diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2015-03-12 03:01:37 +0100 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2015-03-12 12:48:00 +0000 |
| commit | 70d34eee2b26c8b83e590c8a8ba0aaa942558d24 (patch) | |
| tree | 95cd785cffd778867ead4a36ff35674f4c989bd6 /epan/dissectors/packet-ssl-utils.h | |
| parent | 95ce3928de8c08934ab7ba49492b319cbdb0c9f9 (diff) | |
| download | wireshark-70d34eee2b26c8b83e590c8a8ba0aaa942558d24.tar.gz | |
ssl,dtls: fix CertificateVerify dissection for TLSv1.2
TLSv1.2 gained an additional SignatureAndHashAlgorithm field for fields
marked with the digitally-signed attribute. This was already implemented
before for ServerKeyExchange, let's reuse that.
Note that the SignatureAndHashAlgorithm tree and fields (hash algo,
signature algo) are repurposed in a different context, but since the
structure is the same it is kept like this.
By the way, add support for DTLSv1.2 too. RFC 6347 section 4.2.6
suggests that the implementation is the same (as far as the dissector is
concerned).
Also update the comments and remove the additional "Signature with
client's private key" subtree since the CertificateVerify message has no
other items.
Bug: 11045
Change-Id: I025901b85e607f04d60357ff14187cc13db2ae5d
Reviewed-on: https://code.wireshark.org/review/7650
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 19fcf2c26f..6a4242f5a8 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -727,6 +727,8 @@ typedef struct ssl_common_dissect { gint hs_session_ticket_len; gint hs_session_ticket; gint hs_finished; + gint hs_client_cert_vrfy_sig_len; + gint hs_client_cert_vrfy_sig; /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */ } hf; @@ -808,6 +810,11 @@ ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb, const SslSession *session); extern void +ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + const SslSession *session); + +extern void ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset, const SslSession *session, ssl_hfs_t *ssl_hfs); @@ -835,6 +842,7 @@ ssl_common_dissect_t name = { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, \ }, \ /* ett */ { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ @@ -1328,6 +1336,16 @@ ssl_common_dissect_t name = { \ { "Verify Data", prefix ".handshake.verify_data", \ FT_NONE, BASE_NONE, NULL, 0x0, \ "Opaque verification data", HFILL } \ + }, \ + { & name .hf.hs_client_cert_vrfy_sig_len, \ + { "Signature length", prefix ".handshake.client_cert_vrfy.sig_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of CertificateVerify's signature", HFILL } \ + }, \ + { & name .hf.hs_client_cert_vrfy_sig, \ + { "Signature", prefix ".handshake.client_cert_vrfy.sig", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "CertificateVerify's signature", HFILL } \ } /* }}} */ |