Wireshark-bugs: [Wireshark-bugs] [Bug 10066] New: SSH: fix MAC length calculation; show real MAC
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 01 May 2014 15:57:07 +0000
Bug ID 10066
Summary SSH: fix MAC length calculation; show real MAC used in special cases; show real packet size where applicable [patch included]
Classification Unclassified
Product Wireshark
Version Git
Hardware All
OS All
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter hodor@hodor.cz 

Created attachment 12745 [details]
proposed patch

Build Information:
wireshark 1.11.4 (v1.11.4-rc1-256-g31933a6 from unknown)

--
Hello,

the attached patch does three main things:

* fixes the MAC length calculation
 - hmac-md5 has 16 bytes, not 12 (fixes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2577#c5 )
 - OpenSSH's new -etm modes are now supported, too

* a few special ciphers from recent OpenSSH have their own MAC
 - will show "<implicit>" as MAC for aes128-gcm@openssh.com,
aes256-gcm@openssh.com, chacha20-poly1305@openssh.com

* EtM MACs or GCM mode means that the length field at the beginning of the
packet
is not encrypted. Is such cases, display it as a number.

If it helps, I could break it into 3 patches, but those would still make a
chain (third depends on second, which in turn depends on the first).

Does this look acceptable?

You are receiving this mail because:
  • You are watching all bug changes.