Wireshark-commits: [Wireshark-commits] rev 52149: /trunk/epan/dissectors/ /trunk/epan/dissectors/:
Date: Thu, 19 Sep 2013 20:27:05 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=52149

User: alagoutte
Date: 2013/09/19 01:27 PM

Log:
 From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144 [PATCH] Update TLS Ciphers
 
 Use IV from record for CBC mode, add padding/IV length check
 
 Add summary of RFCs to make it more obvious why certain parts (IV, MAC,
 padding) are used. Merge DTLS and TLS blocks for extracting IV. This
 saves an unnecessary memmove() because the input pointer is, well, just
 a local variable and can therefore be incremented.
 
 Validate padding and IV lengths before using it. A crash could occur
 if the explicit IV is missing (this would make memmove write before its
 buffer). The missing padding check had as implication that a misleading
 error is returning with a negative length (not exploitable).
 
 Use IV from record for CBC mode, previously it decrypted the first block
 incorrectly and then threw this "decrypted" IV away. Now it extracts the
 IV and uses this for decrypting the first fragment block. (remember that
 CBC xor's the output of the block cipher with the previous ciphertext
 (or IV for the first block)).
 
 This is a preparation for GCM which does not have a MAC. The skip_mac
 branch is necessary to make the compiler happy in this patch, 'mac'
 could otherwise be uninitialised.

Directory: /trunk/epan/dissectors/
  Changes    Path                  Action
  +55 -21    packet-ssl-utils.c    Modified
  +3 -2      packet-ssl-utils.h    Modified