Remove "text2pcap-scanner.obj" and "tools\lemon\lemon.obj" when a "nmake
[obnox/wireshark/wip.git] / packet-ssl.c
1 /* packet-ssl.c
2  * Routines for ssl dissection
3  * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
4  *
5  * $Id: packet-ssl.c,v 1.8 2001/10/16 07:13:01 guy Exp $
6  *
7  * Ethereal - Network traffic analyzer
8  * By Gerald Combs <gerald@ethereal.com>
9  * Copyright 1998 Gerald Combs
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24  *
25  * Notes:
26  *
27  *   - Uses conversations in a no-malloc fashion.  Since we just want to
28  *     remember the version of the conversation, we store the version
29  *     integer directly in the void *data member of the conversation
30  *     structure.  This means that we don't have to manage any memory,
31  *     but will cause problems if anyone assumes that all data pointers
32  *     are actually pointers to memory allocated by g_mem_chunk_alloc.
33  *
34  *   - Does not support decryption of encrypted frames, nor dissection
35  *     of frames that would require state maintained between frames
36  *     (e.g., single ssl records spread across multiple tcp frames)
37  *
38  *   - Identifies, but does not fully dissect the following messages:
39  *
40  *     - SSLv3/TLS (These need more state from previous handshake msgs)
41  *       - Server Key Exchange
42  *       - Client Key Exchange
43  *       - Certificate Verify
44  *
45  *     - SSLv2 (These don't appear in the clear)
46  *       - Error
47  *       - Client Finished
48  *       - Server Verify
49  *       - Server Finished
50  *       - Request Certificate
51  *       - Client Certificate
52  *
53  */
54
55 #ifdef HAVE_CONFIG_H
56 # include "config.h"
57 #endif
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62
63 #include <glib.h>
64
65 #ifdef NEED_SNPRINTF_H
66 # include "snprintf.h"
67 #endif
68
69 #include "conversation.h"
70
71 /*********************************************************************
72  *
73  * Protocol Constants, Variables, Data Structures
74  *
75  *********************************************************************/
76
77 /* Initialize the protocol and registered fields */
78 static int proto_ssl                         = -1;
79 static int hf_ssl_record                     = -1;
80 static int hf_ssl_record_content_type        = -1;
81 static int hf_ssl_record_version             = -1;
82 static int hf_ssl_record_length              = -1;
83 static int hf_ssl_record_appdata             = -1;
84 static int hf_ssl2_record                    = -1;
85 static int hf_ssl2_record_is_escape          = -1;
86 static int hf_ssl2_record_padding_length     = -1;
87 static int hf_ssl2_msg_type                  = -1;
88 static int hf_ssl_change_cipher_spec         = -1;
89 static int hf_ssl_alert_message              = -1;
90 static int hf_ssl_alert_message_level        = -1;
91 static int hf_ssl_alert_message_description  = -1;
92 static int hf_ssl_handshake_protocol         = -1;
93 static int hf_ssl_handshake_type             = -1;
94 static int hf_ssl_handshake_length           = -1;
95 static int hf_ssl_handshake_client_version   = -1;
96 static int hf_ssl_handshake_server_version   = -1;
97 static int hf_ssl_handshake_random_time      = -1;
98 static int hf_ssl_handshake_random_bytes     = -1;
99 static int hf_ssl_handshake_cipher_suites_len = -1;
100 static int hf_ssl_handshake_cipher_suites    = -1;
101 static int hf_ssl_handshake_cipher_suite     = -1;
102 static int hf_ssl_handshake_session_id       = -1;
103 static int hf_ssl_handshake_comp_methods_len = -1;
104 static int hf_ssl_handshake_comp_methods     = -1;
105 static int hf_ssl_handshake_comp_method      = -1;
106 static int hf_ssl_handshake_certificates_len = -1;
107 static int hf_ssl_handshake_certificates     = -1;
108 static int hf_ssl_handshake_certificate      = -1;
109 static int hf_ssl_handshake_certificate_len  = -1;
110 static int hf_ssl_handshake_cert_types_count = -1;
111 static int hf_ssl_handshake_cert_types       = -1;
112 static int hf_ssl_handshake_cert_type        = -1;
113 static int hf_ssl_handshake_finished         = -1;
114 static int hf_ssl_handshake_md5_hash         = -1;
115 static int hf_ssl_handshake_sha_hash         = -1;
116 static int hf_ssl_handshake_session_id_len   = -1;
117 static int hf_ssl_handshake_dnames_len       = -1;
118 static int hf_ssl_handshake_dnames           = -1;
119 static int hf_ssl_handshake_dname_len        = -1;
120 static int hf_ssl_handshake_dname            = -1;
121 static int hf_ssl2_handshake_cipher_spec_len = -1;
122 static int hf_ssl2_handshake_session_id_len  = -1;
123 static int hf_ssl2_handshake_challenge_len   = -1;
124 static int hf_ssl2_handshake_cipher_spec     = -1;
125 static int hf_ssl2_handshake_challenge       = -1;
126 static int hf_ssl2_handshake_clear_key_len   = -1;
127 static int hf_ssl2_handshake_enc_key_len     = -1;
128 static int hf_ssl2_handshake_key_arg_len     = -1;
129 static int hf_ssl2_handshake_clear_key       = -1;
130 static int hf_ssl2_handshake_enc_key         = -1;
131 static int hf_ssl2_handshake_key_arg         = -1;
132 static int hf_ssl2_handshake_session_id_hit  = -1;
133 static int hf_ssl2_handshake_cert_type       = -1;
134 static int hf_ssl2_handshake_connection_id_len = -1;
135 static int hf_ssl2_handshake_connection_id   = -1;
136
137 /* Initialize the subtree pointers */
138 static gint ett_ssl                   = -1;
139 static gint ett_ssl_record            = -1;
140 static gint ett_ssl_alert             = -1;
141 static gint ett_ssl_handshake         = -1;
142 static gint ett_ssl_cipher_suites     = -1;
143 static gint ett_ssl_comp_methods      = -1;
144 static gint ett_ssl_certs             = -1;
145 static gint ett_ssl_cert_types        = -1;
146 static gint ett_ssl_dnames            = -1;
147
148 /* The TCP port to associate with by default */
149 #define TCP_PORT_SSL                    443
150
151 /* version state tables */
152 #define SSL_VER_UNKNOWN                   0
153 #define SSL_VER_SSLv2                     1
154 #define SSL_VER_SSLv3                     2
155 #define SSL_VER_TLS                       3
156
157 /* corresponds to the #defines above */
158 static gchar* ssl_version_short_names[] = {
159     "SSL",
160     "SSLv2",
161     "SSLv3",
162     "TLS",
163 };
164
165 /* other defines */
166 #define SSL_ID_CHG_CIPHER_SPEC         0x14
167 #define SSL_ID_ALERT                   0x15
168 #define SSL_ID_HANDSHAKE               0x16
169 #define SSL_ID_APP_DATA                0x17
170
171 #define SSL_HND_HELLO_REQUEST          0x00
172 #define SSL_HND_CLIENT_HELLO           0x01
173 #define SSL_HND_SERVER_HELLO           0x02
174 #define SSL_HND_CERTIFICATE            0x0b
175 #define SSL_HND_SERVER_KEY_EXCHG       0x0c
176 #define SSL_HND_CERT_REQUEST           0x0d
177 #define SSL_HND_SVR_HELLO_DONE         0x0e
178 #define SSL_HND_CERT_VERIFY            0x0f
179 #define SSL_HND_CLIENT_KEY_EXCHG       0x10
180 #define SSL_HND_FINISHED               0x14
181
182 #define SSL2_HND_ERROR                 0x00
183 #define SSL2_HND_CLIENT_HELLO          0x01
184 #define SSL2_HND_CLIENT_MASTER_KEY     0x02
185 #define SSL2_HND_CLIENT_FINISHED       0x03
186 #define SSL2_HND_SERVER_HELLO          0x04
187 #define SSL2_HND_SERVER_VERIFY         0x05
188 #define SSL2_HND_SERVER_FINISHED       0x06
189 #define SSL2_HND_REQUEST_CERTIFICATE   0x07
190 #define SSL2_HND_CLIENT_CERTIFICATE    0x08
191
192 /*
193  * Lookup tables
194  *
195  */
196 static const value_string ssl_20_msg_types[] = {
197     { SSL2_HND_ERROR,               "Error" },
198     { SSL2_HND_CLIENT_HELLO,        "Client Hello" },
199     { SSL2_HND_CLIENT_MASTER_KEY,   "Client Master Key" },
200     { SSL2_HND_CLIENT_FINISHED,     "Client Finished" },
201     { SSL2_HND_SERVER_HELLO,        "Server Hello" },
202     { SSL2_HND_SERVER_VERIFY,       "Server Verify" },
203     { SSL2_HND_SERVER_FINISHED,     "Server Finished" },
204     { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
205     { SSL2_HND_CLIENT_CERTIFICATE,  "Client Certificate" },
206     { 0x00, NULL },
207 };
208
209 static const value_string ssl_20_cipher_suites[] = {
210     { 0x010080, "SSL2_RC4_128_WITH_MD5" },
211     { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
212     { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
213     { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
214     { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
215     { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
216     { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
217     { 0x000000, "TLS_NULL_WITH_NULL_NULL" },
218     { 0x000001, "TLS_RSA_WITH_NULL_MD5" },
219     { 0x000002, "TLS_RSA_WITH_NULL_SHA" },
220     { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
221     { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
222     { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
223     { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
224     { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
225     { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
226     { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
227     { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
228     { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
229     { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
230     { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
231     { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
232     { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
233     { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
234     { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
235     { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
236     { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
237     { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
238     { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
239     { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
240     { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
241     { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
242     { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
243     { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
244     { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
245     { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
246     { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
247     { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
248     { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
249     { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
250     { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
251     { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
252     { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
253     /* these from http://www.mozilla.org/projects/
254          security/pki/nss/ssl/fips-ssl-ciphersuites.html */
255     { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
256     { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
257     { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
258     { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
259     /* note that ciphersuites of {0x00????} are TLS cipher suites in
260      * a sslv2 client hello message; the ???? above is the two-byte
261      * tls cipher suite id
262      */
263     { 0x00, NULL }
264 };
265
266 static const value_string ssl_20_certificate_type[] = {
267     { 0x00, "N/A" },
268     { 0x01, "X.509 Certificate" },
269     { 0x00, NULL },
270 };
271
272 static const value_string ssl_31_content_type[] = {
273     { 20, "Change Cipher Spec" },
274     { 21, "Alert" },
275     { 22, "Handshake" },
276     { 23, "Application Data" },
277     { 0x00, NULL }
278 };
279
280 static const value_string ssl_versions[] = {
281     { 0x0301, "TLS 1.0" },
282     { 0x0300, "SSL 3.0" },
283     { 0x0002, "SSL 2.0" },
284     { 0x00, NULL }
285 };
286
287 static const value_string ssl_31_change_cipher_spec[] = {
288     { 1, "Change Cipher Spec" },
289     { 0x00, NULL },
290 };
291
292 static const value_string ssl_31_alert_level[] = {
293     { 1, "Warning" },
294     { 2, "Fatal" },
295     { 0x00, NULL }
296 };
297
298 static const value_string ssl_31_alert_description[] = {
