Wireshark-commits: [Wireshark-commits] master e22d3c9: ssl: fix ClientKeyExchange, fix TLSv1.2 SKE
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e22d3c9b744af8fa49806f1cde2100be85cc58cc
Submitter: Evan Huus (eapache@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
e22d3c9 by Peter Wu (peter@xxxxxxxxxxxxx):
ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@xxxxxxxxx>
Actions performed:
from 8702a6b Remove some unneeded includes
adds e22d3c9 ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH
Summary of changes:
epan/dissectors/packet-dtls.c | 695 +----------------------------------
epan/dissectors/packet-ssl-utils.c | 392 ++++++++++++++++++++
epan/dissectors/packet-ssl-utils.h | 176 ++++++++-
epan/dissectors/packet-ssl.c | 700 +-----------------------------------
4 files changed, 570 insertions(+), 1393 deletions(-)