From Graeme Lunt:

Here are a number of small patches for asn1 based dissectors: acse: release request/response column information (many X.400/X.500 unbinds are empty) "standardised" PNAME to "ISO 8650-1 OSI Association Control Service" fix for crash when using EXTERNAL dissector rtse: column information when attempting a resume x509if: generation of LDAP-style DNs from RDNSequences new function x509if_get_last_dn() to get the last DN generated. x509af: DSS parameters certificate extension naming subject naming of certificate x509sat: Guide syntax (as SET now supported) PDU exports. cms: verification of message digest attribute (SHA-1 and MD5) ess: enumerated/restrictive/permissive/informative security categories x411: generation of string encoding of X.400 addresses, trace information and message identifiers. s4406: separate types for primary and copy precedence to allow better filtering (e.g. primary precedence = flash) priority-level-qualifier git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16508 f5534014-38df-0310-8fa8-9805f1628bb7
author: etxrab <etxrab@f5534014-38df-0310-8fa8-9805f1628bb7> 2005-11-16 07:13:12 +0000
committer: etxrab <etxrab@f5534014-38df-0310-8fa8-9805f1628bb7> 2005-11-16 07:13:12 +0000
commit: 3cf9e6ac03bb6b962f17a02ee566b81d0404e4f4 (patch)
tree: 0c7664cef1a075c4ecb3ad5ddc8d364055957829 /asn1
parent: 8a88ef70268ceb7c186b15406f4d786f866ed481 (diff)
32 files changed, 808 insertions, 67 deletions
diff --git a/asn1/acse/Makefile.nmake b/asn1/acse/Makefile.nmake
index 72b766eeba..9c5b15df58 100644
--- a/asn1/acse/Makefile.nmake
+++ b/asn1/acse/Makefile.nmake
@@ -37,6 +37,6 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
 
diff --git a/asn1/acse/acse.cnf b/asn1/acse/acse.cnf
index 5a72fa3690..b22d1c6e6a 100644
--- a/asn1/acse/acse.cnf
+++ b/asn1/acse/acse.cnf
@@ -102,4 +102,30 @@ ACRQ-apdu/aSO-context-name	aCRQ_aSO_context_name
 #.FN_BODY EXTERNAL/encoding/single-ASN1-type
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, top_tree ? top_tree : tree);
 
+#.FN_PARS Release-request-reason
+  VAL_PTR=&reason
+
+#.FN_BODY Release-request-reason
+  int reason = -1;
+ 
+  %(DEFAULT_BODY)s
+
+  if((reason != -1) && check_col(pinfo->cinfo, COL_INFO))
+   col_append_fstr(pinfo->cinfo, COL_INFO, "Release-Request (%%s)", val_to_str(reason, acse_Release_request_reason_vals, "reason(%%d)"));
+
+
+#.FN_PARS Release-response-reason
+  VAL_PTR=&reason
+
+#.FN_BODY Release-response-reason
+  int reason = -1;
+ 
+  %(DEFAULT_BODY)s
+
+  if((reason != -1) && check_col(pinfo->cinfo, COL_INFO))
+   col_append_fstr(pinfo->cinfo, COL_INFO, "Release-Response (%%s)", val_to_str(reason, acse_Release_request_reason_vals, "reason(%%d)"));
+
+
+
+
 #.END
diff --git a/asn1/acse/packet-acse-template.c b/asn1/acse/packet-acse-template.c
index 0e32bcaa57..7218dff4c2 100644
--- a/asn1/acse/packet-acse-template.c
+++ b/asn1/acse/packet-acse-template.c
@@ -52,7 +52,7 @@
 #include "packet-pres.h"
 #include "packet-x509if.h"
 
-#define PNAME  "ACSE"
+#define PNAME  "ISO 8650-1 OSI Association Control Service"
 #define PSNAME "ACSE"
 #define PFNAME "acse"
 
@@ -154,8 +154,6 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 	proto_tree    *tree=NULL;
 	char *oid;
 
-	/* save parent_tree so subdissectors can create new top nodes */
-	top_tree=parent_tree;
 
