Wireshark  2.9.0-477-g68ec514b
The Wireshark network protocol analyzer
packet-ssl-utils.h
1 /* packet-ssl-utils.h
2  * ssl manipulation functions
3  * By Paolo Abeni <paolo.abeni@email.com>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 #ifndef __SSL_UTILS_H_
13 #define __SSL_UTILS_H_
14 
15 #include <stdio.h> /* some APIs we declare take a stdio stream as an argument */
16 
17 #include <glib.h>
18 #include <epan/packet.h>
19 #include <epan/prefs.h>
20 #include <epan/wmem/wmem.h>
21 #include <epan/expert.h>
22 #include <epan/conversation.h>
23 #include <epan/unit_strings.h>
24 #include <wsutil/wsgcrypt.h>
25 
26 #ifdef HAVE_LIBGNUTLS
27 #include <gnutls/x509.h>
28 #include <gnutls/pkcs12.h>
29 #endif /* HAVE_LIBGNUTLS */
30 
31 /* TODO inline this now that Libgcrypt is mandatory? */
32 #define SSL_CIPHER_CTX gcry_cipher_hd_t
33 #define SSL_DECRYPT_DEBUG
34 
35 
36 /* other defines */
37 typedef enum {
38  SSL_ID_CHG_CIPHER_SPEC = 0x14,
39  SSL_ID_ALERT = 0x15,
40  SSL_ID_HANDSHAKE = 0x16,
41  SSL_ID_APP_DATA = 0x17,
42  SSL_ID_HEARTBEAT = 0x18
43 } ContentType;
44 
45 typedef enum {
46  SSL_HND_HELLO_REQUEST = 0,
47  SSL_HND_CLIENT_HELLO = 1,
48  SSL_HND_SERVER_HELLO = 2,
49  SSL_HND_HELLO_VERIFY_REQUEST = 3,
50  SSL_HND_NEWSESSION_TICKET = 4,
51  SSL_HND_END_OF_EARLY_DATA = 5,
52  SSL_HND_HELLO_RETRY_REQUEST = 6,
53  SSL_HND_ENCRYPTED_EXTENSIONS = 8,
54  SSL_HND_CERTIFICATE = 11,
55  SSL_HND_SERVER_KEY_EXCHG = 12,
56  SSL_HND_CERT_REQUEST = 13,
57  SSL_HND_SVR_HELLO_DONE = 14,
58  SSL_HND_CERT_VERIFY = 15,
59  SSL_HND_CLIENT_KEY_EXCHG = 16,
60  SSL_HND_FINISHED = 20,
61  SSL_HND_CERT_URL = 21,
62  SSL_HND_CERT_STATUS = 22,
63  SSL_HND_SUPPLEMENTAL_DATA = 23,
64  SSL_HND_KEY_UPDATE = 24,
65  /* Encrypted Extensions was NextProtocol in draft-agl-tls-nextprotoneg-03
66  * and changed in draft 04. Not to be confused with TLS 1.3 EE. */
67  SSL_HND_ENCRYPTED_EXTS = 67
68 } HandshakeType;
69 
70 #define SSL2_HND_ERROR 0x00
71 #define SSL2_HND_CLIENT_HELLO 0x01
72 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
73 #define SSL2_HND_CLIENT_FINISHED 0x03
74 #define SSL2_HND_SERVER_HELLO 0x04
75 #define SSL2_HND_SERVER_VERIFY 0x05
76 #define SSL2_HND_SERVER_FINISHED 0x06
77 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
78 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
79 
80 #define PCT_VERSION_1 0x8001
81 
82 #define PCT_MSG_CLIENT_HELLO 0x01
83 #define PCT_MSG_SERVER_HELLO 0x02
84 #define PCT_MSG_CLIENT_MASTER_KEY 0x03
85 #define PCT_MSG_SERVER_VERIFY 0x04
86 #define PCT_MSG_ERROR 0x05
87 
88 #define PCT_CH_OFFSET_V1 0xa
89 
90 #define PCT_CIPHER_DES 0x01
91 #define PCT_CIPHER_IDEA 0x02
92 #define PCT_CIPHER_RC2 0x03
93 #define PCT_CIPHER_RC4 0x04
94 #define PCT_CIPHER_DES_112 0x05
95 #define PCT_CIPHER_DES_168 0x06
96 
97 #define PCT_HASH_MD5 0x0001
98 #define PCT_HASH_MD5_TRUNC_64 0x0002
99 #define PCT_HASH_SHA 0x0003
100 #define PCT_HASH_SHA_TRUNC_80 0x0004
101 #define PCT_HASH_DES_DM 0x0005
102 
103 #define PCT_CERT_NONE 0x00
104 #define PCT_CERT_X509 0x01
105 #define PCT_CERT_PKCS7 0x02
106 
107 #define PCT_SIG_NONE 0x0000
108 #define PCT_SIG_RSA_MD5 0x0001
109 #define PCT_SIG_RSA_SHA 0x0002
110 #define PCT_SIG_DSA_SHA 0x0003
111 
112 #define PCT_EXCH_RSA_PKCS1 0x01
113 #define PCT_EXCH_RSA_PKCS1_TOKEN_DES 0x02
114 #define PCT_EXCH_RSA_PKCS1_TOKEN_DES3 0x03
115 #define PCT_EXCH_RSA_PKCS1_TOKEN_RC2 0x04
116 #define PCT_EXCH_RSA_PKCS1_TOKEN_RC4 0x05
117 #define PCT_EXCH_DH_PKCS3 0x06
118 #define PCT_EXCH_DH_PKCS3_TOKEN_DES 0x07
119 #define PCT_EXCH_DH_PKCS3_TOKEN_DES3 0x08
120 #define PCT_EXCH_FORTEZZA_TOKEN 0x09
121 
122 #define PCT_ERR_BAD_CERTIFICATE 0x01
123 #define PCT_ERR_CLIENT_AUTH_FAILED 0x02
124 #define PCT_ERR_ILLEGAL_MESSAGE 0x03
125 #define PCT_ERR_INTEGRITY_CHECK_FAILED 0x04
126 #define PCT_ERR_SERVER_AUTH_FAILED 0x05
127 #define PCT_ERR_SPECS_MISMATCH 0x06
128 
129 #define SSL_HND_HELLO_EXT_SERVER_NAME 0
130 #define SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH 1
131 #define SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL 2
132 #define SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS 3
133 #define SSL_HND_HELLO_EXT_TRUNCATED_HMAC 4
134 #define SSL_HND_HELLO_EXT_STATUS_REQUEST 5
135 #define SSL_HND_HELLO_EXT_USER_MAPPING 6
136 #define SSL_HND_HELLO_EXT_CLIENT_AUTHZ 7
137 #define SSL_HND_HELLO_EXT_SERVER_AUTHZ 8
138 #define SSL_HND_HELLO_EXT_CERT_TYPE 9
139 #define SSL_HND_HELLO_EXT_SUPPORTED_GROUPS 10 /* renamed from "elliptic_curves" (RFC 7919 / TLS 1.3) */
140 #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 11
141 #define SSL_HND_HELLO_EXT_SRP 12
142 #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS 13
143 #define SSL_HND_HELLO_EXT_USE_SRTP 14
144 #define SSL_HND_HELLO_EXT_HEARTBEAT 15
145 #define SSL_HND_HELLO_EXT_ALPN 16
146 #define SSL_HND_HELLO_EXT_STATUS_REQUEST_V2 17
147 #define SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP 18
148 #define SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE 19
149 #define SSL_HND_HELLO_EXT_SERVER_CERT_TYPE 20
150 #define SSL_HND_HELLO_EXT_PADDING 21
151 #define SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC 22
152 #define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET 23
153 #define SSL_HND_HELLO_EXT_TOKEN_BINDING 24
154 #define SSL_HND_HELLO_EXT_CACHED_INFO 25
155 #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS 26 /* Not yet assigned by IANA (QUIC-TLS Draft04) */
156 /* 26-34 Unassigned*/
157 #define SSL_HND_HELLO_EXT_SESSION_TICKET_TLS 35
158 /* TLS 1.3 draft */
159 #define SSL_HND_HELLO_EXT_KEY_SHARE_OLD 40
160 #define SSL_HND_HELLO_EXT_PRE_SHARED_KEY 41
161 #define SSL_HND_HELLO_EXT_EARLY_DATA 42
162 #define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43
163 #define SSL_HND_HELLO_EXT_COOKIE 44
164 #define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45
165 #define SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO 46 /* draft-ietf-tls-tls13-18 (removed in -19) */
166 #define SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES 47
167 #define SSL_HND_HELLO_EXT_OID_FILTERS 48
168 #define SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH 49
169 #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT 50
170 #define SSL_HND_HELLO_EXT_KEY_SHARE 51
171 #define SSL_HND_HELLO_EXT_GREASE_0A0A 2570
172 #define SSL_HND_HELLO_EXT_GREASE_1A1A 6682
173 #define SSL_HND_HELLO_EXT_GREASE_2A2A 10794
174 #define SSL_HND_HELLO_EXT_NPN 13172 /* 0x3374 */
175 #define SSL_HND_HELLO_EXT_GREASE_3A3A 14906
176 #define SSL_HND_HELLO_EXT_GREASE_4A4A 19018
177 #define SSL_HND_HELLO_EXT_GREASE_5A5A 23130
178 #define SSL_HND_HELLO_EXT_GREASE_6A6A 27242
179 #define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031 /* 0x754f */
180 #define SSL_HND_HELLO_EXT_CHANNEL_ID 30032 /* 0x7550 */
181 #define SSL_HND_HELLO_EXT_GREASE_7A7A 31354
182 #define SSL_HND_HELLO_EXT_GREASE_8A8A 35466
183 #define SSL_HND_HELLO_EXT_GREASE_9A9A 39578
184 #define SSL_HND_HELLO_EXT_GREASE_AAAA 43690
185 #define SSL_HND_HELLO_EXT_GREASE_BABA 47802
186 #define SSL_HND_HELLO_EXT_GREASE_CACA 51914
187 #define SSL_HND_HELLO_EXT_GREASE_DADA 56026
188 #define SSL_HND_HELLO_EXT_GREASE_EAEA 60138
189 #define SSL_HND_HELLO_EXT_GREASE_FAFA 64250
190 #define SSL_HND_HELLO_EXT_RENEGOTIATION_INFO 65281 /* 0xFF01 */
191 #define SSL_HND_HELLO_EXT_DRAFT_VERSION_TLS13 65282 /* 0xFF02 */
192 
193 #define SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT 1
194 #define SSL_HND_CERT_URL_TYPE_PKIPATH 2
195 #define SSL_HND_CERT_STATUS_TYPE_OCSP 1
196 #define SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI 2
197 #define SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY 2
198 
199 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA 0
200 #define SSL_HND_QUIC_TP_INITIAL_MAX_DATA 1
201 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI 2
202 #define SSL_HND_QUIC_TP_IDLE_TIMEOUT 3
203 #define SSL_HND_QUIC_TP_OMIT_CONNECTION_ID 4 /* removed in draft -11 */
204 #define SSL_HND_QUIC_TP_MAX_PACKET_SIZE 5
205 #define SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN 6
206 #define SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT 7
207 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI 8
208 
209 /*
210  * Lookup tables
211  */
212 extern const value_string ssl_version_short_names[];
213 extern const value_string ssl_20_msg_types[];
214 extern value_string_ext ssl_20_cipher_suites_ext;
215 extern const value_string ssl_20_certificate_type[];
216 extern const value_string ssl_31_content_type[];
217 extern const value_string ssl_versions[];
218 extern const value_string ssl_31_change_cipher_spec[];
219 extern const value_string ssl_31_alert_level[];
220 extern const value_string ssl_31_alert_description[];
221 extern const value_string ssl_31_handshake_type[];
222 extern const value_string tls_heartbeat_type[];
223 extern const value_string tls_heartbeat_mode[];
224 extern const value_string ssl_31_compression_method[];
225 extern const value_string ssl_31_key_exchange_algorithm[];
226 extern const value_string ssl_31_signature_algorithm[];
227 extern const value_string ssl_31_client_certificate_type[];
228 extern const value_string ssl_31_public_value_encoding[];
229 extern value_string_ext ssl_31_ciphersuite_ext;
230 extern const value_string pct_msg_types[];
231 extern const value_string pct_cipher_type[];
232 extern const value_string pct_hash_type[];
233 extern const value_string pct_cert_type[];
234 extern const value_string pct_sig_type[];
235 extern const value_string pct_exch_type[];
