diff options
Diffstat (limited to 'patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch')
-rw-r--r-- | patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch b/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch new file mode 100644 index 0000000..ba51078 --- /dev/null +++ b/patches-psk-cleanup/0001-ssl-Support-PSK-larger-than-16-octets.patch @@ -0,0 +1,50 @@ +From 540afe9e6a9b38033b9f5dfc7379fc436456bb89 Mon Sep 17 00:00:00 2001 +From: Peter Wu <lekensteyn@gmail.com> +Date: Tue, 1 Oct 2013 17:57:00 +0200 +Subject: [PATCH 1/6] ssl: Support PSK larger than 16 octets + +PSK allows up to 2^16-1 octets as key according to RFC 4279 (PSK for +TLS). Therefore remove the restriction of 16 octets. While at it, skip +testing for negative size as this is unnecessary. + +Reported at: +http://ask.wireshark.org/questions/25157/can-not-decrypt-ssl-psk-traffic +--- + epan/dissectors/packet-ssl.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c +index e4e2ec4..31dbada 100644 +--- a/epan/dissectors/packet-ssl.c ++++ b/epan/dissectors/packet-ssl.c +@@ -2154,14 +2154,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + + size = (int)strlen(ssl_psk); + +- /* psk must be 0 to 16 bytes*/ +- if (size < 0 || size > 32 || size % 2 != 0) ++ /* The length of PSK ranges from 0..2^16-1 octets (times two for hex string) */ ++ if (size < 0 || size % 2 != 0 || size >= (2 << 16)) + { ++ ssl_debug_printf("dissect_ssl3_handshake: length of ssl.psk must be multiple of two"); + break; + } + + /* convert hex string into char*/ +- out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size > 0 ? size / 2 : 0); ++ out = (unsigned char*) wmem_alloc(wmem_packet_scope(), size / 2); + + for (i = 0; i < size; i+=2) + { +@@ -2172,7 +2173,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, + + ssl->psk = (guchar*) out; + +- psk_len = size > 0 ? size / 2 : 0; ++ psk_len = size / 2; + pre_master_len = psk_len * 2 + 4; + + pre_master_secret.data = (guchar *)wmem_alloc(wmem_file_scope(), pre_master_len); +-- +1.8.4 + |