 	/* first, try to check length   */
 	/* do we have at least 2 bytes  */
@@ -181,6 +179,9 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 			}
 		}
 	}
+	/* save parent_tree so subdissectors can create new top nodes */
+	top_tree=parent_tree;
+
 	/*  ACSE has only AARQ,AARE,RLRQ,RLRE,ABRT type of pdu */
 	/*  reject everything else                              */
 	/*  data pdu is not ACSE pdu and has to go directly to app dissector */
@@ -205,8 +206,10 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 			proto_tree_add_text(parent_tree, tvb, offset, -1,
 			    "dissector is not available");
 		}
+		top_tree = NULL;
 		return;
 	default:
+		top_tree = NULL;
 		return;
 	}
 
@@ -232,7 +235,8 @@ dissect_acse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
 			break;
 		}
 	}
-
+	
+top_tree = NULL;
 }
 
 /*--- proto_register_acse ----------------------------------------------*/
diff --git a/asn1/cms/Makefile.nmake b/asn1/cms/Makefile.nmake
index 21948a74a3..4bbaef8195 100644
--- a/asn1/cms/Makefile.nmake
+++ b/asn1/cms/Makefile.nmake
@@ -37,6 +37,6 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
 
diff --git a/asn1/cms/cms.cnf b/asn1/cms/cms.cnf
index 2c09a38d58..95e29b91c1 100644
--- a/asn1/cms/cms.cnf
+++ b/asn1/cms/cms.cnf
@@ -46,6 +46,13 @@ Countersignature  B "1.2.840.113549.1.9.6"	"id-counterSignature"
 #.FIELD_RENAME
 SignerInfo/signature	signatureValue
 RecipientEncryptedKey/rid	rekRid
+EncryptedContentInfo/contentType	encryptedContentType
+
+#.FN_BODY ContentInfo
+  top_tree = tree;
+  %(DEFAULT_BODY)s
+  content_tvb = NULL;
+  top_tree = NULL;
 
 #.FN_BODY ContentInfo/contentType
   offset = dissect_ber_object_identifier_str(FALSE, pinfo, tree, tvb, offset,
@@ -64,13 +71,16 @@ RecipientEncryptedKey/rid	rekRid
   gint32 tag;
   guint32 len;
   int pdu_offset = offset;
+  int content_offset;
 
   /* XXX Do we care about printing out the octet string? */
-  offset = dissect_cms_OCTET_STRING(FALSE, tvb, offset, pinfo, tree, hf_cms_eContent);
+  offset = dissect_cms_OCTET_STRING(FALSE, tvb, offset, pinfo, NULL, hf_cms_eContent);
 
   pdu_offset = get_ber_identifier(tvb, pdu_offset, &class, &pc, &tag);
-  pdu_offset = get_ber_length(tree, tvb, pdu_offset, &len, &ind);
-  pdu_offset = call_ber_oid_callback(object_identifier_id, tvb, pdu_offset, pinfo, tree);
+  content_offset = pdu_offset = get_ber_length(tree, tvb, pdu_offset, &len, &ind);
+  pdu_offset = call_ber_oid_callback(object_identifier_id, tvb, pdu_offset, pinfo, top_tree ? top_tree : tree);
+  
+  content_tvb = tvb_new_subset(tvb, content_offset, len, -1);
 
 #.FN_PARS OtherKeyAttribute/keyAttrId
   FN_VARIANT = _str  HF_INDEX = hf_cms_ci_contentType  VAL_PTR = &object_identifier_id
@@ -78,13 +88,39 @@ RecipientEncryptedKey/rid	rekRid
 #.FN_BODY OtherKeyAttribute/keyAttr
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
 
+
 #.FN_PARS Attribute/attrType
   FN_VARIANT = _str  HF_INDEX = hf_cms_attrType  VAL_PTR = &object_identifier_id
 
+#.FN_BODY Attribute/attrType
+  char *name = NULL;
+
+  %(DEFAULT_BODY)s
+
+  if(object_identifier_id) {
+    name = get_ber_oid_name(object_identifier_id);
+    proto_item_append_text(tree, " (%%s)", name ? name : object_identifier_id); 
+  }
+
 #.FN_BODY AttributeValue
 