236 extern const value_string pct_error_code[];
237 extern const value_string tls_hello_extension_types[];
238 extern const value_string tls_hash_algorithm[];
239 extern const value_string tls_signature_algorithm[];
240 extern const value_string tls13_signature_algorithm[];
241 extern const value_string tls_certificate_type[];
242 extern const value_string tls_cert_chain_type[];
243 extern const value_string tls_cert_status_type[];
244 extern const value_string ssl_extension_curves[];
245 extern const value_string ssl_extension_ec_point_formats[];
246 extern const value_string ssl_curve_types[];
247 extern const value_string tls_hello_ext_server_name_type_vs[];
248 extern const value_string tls_hello_ext_psk_ke_mode[];
249 extern const value_string tls13_key_update_request[];
250 extern const value_string quic_transport_parameter_id[];
251 extern const value_string quic_version_vals[];
252 
253 /* XXX Should we use GByteArray instead? */
254 typedef struct _StringInfo {
255  guchar *data; /* Backing storage which may be larger than data_len */
256  guint data_len; /* Length of the meaningful part of data */
257 } StringInfo;
258 
259 #define SSL_WRITE_KEY 1
260 
261 #define SSL_VER_UNKNOWN 0
262 #define PCT_VERSION 0x8001 /* PCT_VERSION_1 from http://graphcomp.com/info/specs/ms/pct.htm */
263 #define SSLV2_VERSION 0x0002 /* not in record layer, SSL_CLIENT_SERVER from
264  http://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html */
265 #define SSLV3_VERSION 0x300
266 #define TLSV1_VERSION 0x301
267 #define TLSV1DOT1_VERSION 0x302
268 #define TLSV1DOT2_VERSION 0x303
269 #define TLSV1DOT3_VERSION 0x304
270 #define DTLSV1DOT0_VERSION 0xfeff
271 #define DTLSV1DOT0_OPENSSL_VERSION 0x100
272 #define DTLSV1DOT2_VERSION 0xfefd
273 
274 /* Returns the TLS 1.3 draft version or 0 if not applicable. */
275 static inline guint8 tls13_draft_version(guint32 version) {
276  if ((version & 0xff00) == 0x7f00) {
277  return (guint8) version;
278  }
279  return 0;
280 }
281 
282 
283 #define SSL_CLIENT_RANDOM (1<<0)
284 #define SSL_SERVER_RANDOM (1<<1)
285 #define SSL_CIPHER (1<<2)
286 #define SSL_HAVE_SESSION_KEY (1<<3)
287 #define SSL_VERSION (1<<4)
288 #define SSL_MASTER_SECRET (1<<5)
289 #define SSL_PRE_MASTER_SECRET (1<<6)
290 #define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
291 #define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
292 #define SSL_NEW_SESSION_TICKET (1<<10)
293 #define SSL_ENCRYPT_THEN_MAC (1<<11)
294 #define SSL_SEEN_0RTT_APPDATA (1<<12)
295 
296 #define SSL_EXTENDED_MASTER_SECRET_MASK (SSL_CLIENT_EXTENDED_MASTER_SECRET|SSL_SERVER_EXTENDED_MASTER_SECRET)
297 
298 /* SSL Cipher Suite modes */
299 typedef enum {
300  MODE_STREAM, /* GenericStreamCipher */
301  MODE_CBC, /* GenericBlockCipher */
302  MODE_GCM, /* GenericAEADCipher */
303  MODE_CCM, /* AEAD_AES_{128,256}_CCM with 16 byte auth tag */
304  MODE_CCM_8, /* AEAD_AES_{128,256}_CCM with 8 byte auth tag */
305  MODE_POLY1305, /* AEAD_CHACHA20_POLY1305 with 16 byte auth tag (RFC 7905) */
306 } ssl_cipher_mode_t;
307 
308 /* Explicit and implicit nonce length (RFC 5116 - Section 3.2.1) */
309 #define IMPLICIT_NONCE_LEN 4
310 #define EXPLICIT_NONCE_LEN 8
311 #define TLS13_AEAD_NONCE_LENGTH 12
312 
313 /* TLS 1.3 Record type for selecting the appropriate secret. */
314 typedef enum {
315  TLS_SECRET_0RTT_APP,
316  TLS_SECRET_HANDSHAKE,
317  TLS_SECRET_APP,
318 } TLSRecordType;
319 
320 #define SSL_DEBUG_USE_STDERR "-"
321 
322 #define SSLV2_MAX_SESSION_ID_LENGTH_IN_BYTES 16
323 
324 /* Record fragment lengths MUST NOT exceed 2^14 (= 0x4000) */
325 #define TLS_MAX_RECORD_LENGTH 0x4000
326 
327 typedef struct _SslCipherSuite {
328  gint number;
329  gint kex;
330  gint enc;
331  gint dig;
332  ssl_cipher_mode_t mode;
334 
335 typedef struct _SslFlow {
336  guint32 byte_seq;
337  guint16 flags;
338  wmem_tree_t *multisegment_pdus;
339 } SslFlow;
340 
341 typedef struct _SslDecompress SslDecompress;
342 
343 typedef struct _SslDecoder {
344  const SslCipherSuite *cipher_suite;
345  gint compression;
346  guchar _mac_key_or_write_iv[48];
347  StringInfo mac_key; /* for block and stream ciphers */
348  StringInfo write_iv; /* for AEAD ciphers (at least GCM, CCM) */
349  SSL_CIPHER_CTX evp;
350  SslDecompress *decomp;
351  guint64 seq;
352  guint16 epoch;
353  SslFlow *flow;
355 } SslDecoder;
356 
357 /*
358  * TLS 1.3 Cipher context. Simpler than SslDecoder since no compression is
359  * required and all keys are calculated internally.
360  */
361 typedef struct {
362  gcry_cipher_hd_t hd;
363  guint8 iv[TLS13_AEAD_NONCE_LENGTH];
364 } tls13_cipher;
365 
366 #define KEX_DHE_DSS 0x10
367 #define KEX_DHE_PSK 0x11
368 #define KEX_DHE_RSA 0x12
369 #define KEX_DH_ANON 0x13
370 #define KEX_DH_DSS 0x14
371 #define KEX_DH_RSA 0x15
372 #define KEX_ECDHE_ECDSA 0x16
373 #define KEX_ECDHE_PSK 0x17
374 #define KEX_ECDHE_RSA 0x18
375 #define KEX_ECDH_ANON 0x19
376 #define KEX_ECDH_ECDSA 0x1a
377 #define KEX_ECDH_RSA 0x1b
378 #define KEX_KRB5 0x1c
379 #define KEX_PSK 0x1d
380 #define KEX_RSA 0x1e
381 #define KEX_RSA_PSK 0x1f
382 #define KEX_SRP_SHA 0x20
383 #define KEX_SRP_SHA_DSS 0x21
384 #define KEX_SRP_SHA_RSA 0x22
385 #define KEX_IS_DH(n) ((n) >= KEX_DHE_DSS && (n) <= KEX_ECDH_RSA)
386 #define KEX_TLS13 0x23
387 
388 /* Order is significant, must match "ciphers" array in packet-ssl-utils.c */
389 #define ENC_DES 0x30
390 #define ENC_3DES 0x31
391 #define ENC_RC4 0x32
392 #define ENC_RC2 0x33
393 #define ENC_IDEA 0x34
394 #define ENC_AES 0x35
395 #define ENC_AES256 0x36
396 #define ENC_CAMELLIA128 0x37
397 #define ENC_CAMELLIA256 0x38
398 #define ENC_SEED 0x39
399 #define ENC_CHACHA20 0x3A
400 #define ENC_NULL 0x3B
401 
402 #define DIG_MD5 0x40
403 #define DIG_SHA 0x41
404 #define DIG_SHA256 0x42
405 #define DIG_SHA384 0x43
406 #define DIG_NA 0x44 /* Not Applicable */
407 
408 typedef struct {
409  const gchar *name;
410  guint len;
411 } SslDigestAlgo;
412 
413 typedef struct _SslRecordInfo {
414  guchar *plain_data;
415  guint data_len;
416  gint id;
418  ContentType type;
421  guint32 seq;
422  struct _SslRecordInfo* next;
423 } SslRecordInfo;
424 
425 typedef struct {
427  guint32 srcport;
428  guint32 destport;
429 } SslPacketInfo;
430 
431 typedef struct _SslSession {
432  gint cipher;
433  gint compression;
434  guint16 version;
435  guchar tls13_draft_version;
436  gint8 client_cert_type;
437  gint8 server_cert_type;
438  guint32 client_ccs_frame;
439  guint32 server_ccs_frame;
440 
441  /* The address/proto/port of the server as determined from heuristics
442  * (e.g. ClientHello) or set externally (via ssl_set_master_secret()). */
443  address srv_addr;
444  port_type srv_ptype;
445  guint srv_port;
446 
447  /* The Application layer protocol if known (for STARTTLS support) */
448  dissector_handle_t app_handle;
449  guint32 last_nontls_frame;
450  gboolean is_session_resumed;
451 } SslSession;
452 
453 /* RFC 5246, section 8.1 says that the master secret is always 48 bytes */
454 #define SSL_MASTER_SECRET_LENGTH 48
455 
456 /* This holds state information for a SSL conversation */
457 typedef struct _SslDecryptSession {
458  guchar _master_secret[SSL_MASTER_SECRET_LENGTH];
459  guchar _session_id[256];
460  guchar _client_random[32];
461  guchar _server_random[32];
462  StringInfo session_id;
463  StringInfo session_ticket;
464  StringInfo server_random;
465  StringInfo client_random;
466  StringInfo master_secret;
467  StringInfo handshake_data;
468  /* the data store for this StringInfo must be allocated explicitly with a capture lifetime scope */
469  StringInfo pre_master_secret;
470  guchar _server_data_for_iv[24];
471  StringInfo server_data_for_iv;
472  guchar _client_data_for_iv[24];
473  StringInfo client_data_for_iv;
474 
475  gint state;
476  const SslCipherSuite *cipher_suite;
477  SslDecoder *server;
478  SslDecoder *client;
479  SslDecoder *server_new;
480  SslDecoder *client_new;
481 #if defined(HAVE_LIBGNUTLS)
482  gcry_sexp_t private_key;
483 #endif
484  StringInfo psk;
485  StringInfo app_data_segment;
486  SslSession session;
487  gboolean has_early_data;
488 
490 
491 /* User Access Table */
492 typedef struct _ssldecrypt_assoc_t {
493  char* ipaddr;
494  char* port;
495  char* protocol;
496  char* keyfile;
497  char* password;
499 
500 typedef struct ssl_common_options {
501  const gchar *psk;
502  const gchar *keylog_filename;
504 
506 typedef struct {
507  GHashTable *session; /* Session ID (1-32 bytes) to master secret. */
508  GHashTable *tickets; /* Session Ticket to master secret. */
509  GHashTable *crandom; /* Client Random to master secret */
510  GHashTable *pre_master; /* First 8 bytes of encrypted pre-master secret to
511  pre-master secret */
512  GHashTable *pms; /* Client Random to unencrypted pre-master secret */
513 
514  /* For TLS 1.3: maps Client Random to derived secret. */
515  GHashTable *tls13_client_early;
516  GHashTable *tls13_client_handshake;
517  GHashTable *tls13_server_handshake;
518  GHashTable *tls13_client_appdata;
519  GHashTable *tls13_server_appdata;
520  GHashTable *tls13_early_exporter;
521  GHashTable *tls13_exporter;
523 
524 gint ssl_get_keyex_alg(gint cipher);
525 
526 gboolean ssldecrypt_uat_fld_ip_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err);
527 gboolean ssldecrypt_uat_fld_port_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err);
528 gboolean ssldecrypt_uat_fld_fileopen_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err);
529 gboolean ssldecrypt_uat_fld_password_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err);
