Wireshark · Wireshark-commits: [Wireshark-commits] master-1.12 dcc01c2: ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH

Wireshark-commits: [Wireshark-commits] master-1.12 dcc01c2: ssl: fix ClientKeyExchange, fix TLSv1.2

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Fri, 4 Jul 2014 08:06:03 +0000 (UTC)

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dcc01c20a1a3ed7a4a9fbb293c2088cf4da6f0a0
Submitter: Anders Broman (a.broman58@xxxxxxxxx)
Changed: branch: master-1.12
Repository: wireshark

Commits:

dcc01c2 by Peter Wu (peter@xxxxxxxxxxxxx):

    ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH
    
    Since DTLS and TLS do not differ in handling ClientKeyExchange and
    ServerKeyExchange, its dissection got moved to ssl-utils. The code is
    based on the SSL dissector, with header field names adjusted to the
    DTLS ones (those got capitalized). Besides a version difference (for
    signatures), the header field and function names, the DTLS and SSL code
    are equal (this is verified).
    
    This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
    a common function to dissect the signed_params field. All offset
    tracking is also removed in favor of exception handling by the
    proto_tree_add_item function. Occurrences of proto_tree_add_uint are
    also replaced by proto_tree_add_item for simplicity.
    
    After those changes, the SKE dissector for DH key exchanges is updated
    to handle the mandatory signature field in TLSv1.2, using the newly
    added function. (bug 9208)
    
    Another bug occurred after the length check removal, pre-TLS and
    OpenSSL's old DTLS implemenation do not include a vector length in
    the CKE. This is now also fixed. (bug 10222)
    
    Other minor changes: comments added/corrected, renamed
    keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
    
    Bug: 9208
    Bug: 10222
    Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
    Reviewed-on: https://code.wireshark.org/review/2542
    Reviewed-by: Evan Huus <eapache@xxxxxxxxx>
    (cherry picked from commit e22d3c9b744af8fa49806f1cde2100be85cc58cc)
    Reviewed-on: https://code.wireshark.org/review/2816
    Reviewed-by: Hauke Mehrtens <hauke@xxxxxxxxxx>
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    

Actions performed:

    from  098aa9f   ssl-utils: dissect the certificate type TLS extension
    adds  dcc01c2   ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH


Summary of changes:
 epan/dissectors/packet-dtls.c      |  695 +----------------------------------
 epan/dissectors/packet-ssl-utils.c |  392 ++++++++++++++++++++
 epan/dissectors/packet-ssl-utils.h |  176 ++++++++-
 epan/dissectors/packet-ssl.c       |  700 +-----------------------------------
 4 files changed, 570 insertions(+), 1393 deletions(-)

Prev by Date: [Wireshark-commits] master-1.12 098aa9f: ssl-utils: dissect the certificate type TLS extension
Next by Date: [Wireshark-commits] master d3a7176: Reflect the rename of get_XXX_pcap_version() to get_XXX_caplibs_version().
Previous by thread: [Wireshark-commits] master-1.12 098aa9f: ssl-utils: dissect the certificate type TLS extension
Next by thread: [Wireshark-commits] master d3a7176: Reflect the rename of get_XXX_pcap_version() to get_XXX_caplibs_version().
Index(es):
- Date
- Thread