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
 
+#.FN_BODY MessageDigest
+  proto_item *pi;
+  int old_offset = offset;
+
+  %(DEFAULT_BODY)s
+ 
+  pi = get_ber_last_created_item();
+
+  /* move past TLV */
+  old_offset = get_ber_identifier(tvb, old_offset, NULL, NULL, NULL);
+  old_offset = get_ber_length(tree, tvb, old_offset, NULL, NULL);
+
+  if(content_tvb) 
+    cms_verify_msg_digest(pi, content_tvb, x509af_get_last_algorithm_id(), tvb, old_offset);
+
 #.END
 
 
diff --git a/asn1/cms/packet-cms-template.c b/asn1/cms/packet-cms-template.c
index c52c79da72..48115551a1 100644
--- a/asn1/cms/packet-cms-template.c
+++ b/asn1/cms/packet-cms-template.c
@@ -39,6 +39,9 @@
 #include "packet-x509af.h"
 #include "packet-x509if.h"
 
+#include <epan/sha1.h>
+#include <epan/crypt-md5.h>
+
 #define PNAME  "Cryptographic Message Syntax"
 #define PSNAME "CMS"
 #define PFNAME "cms"
@@ -55,9 +58,80 @@ static int dissect_cms_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, in
 
 
 static const char *object_identifier_id;
+static tvbuff_t *content_tvb = NULL;
 
-#include "packet-cms-fn.c"
+static proto_tree *top_tree=NULL;
+
+#define HASH_SHA1 "1.3.14.3.2.26"
+#define SHA1_BUFFER_SIZE  20
+
+#define HASH_MD5 "1.2.840.113549.2.5"
+#define MD5_BUFFER_SIZE  16
+
+
+/* SHA-2 variants */
+#define HASH_SHA224 "2.16.840.1.101.3.4.2.4"
+#define SHA224_BUFFER_SIZE  32 /* actually 28 */
+#define HASH_SHA256 "2.16.840.1.101.3.4.2.1"
+#define SHA256_BUFFER_SIZE  32
+
+unsigned char digest_buf[MAX(SHA1_BUFFER_SIZE, MD5_BUFFER_SIZE)];
+
+static void
+cms_verify_msg_digest(proto_item *pi, tvbuff_t *content, char *alg, tvbuff_t *tvb, int offset)
+{
+  sha1_context sha1_ctx;
+  md5_state_t md5_ctx;
+  int i= 0, buffer_size = 0;
+
+  /* we only support two algorithms at the moment  - if we do add SHA2
+     we should add a registration process to use a registration process */
+
+  if(strcmp(alg, HASH_SHA1) == 0) {
+
+    sha1_starts(&sha1_ctx);
+
+    sha1_update(&sha1_ctx, 
+		(guint8*)tvb_get_ptr(content, 0, tvb_length(content)), 
+		tvb_length(content));
 
+    sha1_finish(&sha1_ctx, digest_buf);
+
+    buffer_size = SHA1_BUFFER_SIZE;
+
+  } else if(strcmp(alg, HASH_MD5) == 0) {
+
+    md5_init(&md5_ctx);
+
+    md5_append(&md5_ctx, 
+	       (const guint8*) tvb_get_ptr(content, 0, tvb_length(content)), 
+	       tvb_length(content));
+    
+    md5_finish(&md5_ctx, digest_buf);
+
+    buffer_size = MD5_BUFFER_SIZE;
+  }
+
+  if(buffer_size) {
+    /* compare our computed hash with what we have received */  
+
+    if(tvb_bytes_exist(tvb, offset, buffer_size) &&
+       (memcmp(tvb_get_ptr(tvb, offset, buffer_size), digest_buf, buffer_size) != 0)) { 
+      proto_item_append_text(pi, " [incorrect, should be ");
+      for(i = 0; i < buffer_size; i++)
+	proto_item_append_text(pi, "%02X", digest_buf[i]);
+
+      proto_item_append_text(pi, "]");
+    }
+    else
+      proto_item_append_text(pi, " [correct]");
+  } else {
+    proto_item_append_text(pi, " [unable to verify]");
+  }
+
+}
+
+#include "packet-cms-fn.c"
 
 /*--- proto_register_cms ----------------------------------------------*/
 void proto_register_cms(void) {
diff --git a/asn1/ess/ExtendedSecurityServices.asn b/asn1/ess/ExtendedSecurityServices.asn
index 69b2979c6d..06a0eeb192 100644
--- a/asn1/ess/ExtendedSecurityServices.asn
+++ b/asn1/ess/ExtendedSecurityServices.asn
@@ -191,6 +191,35 @@ SecurityCategory ::= SEQUENCE {
 --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
 --END
 
