|
 |
affdba |
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
|
|
|
affdba |
index 5e287e0..c43126d 100644
|
|
|
affdba |
--- a/epan/dissectors/packet-dtls.c
|
|
|
affdba |
+++ b/epan/dissectors/packet-dtls.c
|
|
|
affdba |
@@ -307,31 +307,31 @@ dtls_parse_old_keys(void)
|
|
|
affdba |
/* record layer dissector */
|
|
|
affdba |
static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version,
|
|
|
affdba |
+ SslSession *session,
|
|
|
affdba |
SslDecryptSession *conv_data);
|
|
|
affdba |
|
|
|
affdba |
/* change cipher spec dissector */
|
|
|
affdba |
static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
guint32 offset,
|
|
|
affdba |
- guint *conv_version, guint8 content_type);
|
|
|
affdba |
+ SslSession *session, guint8 content_type);
|
|
|
affdba |
|
|
|
affdba |
/* alert message dissector */
|
|
|
affdba |
static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version);
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
/* handshake protocol dissector */
|
|
|
affdba |
static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
guint32 record_length,
|
|
|
affdba |
- guint *conv_version,
|
|
|
affdba |
+ SslSession *session,
|
|
|
affdba |
SslDecryptSession *conv_data, guint8 content_type);
|
|
|
affdba |
|
|
|
affdba |
/* heartbeat message dissector */
|
|
|
affdba |
static void dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version, guint32 record_length);
|
|
|
affdba |
+ SslSession *session, guint32 record_length);
|
|
|
affdba |
|
|
|
affdba |
|
|
|
affdba |
static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
|
|
|
affdba |
@@ -363,7 +363,7 @@ static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
|
|
|
affdba |
static void dissect_dtls_hnd_finished(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
guint32 offset,
|
|
|
affdba |
- guint* conv_version);
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
/*
|
|
|
affdba |
* Support Functions
|
|
|
affdba |
@@ -395,7 +395,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
guint32 offset;
|
|
|
affdba |
gboolean first_record_in_frame;
|
|
|
affdba |
SslDecryptSession *ssl_session;
|
|
|
affdba |
- guint* conv_version;
|
|
|
affdba |
+ SslSession *session;
|
|
|
affdba |
Ssl_private_key_t *private_key;
|
|
|
affdba |
|
|
|
affdba |
ti = NULL;
|
|
|
affdba |
@@ -427,7 +427,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
|
|
|
affdba |
ssl_session = se_new0(SslDecryptSession);
|
|
|
affdba |
ssl_session_init(ssl_session);
|
|
|
affdba |
- ssl_session->version = SSL_VER_UNKNOWN;
|
|
|
affdba |
+ ssl_session->session.version = SSL_VER_UNKNOWN;
|
|
|
affdba |
conversation_add_proto_data(conversation, proto_dtls, ssl_session);
|
|
|
affdba |
|
|
|
affdba |
/* we need to know witch side of conversation is speaking */
|
|
|
affdba |
@@ -454,7 +454,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
ssl_session->private_key = private_key->sexp_pkey;
|
|
|
affdba |
}
|
|
|
affdba |
}
|
|
|
affdba |
- conv_version= & ssl_session->version;
|
|
|
affdba |
+ session = &ssl_session->session;
|
|
|
affdba |
|
|
|
affdba |
/* try decryption only the first time we see this packet
|
|
|
affdba |
* (to keep cipher synchronized) */
|
|
|
affdba |
@@ -490,15 +490,15 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
/* first try to dispatch off the cached version
|
|
|
affdba |
* known to be associated with the conversation
|
|
|
affdba |
*/
|
|
|
affdba |
- switch(*conv_version) {
|
|
|
affdba |
+ switch(session->version) {
|
|
|
affdba |
case SSL_VER_DTLS:
|
|
|
affdba |
offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
ssl_session);
|
|
|
affdba |
break;
|
|
|
affdba |
case SSL_VER_DTLS1DOT2:
|
|
|
affdba |
offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
ssl_session);
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
@@ -510,7 +510,7 @@ dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
{
|
|
|
affdba |
/* looks like dtls */
|
|
|
affdba |
offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
ssl_session);
|
|
|
affdba |
}
|
|
|
affdba |
else
|
|
|
affdba |
@@ -622,7 +622,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
|
|
|
affdba |
decoder = ssl->client;
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
- if (!decoder && ssl->cipher != 0x0001 && ssl->cipher != 0x0002) {
|
|
|
affdba |
+ if (!decoder && ssl->session.cipher != 0x0001 && ssl->session.cipher != 0x0002) {
|
|
|
affdba |
ssl_debug_printf("decrypt_dtls_record: no decoder available\n");
|
|
|
affdba |
return ret;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -650,7 +650,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
|
|
|
affdba |
&dtls_compressed_data, &dtls_decrypted_data, &dtls_decrypted_data_avail) == 0)
|
|
|
affdba |
ret = 1;
|
|
|
affdba |
}
|
|
|
affdba |
- else if (ssl->cipher == 0x0001 || ssl->cipher == 0x0002) {
|
|
|
affdba |
+ else if (ssl->session.cipher == 0x0001 || ssl->session.cipher == 0x0002) {
|
|
|
affdba |
/* Non-encrypting cipher RSA-NULL-MD5 or RSA-NULL-SHA */
|
|
|
affdba |
memcpy(dtls_decrypted_data.data, tvb_get_ptr(tvb, offset, record_length), record_length);
|
|
|
affdba |
dtls_decrypted_data_avail = dtls_decrypted_data.data_len = record_length;
|
|
|
affdba |
@@ -677,7 +677,7 @@ decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
|
|
|
affdba |
static gint
|
|
|
affdba |
dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version,
|
|
|
affdba |
+ SslSession *session,
|
|
|
affdba |
SslDecryptSession* ssl)
|
|
|
affdba |
{
|
|
|
affdba |
|
|
|
affdba |
@@ -812,14 +812,14 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
* structure and print the column version
|
|
|
affdba |
*/
|
|
|
affdba |
next_byte = tvb_get_guint8(tvb, offset);
|
|
|
affdba |
- if (*conv_version == SSL_VER_UNKNOWN
|
|
|
affdba |
+ if (session->version == SSL_VER_UNKNOWN
|
|
|
affdba |
&& dtls_is_authoritative_version_message(content_type, next_byte))
|
|
|
affdba |
{
|
|
|
affdba |
if (version == DTLSV1DOT0_VERSION ||
|
|
|
affdba |
version == DTLSV1DOT0_VERSION_NOT)
|
|
|
affdba |
{
|
|
|
affdba |
|
|
|
affdba |
- *conv_version = SSL_VER_DTLS;
|
|
|
affdba |
+ session->version = SSL_VER_DTLS;
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
ssl->version_netorder = version;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
@@ -829,7 +829,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
if (version == DTLSV1DOT2_VERSION)
|
|
|
affdba |
{
|
|
|
affdba |
|
|
|
affdba |
- *conv_version = SSL_VER_DTLS1DOT2;
|
|
|
affdba |
+ session->version = SSL_VER_DTLS1DOT2;
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
ssl->version_netorder = version;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
@@ -867,7 +867,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
case SSL_ID_CHG_CIPHER_SPEC:
|
|
|
affdba |
col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
|
|
|
affdba |
dissect_dtls_change_cipher_spec(tvb, dtls_record_tree,
|
|
|
affdba |
- offset, conv_version, content_type);
|
|
|
affdba |
+ offset, session, content_type);
|
|
|
affdba |
if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo));
|
|
|
affdba |
break;
|
|
|
affdba |
case SSL_ID_ALERT:
|
|
|
affdba |
@@ -882,12 +882,10 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
/* try to retrieve and use decrypted alert record, if any. */
|
|
|
affdba |
decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
|
|
|
affdba |
if (decrypted) {
|
|
|
affdba |
- dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
|
|
|
affdba |
- conv_version);
|
|
|
affdba |
+ dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0, session);
|
|
|
affdba |
add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
|
|
|
affdba |
} else {
|
|
|
affdba |
- dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset,
|
|
|
affdba |
- conv_version);
|
|
|
affdba |
+ dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset, session);
|
|
|
affdba |
}