299     {  0,  "Close Notify" },
300     { 10,  "Unexpected Message" },
301     { 20,  "Bad Record MAC" },
302     { 21,  "Decryption Failed" },
303     { 22,  "Record Overflow" },
304     { 30,  "Decompression Failure" },
305     { 40,  "Handshake Failure" },
306     { 42,  "Bad Certificate" },
307     { 43,  "Unsupported Certificate" },
308     { 44,  "Certificate Revoked" },
309     { 45,  "Certificate Expired" },
310     { 46,  "Certificate Unknown" },
311     { 47,  "Illegal Parameter" },
312     { 48,  "Unknown CA" },
313     { 49,  "Access Denied" },
314     { 50,  "Decode Error" },
315     { 51,  "Decrypt Error" },
316     { 60,  "Export Restriction" },
317     { 70,  "Protocol Version" },
318     { 71,  "Insufficient Security" },
319     { 80,  "Internal Error" },
320     { 90,  "User Canceled" },
321     { 100, "No Renegotiation" },
322     { 0x00, NULL }
323 };
324
325 static const value_string ssl_31_handshake_type[] = {
326     { SSL_HND_HELLO_REQUEST,     "Hello Request" },
327     { SSL_HND_CLIENT_HELLO,      "Client Hello" },
328     { SSL_HND_SERVER_HELLO,      "Server Hello" },
329     { SSL_HND_CERTIFICATE,       "Certificate" },
330     { SSL_HND_SERVER_KEY_EXCHG,  "Server Key Exchange" },
331     { SSL_HND_CERT_REQUEST,      "Certificate Request" },
332     { SSL_HND_SVR_HELLO_DONE,    "Server Hello Done" },
333     { SSL_HND_CERT_VERIFY,       "Certificate Verify" },
334     { SSL_HND_CLIENT_KEY_EXCHG,  "Client Key Exchange" },
335     { SSL_HND_FINISHED,          "Finished" },
336     { 0x00, NULL }
337 };
338
339 static const value_string ssl_31_compression_method[] = {
340     { 0, "null" },
341     { 0x00, NULL }
342 };
343
344 static const value_string ssl_31_key_exchange_algorithm[] = {
345     { 0, "RSA" },
346     { 1, "Diffie Hellman" },
347     { 0x00, NULL }
348 };
349
350 static const value_string ssl_31_signature_algorithm[] = {
351     { 0, "Anonymous" },
352     { 1, "RSA" },
353     { 2, "DSA" },
354     { 0x00, NULL }
355 };
356
357 static const value_string ssl_31_client_certificate_type[] = {
358     { 1, "RSA Sign" },
359     { 2, "DSS Sign" },
360     { 3, "RSA Fixed DH" },
361     { 4, "DSS Fixed DH" },
362     { 0x00, NULL }
363 };
364
365 static const value_string ssl_31_public_value_encoding[] = {
366     { 0, "Implicit" },
367     { 1, "Explicit" },
368     { 0x00, NULL }
369 };
370
371 static const value_string ssl_31_ciphersuite[] = {
372     { 0x0000, "TLS_NULL_WITH_NULL_NULL" },
373     { 0x0001, "TLS_RSA_WITH_NULL_MD5" },
374     { 0x0002, "TLS_RSA_WITH_NULL_SHA" },
375     { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
376     { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
377     { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
378     { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
379     { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
380     { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
381     { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
382     { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
383     { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
384     { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
385     { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
386     { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
387     { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
388     { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
389     { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
390     { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
391     { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
392     { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
393     { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
394     { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
395     { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
396     { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
397     { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
398     { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
399     { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
400     { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
401     { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
402     { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
403     { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
404     { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
405     { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
406     { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
407     { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
408     /* these from http://www.mozilla.org/projects/
409          security/pki/nss/ssl/fips-ssl-ciphersuites.html */
410     { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
411     { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
412     { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
413     { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
414     /* note that ciphersuites 0xff00 - 0xffff are private */
415     { 0x00, NULL }
416 };
417
418 /*********************************************************************
419  *
420  * Forward Declarations
421  *
422  *********************************************************************/
423
424 /*
425  * SSL version 3 and TLS dissectors
426  *
427  */
428 /* record layer dissector */
429 static int dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
430                                proto_tree *tree, guint32 offset,
431                                guint *conv_version);
432
433 /* change cipher spec dissector */
434 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, packet_info *pinfo,
435                                             proto_tree *tree,
436                                             guint32 offset,
437                                             guint *conv_version);
438
439 /* alert message dissector */
440 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
441                                proto_tree *tree, guint32 offset,
442                                guint *conv_version);
443
444 /* handshake protocol dissector */
445 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
446                                    proto_tree *tree, guint32 offset,
447                                    guint32 record_length,
448                                    guint *conv_version);
449
450
451 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
452                                        proto_tree *tree,
453                                        guint32 offset);
454
455 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, packet_info *pinfo,
456                                        proto_tree *tree,
457                                        guint32 offset);
458
459 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb, packet_info *pinfo,
460                                   proto_tree *tree, guint32 offset);
461
462 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo,
463                                       proto_tree *tree,
464                                       guint32 offset);
465
466 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb, packet_info *pinfo,
467                                       proto_tree *tree,
468                                       guint32 offset,
469                                       guint *conv_version);
470
471
472 /*
473  * SSL version 2 dissectors
474  *
475  */
476
477 /* record layer dissector */
478 static int dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
479                                proto_tree *tree, guint32 offset,
480                                guint *conv_version);
481
482 /* client hello dissector */
483 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo,
484                                           proto_tree *tree,
485                                           guint32 offset);
486
487 /* client master key dissector */
488 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
489                                                packet_info *pinfo,
490                                                proto_tree *tree,
491                                                guint32 offset);
492
493 /* server hello dissector */
494 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
495                                           packet_info *pinfo,
496                                           proto_tree *tree,
497                                           guint32 offset);
498
499 /*
500  * Support Functions
501  *
502  */
503 static void ssl_set_conv_version(packet_info *pinfo, guint version);
504 static int  ssl_is_valid_handshake_type(guint8 type);
505 static int  ssl_is_valid_content_type(guint8 type);
506 static int  ssl_is_valid_ssl_version(guint16 version);
507 static int  ssl_is_authoritative_version_message(guint8 content_type,
508                                                 guint8 next_byte);
509 static int  ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
510 static int  ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
511 static int  ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
512 static int  ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
513                                               guint32 offset,
514                                               guint32 record_length);
515
516 /*********************************************************************
517  *
518  * Main dissector
519  *
520  *********************************************************************/
521 /*
522  * Code to actually dissect the packets
523  */
524 static void
525 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
526 {
527
528     conversation_t *conversation;
529     void *conv_data;
530     guint conv_version     = SSL_VER_UNKNOWN;
531     proto_item *ti         = NULL;
532     proto_tree *ssl_tree   = NULL;
533     guint32 offset         = 0;
534     gboolean first_record_in_frame = TRUE;
535
536     /* Track the version using conversations to reduce the
537      * chance that a packet that simply *looks* like a v2 or
538      * v3 packet is dissected improperly.  This also allows
539      * us to more frequently set the protocol column properly
540      * for continuation data frames.
541      *
542      * Also: We use the copy in conv_version as our cached copy,
543      *       so that we don't have to search the conversation
544      *       table every time we want the version; when setting
545      *       the conv_version, must set the copy in the conversation
546      *       in addition to conv_version
547      */
548     conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
549                                      pinfo->srcport, pinfo->destport, 0);
550     if (!conversation)
551     {
552         /* create a new conversation */
553         conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
554                                         pinfo->srcport, pinfo->destport, 0);
555     }
556     conv_data = conversation_get_proto_data(conversation, proto_ssl);
557     if (conv_data != NULL)
558     {
559         conv_version = (guint)conv_data;
560     }
561
562     /* Initialize the protocol column; we'll set it later when we
563      * figure out what flavor of SSL it is (assuming we don't
564      * throw an exception before we get the chance to do so). */
565     if (check_col(pinfo->fd, COL_PROTOCOL))
566     {
567         col_set_str(pinfo->fd, COL_PROTOCOL, "SSL");
568     }
569
570     /* clear the the info column */
571     if (check_col(pinfo->fd, COL_INFO))
572         col_clear(pinfo->fd, COL_INFO);
573
574     /* TCP packets and SSL records are orthogonal.
575      * A tcp packet may contain multiple ssl records and an ssl
576      * record may be spread across multiple tcp packets.
577      *
578      * This loop accounts for multiple ssl records in a single
579      * frame, but not a single ssl record across multiple tcp
580      * packets.
581      *
582      * Handling the single ssl record across multiple packets
583      * may be possible using ethereal conversations, but
584      * probably not cleanly.  May have to wait for tcp stream
585      * reassembly.