+-- this is a commonly used definition of security categories
+
+RestrictiveTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributeFlags	BIT STRING
+}
+
+EnumeratedTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributeList		SET OF SecurityAttribute
+}
+
+PermissiveTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributeFlags	BIT STRING
+}
+
+SecurityAttribute ::= INTEGER
+
+InformativeTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributes		FreeFormField
+}
+
+FreeFormField ::= CHOICE {
+  bitSetAttributes 	BIT STRING,
+  securityAttributes	SET OF SecurityAttribute
+}
+
 -- Section 3.4
 
 
diff --git a/asn1/ess/Makefile.nmake b/asn1/ess/Makefile.nmake
index 3fd2af8b37..acc6e626bf 100644
--- a/asn1/ess/Makefile.nmake
+++ b/asn1/ess/Makefile.nmake
@@ -43,6 +43,6 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
 
diff --git a/asn1/ess/ess.cnf b/asn1/ess/ess.cnf
index 10c2caa3ae..e788eced90 100644
--- a/asn1/ess/ess.cnf
+++ b/asn1/ess/ess.cnf
@@ -28,6 +28,11 @@ EquivalentLabels   B "1.2.840.113549.1.9.16.2.9"  "id-aa-equivalentLabels"
 MLExpansionHistory B "1.2.840.113549.1.9.16.2.3"  "id-aa-mlExpandHistory"
 SigningCertificate B "1.2.840.113549.1.9.16.2.12" "id-aa-signingCertificate"
 
+RestrictiveTag	   B "2.16.840.1.101.2.1.8.3.0"	  "id-restrictiveAttributes"
+EnumeratedTag	   B "2.16.840.1.101.2.1.8.3.1"	  "id-enumeratedPermissiveAttributes"
+PermissiveTag	   B "2.16.840.1.101.2.1.8.3.2"	  "id-restrictiveAttributes"
+InformativeTag	   B "2.16.840.1.101.2.1.8.3.3"	  "id-informativeAttributes"
+EnumeratedTag	   B "2.16.840.1.101.2.1.8.3.4"	  "id-enumeratedRestrictiveAttributes"
 
 #.NO_EMIT
 
diff --git a/asn1/rtse/Makefile.nmake b/asn1/rtse/Makefile.nmake
index 91bb36c1f9..740198a277 100644
--- a/asn1/rtse/Makefile.nmake
+++ b/asn1/rtse/Makefile.nmake
@@ -37,6 +37,6 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
 
diff --git a/asn1/rtse/packet-rtse-template.c b/asn1/rtse/packet-rtse-template.c
index dbf689682e..27c2b9f6cb 100644
--- a/asn1/rtse/packet-rtse-template.c
+++ b/asn1/rtse/packet-rtse-template.c
@@ -50,6 +50,7 @@ int proto_rtse = -1;
 static struct SESSION_DATA_STRUCTURE* session = NULL;
 
 static char object_identifier_id[MAX_OID_STR_LEN];
+static gboolean open_request=FALSE;
 /* indirect_reference, used to pick up the signalling so we know what
    kind of data is transferred in SES_DATA_TRANSFER_PDUs */
 static guint32 indir_ref=0;
diff --git a/asn1/rtse/rtse.cnf b/asn1/rtse/rtse.cnf
index 37519bc9f0..8ba90ffed0 100644
--- a/asn1/rtse/rtse.cnf
+++ b/asn1/rtse/rtse.cnf
@@ -38,19 +38,16 @@ EXTERNAL
 
   if((session = (struct SESSION_DATA_STRUCTURE*)(pinfo->private_data)) != NULL)
 	session->ros_op = (ROS_OP_BIND | ROS_OP_ARGUMENT);
-
-  offset = dissect_ber_set(implicit_tag, pinfo, tree, tvb, offset,
-                              RTORQapdu_set, hf_index, ett_rtse_RTORQapdu);
-
+  open_request=TRUE;
+  %(DEFAULT_BODY)s
+  open_request=FALSE;
 