530 gchar* ssl_association_info(const char* dissector_table_name, const char* table_protocol);
531 
536 extern SslDecryptSession *
537 ssl_get_session(conversation_t *conversation, dissector_handle_t ssl_handle);
538 
540 extern void
541 ssl_set_server(SslSession *session, address *addr, port_type ptype, guint32 port);
542 
552 WS_DLL_PUBLIC guint32
553 ssl_starttls_ack(dissector_handle_t ssl_handle, packet_info *pinfo,
554  dissector_handle_t app_handle);
555 
564 WS_DLL_PUBLIC guint32
565 ssl_starttls_post_ack(dissector_handle_t ssl_handle, packet_info *pinfo,
566  dissector_handle_t app_handle);
567 
568 extern dissector_handle_t
569 ssl_find_appdata_dissector(const char *name);
570 
576 extern void
577 ssl_data_set(StringInfo* buf, const guchar* src, guint len);
578 
582 extern gint
583 ssl_data_alloc(StringInfo* str, size_t len);
584 
585 extern gint
586 ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, guchar* iv, gint iv_len);
587 
591 extern const SslCipherSuite *
592 ssl_find_cipher(int num);
593 
594 
596 int
597 ssl_get_cipher_algo(const SslCipherSuite *cipher_suite);
598 
603 guint
604 ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite);
605 
606 gboolean
607 ssl_generate_pre_master_secret(SslDecryptSession *ssl_session,
608  guint32 length, tvbuff_t *tvb, guint32 offset,
609  const gchar *ssl_psk,
610  const ssl_master_key_map_t *mk_map);
611 
616 extern gint
617 ssl_generate_keyring_material(SslDecryptSession*ssl_session);
618 
619 extern void
620 ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server);
621 
634 extern gint
635 ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, guint8 ct, guint16 record_version,
636  gboolean ignore_mac_failed,
637  const guchar *in, guint16 inl, StringInfo *comp_str, StringInfo *out_str, guint *outl);
638 
644 tls13_cipher *
645 tls13_cipher_create(const char *label_prefix, int cipher_algo, int cipher_mode, int hash_algo, const StringInfo *secret, const gchar **error);
646 
647 
648 /* Common part bitween SSL and DTLS dissectors */
649 /* Hash Functions for RSA private keys table */
650 
651 extern gboolean
652 ssl_private_key_equal (gconstpointer v, gconstpointer v2);
653 
654 extern guint
655 ssl_private_key_hash (gconstpointer v);
656 
657 /* private key table entries have a scope 'larger' then packet capture,
658  * so we can't rely on wmem_file_scope function */
659 extern void
660 ssl_private_key_free(gpointer key);
661 
662 
663 /* handling of association between tls/dtls ports and clear text protocol */
664 extern void
665 ssl_association_add(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, guint port, gboolean tcp);
666 
667 extern void
668 ssl_association_remove(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, guint port, gboolean tcp);
669 
670 extern gint
671 ssl_packet_from_server(SslSession *session, dissector_table_t table, packet_info *pinfo);
672 
673 /* add to packet data a copy of the specified real data */
674 extern void
675 ssl_add_record_info(gint proto, packet_info *pinfo, const guchar *data, gint data_len, gint record_id, SslFlow *flow, ContentType type, guint8 curr_layer_num_ssl);
676 
677 /* search in packet data for the specified id; return a newly created tvb for the associated data */
678 extern tvbuff_t*
679 ssl_get_record_info(tvbuff_t *parent_tvb, gint proto, packet_info *pinfo, gint record_id, guint8 curr_layer_num_ssl, SslRecordInfo **matched_record);
680 
681 /* initialize/reset per capture state data (ssl sessions cache) */
682 extern void
683 ssl_common_init(ssl_master_key_map_t *master_key_map,
684  StringInfo *decrypted_data, StringInfo *compressed_data);
685 extern void
686 ssl_common_cleanup(ssl_master_key_map_t *master_key_map, FILE **ssl_keylog_file,
687  StringInfo *decrypted_data, StringInfo *compressed_data);
688 
689 /* tries to update the secrets cache from the given filename */
690 extern void
691 ssl_load_keyfile(const gchar *ssl_keylog_filename, FILE **keylog_file,
692  const ssl_master_key_map_t *mk_map);
693 
694 /* parse ssl related preferences (private keys and ports association strings) */
695 extern void
696 ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, const char* dissector_table_name, dissector_handle_t main_handle, gboolean tcp);
697 
698 /* store master secret into session data cache */
699 extern void
700 ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash);
701 
702 extern void
703 ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map);
704 
705 extern gboolean
706 tls13_generate_keys(SslDecryptSession *ssl_session, const StringInfo *secret, gboolean is_from_server);
707 
708 extern StringInfo *
709 tls13_load_secret(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map,
710  gboolean is_from_server, TLSRecordType type);
711 
712 extern void
713 tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map,
714  gboolean is_from_server, TLSRecordType type);
715 
716 extern void
717 tls13_key_update(SslDecryptSession *ssl, gboolean is_from_server);
718 
719 extern gboolean
720 ssl_is_valid_content_type(guint8 type);
721 
722 extern gboolean
723 ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls);
724 
725 extern void
726 tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end,
727  guint16 *server_version, gboolean *is_hrr);
728 
729 extern void
730 ssl_try_set_version(SslSession *session, SslDecryptSession *ssl,
731  guint8 content_type, guint8 handshake_type,
732  gboolean is_dtls, guint16 version);
733 
734 extern void
735 ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guint32 offset, guint32 length);
736 
737 /* common header fields, subtrees and expert info for SSL and DTLS dissectors */
738 typedef struct ssl_common_dissect {
739  struct {
740  gint change_cipher_spec;
741  gint hs_exts_len;
742  gint hs_ext_alpn_len;
743  gint hs_ext_alpn_list;
744  gint hs_ext_alpn_str;
745  gint hs_ext_alpn_str_len;
746  gint hs_ext_cert_url_item;
747  gint hs_ext_cert_url_padding;
748  gint hs_ext_cert_url_sha1;
749  gint hs_ext_cert_url_type;
750  gint hs_ext_cert_url_url;
751  gint hs_ext_cert_url_url_hash_list_len;
752  gint hs_ext_cert_url_url_len;
753  gint hs_ext_cert_status_type;
754  gint hs_ext_cert_status_request_len;
755  gint hs_ext_cert_status_responder_id_list_len;
756  gint hs_ext_cert_status_request_extensions_len;
757  gint hs_ext_cert_status_request_list_len;
758  gint hs_ocsp_response_list_len;
759  gint hs_ocsp_response_len;
760  gint hs_ext_cert_type;
761  gint hs_ext_cert_types;
762  gint hs_ext_cert_types_len;
763  gint hs_ext_data;
764  gint hs_ext_ec_point_format;
765  gint hs_ext_ec_point_formats;
766  gint hs_ext_ec_point_formats_len;
767  gint hs_ext_supported_group;
768  gint hs_ext_supported_groups;
769  gint hs_ext_supported_groups_len;
770  gint hs_ext_heartbeat_mode;
771  gint hs_ext_len;
772  gint hs_ext_npn_str;
773  gint hs_ext_npn_str_len;
774  gint hs_ext_reneg_info_len;
775  gint hs_ext_reneg_info;
776  gint hs_ext_key_share_client_length;
777  gint hs_ext_key_share_group;
778  gint hs_ext_key_share_key_exchange_length;
779  gint hs_ext_key_share_key_exchange;
780  gint hs_ext_key_share_selected_group;
781  gint hs_ext_psk_identities_length;
782  gint hs_ext_psk_identity_identity_length;
783  gint hs_ext_psk_identity_identity;
784  gint hs_ext_psk_identity_obfuscated_ticket_age;
785  gint hs_ext_psk_binders_length;
786  gint hs_ext_psk_binders;
787  gint hs_ext_psk_identity_selected;
788  gint hs_ext_supported_versions_len;
789  gint hs_ext_supported_version;
790  gint hs_ext_cookie_len;
791  gint hs_ext_cookie;
792  gint hs_ext_server_name;
793  gint hs_ext_server_name_len;
794  gint hs_ext_server_name_list_len;
795  gint hs_ext_server_name_type;
796  gint hs_ext_padding_data;
797  gint hs_ext_type;
798  gint hs_sig_hash_alg;
799  gint hs_sig_hash_alg_len;
800  gint hs_sig_hash_algs;
801  gint hs_sig_hash_hash;
802  gint hs_sig_hash_sig;
803  gint hs_client_keyex_epms_len;
804  gint hs_client_keyex_epms;
805  gint hs_server_keyex_modulus_len;
806  gint hs_server_keyex_exponent_len;
807  gint hs_server_keyex_sig_len;
808  gint hs_server_keyex_p_len;
809  gint hs_server_keyex_g_len;
810  gint hs_server_keyex_ys_len;
811  gint hs_client_keyex_yc_len;
812  gint hs_client_keyex_point_len;
813  gint hs_server_keyex_point_len;
814  gint hs_server_keyex_p;
815  gint hs_server_keyex_g;
816  gint hs_server_keyex_curve_type;
817  gint hs_server_keyex_named_curve;
818  gint hs_server_keyex_ys;
819  gint hs_client_keyex_yc;
820  gint hs_server_keyex_point;
821  gint hs_client_keyex_point;
822  gint hs_server_keyex_modulus;
823  gint hs_server_keyex_exponent;
824  gint hs_server_keyex_sig;
825  gint hs_server_keyex_hint_len;
826  gint hs_server_keyex_hint;
827  gint hs_client_keyex_identity_len;
828  gint hs_client_keyex_identity;
829  gint hs_certificates_len;
830  gint hs_certificates;
831  gint hs_certificate_len;
832  gint hs_certificate;
833  gint hs_cert_types_count;
834  gint hs_cert_types;
835  gint hs_cert_type;
836  gint hs_dnames_len;
837  gint hs_dnames;
838  gint hs_dname_len;
839  gint hs_dname;
840  gint hs_random;
841  gint hs_random_time;
842  gint hs_random_bytes;
843  gint hs_session_id;
844  gint hs_session_id_len;
845  gint hs_client_version;
846  gint hs_server_version;
847  gint hs_cipher_suites_len;
848  gint hs_cipher_suites;
849  gint hs_cipher_suite;
850  gint hs_comp_methods_len;
851  gint hs_comp_methods;
852  gint hs_comp_method;
853  gint hs_session_ticket_lifetime_hint;
854  gint hs_session_ticket_age_add;
