From ec9ce3fdad014274ce00de1768f9e11395a77e37 Mon Sep 17 00:00:00 2001 From: Peter Wu Date: Fri, 27 Jan 2017 22:30:34 +0100 Subject: (D)TLS: fix type of record sequence number The record sequence number is 64-bit, not 32-bit. This applies to all SSLv3/TLS/DTLS versions. Without this fix, after about four million records, the wrong MAC is calculated (for TLS 1.2) or decryption will fail (for TLS 1.3). Change-Id: I05e5e8bc4229ac443a1b06c5fe984fb885eab1ca --- epan/dissectors/packet-ssl-utils.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'epan/dissectors/packet-ssl-utils.h') diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 39875c6191..8760103922 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -302,7 +302,7 @@ typedef struct _SslDecoder { StringInfo write_iv; /* for AEAD ciphers (at least GCM, CCM) */ SSL_CIPHER_CTX evp; SslDecompress *decomp; - guint32 seq; + guint64 seq; /**< Implicit (TLS) or explicit (DTLS) record sequence number. */ guint16 epoch; SslFlow *flow; } SslDecoder; -- cgit v1.2.1