dtls_decrypted_data_avail, offset);
/* try to retrive and use decrypted alert record, if any. */
- decrypted = ssl_get_record_info(proto_dtls, pinfo, offset);
+ decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
if (decrypted)
dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
conv_version);
dtls_decrypted_data_avail, offset);
/* try to retrive and use decrypted handshake record, if any. */
- decrypted = ssl_get_record_info(proto_dtls, pinfo, offset);
+ decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
if (decrypted)
dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
tvb_length(decrypted), conv_version, ssl, content_type);
# include "config.h"
#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
#ifdef HAVE_LIBZ
#include <zlib.h>
#endif
return ret;
}
-/* add to packet data a newly allocated tvb with the specified real data*/
+/* add to packet data a copy of the specified real data */
void
ssl_add_record_info(gint proto, packet_info *pinfo, guchar* data, gint data_len, gint record_id)
{
guchar* real_data;
SslRecordInfo* rec;
SslPacketInfo* pi;
- real_data = se_alloc(data_len);
- rec = se_alloc(sizeof(SslRecordInfo));
- pi = p_get_proto_data(pinfo->fd, proto);
+ pi = p_get_proto_data(pinfo->fd, proto);
if (!pi)
{
pi = se_alloc0(sizeof(SslPacketInfo));
- p_add_proto_data(pinfo->fd, proto,pi);
+ p_add_proto_data(pinfo->fd, proto, pi);
}
- rec->id = record_id;
- rec->tvb = tvb_new_real_data(real_data, data_len, data_len);
+ real_data = se_alloc(data_len);
memcpy(real_data, data, data_len);
+ rec = se_alloc(sizeof(SslRecordInfo));
+ rec->id = record_id;
+ rec->real_data = real_data;
+ rec->data_len = data_len;
+
/* head insertion */
rec->next= pi->handshake_data;
pi->handshake_data = rec;
}
-
-/* search in packet data the tvbuff associated to the specified id */
+/* search in packet data for the specified id; return a newly created tvb for the associated data */
tvbuff_t*
-ssl_get_record_info(int proto, packet_info *pinfo, gint record_id)
+ssl_get_record_info(tvbuff_t *parent_tvb, int proto, packet_info *pinfo, gint record_id)
{
SslRecordInfo* rec;
SslPacketInfo* pi;
for (rec = pi->handshake_data; rec; rec = rec->next)
if (rec->id == record_id)
- return rec->tvb;
+ /* link new real_data_tvb with a parent tvb so it is freed when frame dissection is complete */
+ return tvb_new_child_real_data(parent_tvb, rec->real_data, rec->data_len, rec->data_len);
return NULL;
}
#include <epan/packet.h>
#include <epan/emem.h>
-#include <stdio.h>
-
#ifdef HAVE_LIBGNUTLS
#include <gcrypt.h>
#include <gnutls/x509.h>
#define SSLV2_MAX_SESSION_ID_LENGTH_IN_BYTES 16
typedef struct _SslCipherSuite {
- gint number;
- gint kex;
- gint sig;
- gint enc;
- gint block;
- gint bits;
- gint eff_bits;
- gint dig;
- gint dig_len;
- gint export;
- gint mode;
+ gint number;
+ gint kex;
+ gint sig;
+ gint enc;
+ gint block;
+ gint bits;
+ gint eff_bits;
+ gint dig;
+ gint dig_len;
+ gint export;
+ gint mode;
} SslCipherSuite;
typedef struct _SslFlow {
#define DIG_MD5 0x40
#define DIG_SHA 0x41
-struct tvbuff;
-
typedef struct _SslRecordInfo {
- struct tvbuff* tvb;
+ guchar *real_data;
+ gint data_len;
gint id;
struct _SslRecordInfo* next;
} SslRecordInfo;
} SslDecryptSession;
typedef struct _SslAssociation {
- gboolean tcp;
- guint ssl_port;
- dissector_handle_t handle;
- gchar* info;
- gboolean from_key_list;
+ gboolean tcp;
+ guint ssl_port;
+ dissector_handle_t handle;
+ gchar* info;
+ gboolean from_key_list;
} SslAssociation;
typedef struct _SslService {
- address addr;
- guint port;
+ address addr;
+ guint port;
} SslService;
typedef struct _Ssl_private_key {
#ifdef HAVE_LIBGNUTLS
- gnutls_x509_crt_t x509_cert;
- gnutls_x509_privkey_t x509_pkey;
+ gnutls_x509_crt_t x509_cert;
+ gnutls_x509_privkey_t x509_pkey;
#endif
- SSL_PRIVATE_KEY *sexp_pkey;
+ SSL_PRIVATE_KEY *sexp_pkey;
} Ssl_private_key_t;
/* User Access Table */
extern gint
ssl_find_private_key(SslDecryptSession *ssl_session, GHashTable *key_hash, GTree* associations, packet_info *pinfo);
-/** Search for the specified cipher souite id
+/** Search for the specified cipher suite id
@param num the id of the cipher suite to be searched
@param cs pointer to the cipher suite struct to be filled
@return 0 if the cipher suite is found, -1 elsewhere */
extern gint
ssl_packet_from_server(SslDecryptSession* ssl, GTree* associations, packet_info *pinfo);
-/* add to packet data a newly allocated tvb with the specified real data*/
+/* add to packet data a copy of the specified real data */
extern void
ssl_add_record_info(gint proto, packet_info *pinfo, guchar* data, gint data_len, gint record_id);
-/* search in packet data the tvbuff associated to the specified id */
+/* search in packet data for the specified id; return a newly created tvb for the associated data */
extern tvbuff_t*
-ssl_get_record_info(gint proto, packet_info *pinfo, gint record_id);
+ssl_get_record_info(tvbuff_t *parent_tvb, gint proto, packet_info *pinfo, gint record_id);
void
ssl_add_data_info(gint proto, packet_info *pinfo, guchar* data, gint data_len, gint key, SslFlow *flow);
ssl_decrypted_data_avail, offset);
/* try to retrieve and use decrypted alert record, if any. */
- decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
- if (decrypted)
- dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, conv_version);
- else
- dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, conv_version);
+ decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
+ if (decrypted) {
+ add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
+ dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, conv_version);
+ } else {
+ dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, conv_version);
+ }
break;
}
case SSL_ID_HANDSHAKE:
ssl_decrypted_data_avail, offset);
/* try to retrieve and use decrypted handshake record, if any. */
- decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
+ decrypted = ssl_get_record_info(tvb, proto_ssl, pinfo, offset);
if (decrypted) {
/* add desegmented data to the data source list */
add_new_data_source(pinfo, decrypted, "Decrypted SSL record");