855  gint hs_session_ticket_nonce_len;
856  gint hs_session_ticket_nonce;
857  gint hs_session_ticket_len;
858  gint hs_session_ticket;
859  gint hs_finished;
860  gint hs_client_cert_vrfy_sig_len;
861  gint hs_client_cert_vrfy_sig;
862 
863  /* TLS 1.3 */
864  gint hs_ext_draft_version_tls13;
865  gint hs_ext_psk_ke_modes_length;
866  gint hs_ext_psk_ke_mode;
867  gint hs_certificate_request_context_length;
868  gint hs_certificate_request_context;
869  gint hs_key_update_request_update;
870  gint sct_scts_length;
871  gint sct_sct_length;
872  gint sct_sct_version;
873  gint sct_sct_logid;
874  gint sct_sct_timestamp;
875  gint sct_sct_extensions_length;
876  gint sct_sct_extensions;
877  gint sct_sct_signature;
878  gint sct_sct_signature_length;
879  gint hs_ext_max_early_data_size;
880  gint hs_ext_oid_filters_length;
881  gint hs_ext_oid_filters_oid_length;
882  gint hs_ext_oid_filters_oid;
883  gint hs_ext_oid_filters_values_length;
884 
885  /* QUIC Transport Parameters */
886  gint hs_ext_quictp_negotiated_version;
887  gint hs_ext_quictp_initial_version;
888  gint hs_ext_quictp_supported_versions_len;
889  gint hs_ext_quictp_supported_versions;
890  gint hs_ext_quictp_len;
891  gint hs_ext_quictp_parameter;
892  gint hs_ext_quictp_parameter_type;
893  gint hs_ext_quictp_parameter_len;
894  gint hs_ext_quictp_parameter_value;
895  gint hs_ext_quictp_parameter_initial_max_stream_data;
896  gint hs_ext_quictp_parameter_initial_max_data;
897  gint hs_ext_quictp_parameter_initial_max_streams_bidi;
898  gint hs_ext_quictp_parameter_idle_timeout;
899  gint hs_ext_quictp_parameter_max_packet_size;
900  gint hs_ext_quictp_parameter_stateless_reset_token;
901  gint hs_ext_quictp_parameter_ack_delay_exponent;
902  gint hs_ext_quictp_parameter_initial_max_streams_uni;
903 
904  /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */
905  } hf;
906  struct {
907  gint hs_ext;
908  gint hs_ext_alpn;
909  gint hs_ext_cert_types;
910  gint hs_ext_groups;
911  gint hs_ext_curves_point_formats;
912  gint hs_ext_npn;
913  gint hs_ext_reneg_info;
914  gint hs_ext_key_share;
915  gint hs_ext_key_share_ks;
916  gint hs_ext_pre_shared_key;
917  gint hs_ext_psk_identity;
918  gint hs_ext_server_name;
919  gint hs_ext_oid_filter;
920  gint hs_ext_quictp_parameter;
921  gint hs_sig_hash_alg;
922  gint hs_sig_hash_algs;
923  gint urlhash;
924  gint keyex_params;
925  gint certificates;
926  gint cert_types;
927  gint dnames;
928  gint hs_random;
929  gint cipher_suites;
930  gint comp_methods;
931  gint session_ticket;
932  gint sct;
933  gint cert_status;
934  gint ocsp_response;
935 
936  /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_ETT_LIST! */
937  } ett;
938  struct {
939  /* Generic expert info for malformed packets. */
940  expert_field malformed_vector_length;
941  expert_field malformed_buffer_too_small;
942  expert_field malformed_trailing_data;
943 
944  expert_field hs_ext_cert_status_undecoded;
945  expert_field resumed;
946  expert_field record_length_invalid;
947 
948  /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_EI_LIST! */
949  } ei;
951 
952 /* Header fields specific to DTLS. See packet-dtls.c */
953 typedef struct {
954  gint hf_dtls_handshake_cookie_len;
955  gint hf_dtls_handshake_cookie;
956 
957  /* Do not forget to initialize dtls_hfs to -1 in packet-dtls.c! */
958 } dtls_hfs_t;
959 
960 /* Header fields specific to SSL. See packet-ssl.c */
961 typedef struct {
962  gint hs_md5_hash;
963  gint hs_sha_hash;
964 
965  /* Do not forget to initialize ssl_hfs to -1 in packet-ssl.c! */
966 } ssl_hfs_t;
967 
968 
969 /* Helpers for dissecting Variable-Length Vectors. {{{ */
970 /* Largest value that fits in a 24-bit number (2^24-1). */
971 #define G_MAXUINT24 ((1U << 24) - 1)
972 
985 extern gboolean
986 ssl_add_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
987  guint offset, guint offset_end, guint32 *ret_length,
988  int hf_length, guint32 min_value, guint32 max_value);
989 
998 extern gboolean
999 ssl_end_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
1000  guint offset, guint offset_end);
1001 /* }}} */
1002 
1003 
1004 extern void
1005 ssl_check_record_length(ssl_common_dissect_t *hf, packet_info *pinfo,
1006  guint record_length, proto_item *length_pi,
1007  guint16 version, tvbuff_t *decrypted_tvb);
1008 
1009 void
1010 ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb,
1011  packet_info *pinfo, proto_tree *tree,
1012  guint32 offset, SslSession *session,
1013  gboolean is_from_server,
1014  const SslDecryptSession *ssl);
1015 
1016 extern void
1017 ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
1018  packet_info *pinfo, proto_tree *tree, guint32 offset,
1019  guint32 offset_end, SslSession *session,
1020  SslDecryptSession *ssl,
1021  dtls_hfs_t *dtls_hfs);
1022 
1023 extern void
1024 ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo,
1025  proto_tree *tree, guint32 offset, guint32 offset_end,
1026  SslSession *session, SslDecryptSession *ssl,
1027  gboolean is_dtls, gboolean is_hrr);
1028 
1029 extern void
1030 ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo,
1031  proto_tree *tree, guint32 offset, guint32 offset_end,
1032  SslSession *session, SslDecryptSession *ssl,
1033  gboolean is_dtls);
1034 
1035 extern void
1036 ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo,
1037  proto_tree *tree, guint32 offset, guint32 offset_end,
1038  SslSession *session, SslDecryptSession *ssl,
1039  gboolean is_dtls);
1040 
1041 extern void
1042 ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo,
1043  proto_tree *tree, guint32 offset, guint32 offset_end,
1044  SslSession *session, SslDecryptSession *ssl,
1045  gboolean is_dtls, GHashTable *session_hash);
1046 
1047 extern void
1048 ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
1049  guint32 offset, guint32 offset_end, packet_info *pinfo,
1050  SslSession *session, SslDecryptSession *ssl,
1051  GHashTable *key_hash, gboolean is_from_server, gboolean is_dtls);
1052 
1053 extern void
1054 ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo,
1055  proto_tree *tree, guint32 offset, guint32 offset_end,
1056  SslSession *session, gboolean is_dtls);
1057 
1058 extern void
1059 ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo,
1060  proto_tree *tree, guint32 offset, guint32 offset_end, guint16 version);
1061 
1062 extern void
1063 ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
1064  proto_tree *tree, guint32 offset, guint32 offset_end,
1065  const SslSession *session, ssl_hfs_t *ssl_hfs);
1066 
1067 extern void
1068 ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset);
1069 
1070 extern guint32
1071 tls_dissect_hnd_certificate_status(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo,
1072  proto_tree *tree, guint32 offset, guint32 offset_end);
1073 
1074 extern void
1075 ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb,
1076  proto_tree *tree, guint32 offset, guint32 length,
1077  const SslSession *session);
1078 
1079 extern void
1080 ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo,
1081  proto_tree *tree, guint32 offset, guint32 offset_end,
1082  const SslSession *session);
1083 
1084 extern void
1085 tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb,
1086  proto_tree *tree, guint32 offset);
1087 
1088 extern guint32
1089 tls_dissect_sct_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
1090  guint32 offset, guint32 offset_end, guint16 version);
1091 
1092 extern gboolean
1093 tls13_hkdf_expand_label_context(int md, const StringInfo *secret,
1094  const char *label_prefix, const char *label,
1095  const guint8 *context, guint8 context_length,
1096  guint16 out_len, guchar **out);
1097 
1098 extern gboolean
1099 tls13_hkdf_expand_label(int md, const StringInfo *secret,
1100  const char *label_prefix, const char *label,
1101  guint16 out_len, guchar **out);
1102 
1103 /* {{{ */
1104 #define SSL_COMMON_LIST_T(name) \
1105 ssl_common_dissect_t name = { \
1106  /* hf */ { \
1107  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1108  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1109  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1110  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1111  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1112  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1113  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1114  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1115  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1116  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1117  }, \
1118  /* ett */ { \
1119  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1120  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1121  }, \
1122  /* ei */ { \
1123  EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, \
1124  }, \
1125 }
1126 /* }}} */
1127 
1128 /* {{{ */
1129 #define SSL_COMMON_HF_LIST(name, prefix) \
1130  { & name .hf.change_cipher_spec, \
1131  { "Change Cipher Spec Message", prefix ".change_cipher_spec", \
1132  FT_NONE, BASE_NONE, NULL, 0x0, \
1133  "Signals a change in cipher specifications", HFILL } \
1134  }, \
1135  { & name .hf.hs_exts_len, \
1136  { "Extensions Length", prefix ".handshake.extensions_length", \
1137  FT_UINT16, BASE_DEC, NULL, 0x0, \
1138  "Length of hello extensions", HFILL } \
1139  }, \
1140  { & name .hf.hs_ext_type, \
1141  { "Type", prefix ".handshake.extension.type", \
1142  FT_UINT16, BASE_DEC, VALS(tls_hello_extension_types), 0x0, \
1143  "Hello extension type", HFILL } \
