| Bug ID |
10066
|
| Summary |
SSH: fix MAC length calculation; show real MAC used in special cases; show real packet size where applicable [patch included]
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
Git
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Enhancement
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 12745 [details]
proposed patch
Build Information:
wireshark 1.11.4 (v1.11.4-rc1-256-g31933a6 from unknown)
--
Hello,
the attached patch does three main things:
* fixes the MAC length calculation
- hmac-md5 has 16 bytes, not 12 (fixes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2577#c5 )
- OpenSSH's new -etm modes are now supported, too
* a few special ciphers from recent OpenSSH have their own MAC
- will show "<implicit>" as MAC for [email protected],
[email protected], [email protected]
* EtM MACs or GCM mode means that the length field at the beginning of the
packet
is not encrypted. Is such cases, display it as a number.
If it helps, I could break it into 3 patches, but those would still make a
chain (third depends on second, which in turn depends on the first).
Does this look acceptable?
You are receiving this mail because:
- You are watching all bug changes.