 #.FN_BODY RTOACapdu
 
   if((session = (struct SESSION_DATA_STRUCTURE*)(pinfo->private_data)) != NULL)
 	session->ros_op = (ROS_OP_BIND | ROS_OP_RESULT);
 
-  offset = dissect_ber_set(implicit_tag, pinfo, tree, tvb, offset,
-                              RTOACapdu_set, hf_index, ett_rtse_RTOACapdu);
-
+  %(DEFAULT_BODY)s
 
 #.FN_BODY T_open
 
@@ -135,4 +132,33 @@ EXTERNAL
 
   offset = dissect_ber_integer(TRUE, pinfo, tree, tvb, offset, hf_index, &app_proto);
 
+#.FN_BODY SessionConnectionIdentifier
+  if(open_request && check_col(pinfo->cinfo, COL_INFO))
+    col_append_fstr(pinfo->cinfo, COL_INFO, "Recover");
+  %(DEFAULT_BODY)s
+
+#.FN_PARS T61String
+  VAL_PTR=&string
+#.FN_BODY T61String
+  tvbuff_t *string = NULL;
+  %(DEFAULT_BODY)s
+  if(open_request && string && check_col(pinfo->cinfo, COL_INFO))
+    col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", tvb_format_text(string, 0, tvb_length(string)));
+
+#.FN_PARS CommonReference
+  VAL_PTR=&string
+#.FN_BODY CommonReference
+  tvbuff_t *string = NULL;
+  %(DEFAULT_BODY)s
+  if(open_request && string && check_col(pinfo->cinfo, COL_INFO))
+    col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", tvb_format_text(string, 0, tvb_length(string)));
+
+#.FN_PARS OCTET_STRING
+  VAL_PTR=&string
+#.FN_BODY OCTET_STRING
+  tvbuff_t *string = NULL;
+  %(DEFAULT_BODY)s
+  if(open_request && string && check_col(pinfo->cinfo, COL_INFO))
+    col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", tvb_format_text(string, 0, tvb_length(string)));
+
 #.END
diff --git a/asn1/s4406/Makefile.nmake b/asn1/s4406/Makefile.nmake
index e7a8714826..bc53951d7b 100644
--- a/asn1/s4406/Makefile.nmake
+++ b/asn1/s4406/Makefile.nmake
@@ -37,6 +37,6 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
 
diff --git a/asn1/s4406/s4406.asn b/asn1/s4406/s4406.asn
index c1f8773d2a..f9251dba39 100644
--- a/asn1/s4406/s4406.asn
+++ b/asn1/s4406/s4406.asn
@@ -130,7 +130,7 @@ OriginatorReference ::= MilitaryString
 --	VALUE MMHSPrecedence
 --	::= id-nato-mmhs-mm-primary-precedence
 
-MMHSPrecedence ::= INTEGER {deferred (0), routine (1), priority (2), immediate (3),
+PrimaryPrecedence ::= INTEGER {deferred (0), routine (1), priority (2), immediate (3),
 	flash (4), override (5), 
 -- these are used by some National systems XXX need to verify
 	ecp(16), critic(17), override(18)}
@@ -145,6 +145,13 @@ MMHSPrecedence ::= INTEGER {deferred (0), routine (1), priority (2), immediate (
 --	VALUE MMHSPrecedence 
 --	::= id-nato-mmhs-mm-copy-precedence
 
+-- we have expanded MMHSPrecedence to PrimaryPrecedence and CopyPrecedence to
+-- all rules to be written to highlight high priority messages.
+CopyPrecedence ::= INTEGER {deferred (0), routine (1), priority (2), immediate (3),
+	flash (4), override (5), 
+-- these are used by some National systems XXX need to verify
+	ecp(16), critic(17), override(18)}
+
 -- Note: Values 0 to 15 are reserved for NATO defined precedence levels. 
 -- Values 16 to 31 are reserved for national user.
 