1144  }, \
1145  { & name .hf.hs_ext_len, \
1146  { "Length", prefix ".handshake.extension.len", \
1147  FT_UINT16, BASE_DEC, NULL, 0x0, \
1148  "Length of a hello extension", HFILL } \
1149  }, \
1150  { & name .hf.hs_ext_data, \
1151  { "Data", prefix ".handshake.extension.data", \
1152  FT_BYTES, BASE_NONE, NULL, 0x0, \
1153  "Hello Extension data", HFILL } \
1154  }, \
1155  { & name .hf.hs_ext_supported_groups_len, \
1156  { "Supported Groups List Length", prefix ".handshake.extensions_supported_groups_length", \
1157  FT_UINT16, BASE_DEC, NULL, 0x0, \
1158  NULL, HFILL } \
1159  }, \
1160  { & name .hf.hs_ext_supported_groups, \
1161  { "Supported Groups List", prefix ".handshake.extensions_supported_groups", \
1162  FT_NONE, BASE_NONE, NULL, 0x0, \
1163  "List of supported groups (formerly Supported Elliptic Curves)", HFILL } \
1164  }, \
1165  { & name .hf.hs_ext_supported_group, \
1166  { "Supported Group", prefix ".handshake.extensions_supported_group", \
1167  FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1168  NULL, HFILL } \
1169  }, \
1170  { & name .hf.hs_ext_ec_point_formats_len, \
1171  { "EC point formats Length", prefix ".handshake.extensions_ec_point_formats_length", \
1172  FT_UINT8, BASE_DEC, NULL, 0x0, \
1173  "Length of elliptic curves point formats field", HFILL } \
1174  }, \
1175  { & name .hf.hs_ext_ec_point_formats, \
1176  { "EC point formats", prefix ".handshake.extensions_ec_point_formats", \
1177  FT_NONE, BASE_NONE, NULL, 0x0, \
1178  "List of elliptic curves point format", HFILL } \
1179  }, \
1180  { & name .hf.hs_ext_ec_point_format, \
1181  { "EC point format", prefix ".handshake.extensions_ec_point_format", \
1182  FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \
1183  "Elliptic curves point format", HFILL } \
1184  }, \
1185  { & name .hf.hs_ext_alpn_len, \
1186  { "ALPN Extension Length", prefix ".handshake.extensions_alpn_len", \
1187  FT_UINT16, BASE_DEC, NULL, 0x0, \
1188  "Length of the ALPN Extension", HFILL } \
1189  }, \
1190  { & name .hf.hs_ext_alpn_list, \
1191  { "ALPN Protocol", prefix ".handshake.extensions_alpn_list", \
1192  FT_NONE, BASE_NONE, NULL, 0x0, \
1193  NULL, HFILL } \
1194  }, \
1195  { & name .hf.hs_ext_alpn_str_len, \
1196  { "ALPN string length", prefix ".handshake.extensions_alpn_str_len", \
1197  FT_UINT8, BASE_DEC, NULL, 0x0, \
1198  "Length of ALPN string", HFILL } \
1199  }, \
1200  { & name .hf.hs_ext_alpn_str, \
1201  { "ALPN Next Protocol", prefix ".handshake.extensions_alpn_str", \
1202  FT_STRING, BASE_NONE, NULL, 0x00, \
1203  NULL, HFILL } \
1204  }, \
1205  { & name .hf.hs_ext_npn_str_len, \
1206  { "Protocol string length", prefix ".handshake.extensions_npn_str_len", \
1207  FT_UINT8, BASE_DEC, NULL, 0x0, \
1208  "Length of next protocol string", HFILL } \
1209  }, \
1210  { & name .hf.hs_ext_npn_str, \
1211  { "Next Protocol", prefix ".handshake.extensions_npn", \
1212  FT_STRING, BASE_NONE, NULL, 0x0, \
1213  NULL, HFILL } \
1214  }, \
1215  { & name .hf.hs_ext_reneg_info_len, \
1216  { "Renegotiation info extension length", prefix ".handshake.extensions_reneg_info_len", \
1217  FT_UINT8, BASE_DEC, NULL, 0x0, \
1218  NULL, HFILL } \
1219  }, \
1220  { & name .hf.hs_ext_reneg_info, \
1221  { "Renegotiation info", prefix ".handshake.extensions_reneg_info",\
1222  FT_BYTES, BASE_NONE, NULL, 0x0, \
1223  NULL, HFILL } \
1224  }, \
1225  { & name .hf.hs_ext_key_share_client_length, \
1226  { "Client Key Share Length", prefix ".handshake.extensions_key_share_client_length", \
1227  FT_UINT16, BASE_DEC, NULL, 0x00, \
1228  NULL, HFILL } \
1229  }, \
1230  { & name .hf.hs_ext_key_share_group, \
1231  { "Group", prefix ".handshake.extensions_key_share_group", \
1232  FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1233  NULL, HFILL } \
1234  }, \
1235  { & name .hf.hs_ext_key_share_key_exchange_length, \
1236  { "Key Exchange Length", prefix ".handshake.extensions_key_share_key_exchange_length", \
1237  FT_UINT16, BASE_DEC, NULL, 0x00, \
1238  NULL, HFILL } \
1239  }, \
1240  { & name .hf.hs_ext_key_share_key_exchange, \
1241  { "Key Exchange", prefix ".handshake.extensions_key_share_key_exchange", \
1242  FT_BYTES, BASE_NONE, NULL, 0x0, \
1243  NULL, HFILL } \
1244  }, \
1245  { & name .hf.hs_ext_key_share_selected_group, \
1246  { "Selected Group", prefix ".handshake.extensions_key_share_selected_group", \
1247  FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1248  NULL, HFILL } \
1249  }, \
1250  { & name .hf.hs_ext_psk_identities_length, \
1251  { "Identities Length", prefix ".handshake.extensions.psk.identities.length", \
1252  FT_UINT16, BASE_DEC, NULL, 0x0, \
1253  NULL, HFILL } \
1254  }, \
1255  { & name .hf.hs_ext_psk_identity_identity_length, \
1256  { "Identity Length", prefix ".handshake.extensions.psk.identity.identity_length", \
1257  FT_UINT16, BASE_DEC, NULL, 0x0, \
1258  NULL, HFILL } \
1259  }, \
1260  { & name .hf.hs_ext_psk_identity_identity, \
1261  { "Identity", prefix ".handshake.extensions.psk.identity.identity", \
1262  FT_BYTES, BASE_NONE, NULL, 0x0, \
1263  NULL, HFILL } \
1264  }, \
1265  { & name .hf.hs_ext_psk_identity_obfuscated_ticket_age, \
1266  { "Obfuscated Ticket Age", prefix ".handshake.extensions.psk.identity.obfuscated_ticket_age", \
1267  FT_UINT32, BASE_DEC, NULL, 0x0, \
1268  NULL, HFILL } \
1269  }, \
1270  { & name .hf.hs_ext_psk_binders_length, \
1271  { "PSK Binders length", prefix ".handshake.extensions.psk.binders_len", \
1272  FT_UINT16, BASE_DEC, NULL, 0x0, \
1273  NULL, HFILL } \
1274  }, \
1275  { & name .hf.hs_ext_psk_binders, \
1276  { "PSK Binders", prefix ".handshake.extensions.psk.binders", \
1277  FT_NONE, BASE_NONE, NULL, 0x0, \
1278  NULL, HFILL } \
1279  }, \
1280  { & name .hf.hs_ext_psk_identity_selected, \
1281  { "Selected Identity", prefix ".handshake.extensions.psk.identity.selected", \
1282  FT_UINT16, BASE_DEC, NULL, 0x0, \
1283  NULL, HFILL } \
1284  }, \
1285  { & name .hf.hs_ext_supported_versions_len, \
1286  { "Supported Versions length", prefix ".handshake.extensions.supported_versions_len", \
1287  FT_UINT8, BASE_DEC, NULL, 0x0, \
1288  NULL, HFILL } \
1289  }, \
1290  { & name .hf.hs_ext_supported_version, \
1291  { "Supported Version", prefix ".handshake.extensions.supported_version", \
1292  FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1293  NULL, HFILL } \
1294  }, \
1295  { & name .hf.hs_ext_cookie_len, \
1296  { "Cookie length", prefix ".handshake.extensions.cookie_len", \
1297  FT_UINT16, BASE_DEC, NULL, 0x0, \
1298  NULL, HFILL } \
1299  }, \
1300  { & name .hf.hs_ext_cookie, \
1301  { "Cookie", prefix ".handshake.extensions.cookie", \
1302  FT_BYTES, BASE_NONE, NULL, 0x0, \
1303  NULL, HFILL } \
1304  }, \
1305  { & name .hf.hs_ext_server_name_list_len, \
1306  { "Server Name list length", prefix ".handshake.extensions_server_name_list_len", \
1307  FT_UINT16, BASE_DEC, NULL, 0x0, \
1308  "Length of server name list", HFILL } \
1309  }, \
1310  { & name .hf.hs_ext_server_name_len, \
1311  { "Server Name length", prefix ".handshake.extensions_server_name_len", \
1312  FT_UINT16, BASE_DEC, NULL, 0x0, \
1313  "Length of server name string", HFILL } \
1314  }, \
1315  { & name .hf.hs_ext_server_name_type, \
1316  { "Server Name Type", prefix ".handshake.extensions_server_name_type", \
1317  FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, \
1318  NULL, HFILL } \
1319  }, \
1320  { & name .hf.hs_ext_server_name, \
1321  { "Server Name", prefix ".handshake.extensions_server_name", \
1322  FT_STRING, BASE_NONE, NULL, 0x0, \
1323  NULL, HFILL } \
1324  }, \
1325  { & name .hf.hs_ext_padding_data, \
1326  { "Padding Data", prefix ".handshake.extensions_padding_data", \
1327  FT_BYTES, BASE_NONE, NULL, 0x0, \
1328  "Must be zero", HFILL } \
1329  }, \
1330  { & name .hf.hs_ext_cert_url_type, \
1331  { "Certificate Chain Type", prefix ".handshake.cert_url_type", \
1332  FT_UINT8, BASE_DEC, VALS(tls_cert_chain_type), 0x0, \
1333  "Certificate Chain Type for Client Certificate URL", HFILL } \
1334  }, \
1335  { & name .hf.hs_ext_cert_url_url_hash_list_len, \
1336  { "URL and Hash list Length", prefix ".handshake.cert_url.url_hash_len", \
1337  FT_UINT16, BASE_DEC, NULL, 0x0, \
1338  NULL, HFILL } \
1339  }, \
1340  { & name .hf.hs_ext_cert_url_item, \
1341  { "URL and Hash", prefix ".handshake.cert_url.url_hash", \
1342  FT_NONE, BASE_NONE, NULL, 0x0, \
1343  NULL, HFILL } \
1344  }, \
1345  { & name .hf.hs_ext_cert_url_url_len, \
1346  { "URL Length", prefix ".handshake.cert_url.url_len", \
1347  FT_UINT16, BASE_DEC, NULL, 0x0, \
1348  NULL, HFILL } \
1349  }, \
1350  { & name .hf.hs_ext_cert_type, \
1351  { "Certificate Type", prefix ".handshake.cert_type.type", \
1352  FT_UINT8, BASE_HEX, VALS(tls_certificate_type), 0x0, \
1353  NULL, HFILL } \
1354  }, \
1355  { & name .hf.hs_ext_cert_types, \
1356  { "Certificate Type List", prefix ".handshake.cert_type.types", \
1357  FT_NONE, BASE_NONE, NULL, 0x0, \
1358  NULL, HFILL } \
1359  }, \
1360  { & name .hf.hs_ext_cert_types_len, \
1361  { "Certificate Type List Length", prefix ".handshake.cert_type.types_len", \
1362  FT_UINT8, BASE_DEC, NULL, 0x0, \
1363  NULL, HFILL } \
1364  }, \
1365  { & name .hf.hs_ext_cert_url_url, \
1366  { "URL", prefix ".handshake.cert_url.url", \
1367  FT_STRING, BASE_NONE, NULL, 0x0, \
1368  "URL used to fetch the certificate(s)", HFILL } \
1369  }, \
1370  { & name .hf.hs_ext_cert_url_padding, \
1371  { "Padding", prefix ".handshake.cert_url.padding", \
1372  FT_NONE, BASE_NONE, NULL, 0x0, \
