Wireshark-bugs: [Wireshark-bugs] [Bug 10686] Implement Extended Master Secret for SSL
Date: Tue, 11 Nov 2014 14:05:44 +0000

Comment # 4 on bug 10686 from
(In reply to Peter Wu from comment #3)
> Giving a second thought to it, this patch[1] increases the peak memory usage
> during dissection. It can be optimized as follows:
> 
>  1. Clear the ClientHello message (freeing data as needed) and any hash
> structures (just in case a capture contains garbage). Save the ClientHello
> message when the extension is set.
>  2. The next expected message is the ServerHello. This is an authoritative
> message that decides the TLS version to be used. If the extension is
> enabled, initialize the hashes. Now the ClientHello message copy can be
> cleared (both when the extension is available and not available).
> 
> Now whenever after step 2 the extension is enabled, update the hash with the
> handshake data. After calculating the MS, one could free the hash structures
> again.
> 
>  [1]: https://code.wireshark.org/review/#/c/5168/3

Yes the peak memory usage is increased in terms of readability; once you
process the ServerHello then you know the hash algorithm that is used and can
start computing running hashes which is a fixed size as opposed to a variable
size (all the client hello messages). The problem with this approach I found
and that I didn't  have a solution for was that the hash algorithms are
currently allocated and released in a single stack context via gcrypt; if we do
this then we need to allocate them on the heap; storing them in the
SSlDecryptSession. I did not see a callback for when this structured is freed
and the gcrypt deallocate functions can be called. If there is such a callback
please advise.


You are receiving this mail because:
  • You are watching all bug changes.