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -908,11 +906,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
|
|
|
affdba |
if (decrypted) {
|
|
|
affdba |
dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
|
|
|
affdba |
- tvb_length(decrypted), conv_version, ssl, content_type);
|
|
|
affdba |
+ tvb_length(decrypted), session, ssl, content_type);
|
|
|
affdba |
add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
|
|
|
affdba |
} else {
|
|
|
affdba |
dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset,
|
|
|
affdba |
- record_length, conv_version, ssl, content_type);
|
|
|
affdba |
+ record_length, session, ssl, content_type);
|
|
|
affdba |
}
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -935,7 +933,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
|
|
|
affdba |
proto_item_set_text(dtls_record_tree,
|
|
|
affdba |
"%s Record Layer: %s Protocol: %s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"),
|
|
|
affdba |
association?association->info:"Application Data");
|
|
|
affdba |
|
|
|
affdba |
@@ -988,11 +986,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
|
|
|
affdba |
if (decrypted) {
|
|
|
affdba |
dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0,
|
|
|
affdba |
- conv_version, record_length);
|
|
|
affdba |
+ session, record_length);
|
|
|
affdba |
add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
|
|
|
affdba |
} else {
|
|
|
affdba |
dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset,
|
|
|
affdba |
- conv_version, record_length);
|
|
|
affdba |
+ session, record_length);
|
|
|
affdba |
}
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1011,7 +1009,7 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint* conv_version, guint8 content_type)
|
|
|
affdba |
+ SslSession *session, guint8 content_type)
|
|
|
affdba |
{
|
|
|
affdba |
/*
|
|
|
affdba |
* struct {
|
|
|
affdba |
@@ -1023,7 +1021,7 @@ dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree,
|
|
|
affdba |
"%s Record Layer: %s Protocol: Change Cipher Spec",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"));
|
|
|
affdba |
proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb,
|
|
|
affdba |
offset, 1, ENC_NA);
|
|
|
affdba |
@@ -1034,7 +1032,7 @@ dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint* conv_version)
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
/* struct {
|
|
|
affdba |
* AlertLevel level;
|
|
|
affdba |
@@ -1087,7 +1085,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: Alert "
|
|
|
affdba |
"(Level: %s, Description: %s)",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
level, desc);
|
|
|
affdba |
proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_level,
|
|
|
affdba |
tvb, offset++, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
@@ -1099,7 +1097,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree,
|
|
|
affdba |
"%s Record Layer: Encrypted Alert",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
proto_item_set_text(ssl_alert_tree,
|
|
|
affdba |
"Alert Message: Encrypted Alert");
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1111,7 +1109,7 @@ dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint32 record_length, guint *conv_version,
|
|
|
affdba |
+ guint32 record_length, SslSession *session,
|
|
|
affdba |
SslDecryptSession* ssl, guint8 content_type)
|
|
|
affdba |
{
|
|
|
affdba |
/* struct {
|
|
|
affdba |
@@ -1338,7 +1336,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
if (first_iteration)
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"),
|
|
|
affdba |
(msg_type_str!=NULL) ? msg_type_str :
|
|
|
affdba |
"Encrypted Handshake Message",
|
|
|
affdba |
@@ -1347,7 +1345,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
else
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"),
|
|
|
affdba |
"Multiple Handshake Messages",
|
|
|
affdba |
(frag_str!=NULL) ? frag_str : "");
|
|
|
affdba |
@@ -1489,8 +1487,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_HND_FINISHED:
|
|
|
affdba |
- dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree,
|
|
|
affdba |
- 0, conv_version);
|
|
|
affdba |
+ dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree, 0, session);
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
@@ -1502,7 +1499,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint* conv_version, guint32 record_length)
|
|
|
affdba |
+ SslSession *session, guint32 record_length)
|
|
|
affdba |
{
|
|
|
affdba |
/* struct {
|
|
|
affdba |
* HeartbeatMessageType type;
|
|
|
affdba |
@@ -1549,7 +1546,7 @@ dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
if (type && (payload_length <= record_length - 16 - 3)) {
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: Heartbeat "
|
|
|
affdba |
"%s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
type);
|
|
|
affdba |
proto_tree_add_item(dtls_heartbeat_tree, hf_dtls_heartbeat_message_type,
|
|
|
affdba |
tvb, offset, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
@@ -1571,7 +1568,7 @@ dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
} else {
|
|
|
affdba |
proto_item_set_text(tree,
|
|
|
affdba |
"%s Record Layer: Encrypted Heartbeat",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
proto_item_set_text(dtls_heartbeat_tree,
|
|
|
affdba |
"Encrypted Heartbeat Message");
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1933,15 +1930,15 @@ dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
|
|
|
affdba |
/* PAOLO: handle session cipher suite */
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
/* store selected cipher suite for decryption */
|
|
|
affdba |
- ssl->cipher = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
|
|
|
affdba |
- ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
|
|
|
affdba |
+ ssl->session.cipher = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) {
|
|
|
affdba |
+ ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->session.cipher);
|
|
|
affdba |
goto no_cipher;
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
ssl->state |= SSL_CIPHER;
|
|
|
affdba |
ssl_debug_printf("dissect_dtls_hnd_srv_hello found cipher %X, state %X\n",
|
|
|
affdba |
- ssl->cipher, ssl->state);
|
|
|
affdba |
+ ssl->session.cipher, ssl->state);
|
|
|
affdba |
|
|
|
affdba |
/* if we have restored a session now we can have enough material
|
|
|
affdba |
* to build session key, check it out*/
|
|
|
affdba |
@@ -1963,7 +1960,7 @@ dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
|
|
|
affdba |
no_cipher:
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
/* store selected compression method for decompression */
|
|
|
affdba |
- ssl->compression = tvb_get_guint8(tvb, offset+2);
|
|
|
affdba |
+ ssl->session.compression = tvb_get_guint8(tvb, offset+2);
|
|
|
affdba |
}
|
|
|
affdba |
if (!tree)
|
|
|
affdba |
return offset;
|
|
|
affdba |
@@ -2223,7 +2220,7 @@ dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
|
|
|
affdba |
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint* conv_version)
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
/*
|
|
|
affdba |
* struct {
|
|
|
affdba |
@@ -2237,7 +2234,7 @@ dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
|
|
|
affdba |
return;
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
- switch(*conv_version) {
|
|
|
affdba |
+ switch(session->version) {
|
|
|
affdba |
case SSL_VER_DTLS:
|
|
|
affdba |
proto_tree_add_item(tree, hf_dtls_handshake_finished,
|
|
|
affdba |
tvb, offset, 12, ENC_NA);
|
|
|
affdba |
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
|
|
|
affdba |
index 68681f5..efb170a 100644
|
|
|
affdba |
--- a/epan/dissectors/packet-ssl-utils.c
|
|
|
affdba |
+++ b/epan/dissectors/packet-ssl-utils.c
|
|
|
affdba |
@@ -2358,13 +2358,13 @@ ssl_generate_keyring_material(SslDecryptSession*ssl_session)
|
|
|
affdba |
|
|
|
affdba |
/* create both client and server ciphers*/
|
|
|
affdba |
ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(client)\n");
|
|
|
affdba |
- ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, c_mk, c_wk, c_iv);
|
|
|
affdba |
+ ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, c_mk, c_wk, c_iv);
|
|
|
affdba |
if (!ssl_session->client_new) {
|
|
|
affdba |
ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n");
|
|
|
affdba |
goto fail;
|
|
|
affdba |
}
|
|
|
affdba |
ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(server)\n");
|
|
|
affdba |
- ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, s_mk, s_wk, s_iv);
|
|
|
affdba |
+ ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, s_mk, s_wk, s_iv);
|
|
|
affdba |
if (!ssl_session->server_new) {
|
|
|
affdba |
ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n");
|
|
|
affdba |
goto fail;
|
|
|
affdba |
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
|
|
|
affdba |
index ccac6ae..1ba1598 100644
|
|
|
affdba |
--- a/epan/dissectors/packet-ssl-utils.h
|
|
|
affdba |
+++ b/epan/dissectors/packet-ssl-utils.h
|
|
|
affdba |
@@ -304,6 +304,12 @@ typedef struct {
|
|
|
affdba |
SslRecordInfo* handshake_data;
|
|
|
affdba |
} SslPacketInfo;
|
|
|
affdba |
|
|
|
affdba |
+typedef struct _SslSession {
|
|
|
affdba |
+ gint cipher;
|
|
|
affdba |
+ gint compression;
|
|
|
affdba |
+ guint32 version;
|
|
|
affdba |
+} SslSession;
|
|
|
affdba |
+
|
|
|
affdba |
typedef struct _SslDecryptSession {
|
|
|
affdba |
guchar _master_secret[48];
|
|
|
affdba |
guchar _session_id[256];
|
|
|
affdba |
@@ -320,8 +326,6 @@ typedef struct _SslDecryptSession {
|
|
|
affdba |
guchar _client_data_for_iv[24];
|
|
|
affdba |
StringInfo client_data_for_iv;
|
|
|
affdba |
|
|
|
affdba |
- gint cipher;
|
|
|
affdba |
- gint compression;
|
|
|
affdba |
gint state;
|
|
|
affdba |
SslCipherSuite cipher_suite;
|
|
|
affdba |
SslDecoder *server;
|
|
|
affdba |
@@ -330,9 +334,9 @@ typedef struct _SslDecryptSession {
|
|
|
affdba |
SslDecoder *client_new;
|
|
|
affdba |
SSL_PRIVATE_KEY* private_key;
|
|
|
affdba |
SSL_PSK_KEY* psk;
|
|
|
affdba |
- guint32 version;
|
|
|
affdba |
guint16 version_netorder;
|
|
|
affdba |
StringInfo app_data_segment;
|
|
|
affdba |
+ SslSession session;
|
|
|
affdba |
|
|
|
affdba |
address srv_addr;
|
|
|
affdba |
port_type srv_ptype;
|
|
|
affdba |
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
|
|
|
affdba |
index b50ca22..6f22158 100644
|
|
|
affdba |
--- a/epan/dissectors/packet-ssl.c
|
|
|
affdba |
+++ b/epan/dissectors/packet-ssl.c
|
|
|
affdba |
@@ -507,7 +507,7 @@ ssl_association_info(void)
|
|
|
affdba |
/* record layer dissector */
|
|
|
affdba |
static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version, guint conv_cipher,
|
|
|
affdba |
+ SslSession *session,
|
|
|
affdba |
gboolean *need_desegmentation,
|
|
|
affdba |
SslDecryptSession *conv_data,
|
|
|
affdba |
const gboolean first_record_in_frame);
|
|
|
affdba |
@@ -516,24 +516,23 @@ static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
guint32 offset,
|
|
|
affdba |
- guint *conv_version, const guint8 content_type);
|
|
|
affdba |
+ SslSession *session, const guint8 content_type);
|
|
|
affdba |
|
|
|
affdba |
/* alert message dissector */
|
|
|
affdba |
static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version);
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
/* handshake protocol dissector */
|
|
|
affdba |
static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint32 record_length,
|
|
|
affdba |
- guint *conv_version, guint conv_cipher,
|
|
|
affdba |
+ guint32 record_length, SslSession *session,
|
|
|
affdba |
SslDecryptSession *conv_data, const guint8 content_type);
|
|
|
affdba |
|
|
|
affdba |
/* heartbeat message dissector */
|
|
|
affdba |
static void dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version, guint32 record_length);
|
|
|
affdba |
+ SslSession *session, guint32 record_length);
|
|
|
affdba |
|
|
|
affdba |
/* hello extension dissector */
|
|
|
affdba |
static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb,
|
|
|
affdba |
@@ -574,20 +573,22 @@ static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
|
|
|
affdba |
static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
guint32 offset, packet_info *pinfo,
|
|
|
affdba |
- const guint *conv_version);
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
static void dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb,
|
|
|
affdba |
- proto_tree *tree,
|
|
|
affdba |
- guint32 offset, guint32 length);
|
|
|
affdba |
-
|
|
|
affdba |
+ proto_tree *tree,
|
|
|
affdba |
+ guint32 offset, guint32 length,
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
-static void dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb,
|
|
|
affdba |
- proto_tree *tree,
|
|
|
affdba |
- guint32 offset, guint32 length);
|
|
|
affdba |
+static void dissect_ssl3_hnd_srv_keyex_dhe(tvbuff_t *tvb,
|
|
|
affdba |
+ proto_tree *tree,
|
|
|
affdba |
+ guint32 offset, guint32 length,
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
static void dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
- guint32 offset, guint32 length);
|
|
|
affdba |
+ guint32 offset, guint32 length,
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
static void dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
@@ -605,7 +606,7 @@ static void dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb,
|
|
|
affdba |
static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
const guint32 offset,
|
|
|
affdba |
- const guint *conv_version);
|
|
|
affdba |
+ SslSession *session);
|
|
|
affdba |
|
|
|
affdba |
static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree,
|
|
|
affdba |
@@ -620,7 +621,7 @@ static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb,
|
|
|
affdba |
/* record layer dissector */
|
|
|
affdba |
static gint dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version,
|
|
|
affdba |
+ SslSession *session,
|
|
|
affdba |
gboolean *need_desegmentation,
|
|
|
affdba |
SslDecryptSession *ssl, gboolean first_record_in_frame);
|
|
|
affdba |
|
|
|
affdba |
@@ -701,8 +702,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
gboolean first_record_in_frame;
|
|
|
affdba |
gboolean need_desegmentation;
|
|
|
affdba |
SslDecryptSession *ssl_session;
|
|
|
affdba |
- guint *conv_version;
|
|
|
affdba |
- guint conv_cipher;
|
|
|
affdba |
+ SslSession *session;
|
|
|
affdba |
|
|
|
affdba |
ti = NULL;
|
|
|
affdba |
ssl_tree = NULL;
|
|
|
affdba |
@@ -736,11 +736,10 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
else {
|
|
|
affdba |
ssl_session = (SslDecryptSession *)se_alloc0(sizeof(SslDecryptSession));
|
|
|
affdba |
ssl_session_init(ssl_session);
|
|
|
affdba |
- ssl_session->version = SSL_VER_UNKNOWN;
|
|
|
affdba |
+ ssl_session->session.version = SSL_VER_UNKNOWN;
|
|
|
affdba |
conversation_add_proto_data(conversation, proto_ssl, ssl_session);
|
|
|
affdba |
}
|
|
|
affdba |
- conv_version =& ssl_session->version;
|
|
|
affdba |
- conv_cipher = ssl_session->cipher;
|
|
|
affdba |
+ session = &ssl_session->session;
|
|
|
affdba |
|
|
|
affdba |
/* try decryption only the first time we see this packet
|
|
|
affdba |
* (to keep cipher synchronized) */
|
|
|
affdba |
@@ -789,11 +788,11 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
/* first try to dispatch off the cached version
|
|
|
affdba |
* known to be associated with the conversation
|
|
|
affdba |
*/
|
|
|
affdba |
- switch (*conv_version) {
|
|
|
affdba |
+ switch (session->version) {
|
|
|
affdba |
case SSL_VER_SSLv2:
|
|
|
affdba |
case SSL_VER_PCT:
|
|
|
affdba |
offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
&need_desegmentation,
|
|
|
affdba |
ssl_session,
|
|
|
affdba |
first_record_in_frame);
|
|
|
affdba |
@@ -810,7 +809,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
if (ssl_is_v2_client_hello(tvb, offset))
|
|
|
affdba |
{
|
|
|
affdba |
offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
&need_desegmentation,
|
|
|
affdba |
ssl_session,
|
|
|
affdba |
first_record_in_frame);