1373  "Padding that MUST be 0x01 for backwards compatibility", HFILL } \
1374  }, \
1375  { & name .hf.hs_ext_cert_url_sha1, \
1376  { "SHA1 Hash", prefix ".handshake.cert_url.sha1", \
1377  FT_BYTES, BASE_NONE, NULL, 0x0, \
1378  "SHA1 Hash of the certificate", HFILL } \
1379  }, \
1380  { & name .hf.hs_ext_cert_status_type, \
1381  { "Certificate Status Type", prefix ".handshake.extensions_status_request_type", \
1382  FT_UINT8, BASE_DEC, VALS(tls_cert_status_type), 0x0, \
1383  NULL, HFILL } \
1384  }, \
1385  { & name .hf.hs_ext_cert_status_request_len, \
1386  { "Certificate Status Length", prefix ".handshake.extensions_status_request_len", \
1387  FT_UINT16, BASE_DEC, NULL, 0x0, \
1388  NULL, HFILL } \
1389  }, \
1390  { & name .hf.hs_ext_cert_status_responder_id_list_len, \
1391  { "Responder ID list Length", prefix ".handshake.extensions_status_request_responder_ids_len", \
1392  FT_UINT16, BASE_DEC, NULL, 0x0, \
1393  NULL, HFILL } \
1394  }, \
1395  { & name .hf.hs_ext_cert_status_request_extensions_len, \
1396  { "Request Extensions Length", prefix ".handshake.extensions_status_request_exts_len", \
1397  FT_UINT16, BASE_DEC, NULL, 0x0, \
1398  NULL, HFILL } \
1399  }, \
1400  { & name .hf.hs_ext_cert_status_request_list_len, \
1401  { "Certificate Status List Length", prefix ".handshake.extensions_status_request_list_len", \
1402  FT_UINT16, BASE_DEC, NULL, 0x0, \
1403  "CertificateStatusRequestItemV2 list length", HFILL } \
1404  }, \
1405  { & name .hf.hs_ocsp_response_list_len, \
1406  { "OCSP Response List Length", prefix ".handshake.ocsp_response_list_len", \
1407  FT_UINT24, BASE_DEC, NULL, 0x0, \
1408  "OCSPResponseList length", HFILL } \
1409  }, \
1410  { & name .hf.hs_ocsp_response_len, \
1411  { "OCSP Response Length", prefix ".handshake.ocsp_response_len", \
1412  FT_UINT24, BASE_DEC, NULL, 0x0, \
1413  NULL, HFILL } \
1414  }, \
1415  { & name .hf.hs_sig_hash_alg_len, \
1416  { "Signature Hash Algorithms Length", prefix ".handshake.sig_hash_alg_len", \
1417  FT_UINT16, BASE_DEC, NULL, 0x0, \
1418  "Length of Signature Hash Algorithms", HFILL } \
1419  }, \
1420  { & name .hf.hs_sig_hash_algs, \
1421  { "Signature Algorithms", prefix ".handshake.sig_hash_algs", \
1422  FT_NONE, BASE_NONE, NULL, 0x0, \
1423  "List of supported Signature Algorithms", HFILL } \
1424  }, \
1425  { & name .hf.hs_sig_hash_alg, \
1426  { "Signature Algorithm", prefix ".handshake.sig_hash_alg", \
1427  FT_UINT16, BASE_HEX, VALS(tls13_signature_algorithm), 0x0, \
1428  NULL, HFILL } \
1429  }, \
1430  { & name .hf.hs_sig_hash_hash, \
1431  { "Signature Hash Algorithm Hash", prefix ".handshake.sig_hash_hash", \
1432  FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0, \
1433  "Hash algorithm (TLS 1.2)", HFILL } \
1434  }, \
1435  { & name .hf.hs_sig_hash_sig, \
1436  { "Signature Hash Algorithm Signature", prefix ".handshake.sig_hash_sig", \
1437  FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, \
1438  "Signature algorithm (TLS 1.2)", HFILL } \
1439  }, \
1440  { & name .hf.hs_client_keyex_epms_len, \
1441  { "Encrypted PreMaster length", prefix ".handshake.epms_len", \
1442  FT_UINT16, BASE_DEC, NULL, 0x0, \
1443  "Length of encrypted PreMaster secret", HFILL } \
1444  }, \
1445  { & name .hf.hs_client_keyex_epms, \
1446  { "Encrypted PreMaster", prefix ".handshake.epms", \
1447  FT_BYTES, BASE_NONE, NULL, 0x0, \
1448  "Encrypted PreMaster secret", HFILL } \
1449  }, \
1450  { & name .hf.hs_server_keyex_modulus_len, \
1451  { "Modulus Length", prefix ".handshake.modulus_len", \
1452  FT_UINT16, BASE_DEC, NULL, 0x0, \
1453  "Length of RSA-EXPORT modulus", HFILL } \
1454  }, \
1455  { & name .hf.hs_server_keyex_exponent_len, \
1456  { "Exponent Length", prefix ".handshake.exponent_len", \
1457  FT_UINT16, BASE_DEC, NULL, 0x0, \
1458  "Length of RSA-EXPORT exponent", HFILL } \
1459  }, \
1460  { & name .hf.hs_server_keyex_sig_len, \
1461  { "Signature Length", prefix ".handshake.sig_len", \
1462  FT_UINT16, BASE_DEC, NULL, 0x0, \
1463  "Length of Signature", HFILL } \
1464  }, \
1465  { & name .hf.hs_server_keyex_p_len, \
1466  { "p Length", prefix ".handshake.p_len", \
1467  FT_UINT16, BASE_DEC, NULL, 0x0, \
1468  "Length of p", HFILL } \
1469  }, \
1470  { & name .hf.hs_server_keyex_g_len, \
1471  { "g Length", prefix ".handshake.g_len", \
1472  FT_UINT16, BASE_DEC, NULL, 0x0, \
1473  "Length of g", HFILL } \
1474  }, \
1475  { & name .hf.hs_server_keyex_ys_len, \
1476  { "Pubkey Length", prefix ".handshake.ys_len", \
1477  FT_UINT16, BASE_DEC, NULL, 0x0, \
1478  "Length of server's Diffie-Hellman public key", HFILL } \
1479  }, \
1480  { & name .hf.hs_client_keyex_yc_len, \
1481  { "Pubkey Length", prefix ".handshake.yc_len", \
1482  FT_UINT16, BASE_DEC, NULL, 0x0, \
1483  "Length of client's Diffie-Hellman public key", HFILL } \
1484  }, \
1485  { & name .hf.hs_client_keyex_point_len, \
1486  { "Pubkey Length", prefix ".handshake.client_point_len", \
1487  FT_UINT8, BASE_DEC, NULL, 0x0, \
1488  "Length of client's EC Diffie-Hellman public key", HFILL } \
1489  }, \
1490  { & name .hf.hs_server_keyex_point_len, \
1491  { "Pubkey Length", prefix ".handshake.server_point_len", \
1492  FT_UINT8, BASE_DEC, NULL, 0x0, \
1493  "Length of server's EC Diffie-Hellman public key", HFILL } \
1494  }, \
1495  { & name .hf.hs_server_keyex_p, \
1496  { "p", prefix ".handshake.p", \
1497  FT_BYTES, BASE_NONE, NULL, 0x0, \
1498  "Diffie-Hellman p", HFILL } \
1499  }, \
1500  { & name .hf.hs_server_keyex_g, \
1501  { "g", prefix ".handshake.g", \
1502  FT_BYTES, BASE_NONE, NULL, 0x0, \
1503  "Diffie-Hellman g", HFILL } \
1504  }, \
1505  { & name .hf.hs_server_keyex_curve_type, \
1506  { "Curve Type", prefix ".handshake.server_curve_type", \
1507  FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, \
1508  "Server curve_type", HFILL } \
1509  }, \
1510  { & name .hf.hs_server_keyex_named_curve, \
1511  { "Named Curve", prefix ".handshake.server_named_curve", \
1512  FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1513  "Server named_curve", HFILL } \
1514  }, \
1515  { & name .hf.hs_server_keyex_ys, \
1516  { "Pubkey", prefix ".handshake.ys", \
1517  FT_BYTES, BASE_NONE, NULL, 0x0, \
1518  "Diffie-Hellman server pubkey", HFILL } \
1519  }, \
1520  { & name .hf.hs_client_keyex_yc, \
1521  { "Pubkey", prefix ".handshake.yc", \
1522  FT_BYTES, BASE_NONE, NULL, 0x0, \
1523  "Diffie-Hellman client pubkey", HFILL } \
1524  }, \
1525  { & name .hf.hs_server_keyex_point, \
1526  { "Pubkey", prefix ".handshake.server_point", \
1527  FT_BYTES, BASE_NONE, NULL, 0x0, \
1528  "EC Diffie-Hellman server pubkey", HFILL } \
1529  }, \
1530  { & name .hf.hs_client_keyex_point, \
1531  { "Pubkey", prefix ".handshake.client_point", \
1532  FT_BYTES, BASE_NONE, NULL, 0x0, \
1533  "EC Diffie-Hellman client pubkey", HFILL } \
1534  }, \
1535  { & name .hf.hs_server_keyex_modulus, \
1536  { "Modulus", prefix ".handshake.modulus", \
1537  FT_BYTES, BASE_NONE, NULL, 0x0, \
1538  "RSA-EXPORT modulus", HFILL } \
1539  }, \
1540  { & name .hf.hs_server_keyex_exponent, \
1541  { "Exponent", prefix ".handshake.exponent", \
1542  FT_BYTES, BASE_NONE, NULL, 0x0, \
1543  "RSA-EXPORT exponent", HFILL } \
1544  }, \
1545  { & name .hf.hs_server_keyex_sig, \
1546  { "Signature", prefix ".handshake.sig", \
1547  FT_BYTES, BASE_NONE, NULL, 0x0, \
1548  "Diffie-Hellman server signature", HFILL } \
1549  }, \
1550  { & name .hf.hs_server_keyex_hint_len, \
1551  { "Hint Length", prefix ".handshake.hint_len", \
1552  FT_UINT16, BASE_DEC, NULL, 0x0, \
1553  "Length of PSK Hint", HFILL } \
1554  }, \
1555  { & name .hf.hs_server_keyex_hint, \
1556  { "Hint", prefix ".handshake.hint", \
1557  FT_BYTES, BASE_NONE, NULL, 0x0, \
1558  "PSK Hint", HFILL } \
1559  }, \
1560  { & name .hf.hs_client_keyex_identity_len, \
1561  { "Identity Length", prefix ".handshake.identity_len", \
1562  FT_UINT16, BASE_DEC, NULL, 0x0, \
1563  "Length of PSK Identity", HFILL } \
1564  }, \
1565  { & name .hf.hs_client_keyex_identity, \
1566  { "Identity", prefix ".handshake.identity", \
1567  FT_BYTES, BASE_NONE, NULL, 0x0, \
1568  "PSK Identity", HFILL } \
1569  }, \
1570  { & name .hf.hs_ext_heartbeat_mode, \
1571  { "Mode", prefix ".handshake.extension.heartbeat.mode", \
1572  FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, \
1573  "Heartbeat extension mode", HFILL } \
1574  }, \
1575  { & name .hf.hs_certificates_len, \
1576  { "Certificates Length", prefix ".handshake.certificates_length", \
1577  FT_UINT24, BASE_DEC, NULL, 0x0, \
1578  "Length of certificates field", HFILL } \
1579  }, \
1580  { & name .hf.hs_certificates, \
1581  { "Certificates", prefix ".handshake.certificates", \
1582  FT_NONE, BASE_NONE, NULL, 0x0, \
1583  "List of certificates", HFILL } \
1584  }, \
1585  { & name .hf.hs_certificate, \
1586  { "Certificate", prefix ".handshake.certificate", \
1587  FT_BYTES, BASE_NONE, NULL, 0x0, \
1588  NULL, HFILL } \
1589  }, \
1590  { & name .hf.hs_certificate_len, \
1591  { "Certificate Length", prefix ".handshake.certificate_length", \
1592  FT_UINT24, BASE_DEC, NULL, 0x0, \
1593  "Length of certificate", HFILL } \
1594  }, \
1595  { & name .hf.hs_cert_types_count, \
1596  { "Certificate types count", prefix ".handshake.cert_types_count",\
1597  FT_UINT8, BASE_DEC, NULL, 0x0, \
1598  "Count of certificate types", HFILL } \
1599  }, \
1600  { & name .hf.hs_cert_types, \
1601  { "Certificate types", prefix ".handshake.cert_types", \
1602  FT_NONE, BASE_NONE, NULL, 0x0, \
