ssl,dtls: move Finished dissection to ssl-utils

Change-Id: Ib4bd5712cb85cd2671f67fe035747b88d5b4f186
Reviewed-on: https://code.wireshark.org/review/3034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

4 files changed, 59 insertions, 107 deletions

diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 7ed7a9ae71..9888610233 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -104,9 +104,6 @@ static gint hf_dtls_handshake_length            = -1;
 static gint hf_dtls_handshake_message_seq       = -1;
 static gint hf_dtls_handshake_fragment_offset   = -1;
 static gint hf_dtls_handshake_fragment_length   = -1;
-static gint hf_dtls_handshake_finished          = -1;
-/* static gint hf_dtls_handshake_md5_hash          = -1; */
-/* static gint hf_dtls_handshake_sha_hash          = -1; */
 
 static gint hf_dtls_heartbeat_message                 = -1;
 static gint hf_dtls_heartbeat_message_type            = -1;
@@ -309,10 +306,6 @@ static int dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb,
                                                   guint32 offset,
                                                   SslDecryptSession* ssl);
 
-static void dissect_dtls_hnd_finished(tvbuff_t *tvb,
-                                      proto_tree *tree,
-                                      guint32 offset,
-                                      const SslSession *session);
 /*
  * Support Functions
  *
@@ -1380,7 +1373,8 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
             break;
 
           case SSL_HND_FINISHED:
-            dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree, 0, session);
+            ssl_dissect_hnd_finished(&dissect_dtls_hf, sub_tvb, ssl_hand_tree,
+                                     0, session, NULL);
             break;
 
           case SSL_HND_CERT_URL:
@@ -1520,29 +1514,6 @@ dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree,
   return offset;
 }
 
-static void
-dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
-                          const SslSession *session)
-{
-  /*
-   *     struct {
-   *         opaque verify_data[12];
-   *     } Finished;
-   */
-
-  switch(session->version) {
-  case SSL_VER_DTLS:
-  case SSL_VER_DTLS_OPENSSL:
-    proto_tree_add_item(tree, hf_dtls_handshake_finished,
-                        tvb, offset, 12, ENC_NA);
-    break;
-  case SSL_VER_DTLS1DOT2:
-    proto_tree_add_item(tree, hf_dtls_handshake_finished,
-                        tvb, offset, 12, ENC_NA);
-    break;
-  }
-}
-
 /*********************************************************************
  *
  * Support Functions
@@ -1775,23 +1746,6 @@ proto_register_dtls(void)
         FT_BYTES, BASE_NONE, NULL, 0x0,
         NULL, HFILL }
     },
-    { &hf_dtls_handshake_finished,
-      { "Verify Data", "dtls.handshake.verify_data",
-        FT_NONE, BASE_NONE, NULL, 0x0,
-        "Opaque verification data", HFILL }
-    },
-#if 0
-    { &hf_dtls_handshake_md5_hash,
-      { "MD5 Hash", "dtls.handshake.md5_hash",
-        FT_NONE, BASE_NONE, NULL, 0x0,
-        "Hash of messages, master_secret, etc.", HFILL }
-    },
-    { &hf_dtls_handshake_sha_hash,
-      { "SHA-1 Hash", "dtls.handshake.sha_hash",
-        FT_NONE, BASE_NONE, NULL, 0x0,
-        "Hash of messages, master_secret, etc.", HFILL }
-    },
-#endif
     { &hf_dtls_heartbeat_message,
       { "Heartbeat Message", "dtls.heartbeat_message",
         FT_NONE, BASE_NONE, NULL, 0x0,
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index bfb5c17712..7066e42244 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -5660,6 +5660,37 @@ ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb,
     }
 }
 
+void
+ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+                         proto_tree *tree, guint32 offset,
+                         const SslSession *session, ssl_hfs_t *ssl_hfs)
+{
+    /* For SSLv3:
+     *     struct {
+     *         opaque md5_hash[16];
+     *         opaque sha_hash[20];
+     *     } Finished;
+     *
+     * For (D)TLS:
+     *     struct {
+     *         opaque verify_data[12];
+     *     } Finished;
+     */
+    if (!tree)
+        return;
+
+    if (session->version == SSL_VER_SSLv3) {
+        if (ssl_hfs != NULL) {
+            proto_tree_add_item(tree, ssl_hfs->hs_md5_hash,
+                                tvb, offset, 16, ENC_NA);
+            proto_tree_add_item(tree, ssl_hfs->hs_sha_hash,
+                                tvb, offset + 16, 20, ENC_NA);
+        }
+    } else {
+        proto_tree_add_item(tree, hf->hf.hs_finished,
+                            tvb, offset, 12, ENC_NA);
+    }
+}
 
 void
 ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset)
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 6d336249c6..bb377011c5 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -703,6 +703,7 @@ typedef struct ssl_common_dissect {
         gint hs_session_ticket_lifetime_hint;
         gint hs_session_ticket_len;
         gint hs_session_ticket;
+        gint hs_finished;
 
         /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */
     } hf;
@@ -747,6 +748,14 @@ typedef struct {
     /* Do not forget to initialize dtls_hfs to -1 in packet-dtls.c! */
 } dtls_hfs_t;
 