586      */
587
588     /* Create display subtree for SSL as a whole */
589     if (tree)
590     {
591         ti = proto_tree_add_item(tree, proto_ssl, tvb,
592                                  0, tvb_length(tvb), FALSE);
593         ssl_tree = proto_item_add_subtree(ti, ett_ssl);
594     }
595
596     /* iterate through the records in this frame */
597     while (offset < tvb_length(tvb)-1)
598     {
599         /* on second and subsequent records per frame
600          * add a delimiter on info column
601          */
602         if (!first_record_in_frame
603             && check_col(pinfo->fd, COL_INFO))
604         {
605             col_append_str(pinfo->fd, COL_INFO, ", ");
606         }
607
608         /* first try to dispatch off the cached version
609          * known to be associated with the conversation
610          */
611         switch(conv_version) {
612         case SSL_VER_SSLv2:
613             offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
614                                          offset, &conv_version);
615             break;
616
617         case SSL_VER_SSLv3:
618         case SSL_VER_TLS:
619             /* the version tracking code works too well ;-)
620              * at times, we may visit a v2 client hello after
621              * we already know the version of the connection;
622              * work around that here by detecting and calling
623              * the v2 dissector instead
624              */
625             if (ssl_is_v2_client_hello(tvb, offset))
626             {
627                 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
628                                              offset, &conv_version);
629             }
630             else
631             {
632                 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
633                                              offset, &conv_version);
634             }
635             break;
636
637             /* that failed, so apply some heuristics based
638              * on this individual packet
639              */
640         default:
641             if (ssl_looks_like_sslv2(tvb, offset))
642             {
643                 /* looks like sslv2 client hello */
644                 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
645                                              offset, &conv_version);
646             }
647             else if (ssl_looks_like_sslv3(tvb, offset))
648             {
649                 /* looks like sslv3 or tls */
650                 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
651                                              offset, &conv_version);
652             }
653             else
654             {
655                 /* looks like something unknown, so lump into
656                  * continuation data
657                  */
658                 offset = tvb_length(tvb);
659                 if (check_col(pinfo->fd, COL_INFO))
660                     col_append_str(pinfo->fd, COL_INFO,
661                                    "Continuation Data");
662
663                 /* Set the protocol column */
664                 if (check_col(pinfo->fd, COL_PROTOCOL))
665                 {
666                     col_set_str(pinfo->fd, COL_PROTOCOL,
667                          ssl_version_short_names[conv_version]);
668                 }
669             }
670             break;
671         }
672
673         /* If we haven't already set the version information for
674          * this conversation, do so. */
675         if (conv_data == NULL)
676         {
677             conv_data = (void *)conv_version;
678             conversation_add_proto_data(conversation, proto_ssl, conv_data);
679         }
680
681         /* set up for next record in frame, if any */
682         first_record_in_frame = FALSE;
683     }
684
685 }
686
687
688 /*********************************************************************
689  *
690  * SSL version 3 and TLS Dissection Routines
691  *
692  *********************************************************************/
693 static int
694 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
695                     proto_tree *tree, guint32 offset,
696                     guint *conv_version)
697 {
698
699     /*
700      *    struct {
701      *        uint8 major, minor;
702      *    } ProtocolVersion;
703      *
704      *
705      *    enum {
706      *        change_cipher_spec(20), alert(21), handshake(22),
707      *        application_data(23), (255)
708      *    } ContentType;
709      *
710      *    struct {
711      *        ContentType type;
712      *        ProtocolVersion version;
713      *        uint16 length;
714      *        opaque fragment[TLSPlaintext.length];
715      *    } TLSPlaintext;
716      */
717     guint32 record_length;
718     guint16 version;
719     guint8 content_type;
720     guint8 next_byte;
721     proto_tree *ti              = NULL;
722     proto_tree *ssl_record_tree = NULL;
723
724     /*
725      * Get the record layer fields of interest
726      */
727     content_type  = tvb_get_guint8(tvb, offset);
728     version       = tvb_get_ntohs(tvb, offset + 1);
729     record_length = tvb_get_ntohs(tvb, offset + 3);
730
731     /* if we don't have a valid content_type, there's no sense
732      * continuing any further
733      */
734     if (!ssl_is_valid_content_type(content_type))
735     {
736         if (check_col(pinfo->fd, COL_INFO))
737             col_append_str(pinfo->fd, COL_INFO, "Continuation Data");
738
739         /* Set the protocol column */
740         if (check_col(pinfo->fd, COL_PROTOCOL))
741         {
742             col_set_str(pinfo->fd, COL_PROTOCOL,
743                         ssl_version_short_names[*conv_version]);
744         }
745         return offset + 5 + record_length;
746     }
747
748     /*
749      * If GUI, fill in record layer part of tree
750      */
751     if (tree)
752     {
753
754         /* add the record layer subtree header */
755         ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
756                                  offset, 5 + record_length, 0);
757         ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
758     }
759     if (ssl_record_tree)
760     {
761
762         /* show the one-byte content type */
763         proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
764                             tvb, offset, 1, 0);
765         offset++;
766
767         /* add the version */
768         proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
769                             offset, 2, FALSE);
770         offset += 2;
771
772         /* add the length */
773         proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
774                             offset, 2, record_length);
775         offset += 2;    /* move past length field itself */
776     }
777     else
778     {
779         /* if no GUI tree, then just skip over those fields */
780         offset += 5;
781     }
782
783
784     /*
785      * if we don't already have a version set for this conversation,
786      * but this message's version is authoritative (i.e., it's
787      * not client_hello, then save the version to to conversation
788      * structure and print the column version
789      */
790     next_byte = tvb_get_guint8(tvb, offset);
791     if (*conv_version == SSL_VER_UNKNOWN
792         && ssl_is_authoritative_version_message(content_type, next_byte))
793     {
794         if (version == 0x0300)
795         {
796             *conv_version = SSL_VER_SSLv3;
797             ssl_set_conv_version(pinfo, *conv_version);
798         }
799         else if (version == 0x0301)
800         {
801             *conv_version = SSL_VER_TLS;
802             ssl_set_conv_version(pinfo, *conv_version);
803         }
804     }
805     if (check_col(pinfo->fd, COL_PROTOCOL))
806     {
807         if (version == 0x0300)
808         {
809             col_set_str(pinfo->fd, COL_PROTOCOL,
810                         ssl_version_short_names[SSL_VER_SSLv3]);
811         }
812         else if (version == 0x0301)
813         {
814             col_set_str(pinfo->fd, COL_PROTOCOL,
815                         ssl_version_short_names[SSL_VER_TLS]);
816         }
817         else
818         {
819             col_set_str(pinfo->fd, COL_PROTOCOL,
820                         ssl_version_short_names[*conv_version]);
821         }
822     }
823
824     /*
825      * now dissect the next layer
826      */
827     switch (content_type) {
828     case SSL_ID_CHG_CIPHER_SPEC:
829         if (check_col(pinfo->fd, COL_INFO))
830             col_append_str(pinfo->fd, COL_INFO, "Change Cipher Spec");
831         dissect_ssl3_change_cipher_spec(tvb, pinfo, ssl_record_tree,
832                                         offset, conv_version);
833         break;
834     case SSL_ID_ALERT:
835         dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
836                            conv_version);
837         break;
838     case SSL_ID_HANDSHAKE:
839         dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
840                                record_length, conv_version);
841         break;
842     case SSL_ID_APP_DATA:
843         if (check_col(pinfo->fd, COL_INFO))
844             col_append_str(pinfo->fd, COL_INFO, "Application Data");
845         if (ssl_record_tree)
846         {
847             proto_item_set_text(ssl_record_tree,
848                                 "%s Record Layer: Application Data",
849                                 ssl_version_short_names[*conv_version]);
850             proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
851                                 offset, record_length, 0);
852         }
853         break;
854
855     default:
856         /* shouldn't get here since we check above for valid types */
857         if (check_col(pinfo->fd, COL_INFO))
858             col_append_str(pinfo->fd, COL_INFO, "Bad SSLv3 Content Type");
859         break;
860     }
861     offset += record_length; /* skip to end of record */
862
863     return offset;
864 }
865
866 /* dissects the change cipher spec procotol, filling in the tree */
867 static void
868 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, packet_info *pinfo,
869                                 proto_tree *tree, guint32 offset,
870                                 guint *conv_version)
871 {
872     /*
873      * struct {
874      *     enum { change_cipher_spec(1), (255) } type;
875      * } ChangeCipherSpec;
876      *
877      */
878     if (tree)
879     {
880         proto_item_set_text(tree,
881                             "%s Record Layer: Change Cipher Spec",
882                             ssl_version_short_names[*conv_version]);
883         proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
884                             offset++, 1, FALSE);
885     }
886 }
887
888 /* dissects the alert message, filling in the tree */
889 static void
890 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
891                    proto_tree *tree, guint32 offset,
892                    guint *conv_version)
893 {
894     /*     struct {
895      *         AlertLevel level;
896      *         AlertDescription description;
897      *     } Alert;
898      */
899     proto_tree *ti;
900     proto_tree *ssl_alert_tree = NULL;
901     gchar *level;
902     gchar *desc;
903     guint8 byte;
904     if (tree)
905     {
906         ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
907                                  offset, 2, 0);
908         ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
909     }
910
911     /*
912      * set the record layer label
913      */
914
915     /* first lookup the names for the alert level and description */
916     byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
917     level = match_strval(byte, ssl_31_alert_level);
918
919     byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
920     desc = match_strval(byte, ssl_31_alert_description);
921
922     /* now set the text in the record layer line */
923     if (level && desc)
924     {
925         if (check_col(pinfo->fd, COL_INFO))
926             col_append_fstr(pinfo->fd, COL_INFO,
927                             "Alert (Level: %s, Description: %s)",
928                             level, desc);
929     }
930     else
931     {
932         if (check_col(pinfo->fd, COL_INFO))
933             col_append_str(pinfo->fd, COL_INFO, "Encrypted Alert");
934     }
935
936     if (tree)
937     {
938         if (level && desc)
939         {
940             proto_item_set_text(tree, "%s Record Layer: Alert "
941                                 "(Level: %s, Description: %s)",
942                                 ssl_version_short_names[*conv_version],
943                                 level, desc);
944             proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
945                                 tvb, offset++, 1, FALSE);
946
947             proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
948                                 tvb, offset++, 1, FALSE);
949         }
950         else
951         {
952             proto_item_set_text(tree,
953                                 "%s Record Layer: Encrypted Alert",
954                                 ssl_version_short_names[*conv_version]);