|
|
|
affdba |
@@ -818,8 +817,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
else
|
|
|
affdba |
{
|
|
|
affdba |
offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
- conv_cipher,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
&need_desegmentation,
|
|
|
affdba |
ssl_session,
|
|
|
affdba |
first_record_in_frame);
|
|
|
affdba |
@@ -834,7 +832,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
{
|
|
|
affdba |
/* looks like sslv2 or pct client hello */
|
|
|
affdba |
offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
&need_desegmentation,
|
|
|
affdba |
ssl_session,
|
|
|
affdba |
first_record_in_frame);
|
|
|
affdba |
@@ -843,8 +841,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
{
|
|
|
affdba |
/* looks like sslv3 or tls */
|
|
|
affdba |
offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
|
|
|
affdba |
- offset, conv_version,
|
|
|
affdba |
- conv_cipher,
|
|
|
affdba |
+ offset, session,
|
|
|
affdba |
&need_desegmentation,
|
|
|
affdba |
ssl_session,
|
|
|
affdba |
first_record_in_frame);
|
|
|
affdba |
@@ -867,7 +864,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
affdba |
|
|
|
affdba |
/* Set the protocol column */
|
|
|
affdba |
col_set_str(pinfo->cinfo, COL_PROTOCOL,
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
}
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1434,8 +1431,7 @@ dissect_ssl_payload(tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *t
|
|
|
affdba |
*********************************************************************/
|
|
|
affdba |
static gint
|
|
|
affdba |
dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
- proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version, guint conv_cipher,
|
|
|
affdba |
+ proto_tree *tree, guint32 offset, SslSession *session,
|
|
|
affdba |
gboolean *need_desegmentation,
|
|
|
affdba |
SslDecryptSession *ssl, const gboolean first_record_in_frame)
|
|
|
affdba |
{
|
|
|
affdba |
@@ -1473,7 +1469,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
available_bytes = tvb_length_remaining(tvb, offset);
|
|
|
affdba |
|
|
|
affdba |
/* TLS 1.0/1.1 just ignores unknown records - RFC 2246 chapter 6. The TLS Record Protocol */
|
|
|
affdba |
- if ((*conv_version==SSL_VER_TLS || *conv_version==SSL_VER_TLSv1DOT1 || *conv_version==SSL_VER_TLSv1DOT2) &&
|
|
|
affdba |
+ if ((session->version==SSL_VER_TLS || session->version==SSL_VER_TLSv1DOT1 || session->version==SSL_VER_TLSv1DOT2) &&
|
|
|
affdba |
(available_bytes >=1 ) && !ssl_is_valid_content_type(tvb_get_guint8(tvb, offset))) {
|
|
|
affdba |
proto_tree_add_text(tree, tvb, offset, available_bytes, "Ignored Unknown Record");
|
|
|
affdba |
/* on second and subsequent records per frame
|
|
|
affdba |
@@ -1483,7 +1479,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
col_append_str(pinfo->cinfo, COL_INFO, ", ");
|
|
|
affdba |
}
|
|
|
affdba |
col_append_str(pinfo->cinfo, COL_INFO, "Ignored Unknown Record");
|
|
|
affdba |
- col_set_str(pinfo->cinfo, COL_PROTOCOL, val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
return offset + available_bytes;
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
@@ -1568,7 +1564,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
|
|
|
affdba |
/* Set the protocol column */
|
|
|
affdba |
col_set_str(pinfo->cinfo, COL_PROTOCOL,
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
|
|
|
affdba |
return offset + 5 + record_length;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1614,51 +1610,51 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
* structure and print the column version
|
|
|
affdba |
*/
|
|
|
affdba |
next_byte = tvb_get_guint8(tvb, offset);
|
|
|
affdba |
- if (*conv_version == SSL_VER_UNKNOWN
|
|
|
affdba |
+ if (session->version == SSL_VER_UNKNOWN
|
|
|
affdba |
&& ssl_is_authoritative_version_message(content_type, next_byte))
|
|
|
affdba |
{
|
|
|
affdba |
if (version == SSLV3_VERSION)
|
|
|
affdba |
{
|
|
|
affdba |
- *conv_version = SSL_VER_SSLv3;
|
|
|
affdba |
+ session->version = SSL_VER_SSLv3;
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
ssl->version_netorder = version;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
}
|
|
|
affdba |
- /*ssl_set_conv_version(pinfo, ssl->version);*/
|
|
|
affdba |
+ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
|
|
|
affdba |
}
|
|
|
affdba |
else if (version == TLSV1_VERSION)
|
|
|
affdba |
{
|
|
|
affdba |
|
|
|
affdba |
- *conv_version = SSL_VER_TLS;
|
|
|
affdba |
+ session->version = SSL_VER_TLS;
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
ssl->version_netorder = version;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.0) -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
}
|
|
|
affdba |
- /*ssl_set_conv_version(pinfo, ssl->version);*/
|
|
|
affdba |
+ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
|
|
|
affdba |
}
|
|
|
affdba |
else if (version == TLSV1DOT1_VERSION)
|
|
|
affdba |
{
|
|
|
affdba |
|
|
|
affdba |
- *conv_version = SSL_VER_TLSv1DOT1;
|
|
|
affdba |
+ session->version = SSL_VER_TLSv1DOT1;
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
ssl->version_netorder = version;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.1) -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
}
|
|
|
affdba |
- /*ssl_set_conv_version(pinfo, ssl->version);*/
|
|
|
affdba |
+ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
|
|
|
affdba |
}
|
|
|
affdba |
else if (version == TLSV1DOT2_VERSION)
|
|
|
affdba |
{
|
|
|
affdba |
|
|
|
affdba |
- *conv_version = SSL_VER_TLSv1DOT2;
|
|
|
affdba |
+ session->version = SSL_VER_TLSv1DOT2;
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
ssl->version_netorder = version;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("dissect_ssl3_record found version 0x%04X(TLS 1.2) -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
}
|
|
|
affdba |
- /*ssl_set_conv_version(pinfo, ssl->version);*/
|
|
|
affdba |
+ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
|
|
|
affdba |
}
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
@@ -1670,7 +1666,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
col_set_str(pinfo->cinfo, COL_PROTOCOL,
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
|
|
|
affdba |
/*
|
|
|
affdba |
* now dissect the next layer
|
|
|
affdba |
@@ -1685,7 +1681,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
ssl_debug_printf("dissect_ssl3_change_cipher_spec\n");
|
|
|
affdba |
col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
|
|
|
affdba |
dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
|
|
|
affdba |
- offset, conv_version, content_type);
|
|
|
affdba |
+ offset, session, content_type);
|
|
|
affdba |
if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, ssl_associations, pinfo));
|
|
|
affdba |
break;
|
|
|
affdba |
case SSL_ID_ALERT:
|
|
|
affdba |
@@ -1701,9 +1697,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
|
|
|
affdba |
if (decrypted) {
|
|
|
affdba |
add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
|
|
|
affdba |
- dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, conv_version);
|
|
|
affdba |
+ dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, session);
|
|
|
affdba |
} else {
|
|
|
affdba |
- dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, conv_version);
|
|
|
affdba |
+ dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, session);
|
|
|
affdba |
}
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1726,10 +1722,11 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
/* add desegmented data to the data source list */
|
|
|
affdba |
add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
|
|
|
affdba |
dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0,
|
|
|
affdba |
- tvb_length(decrypted), conv_version, conv_cipher, ssl, content_type);
|
|
|
affdba |
+ tvb_length(decrypted), session,
|
|
|
affdba |
+ ssl, content_type);
|
|
|
affdba |
} else {
|
|
|
affdba |
dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
|
|
|
affdba |
- record_length, conv_version, conv_cipher, ssl, content_type);
|
|
|
affdba |
+ record_length, session, ssl, content_type);
|
|
|
affdba |
}
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1755,7 +1752,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
|
|
|
affdba |
proto_item_set_text(ssl_record_tree,
|
|
|
affdba |
"%s Record Layer: %s Protocol: %s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"),
|
|
|
affdba |
association?association->info:"Application Data");
|
|
|
affdba |
|
|
|
affdba |
@@ -1778,9 +1775,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
|
|
|
affdba |
if (decrypted) {
|
|
|
affdba |
add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
|
|
|
affdba |
- dissect_ssl3_heartbeat(decrypted, pinfo, ssl_record_tree, 0, conv_version, record_length);
|
|
|
affdba |
+ dissect_ssl3_heartbeat(decrypted, pinfo, ssl_record_tree, 0, session, record_length);
|
|
|
affdba |
} else {
|
|
|
affdba |
- dissect_ssl3_heartbeat(tvb, pinfo, ssl_record_tree, offset, conv_version, record_length);
|
|
|
affdba |
+ dissect_ssl3_heartbeat(tvb, pinfo, ssl_record_tree, offset, session, record_length);
|
|
|
affdba |
}
|
|
|
affdba |
break;
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1799,7 +1796,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version, const guint8 content_type)
|
|
|
affdba |
+ SslSession *session, const guint8 content_type)
|
|
|
affdba |
{
|
|
|
affdba |
/*
|
|
|
affdba |
* struct {
|
|
|
affdba |
@@ -1811,7 +1808,7 @@ dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree,
|
|
|
affdba |
"%s Record Layer: %s Protocol: Change Cipher Spec",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"));
|
|
|
affdba |
proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
|
|
|
affdba |
offset++, 1, ENC_NA);
|
|
|
affdba |
@@ -1822,7 +1819,7 @@ dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version)
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
/* struct {
|
|
|
affdba |
* AlertLevel level;
|
|
|
affdba |
@@ -1872,7 +1869,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: Alert "
|
|
|
affdba |
"(Level: %s, Description: %s)",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
level, desc);
|
|
|
affdba |
proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
|
|
|
affdba |
tvb, offset++, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
@@ -1884,7 +1881,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree,
|
|
|
affdba |
"%s Record Layer: Encrypted Alert",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
proto_item_set_text(ssl_alert_tree,
|
|
|
affdba |
"Alert Message: Encrypted Alert");
|
|
|
affdba |
}
|
|
|
affdba |
@@ -1896,7 +1893,7 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint32 record_length, guint *conv_version, guint conv_cipher,
|
|
|
affdba |
+ guint32 record_length, SslSession *session,
|
|
|
affdba |
SslDecryptSession *ssl, const guint8 content_type)
|
|
|
affdba |
{
|
|
|
affdba |
/* struct {
|
|
|
affdba |
@@ -1981,7 +1978,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
if (first_iteration)
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"),
|
|
|
affdba |
(msg_type_str!=NULL) ? msg_type_str :
|
|
|
affdba |
"Encrypted Handshake Message");
|
|
|
affdba |
@@ -1989,7 +1986,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
else
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
val_to_str_const(content_type, ssl_31_content_type, "unknown"),
|
|
|
affdba |
"Multiple Handshake Messages");
|
|
|
affdba |
}
|
|
|
affdba |
@@ -2048,15 +2045,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_HND_SERVER_KEY_EXCHG: {
|
|
|
affdba |
- switch (ssl_get_keyex_alg(conv_cipher)) {
|
|
|
affdba |
+ switch (ssl_get_keyex_alg(session->cipher)) {
|
|
|
affdba |
case KEX_DH:
|
|
|
affdba |
- dissect_ssl3_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length);
|
|
|
affdba |
+ dissect_ssl3_hnd_srv_keyex_dhe(tvb, ssl_hand_tree, offset, length, session);
|
|
|
affdba |
break;
|
|
|
affdba |
case KEX_RSA:
|
|
|
affdba |
- dissect_ssl3_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length);
|
|
|
affdba |
+ dissect_ssl3_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length, session);
|
|
|
affdba |
break;
|
|
|
affdba |
case KEX_ECDH:
|
|
|
affdba |
- dissect_ssl3_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length);
|
|
|
affdba |
+ dissect_ssl3_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length, session);
|
|
|
affdba |
break;
|
|
|
affdba |
default:
|
|
|
affdba |
break;
|
|
|
affdba |
@@ -2065,7 +2062,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_HND_CERT_REQUEST:
|
|
|
affdba |
- dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset, pinfo, conv_version);
|
|
|
affdba |
+ dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset, pinfo, session);
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_HND_SVR_HELLO_DONE:
|
|
|
affdba |
@@ -2077,7 +2074,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_HND_CLIENT_KEY_EXCHG:
|
|
|
affdba |
- switch (ssl_get_keyex_alg(conv_cipher)) {
|
|
|
affdba |
+ switch (ssl_get_keyex_alg(session->cipher)) {
|
|
|
affdba |
case KEX_DH:
|
|
|
affdba |
dissect_ssl3_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length);
|
|
|
affdba |
break;
|
|
|
affdba |
@@ -2098,7 +2095,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
if (!ssl)
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
- cipher_num = ssl->cipher;
|
|
|
affdba |
+ cipher_num = ssl->session.cipher;
|
|
|
affdba |
|
|
|
affdba |
if (cipher_num == 0x8a || cipher_num == 0x8b || cipher_num == 0x8c || cipher_num == 0x8d)
|
|
|
affdba |
{
|
|
|
affdba |
@@ -2174,7 +2171,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
* (it's the encrypted len and should be equal to record len - 2)
|
|
|
affdba |
* in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary
|
|
|
affdba |
*/
|
|
|
affdba |
- if (ssl->cipher_suite.kex==KEX_RSA && (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1||ssl->version == SSL_VER_TLSv1DOT2))
|
|
|
affdba |
+ if (ssl->cipher_suite.kex==KEX_RSA && (ssl->session.version == SSL_VER_TLS||ssl->session.version == SSL_VER_TLSv1DOT1||ssl->session.version == SSL_VER_TLSv1DOT2))
|
|
|
affdba |
{
|
|
|
affdba |
encrlen = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
skip = 2;
|
|
|
affdba |
@@ -2214,8 +2211,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_HND_FINISHED:
|
|
|
affdba |
- dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
|
|
|
affdba |
- offset, conv_version);
|
|
|
affdba |
+ dissect_ssl3_hnd_finished(tvb, ssl_hand_tree, offset, session);
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_HND_CERT_STATUS:
|
|
|
affdba |
@@ -2236,7 +2232,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
proto_tree *tree, guint32 offset,
|
|
|
affdba |
- guint *conv_version, guint32 record_length)
|
|
|
affdba |
+ SslSession *session, guint32 record_length)
|
|
|
affdba |
{
|
|
|
affdba |
/* struct {
|
|
|
affdba |
* HeartbeatMessageType type;
|
|
|
affdba |
@@ -2283,7 +2279,7 @@ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
if (type && (payload_length <= record_length - 16 - 3)) {
|
|
|
affdba |
proto_item_set_text(tree, "%s Record Layer: Heartbeat "
|
|
|
affdba |
"%s",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"),
|
|
|
affdba |
type);
|
|
|
affdba |
proto_tree_add_item(tls_heartbeat_tree, hf_ssl_heartbeat_message_type,
|
|
|
affdba |
tvb, offset, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
@@ -2305,7 +2301,7 @@ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
|
|
|
affdba |
} else {
|
|
|
affdba |
proto_item_set_text(tree,
|
|
|
affdba |
"%s Record Layer: Encrypted Heartbeat",
|
|
|
affdba |
- val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
+ val_to_str_const(session->version, ssl_version_short_names, "SSL"));
|
|
|
affdba |
proto_item_set_text(tls_heartbeat_tree,
|
|
|
affdba |