+/* Header fields specific to SSL. See packet-ssl.c */
+typedef struct {
+    gint hs_md5_hash;
+    gint hs_sha_hash;
+
+    /* Do not forget to initialize ssl_hfs to -1 in packet-ssl.c! */
+} ssl_hfs_t;
+
 extern void
 ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
                           packet_info *pinfo, proto_tree *tree, guint32 offset,
@@ -776,6 +785,11 @@ ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb,
                           const SslSession *session);
 
 extern void
+ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+                         proto_tree *tree, guint32 offset,
+                         const SslSession *session, ssl_hfs_t *ssl_hfs);
+
+extern void
 ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset);
 
 extern void
@@ -797,7 +811,7 @@ ssl_common_dissect_t name = {   \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-        -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,     \
+        -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
     },                                                                  \
     /* ett */ {                                                         \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
@@ -1286,6 +1300,11 @@ ssl_common_dissect_t name = {   \
       { "Session Ticket", prefix ".handshake.session_ticket",           \
         FT_BYTES, BASE_NONE, NULL, 0x0,                                 \
         "New Session Ticket", HFILL }                                   \
+    },                                                                  \
+    { & name .hf.hs_finished,                                           \
+      { "Verify Data", prefix ".handshake.verify_data",                 \
+        FT_NONE, BASE_NONE, NULL, 0x0,                                  \
+        "Opaque verification data", HFILL }                             \
     }
 /* }}} */
 
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 3957fd7476..525a713d90 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -156,9 +156,6 @@ static gint hf_ssl_handshake_npn_selected_protocol_len = -1;
 static gint hf_ssl_handshake_npn_selected_protocol = -1;
 static gint hf_ssl_handshake_npn_padding_len = -1;
 static gint hf_ssl_handshake_npn_padding = -1;
-static gint hf_ssl_handshake_finished         = -1;
-static gint hf_ssl_handshake_md5_hash         = -1;
-static gint hf_ssl_handshake_sha_hash         = -1;
 static gint hf_ssl2_handshake_cipher_spec_len = -1;
 static gint hf_ssl2_handshake_session_id_len  = -1;
 static gint hf_ssl2_handshake_challenge_len   = -1;
@@ -204,6 +201,8 @@ static gint hf_ssl_heartbeat_message_payload_length  = -1;
 static gint hf_ssl_heartbeat_message_payload         = -1;
 static gint hf_ssl_heartbeat_message_padding         = -1;
 
+static ssl_hfs_t ssl_hfs = { -1, -1 };
+
 /* Initialize the subtree pointers */
 static gint ett_ssl                   = -1;
 static gint ett_ssl_record            = -1;
@@ -463,11 +462,6 @@ static void dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb,
                                             proto_tree *tree,
                                             guint32 offset, guint32 length);
 
-static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
-                                      proto_tree *tree,
-                                      const guint32 offset,
-                                      const SslSession *session);
-
 static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb,
                                          proto_tree *tree,
                                          guint32 offset,
@@ -1982,8 +1976,8 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                 break;
 
             case SSL_HND_FINISHED:
-                dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
-                                          offset, session);
+                ssl_dissect_hnd_finished(&dissect_ssl3_hf, tvb, ssl_hand_tree,
+                                         offset, session, &ssl_hfs);
                 break;
 
             case SSL_HND_CERT_URL:
@@ -2136,47 +2130,6 @@ dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree,
 }
 
 
-
-static void
-dissect_ssl3_hnd_finished(tvbuff_t *tvb,
-                          proto_tree *tree, const guint32 offset,
-                          const SslSession *session)
-{
-    /* For TLS:
-     *     struct {
-     *         opaque verify_data[12];
-     *     } Finished;
-     *
-     * For SSLv3:
-     *     struct {
-     *         opaque md5_hash[16];
-     *         opaque sha_hash[20];
-     *     } Finished;
-     */
-
-    /* this all needs a tree, so bail if we don't have one */
-    if (!tree)
-    {
-        return;
-    }
-
-    switch (session->version) {
-    case SSL_VER_TLS:
-    case SSL_VER_TLSv1DOT1:
-    case SSL_VER_TLSv1DOT2:
-        proto_tree_add_item(tree, hf_ssl_handshake_finished,
-                            tvb, offset, 12, ENC_NA);
-        break;
-
-    case SSL_VER_SSLv3:
-        proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
-                            tvb, offset, 16, ENC_NA);
-        proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
-                            tvb, offset + 16, 20, ENC_NA);
-        break;
-    }
-}
-
 static guint
 dissect_ssl3_ocsp_response(tvbuff_t *tvb, proto_tree *tree,
                            guint32 offset, packet_info *pinfo)
@@ -3865,17 +3818,12 @@ proto_register_ssl(void)
             FT_BYTES, BASE_NONE, NULL, 0x0,
             NULL, HFILL }
         },
-        { &hf_ssl_handshake_finished,
-          { "Verify Data", "ssl.handshake.verify_data",
-            FT_NONE, BASE_NONE, NULL, 0x0,
-            "Opaque verification data", HFILL }
-        },
-        { &hf_ssl_handshake_md5_hash,
+        { &ssl_hfs.hs_md5_hash,
           { "MD5 Hash", "ssl.handshake.md5_hash",
             FT_NONE, BASE_NONE, NULL, 0x0,
             "Hash of messages, master_secret, etc.", HFILL }
         },
-        { &hf_ssl_handshake_sha_hash,
+        { &ssl_hfs.hs_sha_hash,
           { "SHA-1 Hash", "ssl.handshake.sha_hash",
             FT_NONE, BASE_NONE, NULL, 0x0,
             "Hash of messages, master_secret, etc.", HFILL }