955             proto_item_set_text(ssl_alert_tree,
956                                 "Alert Message: Encrypted Alert");
957         }
958     }
959 }
960
961
962 /* dissects the handshake protocol, filling the tree */
963 static void
964 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
965                        proto_tree *tree, guint32 offset,
966                        guint32 record_length, guint *conv_version)
967 {
968     /*     struct {
969      *         HandshakeType msg_type;
970      *         uint24 length;
971      *         select (HandshakeType) {
972      *             case hello_request:       HelloRequest;
973      *             case client_hello:        ClientHello;
974      *             case server_hello:        ServerHello;
975      *             case certificate:         Certificate;
976      *             case server_key_exchange: ServerKeyExchange;
977      *             case certificate_request: CertificateRequest;
978      *             case server_hello_done:   ServerHelloDone;
979      *             case certificate_verify:  CertificateVerify;
980      *             case client_key_exchange: ClientKeyExchange;
981      *             case finished:            Finished;
982      *         } body;
983      *     } Handshake;
984      */
985     proto_tree *ti            = NULL;
986     proto_tree *ssl_hand_tree = NULL;
987     gchar *msg_type_str       = NULL;
988     guint8 msg_type;
989     guint32 length;
990     gboolean first_iteration  = TRUE;
991
992
993     /* just as there can be multiple records per packet, there
994      * can be multiple messages per record as long as they have
995      * the same content type
996      *
997      * we really only care about this for handshake messages
998      */
999
1000     /* set record_length to the max offset */
1001     record_length += offset;
1002     while (offset < record_length)
1003     {
1004         msg_type = tvb_get_guint8(tvb, offset);
1005         msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1006         length   = tvb_get_ntoh24(tvb, offset + 1);
1007
1008         if (!msg_type_str && !first_iteration)
1009         {
1010             /* only dissect / report messages if they're
1011              * either the first message in this record
1012              * or they're a valid message type
1013              */
1014             return;
1015         }
1016
1017         /* on second and later iterations, add comma to info col */
1018         if (!first_iteration)
1019         {
1020             if (check_col(pinfo->fd, COL_INFO))
1021                 col_append_fstr(pinfo->fd, COL_INFO, ", ");
1022         }
1023
1024         /*
1025          * Update our info string
1026          */
1027         if (check_col(pinfo->fd, COL_INFO))
1028             col_append_fstr(pinfo->fd, COL_INFO, "%s", (msg_type_str != NULL)
1029                             ? msg_type_str : "Encrypted Handshake Message");
1030
1031         if (tree)
1032         {
1033             /* set the label text on the record layer expanding node */
1034             if (first_iteration)
1035             {
1036                 proto_item_set_text(tree, "%s Record Layer: %s",
1037                                     ssl_version_short_names[*conv_version],
1038                                     (msg_type_str!=NULL) ? msg_type_str :
1039                                     "Encrypted Handshake Message");
1040             }
1041             else
1042             {
1043                 proto_item_set_text(tree, "%s Record Layer: %s",
1044                                     ssl_version_short_names[*conv_version],
1045                                     "Multiple Handshake Messages");
1046             }
1047
1048             /* add a subtree for the handshake protocol */
1049             ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1050                                      offset, length + 4, 0);
1051             ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1052
1053             if (ssl_hand_tree)
1054             {
1055                 /* set the text label on the subtree node */
1056                 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1057                                     (msg_type_str != NULL) ? msg_type_str :
1058                                     "Encrypted Handshake Message");
1059             }
1060         }
1061
1062         /* if we don't have a valid handshake type, just quit dissecting */
1063         if (!msg_type_str)
1064         {
1065             return;
1066         }
1067
1068         if (ssl_hand_tree)
1069         {
1070             /* add nodes for the message type and message length */
1071             proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1072                                 tvb, offset, 1, msg_type);
1073             offset++;
1074             proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1075                                 tvb, offset, 3, length);
1076             offset += 3;
1077
1078             /* now dissect the handshake message, if necessary */
1079             switch (msg_type) {
1080             case SSL_HND_HELLO_REQUEST:
1081                 /* hello_request has no fields, so nothing to do! */
1082                 break;
1083
1084             case SSL_HND_CLIENT_HELLO:
1085                 dissect_ssl3_hnd_cli_hello(tvb, pinfo, ssl_hand_tree, offset);
1086             break;
1087
1088             case SSL_HND_SERVER_HELLO:
1089                 dissect_ssl3_hnd_srv_hello(tvb, pinfo, ssl_hand_tree, offset);
1090                 break;
1091
1092             case SSL_HND_CERTIFICATE:
1093                 dissect_ssl3_hnd_cert(tvb, pinfo, ssl_hand_tree, offset);
1094                 break;
1095
1096             case SSL_HND_CERT_REQUEST:
1097                 dissect_ssl3_hnd_cert_req(tvb, pinfo, ssl_hand_tree, offset);
1098                 break;
1099
1100             case SSL_HND_SVR_HELLO_DONE:
1101                 /* server_hello_done has no fields, so nothing to do! */
1102                 break;
1103
1104             case SSL_HND_FINISHED:
1105                 dissect_ssl3_hnd_finished(tvb, pinfo, ssl_hand_tree,
1106                                           offset, conv_version);
1107                 break;
1108
1109             case SSL_HND_SERVER_KEY_EXCHG:
1110             case SSL_HND_CERT_VERIFY:
1111             case SSL_HND_CLIENT_KEY_EXCHG:
1112                 /* unimplemented */
1113                 break;
1114             }
1115
1116         }
1117         else
1118         {
1119             offset += 4;        /* skip the handshake header */
1120         }
1121         offset += length;
1122         first_iteration = FALSE; /* set up for next pass, if any */
1123     }
1124 }
1125
1126 static int
1127 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1128                               guint32 offset)
1129 {
1130     /* show the client's random challenge */
1131     guint32 initial_offset = offset;
1132     nstime_t gmt_unix_time;
1133     guint8  session_id_length = 0;
1134
1135     if (tree)
1136     {
1137         /* show the time */
1138         gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1139         gmt_unix_time.nsecs = 0;
1140         proto_tree_add_time(tree, hf_ssl_handshake_random_time,
1141                                      tvb, offset, 4, &gmt_unix_time);
1142         offset += 4;
1143
1144         /* show the random bytes */
1145         proto_tree_add_item(tree, hf_ssl_handshake_random_bytes,
1146                             tvb, offset, 28, 0);
1147         offset += 28;
1148
1149         /* show the session id */
1150         session_id_length = tvb_get_guint8(tvb, offset);
1151         proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
1152                             tvb, offset++, 1, 0);
1153         if (session_id_length > 0)
1154         {
1155             proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
1156                                          tvb, offset, session_id_length,
1157                                          tvb_get_ptr(tvb, offset, session_id_length),
1158                                          "Session ID (%u byte%s)",
1159                                          session_id_length,
1160                                          plurality(session_id_length, "", "s"));
1161             offset += session_id_length;
1162         }
1163
1164     }
1165     return offset - initial_offset;
1166 }
1167
1168 static void
1169 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
1170                            proto_tree *tree, guint32 offset)
1171 {
1172     /* struct {
1173      *     ProtocolVersion client_version;
1174      *     Random random;
1175      *     SessionID session_id;
1176      *     CipherSuite cipher_suites<2..2^16-1>;
1177      *     CompressionMethod compression_methods<1..2^8-1>;
1178      * } ClientHello;
1179      *
1180      */
1181     proto_tree *ti;
1182     proto_tree *cs_tree;
1183     guint16 cipher_suite_length = 0;
1184     guint8  compression_methods_length = 0;
1185
1186     if (tree)
1187     {
1188         /* show the client version */
1189         proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
1190                             offset, 2, FALSE);
1191         offset += 2;
1192
1193         /* show the fields in common with server hello */
1194         offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1195
1196         /* tell the user how many cipher suites there are */
1197         cipher_suite_length = tvb_get_ntohs(tvb, offset);
1198         proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
1199                             tvb, offset, 2, cipher_suite_length);
1200         offset += 2;            /* skip opaque length */
1201
1202         if (cipher_suite_length > 0)
1203         {
1204             ti = proto_tree_add_none_format(tree,
1205                                             hf_ssl_handshake_cipher_suites,
1206                                             tvb, offset, cipher_suite_length,
1207                                             "Cipher Suites (%u suite%s)",
1208                                             cipher_suite_length / 2,
1209                                             plurality(cipher_suite_length/2, "", "s"));
1210
1211             /* make this a subtree */
1212             cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1213             if (!cs_tree)
1214             {
1215                 cs_tree = tree; /* failsafe */
1216             }
1217
1218             while (cipher_suite_length > 0)
1219             {
1220                 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
1221                                     tvb, offset, 2, FALSE);
1222                 offset += 2;
1223                 cipher_suite_length -= 2;
1224             }
1225         }
1226
1227         /* tell the user how man compression methods there are */
1228         compression_methods_length = tvb_get_guint8(tvb, offset);
1229         proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
1230                             tvb, offset, 1, compression_methods_length);
1231         offset++;
1232
1233         if (compression_methods_length > 0)
1234         {
1235             ti = proto_tree_add_none_format(tree,
1236                                             hf_ssl_handshake_comp_methods,
1237                                             tvb, offset, compression_methods_length,
1238                                             "Compression Methods (%u method%s)",
1239                                             compression_methods_length,
1240                                             plurality(compression_methods_length,
1241                                               "", "s"));
1242
1243             /* make this a subtree */
1244             cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
1245             if (!cs_tree)
1246             {
1247                 cs_tree = tree; /* failsafe */
1248             }
1249
1250             while (compression_methods_length > 0)
1251             {
1252                 proto_tree_add_item(cs_tree, hf_ssl_handshake_comp_method,
1253                                     tvb, offset, 1, FALSE);
1254                 offset++;
1255                 compression_methods_length--;
1256             }
1257         }
1258     }
1259 }
1260
1261 static void
1262 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, packet_info *pinfo,
1263                            proto_tree *tree, guint32 offset)
1264 {
1265     /* struct {
1266      *     ProtocolVersion server_version;
1267      *     Random random;
1268      *     SessionID session_id;
1269      *     CipherSuite cipher_suite;
1270      *     CompressionMethod compression_method;
1271      * } ServerHello;
1272      */
1273
1274     if (tree)
1275     {
1276         /* show the server version */
1277         proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
1278                             offset, 2, FALSE);
1279         offset += 2;
1280
1281         /* first display the elements conveniently in
1282          * common with client hello
1283          */
1284         offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1285
1286         /* now the server-selected cipher suite */
