Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 412219

Summary: net-analyzer/wireshark with net-libs/gnutls-2.18.12 uses wrong decoder when decrypting TLS packets
Product: Gentoo Linux Reporter: Eduardo Suarez-Santana <e.suarezsantana>
Component: Current packagesAssignee: Peter Volkov (RETIRED) <pva>
Status: RESOLVED FIXED    
Severity: normal CC: b.brachaczek, bruce, netmon, zerochaos
Priority: Normal Keywords: UPSTREAM
Version: unspecified   
Hardware: AMD64   
OS: Linux   
See Also: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6869
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 436212    
Attachments: wireshark-1.8.3-gnutls-nettle.patch

Description Eduardo Suarez-Santana 2012-04-16 14:37:09 UTC 
Wireshark does not decrypt SSL sessions with gnutls-2.18.12. I downgraded to gnutls-2.10.5 and it works fine again.



Reproducible: Always

Steps to Reproduce:
1. Open Wireshark.
2. Capture a TLS connection where you have access to the private key.
3. Try to decrypt the captured packets using the RSA private key.
Actual Results:  
No decryption. I get in ssldebug:
ssl_decrypt_pre_master_secret wrong pre_master_secret length (59, expected 48)

Expected Results:  
Decryption
Comment 1 Bartosz Brachaczek 2012-10-06 21:12:35 UTC 
It works fine for me with gnutls-2.12.20[-nettle] and fails the same way with gnutls-2.12.20[nettle]. So wireshark somehow depends on gnutls using libgcrypt and not nettle. This should block tracker bug #361315.
Comment 2 Bartosz Brachaczek 2012-10-07 12:50:02 UTC 
Created attachment 325908 [details, diff]
wireshark-1.8.3-gnutls-nettle.patch

I'm attaching my patch which fixes this issue. The patch has been sent upstream for review.

Upstream bug report: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6869
Comment 3 Bartosz Brachaczek 2012-10-31 08:00:55 UTC 
Could you please apply this patch to the version in portage? The patch is upstreamed since Oct 11. It's even marked by upstream to be backported to the stable 1.8 branch, but I have no idea when they are going to release 1.8.4.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2012-10-31 20:45:42 UTC 
(In reply to comment #3)
> Could you please apply this patch to the version in portage? The patch is
> upstreamed since Oct 11. It's even marked by upstream to be backported to
> the stable 1.8 branch, but I have no idea when they are going to release
> 1.8.4.

That's great. We can wait for the official fix, then.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2012-11-29 04:19:21 UTC 
Please test with 1.8.4 and report back. The release notes[1] are awkwardly silent with regard to the upstream bug report.

[1] http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2012-11-29 16:54:03 UTC 
The patch seems to be in, though.