1603  "List of certificate types", HFILL } \
1604  }, \
1605  { & name .hf.hs_cert_type, \
1606  { "Certificate type", prefix ".handshake.cert_type", \
1607  FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, \
1608  NULL, HFILL } \
1609  }, \
1610  { & name .hf.hs_dnames_len, \
1611  { "Distinguished Names Length", prefix ".handshake.dnames_len", \
1612  FT_UINT16, BASE_DEC, NULL, 0x0, \
1613  "Length of list of CAs that server trusts", HFILL } \
1614  }, \
1615  { & name .hf.hs_dnames, \
1616  { "Distinguished Names", prefix ".handshake.dnames", \
1617  FT_NONE, BASE_NONE, NULL, 0x0, \
1618  "List of CAs that server trusts", HFILL } \
1619  }, \
1620  { & name .hf.hs_dname_len, \
1621  { "Distinguished Name Length", prefix ".handshake.dname_len", \
1622  FT_UINT16, BASE_DEC, NULL, 0x0, \
1623  "Length of distinguished name", HFILL } \
1624  }, \
1625  { & name .hf.hs_dname, \
1626  { "Distinguished Name", prefix ".handshake.dname", \
1627  FT_NONE, BASE_NONE, NULL, 0x0, \
1628  "Distinguished name of a CA that server trusts", HFILL } \
1629  }, \
1630  { & name .hf.hs_random, \
1631  { "Random", prefix ".handshake.random", \
1632  FT_BYTES, BASE_NONE, NULL, 0x0, \
1633  "Random values used for deriving keys", HFILL } \
1634  }, \
1635  { & name .hf.hs_random_time, \
1636  { "GMT Unix Time", prefix ".handshake.random_time", \
1637  FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, \
1638  "Unix time field of random structure", HFILL } \
1639  }, \
1640  { & name .hf.hs_random_bytes, \
1641  { "Random Bytes", prefix ".handshake.random_bytes", \
1642  FT_BYTES, BASE_NONE, NULL, 0x0, \
1643  "Random values used for deriving keys", HFILL } \
1644  }, \
1645  { & name .hf.hs_session_id, \
1646  { "Session ID", prefix ".handshake.session_id", \
1647  FT_BYTES, BASE_NONE, NULL, 0x0, \
1648  "Identifies the SSL session, allowing later resumption", HFILL }\
1649  }, \
1650  { & name .hf.hs_session_id_len, \
1651  { "Session ID Length", prefix ".handshake.session_id_length", \
1652  FT_UINT8, BASE_DEC, NULL, 0x0, \
1653  "Length of Session ID field", HFILL } \
1654  }, \
1655  { & name .hf.hs_client_version, \
1656  { "Version", prefix ".handshake.version", \
1657  FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1658  "Maximum version supported by client", HFILL } \
1659  }, \
1660  { & name .hf.hs_server_version, \
1661  { "Version", prefix ".handshake.version", \
1662  FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1663  "Version selected by server", HFILL } \
1664  }, \
1665  { & name .hf.hs_cipher_suites_len, \
1666  { "Cipher Suites Length", prefix ".handshake.cipher_suites_length", \
1667  FT_UINT16, BASE_DEC, NULL, 0x0, \
1668  "Length of cipher suites field", HFILL } \
1669  }, \
1670  { & name .hf.hs_cipher_suites, \
1671  { "Cipher Suites", prefix ".handshake.ciphersuites", \
1672  FT_NONE, BASE_NONE, NULL, 0x0, \
1673  "List of cipher suites supported by client", HFILL } \
1674  }, \
1675  { & name .hf.hs_cipher_suite, \
1676  { "Cipher Suite", prefix ".handshake.ciphersuite", \
1677  FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \
1678  NULL, HFILL } \
1679  }, \
1680  { & name .hf.hs_comp_methods_len, \
1681  { "Compression Methods Length", prefix ".handshake.comp_methods_length", \
1682  FT_UINT8, BASE_DEC, NULL, 0x0, \
1683  "Length of compression methods field", HFILL } \
1684  }, \
1685  { & name .hf.hs_comp_methods, \
1686  { "Compression Methods", prefix ".handshake.comp_methods", \
1687  FT_NONE, BASE_NONE, NULL, 0x0, \
1688  "List of compression methods supported by client", HFILL } \
1689  }, \
1690  { & name .hf.hs_comp_method, \
1691  { "Compression Method", prefix ".handshake.comp_method", \
1692  FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, \
1693  NULL, HFILL } \
1694  }, \
1695  { & name .hf.hs_session_ticket_lifetime_hint, \
1696  { "Session Ticket Lifetime Hint", \
1697  prefix ".handshake.session_ticket_lifetime_hint", \
1698  FT_UINT32, BASE_DEC|BASE_UNIT_STRING, &units_second_seconds, 0x0, \
1699  "New Session Ticket Lifetime Hint", HFILL } \
1700  }, \
1701  { & name .hf.hs_session_ticket_age_add, \
1702  { "Session Ticket Age Add", \
1703  prefix ".handshake.session_ticket_age_add", \
1704  FT_UINT32, BASE_DEC, NULL, 0x0, \
1705  "Random 32-bit value to obscure age of ticket", HFILL } \
1706  }, \
1707  { & name .hf.hs_session_ticket_nonce_len, \
1708  { "Session Ticket Nonce Length", prefix ".handshake.session_ticket_nonce_length", \
1709  FT_UINT8, BASE_DEC, NULL, 0x0, \
1710  NULL, HFILL } \
1711  }, \
1712  { & name .hf.hs_session_ticket_nonce, \
1713  { "Session Ticket Nonce", prefix ".handshake.session_ticket_nonce", \
1714  FT_BYTES, BASE_NONE, NULL, 0x0, \
1715  "A unique per-ticket value", HFILL } \
1716  }, \
1717  { & name .hf.hs_session_ticket_len, \
1718  { "Session Ticket Length", prefix ".handshake.session_ticket_length", \
1719  FT_UINT16, BASE_DEC, NULL, 0x0, \
1720  "New Session Ticket Length", HFILL } \
1721  }, \
1722  { & name .hf.hs_session_ticket, \
1723  { "Session Ticket", prefix ".handshake.session_ticket", \
1724  FT_BYTES, BASE_NONE, NULL, 0x0, \
1725  "New Session Ticket", HFILL } \
1726  }, \
1727  { & name .hf.hs_finished, \
1728  { "Verify Data", prefix ".handshake.verify_data", \
1729  FT_NONE, BASE_NONE, NULL, 0x0, \
1730  "Opaque verification data", HFILL } \
1731  }, \
1732  { & name .hf.hs_client_cert_vrfy_sig_len, \
1733  { "Signature length", prefix ".handshake.client_cert_vrfy.sig_len", \
1734  FT_UINT16, BASE_DEC, NULL, 0x0, \
1735  "Length of CertificateVerify's signature", HFILL } \
1736  }, \
1737  { & name .hf.hs_client_cert_vrfy_sig, \
1738  { "Signature", prefix ".handshake.client_cert_vrfy.sig", \
1739  FT_BYTES, BASE_NONE, NULL, 0x0, \
1740  "CertificateVerify's signature", HFILL } \
1741  }, \
1742  { & name .hf.hs_ext_draft_version_tls13, \
1743  { "Draft version of TLS 1.3", prefix ".extension.draft_version_tls13", \
1744  FT_UINT16, BASE_DEC, NULL, 0x0, \
1745  "Indicate the version of draft supported by client", HFILL } \
1746  }, \
1747  { & name .hf.hs_ext_psk_ke_modes_length, \
1748  { "PSK Key Exchange Modes Length", prefix ".extension.psk_ke_modes_length", \
1749  FT_UINT8, BASE_DEC, NULL, 0x0, \
1750  NULL, HFILL } \
1751  }, \
1752  { & name .hf.hs_ext_psk_ke_mode, \
1753  { "PSK Key Exchange Mode", prefix ".extension.psk_ke_mode", \
1754  FT_UINT8, BASE_DEC, VALS(tls_hello_ext_psk_ke_mode), 0x0, \
1755  "Key exchange modes where the client supports use of PSKs", HFILL } \
1756  }, \
1757  { & name .hf.hs_certificate_request_context_length, \
1758  { "Certificate Request Context Length", prefix ".handshake.certificate_request_context_length", \
1759  FT_UINT8, BASE_DEC, NULL, 0x0, \
1760  NULL, HFILL } \
1761  }, \
1762  { & name .hf.hs_certificate_request_context, \
1763  { "Certificate Request Context", prefix ".handshake.certificate_request_context", \
1764  FT_BYTES, BASE_NONE, NULL, 0x0, \
1765  "Value from CertificateRequest or empty for server auth", HFILL } \
1766  }, \
1767  { & name .hf.hs_key_update_request_update, \
1768  { "Key Update Request", prefix ".handshake.key_update.request_update", \
1769  FT_UINT8, BASE_DEC, VALS(tls13_key_update_request), 0x00, \
1770  "Whether the receiver should also update its keys", HFILL } \
1771  }, \
1772  { & name .hf.sct_scts_length, \
1773  { "Serialized SCT List Length", prefix ".sct.scts_length", \
1774  FT_UINT16, BASE_DEC, NULL, 0x00, \
1775  NULL, HFILL } \
1776  }, \
1777  { & name .hf.sct_sct_length, \
1778  { "Serialized SCT Length", prefix ".sct.sct_length", \
1779  FT_UINT16, BASE_DEC, NULL, 0x00, \
1780  NULL, HFILL } \
1781  }, \
1782  { & name .hf.sct_sct_version, \
1783  { "SCT Version", prefix ".sct.sct_version", \
1784  FT_UINT8, BASE_DEC, NULL, 0x00, \
1785  "SCT Protocol version (v1 (0) is defined in RFC 6962)", HFILL } \
1786  }, \
1787  { & name .hf.sct_sct_logid, \
1788  { "Log ID", prefix ".sct.sct_logid", \
1789  FT_BYTES, BASE_NONE, NULL, 0x00, \
1790  "SHA-256 hash of log's public key", HFILL } \
1791  }, \
1792  { & name .hf.sct_sct_timestamp, \
1793  { "Timestamp", prefix ".sct.sct_timestamp", \
1794  FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x00, \
1795  "Timestamp of issuance", HFILL } \
1796  }, \
1797  { & name .hf.sct_sct_extensions_length, \
1798  { "Extensions length", prefix ".sct.sct_extensions_length", \
1799  FT_UINT16, BASE_DEC, NULL, 0x00, \
1800  "Length of future extensions to this protocol (currently none)", HFILL } \
1801  }, \
1802  { & name .hf.sct_sct_extensions, \
1803  { "Extensions", prefix ".sct.sct_extensions", \
1804  FT_NONE, BASE_NONE, NULL, 0x00, \
1805  "Future extensions to this protocol (currently none)", HFILL } \
1806  }, \
1807  { & name .hf.sct_sct_signature_length, \
1808  { "Signature Length", prefix ".sct.sct_signature_length", \
1809  FT_UINT16, BASE_DEC, NULL, 0x00, \
1810  NULL, HFILL } \
1811  }, \
1812  { & name .hf.sct_sct_signature, \
1813  { "Signature", prefix ".sct.sct_signature", \
1814  FT_BYTES, BASE_NONE, NULL, 0x00, \
1815  NULL, HFILL } \
1816  }, \
1817  { & name .hf.hs_ext_max_early_data_size, \
1818  { "Maximum Early Data Size", prefix ".early_data.max_early_data_size", \
1819  FT_UINT32, BASE_DEC, NULL, 0x00, \
1820  "Maximum amount of 0-RTT data that the client may send", HFILL } \
1821  }, \
1822  { & name .hf.hs_ext_oid_filters_length, \
1823  { "OID Filters Length", prefix ".extension.oid_filters_length", \
1824  FT_UINT16, BASE_DEC, NULL, 0x00, \
1825  NULL, HFILL } \
1826  }, \