@@ -200,13 +207,19 @@ OtherRecipientDesignator ::= SET {
 --	::= id-nato-mmhs-mm-pilot-forwarding-info
 
 PilotInformation ::= SEQUENCE {
-	pilotPrecedence	[0]	MMHSPrecedence OPTIONAL,
+	pilotPrecedence	[0]	PilotPrecedence OPTIONAL,
 		-- Note: Values 0 to 15 are reserved for NATO defined precedence levels.
 		-- Values 16 to 31 are reserved for national use.
 	pilotRecipient	[1]	SEQUENCE OF ORDescriptor OPTIONAL,
 	pilotSecurity	[2]	--Message--SecurityLabel OPTIONAL,
 	pilotHandling	[3]	SEQUENCE OF MilitaryString OPTIONAL}
 
+PilotPrecedence ::= INTEGER {deferred (0), routine (1), priority (2), immediate (3),
+	flash (4), override (5), 
+-- these are used by some National systems XXX need to verify
+	ecp(16), critic(17), override(18)}
+
+
 
 -- Acp127 message identifier
 -- a string to store routing indicator, station serial number and julian file 
@@ -261,4 +274,8 @@ BodyPartSequenceNumber ::= INTEGER
 -- Annex B for instruction on the use of its replacement, the
 -- ESSSecurityLabel.
 
+PriorityLevelQualifier ::= ENUMERATED {
+  low(0),
+  high(1) }
+
 END -- of Military heading extensions used in MMS
diff --git a/asn1/s4406/s4406.cnf b/asn1/s4406/s4406.cnf
index 5d123aa9c5..f5850b38bc 100644
--- a/asn1/s4406/s4406.cnf
+++ b/asn1/s4406/s4406.cnf
@@ -15,7 +15,8 @@ MessageType/type		message_type_type
 OtherRecipientDesignator/type	other_recipient_type
 
 #.PDU
-MMHSPrecedence
+PrimaryPrecedence
+CopyPrecedence
 MessageType
 AddressListDesignator
 ExemptedAddress
@@ -32,8 +33,8 @@ OriginatorPlad
 SecurityInformationLabels
 
 #.REGISTER
-MMHSPrecedence 			B "1.3.26.0.4406.0.2.0" "primary-precedence"
-MMHSPrecedence 			B "1.3.26.0.4406.0.2.1" "copy-precedence"
+PrimaryPrecedence 		B "1.3.26.0.4406.0.2.0" "primary-precedence"
+CopyPrecedence 			B "1.3.26.0.4406.0.2.1" "copy-precedence"
 MessageType 			B "1.3.26.0.4406.0.2.2" "message-type"
 AddressListDesignator 		B "1.3.26.0.4406.0.2.3" "address-list-indicator"
 ExemptedAddress 		B "1.3.26.0.4406.0.2.4" "exempted-address"
@@ -49,5 +50,23 @@ Acp127MessageIdentifier 	B "1.3.26.0.4406.0.2.13" "acp127-message-identifierr"
 OriginatorPlad 			B "1.3.26.0.4406.0.2.14" "originator-plad"
 SecurityInformationLabels 	B "1.3.26.0.4406.0.2.17" "information-labels"
 
+PriorityLevelQualifier		B "1.3.26.0.4406.0.8.0"	 "priority-level-qualifier"
+
 #.FN_BODY T_dist_value
 /* XXX: not implemented */
+
+#.FN_PARS PrimaryPrecedence
+  VAL_PTR=&precedence
+#.FN_BODY PrimaryPrecedence
+  int precedence = -1;
+  %(DEFAULT_BODY)s
+  if((precedence != -1) && check_col(pinfo->cinfo, COL_INFO))
+   col_append_fstr(pinfo->cinfo, COL_INFO, " (primary=%%s)", val_to_str(precedence, s4406_PrimaryPrecedence_vals, "precedence(%%d)"));
+
+#.FN_PARS CopyPrecedence
+  VAL_PTR=&precedence
+#.FN_BODY CopyPrecedence
+  int precedence = -1;
+  %(DEFAULT_BODY)s
+  if((precedence != -1) && check_col(pinfo->cinfo, COL_INFO))
+   col_append_fstr(pinfo->cinfo, COL_INFO, " (copy=%%s)", val_to_str(precedence, s4406_CopyPrecedence_vals, "precedence(%%d)"));
diff --git a/asn1/x411/Makefile.nmake b/asn1/x411/Makefile.nmake
index 4686fd8f5a..0f6db775d6 100644
--- a/asn1/x411/Makefile.nmake
+++ b/asn1/x411/Makefile.nmake
@@ -37,6 +37,6 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
 