1287         proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
1288                             tvb, offset, 2, FALSE);
1289         offset += 2;
1290
1291         /* and the server-selected compression method */
1292         proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
1293                             tvb, offset, 1, FALSE);
1294     }
1295 }
1296
1297 static void
1298 dissect_ssl3_hnd_cert(tvbuff_t *tvb, packet_info *pinfo,
1299                       proto_tree *tree, guint32 offset)
1300 {
1301
1302     /* opaque ASN.1Cert<2^24-1>;
1303      *
1304      * struct {
1305      *     ASN.1Cert certificate_list<1..2^24-1>;
1306      * } Certificate;
1307      */
1308     guint32 certificate_list_length;
1309     proto_tree *ti;
1310     proto_tree *subtree;
1311
1312     if (tree)
1313     {
1314         certificate_list_length = tvb_get_ntoh24(tvb, offset);
1315         proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
1316                             tvb, offset, 3, certificate_list_length);
1317         offset += 3;            /* 24-bit length value */
1318
1319         if (certificate_list_length > 0)
1320         {
1321             ti = proto_tree_add_none_format(tree,
1322                                             hf_ssl_handshake_certificates,
1323                                             tvb, offset, certificate_list_length,
1324                                             "Certificates (%u byte%s)",
1325                                             certificate_list_length,
1326                                             plurality(certificate_list_length,
1327                                               "", "s"));
1328
1329             /* make it a subtree */
1330             subtree = proto_item_add_subtree(ti, ett_ssl_certs);
1331             if (!subtree)
1332             {
1333                 subtree = tree; /* failsafe */
1334             }
1335
1336             /* iterate through each certificate */
1337             while (certificate_list_length > 0)
1338             {
1339                 /* get the length of the current certificate */
1340                 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
1341                 certificate_list_length -= 3 + cert_length;
1342
1343                 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
1344                                     tvb, offset, 3, FALSE);
1345                 offset += 3;
1346
1347                 proto_tree_add_bytes_format(subtree,
1348                                             hf_ssl_handshake_certificate,
1349                                             tvb, offset, cert_length,
1350                                             tvb_get_ptr(tvb, offset, cert_length),
1351                                             "Certificate (%u byte%s)",
1352                                             cert_length,
1353                                             plurality(cert_length, "", "s"));
1354                 offset += cert_length;
1355             }
1356         }
1357
1358     }
1359 }
1360
1361 static void
1362 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo,
1363                           proto_tree *tree, guint32 offset)
1364 {
1365     /*
1366      *    enum {
1367      *        rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1368      *        (255)
1369      *    } ClientCertificateType;
1370      *
1371      *    opaque DistinguishedName<1..2^16-1>;
1372      *
1373      *    struct {
1374      *        ClientCertificateType certificate_types<1..2^8-1>;
1375      *        DistinguishedName certificate_authorities<3..2^16-1>;
1376      *    } CertificateRequest;
1377      *
1378      */
1379     proto_tree *ti;
1380     proto_tree *subtree;
1381     guint8      cert_types_count = 0;
1382     int         dnames_length = 0;
1383
1384     if (tree)
1385     {
1386         cert_types_count = tvb_get_guint8(tvb, offset);
1387         proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
1388                             tvb, offset, 1, cert_types_count);
1389         offset++;
1390
1391         if (cert_types_count > 0)
1392         {
1393             ti = proto_tree_add_none_format(tree,
1394                                             hf_ssl_handshake_cert_types,
1395                                             tvb, offset, cert_types_count,
1396                                             "Certificate types (%u type%s)",
1397                                             cert_types_count,
1398                                             plurality(cert_types_count, "", "s"));
1399             subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
1400             if (!subtree)
1401             {
1402                 subtree = tree;
1403             }
1404
1405             while (cert_types_count > 0)
1406             {
1407                 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
1408                                     tvb, offset, 1, FALSE);
1409                 offset++;
1410                 cert_types_count--;
1411             }
1412         }
1413
1414         dnames_length = tvb_get_ntohs(tvb, offset);
1415         proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
1416                             tvb, offset, 2, dnames_length);
1417         offset += 2;
1418
1419         if (dnames_length > 0)
1420         {
1421             ti = proto_tree_add_none_format(tree,
1422                                             hf_ssl_handshake_dnames,
1423                                             tvb, offset, dnames_length,
1424                                             "Distinguished Names (%d byte%s)",
1425                                             dnames_length,
1426                                             plurality(dnames_length, "", "s"));
1427             subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
1428             if (!subtree)
1429             {
1430                 subtree = tree;
1431             }
1432
1433             while (dnames_length > 0)
1434             {
1435                 /* get the length of the current certificate */
1436                 guint16 name_length = tvb_get_ntohs(tvb, offset);
1437                 dnames_length -= 2 + name_length;
1438
1439                 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
1440                                     tvb, offset, 2, FALSE);
1441                 offset += 2;
1442
1443                 proto_tree_add_bytes_format(subtree,
1444                                             hf_ssl_handshake_dname,
1445                                             tvb, offset, name_length,
1446                                             tvb_get_ptr(tvb, offset, name_length),
1447                                             "Distinguished Name (%u byte%s)",
1448                                             name_length,
1449                                             plurality(name_length, "", "s"));
1450                 offset += name_length;
1451             }
1452         }
1453     }
1454
1455 }
1456
1457 static void
1458 dissect_ssl3_hnd_finished(tvbuff_t *tvb, packet_info *pinfo,
1459                           proto_tree *tree, guint32 offset,
1460                           guint *conv_version)
1461 {
1462     /* For TLS:
1463      *     struct {
1464      *         opaque verify_data[12];
1465      *     } Finished;
1466      *
1467      * For SSLv3:
1468      *     struct {
1469      *         opaque md5_hash[16];
1470      *         opaque sha_hash[20];
1471      *     } Finished;
1472      */
1473
1474     /* this all needs a tree, so bail if we don't have one */
1475     if (!tree)
1476     {
1477         return;
1478     }
1479
1480     switch(*conv_version) {
1481     case SSL_VER_TLS:
1482         proto_tree_add_item(tree, hf_ssl_handshake_finished,
1483                             tvb, offset, 12, FALSE);
1484         break;
1485
1486     case SSL_VER_SSLv3:
1487         proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
1488                             tvb, offset, 16, FALSE);
1489         offset += 16;
1490         proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
1491                             tvb, offset, 20, FALSE);
1492         offset += 20;
1493         break;
1494     }
1495 }
1496
1497 /*********************************************************************
1498  *
1499  * SSL version 2 Dissectors
1500  *
1501  *********************************************************************/
1502
1503
1504 /* record layer dissector */
1505 static int
1506 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree
1507                     *tree, guint32 offset, guint *conv_version)
1508 {
1509     guint32 initial_offset       = offset;
1510     guint8  byte                 = 0;
1511     guint8  record_length_length = 0;
1512     gint32  record_length        = -1;
1513     gint    is_escape            = -1;
1514     gint16  padding_length       = -1;
1515     guint8  msg_type             = 0;
1516     gchar   *msg_type_str        = NULL;
1517
1518     proto_tree *ti;
1519     proto_tree *ssl_record_tree = NULL;
1520
1521     /* if we get here, but don't have a version set for the
1522      * conversation, then set a version for just this frame
1523      * (e.g., on a client hello)
1524      */
1525     if (check_col(pinfo->fd, COL_PROTOCOL))
1526     {
1527         col_set_str(pinfo->fd, COL_PROTOCOL, "SSLv2");
1528     }
1529
1530     /* pull first byte; if high bit is set, then record
1531      * length is three bytes due to padding; otherwise
1532      * record length is two bytes
1533      */
1534     byte = tvb_get_guint8(tvb, offset++);
1535     record_length_length = (byte & 0x80) ? 2 : 3;
1536
1537     /* parse out the record length */
1538     switch(record_length_length) {
1539     case 2:                     /* two-byte record length */
1540         record_length = (byte & 0x7f) << 8;
1541         byte = tvb_get_guint8(tvb, offset++);
1542         record_length += byte;
1543         break;
1544     case 3:                     /* three-byte record length */
1545         is_escape = (byte & 0x40) ? TRUE : FALSE;
1546         record_length = (byte & 0x3f) << 8;
1547         byte = tvb_get_guint8(tvb, offset++);
1548         record_length += byte;
1549         byte = tvb_get_guint8(tvb, offset++);
1550         padding_length = byte;
1551     }
1552
1553     /* add the record layer subtree header */
1554     ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
1555                              record_length_length + record_length, 0);
1556     ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
1557
1558     /* pull the msg_type so we can bail if it's unknown */
1559     msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
1560
1561     /* if we get a server_hello or later handshake in v2, then set
1562      * this to sslv2
1563      */
1564     if (*conv_version == SSL_VER_UNKNOWN
1565         && msg_type >= 2 && msg_type <= 8)
1566     {
1567         *conv_version = SSL_VER_SSLv2;
1568         ssl_set_conv_version(pinfo, *conv_version);
1569     }
1570
1571     /* see if the msg_type is valid; if not the payload is
1572      * probably encrypted, so note that fact and bail
1573      */
1574     msg_type_str = match_strval(msg_type, ssl_20_msg_types);
1575     if (!msg_type_str
1576         || !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
1577                                               + record_length_length,
1578                                               record_length))
1579     {
1580         if (ssl_record_tree)
1581         {
1582             proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1583                                 "Encrypted Data");
1584         }
1585         if (check_col(pinfo->fd, COL_INFO))
1586             col_append_str(pinfo->fd, COL_INFO, "Encrypted Data");
1587         return initial_offset + record_length_length + record_length;
1588     }
1589     else
1590     {
1591         if (check_col(pinfo->fd, COL_INFO))
1592             col_append_str(pinfo->fd, COL_INFO, msg_type_str);
1593
1594         if (ssl_record_tree)
1595         {
1596             proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1597                                 msg_type_str);
1598         }
1599     }
1600
1601     /* We have a valid message type, so move foward, filling in the
1602      * tree by adding the length, is_escape boolean and padding_length,
1603      * if present in the original packet
1604      */
1605     if (ssl_record_tree && record_length != -1)
1606     {
1607         /* add the record length */
1608         ti = proto_tree_add_uint (ssl_record_tree,
1609                                   hf_ssl_record_length, tvb,
1610                                   initial_offset, record_length_length,
1611                                   record_length);
1612     }
1613     if (ssl_record_tree && is_escape != -1)
1614     {
1615         proto_tree_add_boolean(ssl_record_tree,
1616                                hf_ssl2_record_is_escape, tvb,
1617                                initial_offset, 1, is_escape);
1618     }
1619     if (ssl_record_tree && padding_length != -1)
1620     {
1621         proto_tree_add_uint(ssl_record_tree,
1622                             hf_ssl2_record_padding_length, tvb,