1827  { & name .hf.hs_ext_oid_filters_oid_length, \
1828  { "Certificate Extension OID Length", prefix ".extension.oid_filters.oid_length", \
1829  FT_UINT8, BASE_DEC, NULL, 0x00, \
1830  NULL, HFILL } \
1831  }, \
1832  { & name .hf.hs_ext_oid_filters_oid, \
1833  { "Certificate Extension OID", prefix ".extension.oid_filters.oid", \
1834  FT_OID, BASE_NONE, NULL, 0x00, \
1835  NULL, HFILL } \
1836  }, \
1837  { & name .hf.hs_ext_oid_filters_values_length, \
1838  { "Certificate Extension Values Length", prefix ".extension.oid_filters.values_length", \
1839  FT_UINT16, BASE_DEC, NULL, 0x00, \
1840  NULL, HFILL } \
1841  }, \
1842  { & name .hf.hs_ext_quictp_negotiated_version, \
1843  { "Negotiated Version", prefix ".quic.negotiated_version", \
1844  FT_UINT32, BASE_HEX, VALS(quic_version_vals), 0x00, \
1845  NULL, HFILL } \
1846  }, \
1847  { & name .hf.hs_ext_quictp_initial_version, \
1848  { "Initial Version", prefix ".quic.initial_version", \
1849  FT_UINT32, BASE_HEX, VALS(quic_version_vals), 0x00, \
1850  NULL, HFILL } \
1851  }, \
1852  { & name .hf.hs_ext_quictp_supported_versions_len, \
1853  { "Supported Versions Length", prefix ".quic.supported_versions.len", \
1854  FT_UINT16, BASE_DEC, NULL, 0x00, \
1855  NULL, HFILL } \
1856  }, \
1857  { & name .hf.hs_ext_quictp_supported_versions, \
1858  { "Supported Versions", prefix ".quic.supported_versions", \
1859  FT_UINT32, BASE_HEX, VALS(quic_version_vals), 0x00, \
1860  NULL, HFILL } \
1861  }, \
1862  { & name .hf.hs_ext_quictp_len, \
1863  { "Parameters Length", prefix ".quic.len", \
1864  FT_UINT16, BASE_DEC, NULL, 0x00, \
1865  NULL, HFILL } \
1866  }, \
1867  { & name .hf.hs_ext_quictp_parameter, \
1868  { "Parameter", prefix ".quic.parameter", \
1869  FT_NONE, BASE_NONE, NULL, 0x00, \
1870  NULL, HFILL } \
1871  }, \
1872  { & name .hf.hs_ext_quictp_parameter_type, \
1873  { "Type", prefix ".quic.parameter.type", \
1874  FT_UINT16, BASE_HEX, VALS(quic_transport_parameter_id), 0x00, \
1875  NULL, HFILL } \
1876  }, \
1877  { & name .hf.hs_ext_quictp_parameter_len, \
1878  { "Length", prefix ".quic.parameter.length", \
1879  FT_UINT16, BASE_DEC, NULL, 0x00, \
1880  NULL, HFILL } \
1881  }, \
1882  { & name .hf.hs_ext_quictp_parameter_value, \
1883  { "Value", prefix ".quic.parameter.value", \
1884  FT_BYTES, BASE_NONE, NULL, 0x00, \
1885  NULL, HFILL } \
1886  }, \
1887  { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data, \
1888  { "initial_max_stream_data", prefix ".quic.parameter.initial_max_stream_data", \
1889  FT_UINT32, BASE_DEC, NULL, 0x00, \
1890  "Contains the initial value for the maximum data that can be sent on any newly created stream", HFILL } \
1891  }, \
1892  { & name .hf.hs_ext_quictp_parameter_initial_max_data, \
1893  { "initial_max_data", prefix ".quic.parameter.initial_max_data", \
1894  FT_UINT32, BASE_DEC, NULL, 0x00, \
1895  "Contains the initial value for the maximum amount of data that can be sent on the connection", HFILL } \
1896  }, \
1897  { & name .hf.hs_ext_quictp_parameter_initial_max_streams_bidi, \
1898  { "initial_max_streams_bidi", prefix ".quic.parameter.initial_max_streams_bidi", \
1899  FT_UINT16, BASE_DEC, NULL, 0x00, \
1900  "Initial maximum number of application-owned bidirectional streams", HFILL } \
1901  }, \
1902  { & name .hf.hs_ext_quictp_parameter_idle_timeout, \
1903  { "idle_timeout", prefix ".quic.parameter.idle_timeout", \
1904  FT_UINT16, BASE_DEC, NULL, 0x00, \
1905  "In seconds", HFILL } \
1906  }, \
1907  { & name .hf.hs_ext_quictp_parameter_max_packet_size, \
1908  { "max_packet_size", prefix ".quic.parameter.max_packet_size", \
1909  FT_UINT16, BASE_DEC, NULL, 0x00, \
1910  "Indicates that packets larger than this limit will be dropped", HFILL } \
1911  }, \
1912  { & name .hf.hs_ext_quictp_parameter_stateless_reset_token, \
1913  { "stateless_reset_token", prefix ".quic.parameter.stateless_reset_token", \
1914  FT_BYTES, BASE_NONE, NULL, 0x00, \
1915  "Used in verifying a stateless reset", HFILL } \
1916  }, \
1917  { & name .hf.hs_ext_quictp_parameter_ack_delay_exponent, \
1918  { "ack_delay_exponent", prefix ".quic.parameter.ack_delay_exponent", \
1919  FT_UINT8, BASE_DEC, NULL, 0x00, \
1920  "Indicating an exponent used to decode the ACK Delay field in the ACK frame,", HFILL } \
1921  }, \
1922  { & name .hf.hs_ext_quictp_parameter_initial_max_streams_uni, \
1923  { "initial_max_streams_uni", prefix ".quic.parameter.initial_max_streams_uni", \
1924  FT_UINT16, BASE_DEC, NULL, 0x00, \
1925  "Initial maximum number of application-owned unidirectional streams", HFILL } \
1926  }
1927 /* }}} */
1928 
1929 /* {{{ */
1930 #define SSL_COMMON_ETT_LIST(name) \
1931  & name .ett.hs_ext, \
1932  & name .ett.hs_ext_alpn, \
1933  & name .ett.hs_ext_cert_types, \
1934  & name .ett.hs_ext_groups, \
1935  & name .ett.hs_ext_curves_point_formats, \
1936  & name .ett.hs_ext_npn, \
1937  & name .ett.hs_ext_reneg_info, \
1938  & name .ett.hs_ext_key_share, \
1939  & name .ett.hs_ext_key_share_ks, \
1940  & name .ett.hs_ext_pre_shared_key, \
1941  & name .ett.hs_ext_psk_identity, \
1942  & name .ett.hs_ext_server_name, \
1943  & name .ett.hs_ext_oid_filter, \
1944  & name .ett.hs_ext_quictp_parameter, \
1945  & name .ett.hs_sig_hash_alg, \
1946  & name .ett.hs_sig_hash_algs, \
1947  & name .ett.urlhash, \
1948  & name .ett.keyex_params, \
1949  & name .ett.certificates, \
1950  & name .ett.cert_types, \
1951  & name .ett.dnames, \
1952  & name .ett.hs_random, \
1953  & name .ett.cipher_suites, \
1954  & name .ett.comp_methods, \
1955  & name .ett.session_ticket, \
1956  & name .ett.sct, \
1957  & name .ett.cert_status, \
1958  & name .ett.ocsp_response, \
1959 /* }}} */
1960 
1961 /* {{{ */
1962 #define SSL_COMMON_EI_LIST(name, prefix) \
1963  { & name .ei.malformed_vector_length, \
1964  { prefix ".malformed.vector_length", PI_PROTOCOL, PI_WARN, \
1965  "Variable vector length is outside the permitted range", EXPFILL } \
1966  }, \
1967  { & name .ei.malformed_buffer_too_small, \
1968  { prefix ".malformed.buffer_too_small", PI_MALFORMED, PI_ERROR, \
1969  "Malformed message, not enough data is available", EXPFILL } \
1970  }, \
1971  { & name .ei.malformed_trailing_data, \
1972  { prefix ".malformed.trailing_data", PI_PROTOCOL, PI_WARN, \
1973  "Undecoded trailing data is present", EXPFILL } \
1974  }, \
1975  { & name .ei.hs_ext_cert_status_undecoded, \
1976  { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \
1977  "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \
1978  }, \
1979  { & name .ei.resumed, \
1980  { prefix ".resumed", PI_SEQUENCE, PI_NOTE, \
1981  "This session reuses previously negotiated keys (Session resumption)", EXPFILL } \
1982  }, \
1983  { & name .ei.record_length_invalid, \
1984  { prefix ".record.length.invalid", PI_PROTOCOL, PI_ERROR, \
1985  "Record fragment length is too large", EXPFILL } \
1986  }
1987 /* }}} */
1988 
1989 extern void
1990 ssl_common_register_options(module_t *module, ssl_common_options_t *options);
1991 
1992 #ifdef SSL_DECRYPT_DEBUG
1993 extern void
1994 ssl_debug_printf(const gchar* fmt,...) G_GNUC_PRINTF(1,2);
1995 extern void
1996 ssl_print_data(const gchar* name, const guchar* data, size_t len);
1997 extern void
1998 ssl_print_string(const gchar* name, const StringInfo* data);
1999 extern void
2000 ssl_set_debug(const gchar* name);
2001 extern void
2002 ssl_debug_flush(void);
2003 #else
2004 
2005 /* No debug: nullify debug operation*/
2006 static inline void G_GNUC_PRINTF(1,2)
2007 ssl_debug_printf(const gchar* fmt _U_,...)
2008 {
2009 }
2010 #define ssl_print_data(a, b, c)
2011 #define ssl_print_string(a, b)
2012 #define ssl_set_debug(name)
2013 #define ssl_debug_flush()
2014 
2015 #endif /* SSL_DECRYPT_DEBUG */
2016 
2017 #endif /* SSL_UTILS_H */
2018 
2019 /*
2020  * Editor modelines - http://www.wireshark.org/tools/modelines.html
2021  *
2022  * Local variables:
2023  * c-basic-offset: 4
2024  * tab-width: 8
2025  * indent-tabs-mode: nil
2026  * End:
2027  *
2028  * vi: set shiftwidth=4 tabstop=8 expandtab:
2029  * :indentSize=4:tabSize=8:noTabs=true:
2030  */
Definition: wmem_tree-int.h:47
guint32 srcport
Definition: packet-ssl-utils.h:427
SslFlow * flow
Definition: packet-ssl-utils.h:419
Definition: packet_info.h:44
Definition: prefs-int.h:27
Definition: packet-ssl-utils.h:953
Definition: packet-ssl-utils.h:343
Definition: packet-ssl-utils.h:327
SslRecordInfo * records
Definition: packet-ssl-utils.h:426
Definition: tvbuff-int.h:35
Definition: packet.c:659
Definition: packet-ssl-utils.c:1444
Definition: conversation.h:89
Definition: packet-ssl-utils.h:738
Definition: packet-ssl-utils.h:492
Definition: packet-ssl-utils.h:335
Definition: packet-ssl-utils.h:425
Definition: packet-ssl-utils.h:961
guint64 seq
Definition: packet-ssl-utils.h:351
Definition: expert.h:37
StringInfo app_traffic_secret
Definition: packet-ssl-utils.h:354
guint32 seq
Definition: packet-ssl-utils.h:421
Definition: packet-ssl-utils.h:506
guint data_len
Definition: packet-ssl-utils.h:415
Definition: packet.c:83
Definition: packet-ssl-utils.h:413
Definition: packet-ssl-utils.h:431
Definition: value_string.h:24
Definition: value_string.h:164
Definition: packet-ssl-utils.h:361
Definition: proto.h:759
Definition: packet-ssl-utils.h:254
Definition: packet-ssl-utils.h:408
ContentType type
Definition: packet-ssl-utils.h:418
guchar * plain_data
Definition: packet-ssl-utils.h:414
gint id
Definition: packet-ssl-utils.h:416
Definition: address.h:47
Definition: packet-ssl-utils.h:500
Definition: packet-ssl-utils.h:457