Closed Bug 201139 Opened 22 years ago Closed 18 years ago

SSLTap should display plain text for NULL cipher suites

Categories

(NSS :: Tools, enhancement, P3)

Product:
NSS
Component:
Tools
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: alvolkov.bgs)

Details

Attachments

(2 files, 3 obsolete files)

new output when NULL cipher is used
18.59 KB, text/plain
Details
comments and fix for ASCII string alignment
12.04 KB, patch
nelson
: review+
Details | Diff | Splinter Review
When SSLTAP receives an SSL/TLS "Finished" message from either end, it stops attempting to decode/display the record contents after that and instead displays the message "(encrypted)". It should not do this for the "NULL" cipher suites, since they do not encrypt the data.
taking bug
Assignee: wtc → nelsonb
Priority: -- → P3
Assignee: MisterSSL → saul.edwards
Compiled and tested on Solaris. Does not work for SSL v2.
Attached file Sample output with the first patch (obsolete) —
Comment on attachment 149221 [details] [diff] [review] View application data in hex and ASCII with NULL ciphers The patch looks good, but I think you should include sslproto.h and use the macros for the cipher suites, rather than typing the values again, which is error prone. I know that's not the existing usage elsewhere in ssltap, but I think it makes more sense, and should at least be done for the new code, if not also for the existing. In order to get the names of all the cipher suites, you may need to #ifdef NSS_ENABLE_ECC . You will also need to add NSS_ENABLE_ECC support to the manifest.mn for ssltap.
Attachment #149221 - Flags: review-
QA Contact: bishakhabanerjee → jason.m.reid
reassigning to Alexei.
Assignee: saul.edwards.bugs → alexei.volkov.bugs
Severity: minor → enhancement
QA Contact: jason.m.reid → tools
Target Milestone: --- → 3.12
Attachment #149222 - Attachment is obsolete: true
Attached patch patch (obsolete) — Splinter Review
Use sslproto.h macro definition for cipher suite instead on hex numbers. Removes obsolite ECC cipher definitions. Prints MAC separetely from content. Calculates MAC size based on remaining number of bytes in "finished" record. Check attached output.
Attachment #149221 - Attachment is obsolete: true
Attachment #239367 - Flags: review?(nelson)
Comment on attachment 239367 [details] [diff] [review] patch I've asked Alexei to add some comments and also to fix print_hex to properly align the ASCII text output.
Attachment #239367 - Flags: review?(nelson)
Attachment #239367 - Attachment is obsolete: true
Attachment #239424 - Flags: review?(nelson)
Comment on attachment 239424 [details] [diff] [review] comments and fix for ASCII string alignment r=nelson, with one small suggested change to a comment. >+ if (!isNULLmac(currentcipher) && !hMACsize) { >+ /* To calculate the size of MAC, we will sum the size >+ * of verify_data(sslh.length) and 4(type + length >+ * of finished handshake message) and subtract the >+ * result from the total number of bytes in handshake >+ * message(alloclen) */ This should say "from the total number of bytes in the handshake record", the crucial difference being that the MAC comes at the end of a record, and is not part of the message. (records contain messages and MACs).
Attachment #239424 - Flags: review?(nelson) → review+
Integrated into 3.12 with corrected comment. /cvsroot/mozilla/security/nss/cmd/ssltap/ssltap.c,v <-- ssltap.c new revision: 1.10; previous revision: 1.9
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: