TLS13: fix length of Finished message

Select the full message instead of just the first 12 bytes (as was the
case in previous TLS versions. No check is added since it is too much
work for little gain (it would require looking up the hash length for
the cipher suite).

Change-Id: Iea13d5abe6a7e55b04fabacfa8919a02acd8517d
Reviewed-on: https://code.wireshark.org/review/20011
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

1 files changed, 8 insertions, 2 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 86d23ca9e9..94cd19f53f 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -7340,7 +7340,7 @@ ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb,
 /* Finished dissection. {{{ */
 void
 ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
-                         proto_tree *tree, guint32 offset,
+                         proto_tree *tree, guint32 offset, guint32 offset_end,
                          const SslSession *session, ssl_hfs_t *ssl_hfs)
 {
     /* For SSLv3:
@@ -7353,6 +7353,11 @@ ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
      *     struct {
      *         opaque verify_data[12];
      *     } Finished;
+     *
+     * For TLS 1.3:
+     *     struct {
+     *         opaque verify_data[Hash.length];
+     *     }
      */
     if (!tree)
         return;
@@ -7365,8 +7370,9 @@ ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
                                 tvb, offset + 16, 20, ENC_NA);
         }
     } else {
+        /* Length should be 12 for TLS before 1.3, assume this is the case. */
         proto_tree_add_item(tree, hf->hf.hs_finished,
-                            tvb, offset, 12, ENC_NA);
+                            tvb, offset, offset_end - offset, ENC_NA);
     }
 } /* }}} */