"Encrypted Heartbeat Message");
|
|
|
affdba |
}
|
|
|
affdba |
@@ -2840,15 +2836,15 @@ dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
|
|
|
affdba |
/* PAOLO: handle session cipher suite */
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
/* store selected cipher suite for decryption */
|
|
|
affdba |
- ssl->cipher = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
|
|
|
affdba |
- ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite 0x%X\n", ssl->cipher);
|
|
|
affdba |
+ ssl->session.cipher = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) {
|
|
|
affdba |
+ ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite 0x%X\n", ssl->session.cipher);
|
|
|
affdba |
goto no_cipher;
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
ssl->state |= SSL_CIPHER;
|
|
|
affdba |
ssl_debug_printf("dissect_ssl3_hnd_srv_hello found CIPHER 0x%04X -> state 0x%02X\n",
|
|
|
affdba |
- ssl->cipher, ssl->state);
|
|
|
affdba |
+ ssl->session.cipher, ssl->state);
|
|
|
affdba |
|
|
|
affdba |
/* if we have restored a session now we can have enough material
|
|
|
affdba |
* to build session key, check it out*/
|
|
|
affdba |
@@ -2867,7 +2863,7 @@ no_cipher:
|
|
|
affdba |
|
|
|
affdba |
if (ssl) {
|
|
|
affdba |
/* store selected compression method for decryption */
|
|
|
affdba |
- ssl->compression = tvb_get_guint8(tvb, offset);
|
|
|
affdba |
+ ssl->session.compression = tvb_get_guint8(tvb, offset);
|
|
|
affdba |
}
|
|
|
affdba |
/* and the server-selected compression method */
|
|
|
affdba |
proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
|
|
|
affdba |
@@ -2975,7 +2971,7 @@ dissect_ssl3_hnd_cert(tvbuff_t *tvb,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree, guint32 offset, packet_info *pinfo,
|
|
|
affdba |
- const guint *conv_version)
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
/*
|
|
|
affdba |
* enum {
|
|
|
affdba |
@@ -3066,7 +3062,7 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
|
|
|
affdba |
}
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
- switch (*conv_version) {
|
|
|
affdba |
+ switch (session->version) {
|
|
|
affdba |
case SSL_VER_TLSv1DOT2:
|
|
|
affdba |
sh_alg_length = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
proto_tree_add_uint(tree, hf_ssl_handshake_sig_hash_alg_len,
|
|
|
affdba |
@@ -3170,74 +3166,77 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
static void
|
|
|
affdba |
+dissect_ssl3_hnd_srv_keyex_sig(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
+ guint32 offset, SslSession *session)
|
|
|
affdba |
+{
|
|
|
affdba |
+ gint sig_len;
|
|
|
affdba |
+ proto_item *ti_algo;
|
|
|
affdba |
+ proto_tree *ssl_algo_tree;
|
|
|
affdba |
+
|
|
|
affdba |
+ switch (session->version) {
|
|
|
affdba |
+ case SSL_VER_TLSv1DOT2:
|
|
|
affdba |
+ case SSL_VER_DTLS1DOT2:
|
|
|
affdba |
+ ti_algo = proto_tree_add_item(tree, hf_ssl_handshake_sig_hash_alg, tvb,
|
|
|
affdba |
+ offset, 2, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ ssl_algo_tree = proto_item_add_subtree(ti_algo, ett_ssl_sig_hash_alg);
|
|
|
affdba |
+
|
|
|
affdba |
+ /* SignatureAndHashAlgorithm { hash, signature } */
|
|
|
affdba |
+ proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_hash, tvb,
|
|
|
affdba |
+ offset, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_sig, tvb,
|
|
|
affdba |
+ offset + 1, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ offset += 2;
|
|
|
affdba |
+ break;
|
|
|
affdba |
+
|
|
|
affdba |
+ default:
|
|
|
affdba |
+ break;
|
|
|
affdba |
+ }
|
|
|
affdba |
+
|
|
|
affdba |
+ /* Sig */
|
|
|
affdba |
+ sig_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig_len, tvb,
|
|
|
affdba |
+ offset, 2, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ proto_tree_add_item(tree, hf_ssl_handshake_server_keyex_sig, tvb,
|
|
|
affdba |
+ offset + 2, sig_len, ENC_NA);
|
|
|
affdba |
+}
|
|
|
affdba |
+
|
|
|
affdba |
+static void
|
|
|
affdba |
dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
- guint32 offset, guint32 length)
|
|
|
affdba |
+ guint32 offset, guint32 length,
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
- gint curve_type, curve_type_offset;
|
|
|
affdba |
- gint named_curve, named_curve_offset;
|
|
|
affdba |
- gint point_len, point_len_offset;
|
|
|
affdba |
- gint sig_len, sig_len_offset;
|
|
|
affdba |
+ gint curve_type;
|
|
|
affdba |
+ gint point_len;
|
|
|
affdba |
proto_item *ti_ecdh;
|
|
|
affdba |
proto_tree *ssl_ecdh_tree;
|
|
|
affdba |
- guint32 orig_offset;
|
|
|
affdba |
|
|
|
affdba |
- orig_offset = offset;
|
|
|
affdba |
+ ti_ecdh = proto_tree_add_text(tree, tvb, offset, length,
|
|
|
affdba |
+ "EC Diffie-Hellman Server Params");
|
|
|
affdba |
+ ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params);
|
|
|
affdba |
|
|
|
affdba |
- curve_type_offset = offset;
|
|
|
affdba |
+ /* curve_type */
|
|
|
affdba |
curve_type = tvb_get_guint8(tvb, offset);
|
|
|
affdba |
+ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_curve_type, tvb,
|
|
|
affdba |
+ offset, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ offset++;
|
|
|
affdba |
if (curve_type != 3)
|
|
|
affdba |
return; /* only named_curves are supported */
|
|
|
affdba |
- offset += 1;
|
|
|
affdba |
- if ((offset - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
|
|
|
affdba |
- named_curve_offset = offset;
|
|
|
affdba |
- named_curve = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ /* case curve_type == named_curve; namedcurve */
|
|
|
affdba |
+ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_named_curve, tvb,
|
|
|
affdba |
+ offset, 2, ENC_BIG_ENDIAN);
|
|
|
affdba |
offset += 2;
|
|
|
affdba |
- if ((offset - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
|
|
|
affdba |
- point_len_offset = offset;
|
|
|
affdba |
+ /* point */
|
|
|
affdba |
point_len = tvb_get_guint8(tvb, offset);
|
|
|
affdba |
- if ((offset + point_len - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
+ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point_len, tvb,
|
|
|
affdba |
+ offset, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point, tvb,
|
|
|
affdba |
+ offset + 1, point_len, ENC_NA);
|
|
|
affdba |
offset += 1 + point_len;
|
|
|
affdba |
|
|
|
affdba |
- sig_len_offset = offset;
|
|
|
affdba |
- sig_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
- offset += 2 + sig_len;
|
|
|
affdba |
- if ((offset - orig_offset) != length) {
|
|
|
affdba |
- /* Lengths don't line up (wasn't what we expected?) */
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
-
|
|
|
affdba |
- ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset,
|
|
|
affdba |
- (offset - orig_offset), "EC Diffie-Hellman Server Params");
|
|
|
affdba |
- ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params);
|
|
|
affdba |
-
|
|
|
affdba |
- /* curve_type */
|
|
|
affdba |
- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_curve_type,
|
|
|
affdba |
- tvb, curve_type_offset, 1, curve_type);
|
|
|
affdba |
-
|
|
|
affdba |
- /* named_curve */
|
|
|
affdba |
- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_named_curve,
|
|
|
affdba |
- tvb, named_curve_offset, 2, named_curve);
|
|
|
affdba |
-
|
|
|
affdba |
- /* point */
|
|
|
affdba |
- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point_len,
|
|
|
affdba |
- tvb, point_len_offset, 1, point_len);
|
|
|
affdba |
- proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point,
|
|
|
affdba |
- tvb, point_len_offset+1, point_len, ENC_NA);
|
|
|
affdba |
-
|
|
|
affdba |
- /* Sig */
|
|
|
affdba |
- proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig_len,
|
|
|
affdba |
- tvb, sig_len_offset, 2, sig_len);
|
|
|
affdba |
- proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig,
|
|
|
affdba |
- tvb, sig_len_offset + 2, sig_len, ENC_NA);
|
|
|
affdba |
-
|
|
|
affdba |
+ /* signature */
|
|
|
affdba |
+ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_ecdh_tree, offset, session);
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
static void
|
|
|
affdba |
@@ -3271,139 +3270,80 @@ dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
static void
|
|
|
affdba |
-dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
- guint32 offset, guint32 length)
|
|
|
affdba |
+dissect_ssl3_hnd_srv_keyex_dhe(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
+ guint32 offset, guint32 length,
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
- gint p_len, p_len_offset;
|
|
|
affdba |
- gint g_len, g_len_offset;
|
|
|
affdba |
- gint ys_len, ys_len_offset;
|
|
|
affdba |
- gint sig_len, sig_len_offset;
|
|
|
affdba |
+ gint p_len, g_len, ys_len;
|
|
|
affdba |
proto_item *ti_dh;
|
|
|
affdba |
proto_tree *ssl_dh_tree;
|
|
|
affdba |
- guint32 orig_offset;
|
|
|
affdba |
|
|
|
affdba |
- orig_offset = offset;
|
|
|
affdba |
+ ti_dh = proto_tree_add_text(tree, tvb, offset, length,
|
|
|
affdba |
+ "Diffie-Hellman Server Params");
|
|
|
affdba |
+ ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params);
|
|
|
affdba |
|
|
|
affdba |
- p_len_offset = offset;
|
|
|
affdba |
+ /* p */
|
|
|
affdba |
p_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p_len, tvb,
|
|
|
affdba |
+ offset, 2, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p, tvb,
|
|
|
affdba |
+ offset + 2, p_len, ENC_NA);
|
|
|
affdba |
offset += 2 + p_len;
|
|
|
affdba |
- if ((offset - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
|
|
|
affdba |
- g_len_offset = offset;
|
|
|
affdba |
+ /* g */
|
|
|
affdba |
g_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g_len, tvb,
|
|
|
affdba |
+ offset, 2, ENC_BIG_ENDIAN);
|
|
|
affdba |
+ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g, tvb,
|
|
|
affdba |
+ offset + 2, g_len, ENC_NA);
|
|
|
affdba |
offset += 2 + g_len;
|
|
|
affdba |
- if ((offset - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
|
|
|
affdba |
- ys_len_offset = offset;
|
|
|
affdba |
+ /* Ys */
|
|
|
affdba |
ys_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys_len, tvb,
|
|
|
affdba |
+ offset, 2, ys_len);
|
|
|
affdba |
+ proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys, tvb,
|
|
|
affdba |
+ offset + 2, ys_len, ENC_NA);
|
|
|
affdba |
offset += 2 + ys_len;
|
|
|
affdba |
- if ((offset - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
-
|
|
|
affdba |
- sig_len_offset = offset;
|
|
|
affdba |
- sig_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
- offset += 2 + sig_len;
|
|
|
affdba |
- if ((offset - orig_offset) != length) {
|
|
|
affdba |
- /* Lengths don't line up (wasn't what we expected?) */
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
-
|
|
|
affdba |
- ti_dh = proto_tree_add_text(tree, tvb, orig_offset,
|
|
|
affdba |
- (offset - orig_offset), "Diffie-Hellman Server Params");
|
|
|
affdba |
- ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params);
|
|
|
affdba |
-
|
|
|
affdba |
- /* p */
|
|
|
affdba |
- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_p_len,
|
|
|
affdba |
- tvb, p_len_offset, 2, p_len);
|
|
|
affdba |
- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p,
|
|
|
affdba |
- tvb, p_len_offset + 2, p_len, ENC_NA);
|
|
|
affdba |
-
|
|
|
affdba |
- /* g */
|
|
|
affdba |
- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_g_len,
|
|
|
affdba |
- tvb, g_len_offset, 2, g_len);
|
|
|
affdba |
- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g,
|
|
|
affdba |
- tvb, g_len_offset + 2, g_len, ENC_NA);
|
|
|
affdba |
-
|
|
|
affdba |
- /* Ys */
|
|
|
affdba |
- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys_len,
|
|
|
affdba |
- tvb, ys_len_offset, 2, ys_len);
|
|
|
affdba |
- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys,
|
|
|
affdba |
- tvb, ys_len_offset + 2, ys_len, ENC_NA);
|
|
|
affdba |
-
|
|
|
affdba |
- /* Sig */
|
|
|
affdba |
- proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig_len,
|
|
|
affdba |
- tvb, sig_len_offset, 2, sig_len);
|
|
|
affdba |
- proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig,
|
|
|
affdba |
- tvb, sig_len_offset + 2, sig_len, ENC_NA);
|
|
|
affdba |
|
|
|
affdba |
+ /* signature */
|
|
|
affdba |
+ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_dh_tree, offset, session);
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
/* Only used in RSA-EXPORT cipher suites */
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
- guint32 offset, guint32 length)
|
|
|
affdba |
+ guint32 offset, guint32 length,
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
- gint modulus_len, modulus_len_offset;
|
|
|
affdba |
- gint exponent_len, exponent_len_offset;
|
|
|
affdba |
- gint sig_len, sig_len_offset;
|
|
|
affdba |
+ gint modulus_len, exponent_len;
|
|
|
affdba |
proto_item *ti_rsa;
|
|
|
affdba |
proto_tree *ssl_rsa_tree;
|
|
|
affdba |
- guint32 orig_offset;
|
|
|
affdba |
-
|
|
|
affdba |
- orig_offset = offset;
|
|
|
affdba |
-
|
|
|
affdba |
- modulus_len_offset = offset;
|
|
|
affdba |
- modulus_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
- offset += 2 + modulus_len;
|
|
|
affdba |
- if ((offset - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
-
|
|
|
affdba |
- exponent_len_offset = offset;
|
|
|
affdba |
- exponent_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
- offset += 2 + exponent_len;
|
|
|
affdba |
- if ((offset - orig_offset) > length) {
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
-
|
|
|
affdba |
- sig_len_offset = offset;
|
|
|
affdba |
- sig_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
- offset += 2 + sig_len;
|
|
|
affdba |
- if ((offset - orig_offset) != length) {
|
|
|
affdba |
- /* Lengths don't line up (wasn't what we expected?) */
|
|
|
affdba |
- return;
|
|
|
affdba |
- }
|
|
|
affdba |
|
|
|
affdba |
- ti_rsa = proto_tree_add_text(tree, tvb, orig_offset,
|
|
|
affdba |
- (offset - orig_offset), "RSA-EXPORT Server Params");
|
|
|
affdba |
+ ti_rsa = proto_tree_add_text(tree, tvb, offset, length,
|
|
|
affdba |
+ "RSA_EXPORT Server Params");
|
|
|
affdba |
ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_ssl_keyex_params);
|
|
|
affdba |
|
|
|
affdba |
/* modulus */
|
|
|
affdba |
- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus_len,
|
|
|
affdba |
- tvb, modulus_len_offset, 2, modulus_len);
|
|
|
affdba |
+ modulus_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus_len,
|
|
|
affdba |
+ tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
|
affdba |
proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus,
|
|
|
affdba |
- tvb, modulus_len_offset + 2, modulus_len, ENC_NA);
|
|
|
affdba |
+ tvb, offset + 2, modulus_len, ENC_NA);
|
|
|
affdba |
+ offset += 2 + modulus_len;
|
|
|
affdba |
|
|
|
affdba |
/* exponent */
|
|
|
affdba |
- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent_len,
|
|
|
affdba |
- tvb, exponent_len_offset, 2, exponent_len);
|
|
|
affdba |
+ exponent_len = tvb_get_ntohs(tvb, offset);
|
|
|
affdba |
+ proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent_len,
|
|
|
affdba |
+ tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
|
affdba |
proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent,
|
|
|
affdba |
- tvb, exponent_len_offset + 2, exponent_len, ENC_NA);
|
|
|
affdba |
-
|
|
|
affdba |
- /* Sig */
|
|
|
affdba |
- proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig_len,
|
|
|
affdba |
- tvb, sig_len_offset, 2, sig_len);
|
|
|
affdba |
- proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig,
|
|
|
affdba |
- tvb, sig_len_offset + 2, sig_len, ENC_NA);
|
|
|
affdba |
+ tvb, offset + 2, exponent_len, ENC_NA);
|
|
|
affdba |
+ offset += 2 + exponent_len;
|
|
|
affdba |
|
|
|
affdba |
+ /* signature */
|
|
|
affdba |
+ dissect_ssl3_hnd_srv_keyex_sig(tvb, ssl_rsa_tree, offset, session);
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
-
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
guint32 offset, guint32 length)
|
|
|
affdba |
@@ -3468,7 +3408,7 @@ dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
static void
|
|
|
affdba |
dissect_ssl3_hnd_finished(tvbuff_t *tvb,
|
|
|
affdba |
proto_tree *tree, const guint32 offset,
|
|
|
affdba |
- const guint *conv_version)
|
|
|
affdba |
+ SslSession *session)
|
|
|
affdba |
{
|
|
|
affdba |
/* For TLS:
|
|
|
affdba |
* struct {
|
|
|
affdba |
@@ -3488,7 +3428,7 @@ dissect_ssl3_hnd_finished(tvbuff_t *tvb,
|
|
|
affdba |
return;
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
- switch (*conv_version) {
|
|
|
affdba |
+ switch (session->version) {
|
|
|
affdba |
case SSL_VER_TLS:
|
|
|
affdba |
case SSL_VER_TLSv1DOT1:
|
|
|
affdba |
case SSL_VER_TLSv1DOT2:
|
|
|
affdba |
@@ -3568,7 +3508,7 @@ dissect_ssl3_hnd_cert_status(tvbuff_t *tvb, proto_tree *tree,
|
|
|
affdba |
/* record layer dissector */
|
|
|
affdba |
static gint
|
|
|
affdba |
dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
affdba |
- guint32 offset, guint *conv_version,
|
|
|
affdba |
+ guint32 offset, SslSession *session,
|
|
|
affdba |
gboolean *need_desegmentation,
|
|
|
affdba |
SslDecryptSession *ssl, gboolean first_record_in_frame)
|
|
|
affdba |
{
|
|
|
affdba |
@@ -3684,19 +3624,19 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
affdba |
/* if we get a server_hello or later handshake in v2, then set
|
|
|
affdba |
* this to sslv2
|
|
|
affdba |
*/
|
|
|
affdba |
- if (*conv_version == SSL_VER_UNKNOWN)
|
|
|
affdba |
+ if (session->version == SSL_VER_UNKNOWN)
|
|
|
affdba |
{
|
|
|
affdba |
if (ssl_looks_like_valid_pct_handshake(tvb,
|
|
|
affdba |
(initial_offset +
|
|
|
affdba |
record_length_length),
|
|
|
affdba |
record_length)) {
|
|
|
affdba |
- *conv_version = SSL_VER_PCT;
|
|
|
affdba |
- /*ssl_set_conv_version(pinfo, ssl->version);*/
|
|
|
affdba |
+ session->version = SSL_VER_PCT;
|
|
|
affdba |
+ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
|
|
|
affdba |
}
|
|
|
affdba |
else if (msg_type >= 2 && msg_type <= 8)
|
|
|
affdba |
{
|
|
|
affdba |
- *conv_version = SSL_VER_SSLv2;
|
|
|
affdba |
- /*ssl_set_conv_version(pinfo, ssl->version);*/
|
|
|
affdba |
+ session->version = SSL_VER_SSLv2;
|
|
|
affdba |
+ /*ssl_set_conv_version(pinfo, ssl->session.version);*/
|
|
|
affdba |
}
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
@@ -3705,20 +3645,20 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
affdba |
* (e.g., on a client hello)
|
|
|
affdba |
*/
|
|
|
affdba |
col_set_str(pinfo->cinfo, COL_PROTOCOL,
|
|
|
affdba |
- (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2");
|
|
|
affdba |
+ (session->version == SSL_VER_PCT) ? "PCT" : "SSLv2");
|
|
|
affdba |
|
|
|
affdba |
/* see if the msg_type is valid; if not the payload is
|
|
|
affdba |
* probably encrypted, so note that fact and bail
|
|
|
affdba |
*/
|
|
|
affdba |
msg_type_str = try_val_to_str(msg_type,
|
|
|
affdba |
- (*conv_version == SSL_VER_PCT)
|
|
|
affdba |
+ (session->version == SSL_VER_PCT)
|
|
|
affdba |
? pct_msg_types : ssl_20_msg_types);
|
|
|
affdba |
if (!msg_type_str
|
|
|
affdba |
- || ((*conv_version != SSL_VER_PCT) &&
|
|
|
affdba |
+ || ((session->version != SSL_VER_PCT) &&
|
|
|
affdba |
!ssl_looks_like_valid_v2_handshake(tvb, initial_offset
|
|
|
affdba |
+ record_length_length,
|
|
|
affdba |
record_length))
|
|
|
affdba |
- || ((*conv_version == SSL_VER_PCT) &&
|
|
|
affdba |
+ || ((session->version == SSL_VER_PCT) &&
|
|
|
affdba |
!ssl_looks_like_valid_pct_handshake(tvb, initial_offset
|
|
|
affdba |
+ record_length_length,
|
|
|
affdba |
record_length)))
|
|
|
affdba |
@@ -3726,7 +3666,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
affdba |
if (ssl_record_tree)
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
|
|
|
affdba |
- (*conv_version == SSL_VER_PCT)
|
|
|
affdba |
+ (session->version == SSL_VER_PCT)
|
|
|
affdba |
? "PCT" : "SSLv2",
|
|
|
affdba |
"Encrypted Data");
|
|
|
affdba |
|
|
|
affdba |
@@ -3751,7 +3691,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
affdba |
if (ssl_record_tree)
|
|
|
affdba |
{
|
|
|
affdba |
proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
|
|
|
affdba |
- (*conv_version == SSL_VER_PCT)
|
|
|
affdba |
+ (session->version == SSL_VER_PCT)
|
|
|
affdba |
? "PCT" : "SSLv2",
|
|
|
affdba |
msg_type_str);
|
|
|
affdba |
}
|
|
|
affdba |
@@ -3804,13 +3744,13 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|
|
affdba |
if (ssl_record_tree)
|
|
|
affdba |
{
|
|
|
affdba |
proto_tree_add_item(ssl_record_tree,
|
|
|
affdba |
- (*conv_version == SSL_VER_PCT)
|
|
|
affdba |
+ (session->version == SSL_VER_PCT)
|
|
|
affdba |
? hf_pct_msg_type : hf_ssl2_msg_type,
|
|
|
affdba |
tvb, offset, 1, ENC_BIG_ENDIAN);
|
|
|
affdba |
}
|
|
|
affdba |
offset += 1; /* move past msg_type byte */
|
|
|
affdba |
|
|
|
affdba |
- if (*conv_version != SSL_VER_PCT)
|
|
|
affdba |
+ if (session->version != SSL_VER_PCT)
|
|
|
affdba |
{
|
|
|
affdba |
/* dissect the message (only handle client hello right now) */
|
|
|
affdba |
switch (msg_type) {
|
|
|
affdba |
@@ -4580,7 +4520,7 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c
|
|
|
affdba |
} else {
|
|
|
affdba |
ssl = (SslDecryptSession *)se_alloc0(sizeof(SslDecryptSession));
|
|
|
affdba |
ssl_session_init(ssl);
|
|
|
affdba |
- ssl->version = SSL_VER_UNKNOWN;
|
|
|
affdba |
+ ssl->session.version = SSL_VER_UNKNOWN;
|
|
|
affdba |
conversation_add_proto_data(conversation, proto_ssl, ssl);
|
|
|
affdba |
}
|
|
|
affdba |
|
|
|
affdba |
@@ -4589,31 +4529,31 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c
|
|
|
affdba |
ssl_set_server(ssl, addr_srv, ptype, port_srv);
|
|
|
affdba |
|
|
|
affdba |
/* version */
|
|
|
affdba |
- if ((ssl->version==SSL_VER_UNKNOWN) && (version!=SSL_VER_UNKNOWN)) {
|
|
|
affdba |
+ if ((ssl->session.version==SSL_VER_UNKNOWN) && (version!=SSL_VER_UNKNOWN)) {
|
|
|
affdba |
switch (version) {
|
|
|
affdba |
case SSL_VER_SSLv3:
|
|
|
affdba |
- ssl->version = SSL_VER_SSLv3;
|
|
|
affdba |
+ ssl->session.version = SSL_VER_SSLv3;
|
|
|
affdba |
ssl->version_netorder = SSLV3_VERSION;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_VER_TLS:
|
|
|
affdba |
- ssl->version = SSL_VER_TLS;
|
|
|
affdba |
+ ssl->session.version = SSL_VER_TLS;
|
|
|
affdba |
ssl->version_netorder = TLSV1_VERSION;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_VER_TLSv1DOT1:
|
|
|
affdba |
- ssl->version = SSL_VER_TLSv1DOT1;
|
|
|
affdba |
+ ssl->session.version = SSL_VER_TLSv1DOT1;
|
|
|
affdba |
ssl->version_netorder = TLSV1DOT1_VERSION;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
break;
|
|
|
affdba |
|
|
|
affdba |
case SSL_VER_TLSv1DOT2:
|
|
|
affdba |
- ssl->version = SSL_VER_TLSv1DOT2;
|
|
|
affdba |
+ ssl->session.version = SSL_VER_TLSv1DOT2;
|
|
|
affdba |
ssl->version_netorder = TLSV1DOT2_VERSION;
|
|
|
affdba |
ssl->state |= SSL_VERSION;
|
|
|
affdba |
ssl_debug_printf("ssl_set_master_secret set version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
|
|
|
affdba |
@@ -4623,12 +4563,12 @@ void ssl_set_master_secret(guint32 frame_num, address *addr_srv, address *addr_c
|
|
|
affdba |
|
|
|
affdba |
/* cipher */
|
|
|
affdba |
if (cipher > 0) {
|
|
|
affdba |
- ssl->cipher = cipher;
|
|
|
affdba |
- if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
|
|
|
affdba |
- ssl_debug_printf("ssl_set_master_secret can't find cipher suite 0x%X\n", ssl->cipher);
|
|
|
affdba |
+ ssl->session.cipher = cipher;
|
|
|
affdba |
+ if (ssl_find_cipher(ssl->session.cipher,&ssl->cipher_suite) < 0) {
|
|
|
affdba |
+ ssl_debug_printf("ssl_set_master_secret can't find cipher suite 0x%X\n", ssl->session.cipher);
|
|
|
affdba |
} else {
|
|
|
affdba |
ssl->state |= SSL_CIPHER;
|
|
|
affdba |
- ssl_debug_printf("ssl_set_master_secret set CIPHER 0x%04X -> state 0x%02X\n", ssl->cipher, ssl->state);
|
|
|
affdba |
+ ssl_debug_printf("ssl_set_master_secret set CIPHER 0x%04X -> state 0x%02X\n", ssl->session.cipher, ssl->state);
|
|
|
affdba |
}
|
|
|
affdba |
}
|
|
|
affdba |
|