1623                             initial_offset + 2, 1, padding_length);
1624     }
1625
1626     /*
1627      * dissect the record data
1628      */
1629
1630     /* jump forward to the start of the record data */
1631     offset = initial_offset + record_length_length;
1632
1633     /* add the message type */
1634     if (ssl_record_tree)
1635     {
1636         proto_tree_add_item(ssl_record_tree, hf_ssl2_msg_type, tvb,
1637                             offset, 1, 0);
1638     }
1639     offset++;                   /* move past msg_type byte */
1640
1641
1642     /* dissect the message (only handle client hello right now) */
1643     switch (msg_type) {
1644     case SSL2_HND_CLIENT_HELLO:
1645         dissect_ssl2_hnd_client_hello(tvb, pinfo, ssl_record_tree, offset);
1646         break;
1647
1648     case SSL2_HND_CLIENT_MASTER_KEY:
1649         dissect_ssl2_hnd_client_master_key(tvb, pinfo, ssl_record_tree, offset);
1650         break;
1651
1652     case SSL2_HND_SERVER_HELLO:
1653         dissect_ssl2_hnd_server_hello(tvb, pinfo, ssl_record_tree, offset);
1654         break;
1655
1656     case SSL2_HND_ERROR:
1657     case SSL2_HND_CLIENT_FINISHED:
1658     case SSL2_HND_SERVER_VERIFY:
1659     case SSL2_HND_SERVER_FINISHED:
1660     case SSL2_HND_REQUEST_CERTIFICATE:
1661     case SSL2_HND_CLIENT_CERTIFICATE:
1662         /* unimplemented */
1663         break;
1664
1665     default:                    /* unknown */
1666         break;
1667     }
1668
1669
1670     return (initial_offset + record_length_length + record_length);
1671 }
1672
1673 static void
1674 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo,
1675                               proto_tree *tree, guint32 offset)
1676 {
1677     /* struct {
1678      *    uint8 msg_type;
1679      *     Version version;
1680      *     uint16 cipher_spec_length;
1681      *     uint16 session_id_length;
1682      *     uint16 challenge_length;
1683      *     V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
1684      *     opaque session_id[V2ClientHello.session_id_length];
1685      *     Random challenge;
1686      * } V2ClientHello;
1687      *
1688      * Note: when we get here, offset's already pointing at Version
1689      *
1690      */
1691     guint16 version;
1692     guint16 cipher_spec_length;
1693     guint16 session_id_length;
1694     guint16 challenge_length;
1695
1696     proto_tree *ti;
1697     proto_tree *cs_tree;
1698
1699     version = tvb_get_ntohs(tvb, offset);
1700     if (!ssl_is_valid_ssl_version(version))
1701     {
1702         /* invalid version; probably encrypted data */
1703         return;
1704     }
1705
1706     if (tree)
1707     {
1708         /* show the version */
1709         proto_tree_add_item(tree, hf_ssl_record_version, tvb,
1710                             offset, 2, FALSE);
1711         offset += 2;
1712
1713         cipher_spec_length = tvb_get_ntohs(tvb, offset);
1714         proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
1715                             tvb, offset, 2, FALSE);
1716         offset += 2;
1717
1718         session_id_length = tvb_get_ntohs(tvb, offset);
1719         proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
1720                             tvb, offset, 2, FALSE);
1721         offset += 2;
1722
1723         challenge_length = tvb_get_ntohs(tvb, offset);
1724         proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
1725                             tvb, offset, 2, FALSE);
1726         offset += 2;
1727
1728         /* tell the user how many cipher specs they've won */
1729         ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
1730                                         tvb, offset, cipher_spec_length,
1731                                         "Cipher Specs (%u specs)",
1732                                         cipher_spec_length/3);
1733
1734         /* make this a subtree and expand the actual specs below */
1735         cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1736         if (!cs_tree)
1737         {
1738             cs_tree = tree;     /* failsafe */
1739         }
1740
1741         /* iterate through the cipher specs, showing them */
1742         while (cipher_spec_length > 0)
1743         {
1744             proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
1745                                 tvb, offset, 3, FALSE);
1746             offset += 3;        /* length of one cipher spec */
1747             cipher_spec_length -= 3;
1748         }
1749
1750         /* if there's a session id, show it */
1751         if (session_id_length > 0)
1752         {
1753             proto_tree_add_bytes_format(tree,
1754                                          hf_ssl_handshake_session_id,
1755                                          tvb, offset, session_id_length,
1756                                          tvb_get_ptr(tvb, offset, session_id_length),
1757                                          "Session ID (%u byte%s)",
1758                                          session_id_length,
1759                                          plurality(session_id_length, "", "s"));
1760
1761             offset += session_id_length;
1762         }
1763
1764         /* if there's a challenge, show it */
1765         if (challenge_length > 0)
1766         {
1767             proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
1768                                 tvb, offset, challenge_length, 0);
1769             offset += challenge_length;
1770         }
1771     }
1772 }
1773
1774 static void
1775 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb, packet_info *pinfo,
1776                                    proto_tree *tree, guint32 offset)
1777 {
1778     /* struct {
1779      *    uint8 msg_type;
1780      *    V2Cipherspec cipher;
1781      *    uint16 clear_key_length;
1782      *    uint16 encrypted_key_length;
1783      *    uint16 key_arg_length;
1784      *    opaque clear_key_data[V2ClientMasterKey.clear_key_length];
1785      *    opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
1786      *    opaque key_arg_data[V2ClientMasterKey.key_arg_length];
1787      * } V2ClientMasterKey;
1788      *
1789      * Note: when we get here, offset's already pointing at cipher
1790      */
1791     guint16 clear_key_length;
1792     guint16 encrypted_key_length;
1793     guint16 key_arg_length;
1794
1795     /* at this point, everything we do involves the tree,
1796      * so quit now if we don't have one ;-)
1797      */
1798     if (!tree)
1799     {
1800         return;
1801     }
1802
1803     /* show the selected cipher */
1804     proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
1805                         tvb, offset, 3, FALSE);
1806     offset += 3;
1807
1808     /* get the fixed fields */
1809     clear_key_length = tvb_get_ntohs(tvb, offset);
1810     proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
1811                         tvb, offset, 2, FALSE);
1812     offset += 2;
1813
1814     encrypted_key_length = tvb_get_ntohs(tvb, offset);
1815     proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
1816                         tvb, offset, 2, FALSE);
1817     offset += 2;
1818
1819     key_arg_length = tvb_get_ntohs(tvb, offset);
1820     proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
1821                         tvb, offset, 2, FALSE);
1822     offset += 2;
1823
1824     /* show the variable length fields */
1825     if (clear_key_length > 0)
1826     {
1827         proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
1828                             tvb, offset, clear_key_length, FALSE);
1829         offset += clear_key_length;
1830     }
1831
1832     if (encrypted_key_length > 0)
1833     {
1834         proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
1835                             tvb, offset, encrypted_key_length, FALSE);
1836         offset += encrypted_key_length;
1837     }
1838
1839     if (key_arg_length > 0)
1840     {
1841         proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
1842                             tvb, offset, key_arg_length, FALSE);
1843         offset += key_arg_length;
1844     }
1845
1846 }
1847
1848 static void
1849 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb, packet_info *pinfo,
1850                               proto_tree *tree, guint32 offset)
1851 {
1852     /* struct {
1853      *    uint8  msg_type;
1854      *    uint8  session_id_hit;
1855      *    uint8  certificate_type;
1856      *    uint16 server_version;
1857      *    uint16 certificate_length;
1858      *    uint16 cipher_specs_length;
1859      *    uint16 connection_id_length;
1860      *    opaque certificate_data[V2ServerHello.certificate_length];
1861      *    opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
1862      *    opaque connection_id_data[V2ServerHello.connection_id_length];
1863      * } V2ServerHello;
1864      *
1865      * Note: when we get here, offset's already pointing at session_id_hit
1866      */
1867     guint16 certificate_length;
1868     guint16 cipher_spec_length;
1869     guint16 connection_id_length;
1870     guint16 version;
1871     proto_tree *ti;
1872     proto_tree *subtree;
1873
1874     /* everything we do only makes sense with a tree, so
1875      * quit now if we don't have one
1876      */
1877     if (!tree)
1878     {
1879         return;
1880     }
1881
1882     version = tvb_get_ntohs(tvb, offset + 2);
1883     if (!ssl_is_valid_ssl_version(version))
1884     {
1885         /* invalid version; probably encrypted data */
1886         return;
1887     }
1888
1889
1890     /* is there a hit? */
1891     proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
1892                         tvb, offset, 1, FALSE);
1893     offset++;
1894
1895     /* what type of certificate is this? */
1896     proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
1897                         tvb, offset, 1, FALSE);
1898     offset++;
1899
1900     /* now the server version */
1901     proto_tree_add_item(tree, hf_ssl_handshake_server_version,
1902                         tvb, offset, 2, FALSE);
1903     offset += 2;
1904
1905     /* get the fixed fields */
1906     certificate_length = tvb_get_ntohs(tvb, offset);
1907     proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
1908                         tvb, offset, 2, certificate_length);
1909     offset += 2;
1910
1911     cipher_spec_length = tvb_get_ntohs(tvb, offset);
1912     proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
1913                         tvb, offset, 2, cipher_spec_length);
1914     offset += 2;
1915
1916     connection_id_length = tvb_get_ntohs(tvb, offset);
1917     proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
1918                         tvb, offset, 2, connection_id_length);
1919     offset += 2;
1920
1921     /* now the variable length fields */
1922     if (certificate_length > 0)
1923     {
1924         proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
1925                                     tvb, offset, certificate_length,
1926                                     tvb_get_ptr(tvb, offset, certificate_length),
1927                                     "Certificate (%u byte%s)",
1928                                     certificate_length,
1929                                     plurality(certificate_length, "", "s"));
1930         offset += certificate_length;
1931     }
1932
1933     if (cipher_spec_length > 0)
1934     {
1935         /* provide a collapsing node for the cipher specs */
1936         ti = proto_tree_add_none_format(tree, 
1937                                         hf_ssl_handshake_cipher_suites,
1938                                         tvb, offset, cipher_spec_length,
1939                                         "Cipher Specs (%u spec%s)",
1940                                         cipher_spec_length/3,
1941                                         plurality(cipher_spec_length/3, "", "s"));
1942         subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1943         if (!subtree)
1944         {
1945             subtree = tree;
1946         }
1947
1948         /* iterate through the cipher specs */
1949         while (cipher_spec_length > 0)
1950         {
1951             proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
1952                                 tvb, offset, 3, FALSE);
1953             offset += 3;
1954             cipher_spec_length -= 3;
1955         }
1956     }
1957
1958     if (connection_id_length > 0)
1959     {
1960         proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
1961                             tvb, offset, connection_id_length, FALSE);
1962         offset += connection_id_length;
1963     }
1964
1965 }
1966
1967
1968
1969
1970 /*********************************************************************
1971  *
1972  * Support Functions
1973  *
1974  *********************************************************************/
1975
1976 static void
1977 ssl_set_conv_version(packet_info *pinfo, guint version)
1978 {
1979     conversation_t *conversation;
1980     void *conv_data;
1981
1982     if (pinfo->fd->flags.visited)
1983     {
1984         /* We've already processed this frame; no need to do any more
1985          * work on it.