diff --git a/asn1/x411/packet-x411-template.c b/asn1/x411/packet-x411-template.c
index f0c68d266d..58c90a98bf 100644
--- a/asn1/x411/packet-x411-template.c
+++ b/asn1/x411/packet-x411-template.c
@@ -55,8 +55,14 @@
 int proto_x411 = -1;
 
 static struct SESSION_DATA_STRUCTURE* session = NULL;
-static int extension_id = 0; /* integer extension id */
-static const char *object_identifier_id; /* content type identifier */
+static int extension_id = -1; /* integer extension id */
+static char *object_identifier_id; /* extensions identifier */
+static char *content_type_id; /* content type identifier */
+
+#define MAX_ORA_STR_LEN     256
+static char *oraddress = NULL;
+static gboolean doing_address=FALSE;
+static proto_item *address_item;
 
 static proto_tree *top_tree=NULL;
 
diff --git a/asn1/x411/x411.cnf b/asn1/x411/x411.cnf
index 72cdef65c7..1b67c0d54d 100644
--- a/asn1/x411/x411.cnf
+++ b/asn1/x411/x411.cnf
@@ -192,8 +192,16 @@ UniversalOrganizationalUnitNames B "x411.extension-attribute.27" "universal-orga
 /*XXX not implemented yet */
 
 #.FN_BODY ExtensionValue
-
-	offset=call_x411_oid_callback("x411.extension", tvb, offset, pinfo, tree);
+	char *name;
+
+	if(extension_id != -1) 
+		offset=call_x411_oid_callback("x411.extension", tvb, offset, pinfo, tree);
+	else if(object_identifier_id) {
+		call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
+		name = get_ber_oid_name(object_identifier_id);
+		proto_item_append_text(tree, " (%%s)", name ? name : object_identifier_id); 
+	}
+		
 
 #.FN_BODY CategoryValue
 
@@ -219,9 +227,15 @@ UniversalOrganizationalUnitNames B "x411.extension-attribute.27" "universal-orga
     offset = get_ber_identifier(tvb, offset, &class, &pc, &tag);
     offset = get_ber_length(tree, tvb, offset, &len1, &ind_field);
  }
+
+ if(doing_address)
+    g_strlcat(oraddress, "/C=", MAX_ORA_STR_LEN);
+
   offset = dissect_ber_choice(pinfo, tree, tvb, offset,
                               CountryName_choice, hf_index, ett_x411_CountryName, NULL);
 
+
+
 #.FN_BODY AdministrationDomainName
  gint8 class;
  gboolean pc, ind_field;
@@ -236,6 +250,9 @@ UniversalOrganizationalUnitNames B "x411.extension-attribute.27" "universal-orga
     offset = get_ber_length(tree, tvb, offset, &len1, &ind_field);
  }
 
+  if(doing_address)
+    g_strlcat(oraddress, "/A=", MAX_ORA_STR_LEN);
+
   offset = dissect_ber_choice(pinfo, tree, tvb, offset,
                               AdministrationDomainName_choice, hf_index, ett_x411_AdministrationDomainName, NULL);
 
@@ -262,9 +279,30 @@ UniversalOrganizationalUnitNames B "x411.extension-attribute.27" "universal-orga
 #.FN_PARS INTEGER
 	VAL_PTR = &extension_id
 
-#.FN_PARS ExtendedContentType
+#.FN_PARS OBJECT_IDENTIFIER
 	FN_VARIANT = _str  VAL_PTR = &object_identifier_id
 
+#.FN_BODY OBJECT_IDENTIFIER
+
+	%(DEFAULT_BODY)s
+	extension_id = -1;
+
+#.FN_PARS ExtendedContentType
+	FN_VARIANT = _str  VAL_PTR = &content_type_id
+
+#.FN_BODY ExtendedContentType
+	char *name = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(content_type_id) {
+	  name = get_ber_oid_name(content_type_id);
+
+  	  if(!name) name = content_type_id;
+
+	  proto_item_append_text(tree, " (%%s)", name);
+	}
+
 #.FN_PARS BuiltInContentType
 	VAL_PTR = &ict
 
@@ -289,22 +327,272 @@ UniversalOrganizationalUnitNames B "x411.extension-attribute.27" "universal-orga
   tvbuff_t *next_tvb;
 
