Wireshark-commits: [Wireshark-commits] master b641feb: TLS: Implement reassembly for Handshake mess
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Wed, 24 Apr 2019 21:02:41 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b641febb1ea9ddc18550a4dd4d55a027b7ea9669
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master
Repository: wireshark

Commits:

b641feb by Peter Wu (peter@xxxxxxxxxxxxx):

    TLS: Implement reassembly for Handshake messages
    
    Lack of handshake reassembly caused Certificate handshake messages to be
    reported as "Encrypted Handshake Messages" and broke decryption in some
    cases. Fix this by properly tracking handshake fragments and delay
    dissection until all fragments are available.
    
    Now when a fragmented Handshake message is found:
    
    * The first fragment will have "(fragmented)" appended to the record
      tree item as well as the "Handshake Protocol" item.
    * "Reassembled Handshake Message in frame: X" is added for fragments.
    * The last reassembled handshake message will be displayed together with
      a fragment list.
    
    Note: Previously, handshake records with a message length larger than
    the available data was assumed to be encrypted. This restriction had to
    be lifted, but can now cause false positives (reporting encrypted data
    as unencrypted handshake fragments).
    
    The provided capture is not minimal but should be comprehensive as it is
    generated with randomly sized TLS record and TCP segment lengths using
    `./tls-handshake-fragments.py hs-frag.pcap --seed=1337 --count=100` and
    https://git.lekensteyn.nl/peter/wireshark-notes/tree/crafted-pkt/tls-handshake-fragments.py
    (A copy of this script is attached to bug 3303.)
    
    Bug: 3303
    Bug: 15537
    Bug: 15625
    Change-Id: I779925aba30548a76c20e0e37b39d01d2c88a764
    Reviewed-on: https://code.wireshark.org/review/32857
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    

Actions performed:

    from  1799b24   FindPCAP: use pkg-config to find pcap dependencies
     add  b641feb   TLS: Implement reassembly for Handshake messages


Summary of changes:
 epan/dissectors/packet-quic.c                   |   2 +-
 epan/dissectors/packet-tls-utils.c              |  28 +-
 epan/dissectors/packet-tls-utils.h              |  23 +
 epan/dissectors/packet-tls.c                    | 544 +++++++++++++++++++-----
 test/captures/tls-fragmented-handshakes.pcap.gz | Bin 0 -> 16911 bytes
 test/suite_dissection.py                        |  27 ++
 6 files changed, 508 insertions(+), 116 deletions(-)
 create mode 100644 test/captures/tls-fragmented-handshakes.pcap.gz