Wireshark-commits: [Wireshark-commits] master-1.12 dcc01c2: ssl: fix ClientKeyExchange, fix TLSv1.2
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dcc01c20a1a3ed7a4a9fbb293c2088cf4da6f0a0
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master-1.12
Repository: wireshark
Commits:
dcc01c2 by Peter Wu (peter@xxxxxxxxxxxxx):
ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@xxxxxxxxx>
(cherry picked from commit e22d3c9b744af8fa49806f1cde2100be85cc58cc)
Reviewed-on: https://code.wireshark.org/review/2816
Reviewed-by: Hauke Mehrtens <hauke@xxxxxxxxxx>
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from 098aa9f ssl-utils: dissect the certificate type TLS extension
adds dcc01c2 ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH
Summary of changes:
epan/dissectors/packet-dtls.c | 695 +----------------------------------
epan/dissectors/packet-ssl-utils.c | 392 ++++++++++++++++++++
epan/dissectors/packet-ssl-utils.h | 176 ++++++++-
epan/dissectors/packet-ssl.c | 700 +-----------------------------------
4 files changed, 570 insertions(+), 1393 deletions(-)