1986          */
1987         return;
1988     }
1989
1990     conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
1991                                      pinfo->srcport, pinfo->destport, 0);
1992
1993     if (conversation == NULL)
1994     {
1995         /* create a new conversation */
1996         conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
1997                                         pinfo->srcport, pinfo->destport, 0);
1998     }
1999
2000     if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
2001     {
2002         /* get rid of the current data */
2003         conversation_delete_proto_data(conversation, proto_ssl);
2004     }
2005     conversation_add_proto_data(conversation, proto_ssl, (void *)version);
2006 }
2007
2008 static int
2009 ssl_is_valid_handshake_type(guint8 type)
2010 {
2011
2012     switch (type) {
2013     case SSL_HND_HELLO_REQUEST:
2014     case SSL_HND_CLIENT_HELLO:
2015     case SSL_HND_SERVER_HELLO:
2016     case SSL_HND_CERTIFICATE:
2017     case SSL_HND_SERVER_KEY_EXCHG:
2018     case SSL_HND_CERT_REQUEST:
2019     case SSL_HND_SVR_HELLO_DONE:
2020     case SSL_HND_CERT_VERIFY:
2021     case SSL_HND_CLIENT_KEY_EXCHG:
2022     case SSL_HND_FINISHED:
2023         return 1;
2024     }
2025     return 0;
2026 }
2027
2028 static int
2029 ssl_is_valid_content_type(guint8 type)
2030 {
2031     if (type >= 0x14 && type <= 0x17)
2032     {
2033         return 1;
2034     }
2035
2036     return 0;
2037 }
2038
2039 static int
2040 ssl_is_valid_ssl_version(guint16 version)
2041 {
2042     gchar *version_str = match_strval(version, ssl_versions);
2043     return version_str != NULL;
2044 }
2045
2046 static int
2047 ssl_is_authoritative_version_message(guint8 content_type,
2048                                      guint8 next_byte)
2049 {
2050     if (content_type == SSL_ID_HANDSHAKE
2051         && ssl_is_valid_handshake_type(next_byte))
2052     {
2053         return (next_byte != SSL_HND_CLIENT_HELLO);
2054     }
2055     else if (ssl_is_valid_content_type(content_type)
2056              && content_type != SSL_ID_HANDSHAKE)
2057     {
2058         return 1;
2059     }
2060     return 0;
2061 }
2062
2063 static int
2064 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
2065 {
2066     guint8 byte;
2067
2068     byte = tvb_get_guint8(tvb, offset);
2069     if (byte != 0x80)           /* v2 client hello should start this way */
2070     {
2071         return 0;
2072     }
2073
2074     byte = tvb_get_guint8(tvb, offset+2);
2075     if (byte != 0x01)           /* v2 client hello msg type */
2076     {
2077         return 0;
2078     }
2079
2080     /* 1 in 2^16 of being right; improve later if necessary */
2081     return 1;
2082 }
2083
2084 /* this applies a heuristic to determine whether
2085  * or not the data beginning at offset looks like a
2086  * valid sslv2 record.  this isn't really possible,
2087  * but we'll try to do a reasonable job anyway.
2088  */
2089 static int
2090 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
2091 {
2092     /* here's the current approach:
2093      *
2094      * we only try to catch unencrypted handshake messages, so we can
2095      * assume that there is not padding.  This means that the
2096      * first byte must be >= 0x80 and there must be a valid sslv2
2097      * msg_type in the third byte
2098      */
2099
2100     /* get the first byte; must have high bit set */
2101     guint8 byte = tvb_get_guint8(tvb, offset);
2102     if (byte < 0x80)
2103     {
2104         return 0;
2105     }
2106
2107     /* get the supposed msg_type byte; since we only care about
2108      * unencrypted handshake messages (we can't tell the type for
2109      * encrypted messages), we just check against that list
2110      */
2111     byte = tvb_get_guint8(tvb, offset + 2);
2112     switch(byte) {
2113     case SSL2_HND_ERROR:
2114     case SSL2_HND_CLIENT_HELLO:
2115     case SSL2_HND_CLIENT_MASTER_KEY:
2116     case SSL2_HND_SERVER_HELLO:
2117         return 1;
2118     }
2119     return 0;
2120 }
2121
2122 /* this applies a heuristic to determine whether
2123  * or not the data beginning at offset looks like a
2124  * valid sslv3 record.  this is somewhat more reliable
2125  * than sslv2 due to the structure of the v3 protocol
2126  */
2127 static int
2128 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
2129 {
2130     /* have to have a valid content type followed by a valid
2131      * protocol version
2132      */
2133     guint8 byte;
2134     guint16 version;
2135
2136     /* see if the first byte is a valid content type */
2137     byte = tvb_get_guint8(tvb, offset);
2138     if (!ssl_is_valid_content_type(byte))
2139     {
2140         return 0;
2141     }
2142
2143     /* now check to see if the version byte appears valid */
2144     version = tvb_get_ntohs(tvb, offset + 1);
2145     if (version != 0x0300 && version != 0x0301)
2146     {
2147         return 0;
2148     }
2149
2150     return 1;
2151 }
2152
2153 /* applies a heuristic to determine whether
2154  * or not the data beginning at offset looks
2155  * like a valid, unencrypted v2 handshake message.
2156  * since it isn't possible to completely tell random
2157  * data apart from a valid message without state,
2158  * we try to help the odds.
2159  */
2160 static int
2161 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
2162                                   guint32 record_length)
2163 {
2164     /* first byte should be a msg_type.
2165      *
2166      *   - we know we only see client_hello, client_master_key,
2167      *     and server_hello in the clear, so check to see if
2168      *     msg_type is one of those (this gives us a 3 in 2^8
2169      *     chance of saying yes with random payload)
2170      *
2171      *   - for those three types that we know about, do some
2172      *     further validation to reduce the chance of an error
2173      */
2174     guint8 msg_type;
2175     guint16 version;
2176     guint32 sum;
2177
2178     /* fetch the msg_type */
2179     msg_type = tvb_get_guint8(tvb, offset);
2180
2181     switch (msg_type) {
2182     case SSL2_HND_CLIENT_HELLO:
2183         /* version follows msg byte, so verify that this is valid */
2184         version = tvb_get_ntohs(tvb, offset+1);
2185         return ssl_is_valid_ssl_version(version);
2186         break;
2187
2188     case SSL2_HND_SERVER_HELLO:
2189         /* version is three bytes after msg_type */
2190         version = tvb_get_ntohs(tvb, offset+3);
2191         return ssl_is_valid_ssl_version(version);
2192         break;
2193
2194     case SSL2_HND_CLIENT_MASTER_KEY:
2195         /* sum of clear_key_length, encrypted_key_length, and key_arg_length
2196          * must be less than record length
2197          */
2198         sum  = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
2199         sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
2200         sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
2201         if (sum > record_length)
2202         {
2203             return 0;
2204         }
2205         return 1;
2206         break;
2207
2208     default:
2209         return 0;
2210     }
2211     return 0;
2212 }
2213
2214 /*********************************************************************
2215  *
2216  * Standard Ethereal Protocol Registration and housekeeping
2217  *
2218  *********************************************************************/
2219 void
2220 proto_register_ssl(void)
2221 {
2222
2223     /* Setup list of header fields See Section 1.6.1 for details*/
2224     static hf_register_info hf[] = {
2225         { &hf_ssl_record,
2226           { "Record Layer", "ssl.record",
2227             FT_NONE, BASE_NONE, NULL, 0x0,
2228             "Record layer", HFILL }
2229         },
2230         { &hf_ssl_record_content_type,
2231           { "Content Type", "ssl.record.content_type",
2232             FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
2233             "Content type", HFILL}
2234         },
2235         { &hf_ssl2_msg_type,
2236           { "Handshake Message Type", "ssl.handshake.type",
2237             FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
2238             "SSLv2 handshake message type", HFILL}
2239         },
2240         { &hf_ssl_record_version,
2241           { "Version", "ssl.record.version",
2242             FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2243             "Record layer version.", HFILL }
2244         },
2245         { &hf_ssl_record_length,
2246           { "Length", "ssl.record.length",
2247             FT_UINT16, BASE_DEC, NULL, 0x0,
2248             "Length of SSL record data", HFILL }
2249         },
2250         { &hf_ssl_record_appdata,
2251           { "Application Data", "ssl.app_data",
2252             FT_NONE, BASE_NONE, NULL, 0x0,
2253             "Payload is application data", HFILL }
2254         },
2255         { & hf_ssl2_record,
2256           { "SSLv2 Record Header", "ssl.record",
2257             FT_NONE, BASE_DEC, NULL, 0x0,
2258             "SSLv2 record data", HFILL }
2259         },
2260         { &hf_ssl2_record_is_escape,
2261           { "Is Escape", "ssl.record.is_escape",
2262             FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2263             "Indicates a security escape", HFILL}
2264         },
2265         { &hf_ssl2_record_padding_length,
2266           { "Padding Length", "ssl.record.padding_length",
2267             FT_UINT8, BASE_DEC, NULL, 0x0,
2268             "Length of padding at end of record", HFILL }
2269         },
2270         { &hf_ssl_change_cipher_spec,
2271           { "Change Cipher Spec Message", "ssl.change_cipher_spec",
2272             FT_NONE, BASE_NONE, NULL, 0x0,
2273             "Signals a change in cipher specifications", HFILL }
2274         },
2275         { & hf_ssl_alert_message,
2276           { "Alert Message", "ssl.alert_message",
2277             FT_NONE, BASE_NONE, NULL, 0x0,
2278             "Alert message", HFILL }
2279         },
2280         { & hf_ssl_alert_message_level,
2281           { "Level", "ssl.alert_message.level",
2282             FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
2283             "Alert message level", HFILL }
2284         },
2285         { &hf_ssl_alert_message_description,
2286           { "Description", "ssl.alert_message.desc",
2287             FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
2288             "Alert message description", HFILL }
2289         },
2290         { &hf_ssl_handshake_protocol,
2291           { "Handshake Protocol", "ssl.handshake",
2292             FT_NONE, BASE_NONE, NULL, 0x0,
2293             "Handshake protocol message", HFILL}
2294         },
2295         { &hf_ssl_handshake_type,
2296           { "Handshake Type", "ssl.handshake.type",
2297             FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
2298             "Type of handshake message", HFILL}
2299         },
2300         { &hf_ssl_handshake_length,
2301           { "Length", "ssl.handshake.length",
2302             FT_UINT24, BASE_DEC, NULL, 0x0,
2303             "Length of handshake message", HFILL }
