
+                                       length - (offset - start_offset), FALSE,
affdba 
+                                       ssl);
affdba 
         }
affdba 
     }
affdba 
 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation