diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2016-09-15 23:57:15 +0200 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2016-09-16 07:29:40 +0000 |
| commit | b1d36fe0df74266be57878f16f80790d41dfcf6c (patch) | |
| tree | 10c58d077f8a52e4121c18e3f074cced1723087a /epan/dissectors/packet-ssl-utils.h | |
| parent | 979df813dc60358d3f6972d6ca8f5c97ea7b747b (diff) | |
| download | wireshark-b1d36fe0df74266be57878f16f80790d41dfcf6c.tar.gz | |
ssl-utils: remove block and key sizes from cipher suites table
There was an implicit dependency between the block size in the cipher
suites table and the size expected by Libgcrypt. Just remove the block
size from the table and rely on the value from Libgcrypt to avoid the
risk of mismatching values (which could lead to a buffer overflow).
While at it, remove the size of the key ("bits") and the size of key
material ("eff_bits") too. Move the key material sizes for export
ciphers away from the table and use byte quantities instead of bits.
Additionally, this fixes an issue where 8 bytes of uninitialized stack
memory is written to the SSL debug log for stream ciphers like RC4.
The size of the Write Key is also corrected for export ciphers, now it
prints the actual (restricted) number of bytes that are used.
Change-Id: I71d3c83ece0f02b2e11e45455dc08c41740836be
Reviewed-on: https://code.wireshark.org/review/17714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 25961ec12d..9e8e2b6e05 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -253,9 +253,6 @@ typedef struct _SslCipherSuite { gint number; gint kex; gint enc; - gint block; /* IV block size */ - gint bits; - gint eff_bits; gint dig; ssl_cipher_mode_t mode; } SslCipherSuite; @@ -490,6 +487,13 @@ ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, guchar* iv, gint iv_len); extern const SslCipherSuite * ssl_find_cipher(int num); +/** Obtains the block size for a CBC block cipher. + * @param cipher_suite a cipher suite as returned by ssl_find_cipher(). + * @return the block size of a cipher or 0 if unavailable. + */ +guint +ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite); + gboolean ssl_generate_pre_master_secret(SslDecryptSession *ssl_session, guint32 length, tvbuff_t *tvb, guint32 offset, |