2304         },
2305         { &hf_ssl_handshake_client_version,
2306           { "Version", "ssl.handshake.version",
2307             FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2308             "Maximum version supported by client", HFILL }
2309         },
2310         { &hf_ssl_handshake_server_version,
2311           { "Version", "ssl.handshake.version",
2312             FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2313             "Version selected by server", HFILL }
2314         },
2315         { &hf_ssl_handshake_random_time,
2316           { "Random.gmt_unix_time", "ssl.handshake.random_time",
2317             FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
2318             "Unix time field of random structure", HFILL }
2319         },
2320         { &hf_ssl_handshake_random_bytes,
2321           { "Random.bytes", "ssl.handshake.random",
2322             FT_NONE, BASE_NONE, NULL, 0x0,
2323             "Random challenge used to authenticate server", HFILL }
2324         },
2325         { &hf_ssl_handshake_cipher_suites_len,
2326           { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
2327             FT_UINT16, BASE_DEC, NULL, 0x0,
2328             "Length of cipher suites field", HFILL }
2329         },
2330         { &hf_ssl_handshake_cipher_suites,
2331           { "Cipher Suites", "ssl.handshake.ciphersuites",
2332             FT_NONE, BASE_NONE, NULL, 0x0,
2333             "List of cipher suites supported by client", HFILL }
2334         },
2335         { &hf_ssl_handshake_cipher_suite,
2336           { "Cipher Suite", "ssl.handshake.ciphersuite",
2337             FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
2338             "Cipher suite", HFILL }
2339         },
2340         { &hf_ssl2_handshake_cipher_spec,
2341           { "Cipher Spec", "ssl.handshake.cipherspec",
2342             FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
2343             "Cipher specification", HFILL }
2344         },
2345         { &hf_ssl_handshake_session_id,
2346           { "Session ID", "ssl.handshake.session_id",
2347             FT_BYTES, BASE_NONE, NULL, 0x0,
2348             "Identifies the SSL session, allowing later resumption", HFILL }
2349         },
2350         { &hf_ssl_handshake_comp_methods_len,
2351           { "Compression Methods Length", "ssl.handshake.comp_methods_length",
2352             FT_UINT8, BASE_DEC, NULL, 0x0,
2353             "Length of compression methods field", HFILL }
2354         },
2355         { &hf_ssl_handshake_comp_methods,
2356           { "Compression Methods", "ssl.handshake.comp_methods",
2357             FT_NONE, BASE_NONE, NULL, 0x0,
2358             "List of compression methods supported by client", HFILL }
2359         },
2360         { &hf_ssl_handshake_comp_method,
2361           { "Compression Method", "ssl.handshake.comp_method",
2362             FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
2363             "Compression Method", HFILL }
2364         },
2365         { &hf_ssl_handshake_certificates_len,
2366           { "Certificates Length", "ssl.handshake.certificates_length",
2367             FT_UINT24, BASE_DEC, NULL, 0x0,
2368             "Length of certificates field", HFILL }
2369         },
2370         { &hf_ssl_handshake_certificates,
2371           { "Certificates", "ssl.handshake.certificates",
2372             FT_NONE, BASE_NONE, NULL, 0x0,
2373             "List of certificates", HFILL }
2374         },
2375         { &hf_ssl_handshake_certificate,
2376           { "Certificate", "ssl.handshake.certificate",
2377             FT_BYTES, BASE_NONE, NULL, 0x0,
2378             "Certificate", HFILL }
2379         },
2380         { &hf_ssl_handshake_certificate_len,
2381           { "Certificate Length", "ssl.handshake.certificate_length",
2382             FT_UINT24, BASE_DEC, NULL, 0x0,
2383             "Length of certificate", HFILL }
2384         },
2385         { &hf_ssl_handshake_cert_types_count,
2386           { "Certificate types count", "ssl.handshake.cert_types_count",
2387             FT_UINT8, BASE_DEC, NULL, 0x0,
2388             "Count of certificate types", HFILL }
2389         },
2390         { &hf_ssl_handshake_cert_types,
2391           { "Certificate types", "ssl.handshake.cert_types",
2392             FT_NONE, BASE_NONE, NULL, 0x0,
2393             "List of certificate types", HFILL }
2394         },
2395         { &hf_ssl_handshake_cert_type,
2396           { "Certificate type", "ssl.handshake.cert_type",
2397             FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
2398             "Certificate type", HFILL }
2399         },
2400         { &hf_ssl_handshake_finished,
2401           { "Verify Data", "ssl.handshake.verify_data",
2402             FT_NONE, BASE_NONE, NULL, 0x0,
2403             "Opaque verification data", HFILL }
2404         },
2405         { &hf_ssl_handshake_md5_hash,
2406           { "MD5 Hash", "ssl.handshake.md5_hash",
2407             FT_NONE, BASE_NONE, NULL, 0x0,
2408             "Hash of messages, master_secret, etc.", HFILL }
2409         },
2410         { &hf_ssl_handshake_sha_hash,
2411           { "SHA-1 Hash", "ssl.handshake.sha_hash",
2412             FT_NONE, BASE_NONE, NULL, 0x0,
2413             "Hash of messages, master_secret, etc.", HFILL }
2414         },
2415         { &hf_ssl_handshake_session_id_len,
2416           { "Session ID Length", "ssl.handshake.session_id_length",
2417             FT_UINT8, BASE_DEC, NULL, 0x0,
2418             "Length of session ID field", HFILL }
2419         },
2420         { &hf_ssl_handshake_dnames_len,
2421           { "Distinguished Names Length", "ssl.handshake.dnames_len",
2422             FT_UINT16, BASE_DEC, NULL, 0x0,
2423             "Length of list of CAs that server trusts", HFILL }
2424         },
2425         { &hf_ssl_handshake_dnames,
2426           { "Distinguished Names", "ssl.handshake.dnames",
2427             FT_NONE, BASE_NONE, NULL, 0x0,
2428             "List of CAs that server trusts", HFILL }
2429         },
2430         { &hf_ssl_handshake_dname_len,
2431           { "Distinguished Name Length", "ssl.handshake.dname_len",
2432             FT_UINT16, BASE_DEC, NULL, 0x0,
2433             "Length of distinguished name", HFILL }
2434         },
2435         { &hf_ssl_handshake_dname,
2436           { "Distinguished Name", "ssl.handshake.dname",
2437             FT_BYTES, BASE_NONE, NULL, 0x0,
2438             "Distinguished name of a CA that server trusts", HFILL }
2439         },
2440         { &hf_ssl2_handshake_challenge,
2441           { "Challenge", "ssl.handshake.challenge",
2442             FT_NONE, BASE_NONE, NULL, 0x0,
2443             "Challenge data used to authenticate server", HFILL }
2444         },
2445         { &hf_ssl2_handshake_cipher_spec_len,
2446           { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
2447             FT_UINT16, BASE_DEC, NULL, 0x0,
2448             "Length of cipher specs field", HFILL }
2449         },
2450         { &hf_ssl2_handshake_session_id_len,
2451           { "Session ID Length", "ssl.handshake.session_id_length",
2452             FT_UINT16, BASE_DEC, NULL, 0x0,
2453             "Length of session ID field", HFILL }
2454         },
2455         { &hf_ssl2_handshake_challenge_len,
2456           { "Challenge Length", "ssl.handshake.challenge_length",
2457             FT_UINT16, BASE_DEC, NULL, 0x0,
2458             "Length of challenge field", HFILL }
2459         },
2460         { &hf_ssl2_handshake_clear_key_len,
2461           { "Clear Key Data Length", "ssl.handshake.clear_key_length",
2462             FT_UINT16, BASE_DEC, NULL, 0x0,
2463             "Length of clear key data", HFILL }
2464         },
2465         { &hf_ssl2_handshake_enc_key_len,
2466           { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
2467             FT_UINT16, BASE_DEC, NULL, 0x0,
2468             "Length of encrypted key data", HFILL }
2469         },
2470         { &hf_ssl2_handshake_key_arg_len,
2471           { "Key Argument Length", "ssl.handshake.key_arg_length",
2472             FT_UINT16, BASE_DEC, NULL, 0x0,
2473             "Length of key argument", HFILL }
2474         },
2475         { &hf_ssl2_handshake_clear_key,
2476           { "Clear Key Data", "ssl.handshake.clear_key_data",
2477             FT_NONE, BASE_NONE, NULL, 0x0,
2478             "Clear portion of MASTER-KEY", HFILL }
2479         },
2480         { &hf_ssl2_handshake_enc_key,
2481           { "Encrypted Key", "ssl.handshake.encrypted_key",
2482             FT_NONE, BASE_NONE, NULL, 0x0,
2483             "Secret portion of MASTER-KEY encrypted to server", HFILL }
2484         },
2485         { &hf_ssl2_handshake_key_arg,
2486           { "Key Argument", "ssl.handshake.key_arg",
2487             FT_NONE, BASE_NONE, NULL, 0x0,
2488             "Key Argument (e.g., Initialization Vector)", HFILL }
2489         },
2490         { &hf_ssl2_handshake_session_id_hit,
2491           { "Session ID Hit", "ssl.handshake.session_id_hit",
2492             FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2493             "Did the server find the client's Session ID?", HFILL }
2494         },
2495         { &hf_ssl2_handshake_cert_type,
2496           { "Certificate Type", "ssl.handshake.cert_type",
2497             FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
2498             "Certificate Type", HFILL }
2499         },
2500         { &hf_ssl2_handshake_connection_id_len,
2501           { "Connection ID Length", "ssl.handshake.connection_id_length",
2502             FT_UINT16, BASE_DEC, NULL, 0x0,
2503             "Length of connection ID", HFILL }
2504         },
2505         { &hf_ssl2_handshake_connection_id,
2506           { "Connection ID", "ssl.handshake.connection_id",
2507             FT_NONE, BASE_NONE, NULL, 0x0,
2508             "Server's challenge to client", HFILL }
2509         },
2510     };
2511
2512     /* Setup protocol subtree array */
2513     static gint *ett[] = {
2514         &ett_ssl,
2515         &ett_ssl_record,
2516         &ett_ssl_alert,
2517         &ett_ssl_handshake,
2518         &ett_ssl_cipher_suites,
2519         &ett_ssl_comp_methods,
2520         &ett_ssl_certs,
2521         &ett_ssl_cert_types,
2522         &ett_ssl_dnames,
2523     };
2524
2525     /* Register the protocol name and description */
2526     proto_ssl = proto_register_protocol("Secure Socket Layer",
2527                                         "SSL", "ssl");
2528
2529     /* Required function calls to register the header fields and
2530      * subtrees used */
2531     proto_register_field_array(proto_ssl, hf, array_length(hf));
2532     proto_register_subtree_array(ett, array_length(ett));
2533 }
2534
2535 /* If this dissector uses sub-dissector registration add a registration
2536  * routine.  This format is required because a script is used to find
2537  * these routines and create the code that calls these routines.
2538  */
2539 void
2540 proto_reg_handoff_ssl(void)
2541 {
2542     dissector_add("tcp.port", TCP_PORT_SSL, dissect_ssl, proto_ssl);
2543 }