   /* we can do this now constructed octet strings are supported */
-  offset = dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_index, &next_tvb);
+  offset = dissect_ber_octet_string(FALSE, pinfo, NULL, tvb, offset, hf_index, &next_tvb);
 
-  if (next_tvb)
-    (void) call_ber_oid_callback(object_identifier_id, next_tvb, 0, pinfo, top_tree ? top_tree : tree);
+  if (next_tvb && content_type_id)
+    (void) call_ber_oid_callback(content_type_id, next_tvb, 0, pinfo, top_tree ? top_tree : tree);
 
 #.FN_PARS MTAName
 	VAL_PTR = &mtaname
 
 #.FN_BODY MTAName
-	tvbuff_t	*mtaname;
+	tvbuff_t	*mtaname = NULL;
 
 	%(DEFAULT_BODY)s
 
-	if (check_col(pinfo->cinfo, COL_INFO)) {
-		col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", tvb_get_string(mtaname, 0, tvb_length(mtaname)));
+	if(doing_address) {
+
+		proto_item_append_text(address_item, " %%s", tvb_format_text(mtaname, 0, tvb_length(mtaname)));
+
+	} else {
+
+	if (check_col(pinfo->cinfo, COL_INFO) && mtaname) {
+		col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", tvb_format_text(mtaname, 0, tvb_length(mtaname)));
 	}
 
-#.END
+	}
+
+#.FN_PARS X121Address
+	VAL_PTR=&string
+
+#.FN_BODY X121Address
+	tvbuff_t	*string = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(doing_address && string) {
+		g_strlcat(oraddress, "/X121=", MAX_ORA_STR_LEN);
+		g_strlcat(oraddress, tvb_format_text(string, 0, tvb_length(string)), MAX_ORA_STR_LEN);
+	}
+
+
+#.FN_PARS TerminalIdentifier
+	VAL_PTR=&string
+
+#.FN_BODY TerminalIdentifier
+	tvbuff_t	*string = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(doing_address && string) {
+		g_strlcat(oraddress, "/UA-ID=", MAX_ORA_STR_LEN);
+		g_strlcat(oraddress, tvb_format_text(string, 0, tvb_length(string)), MAX_ORA_STR_LEN);
+	}
+
+#.FN_BODY PrivateDomainName
+
+	if(doing_address)
+		g_strlcat(oraddress, "/P=", MAX_ORA_STR_LEN);
+
+	%(DEFAULT_BODY)s
+
+#.FN_BODY PrivateDomainIdentifier
+
+	if(doing_address)
+		g_strlcat(oraddress, "/P=", MAX_ORA_STR_LEN);
+
+	%(DEFAULT_BODY)s
+
+#.FN_PARS OrganizationName
+	VAL_PTR=&string
+
+#.FN_BODY OrganizationName
+	tvbuff_t	*string = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(doing_address && string) {
+		g_strlcat(oraddress, "/O=", MAX_ORA_STR_LEN);
+		g_strlcat(oraddress, tvb_format_text(string, 0, tvb_length(string)), MAX_ORA_STR_LEN);
+	}
+
+#.FN_PARS CommonName
+	VAL_PTR=&string
+
+#.FN_BODY CommonName
+	tvbuff_t	*string = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(doing_address && string) {
+		g_strlcat(oraddress, "/CN=", MAX_ORA_STR_LEN);
+		g_strlcat(oraddress, tvb_format_text(string, 0, tvb_length(string)), MAX_ORA_STR_LEN);
+	}
+
+
+
+#.FN_PARS NumericString
+	VAL_PTR=&nstring
+
+#.FN_BODY NumericString
+	tvbuff_t	*nstring = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(doing_address && nstring)
+		g_strlcat(oraddress, tvb_format_text(nstring, 0, tvb_length(nstring)), MAX_ORA_STR_LEN);
+
+#.FN_PARS TeletexString
+
+#.FN_BODY TeletexString
+	tvbuff_t	*tstring = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(doing_address && tstring) 
+		g_strlcat(oraddress, tvb_format_text(tstring, 0, tvb_length(tstring)), MAX_ORA_STR_LEN);
+
 
+#.FN_PARS PrintableString
+	VAL_PTR=&pstring
+
+#.FN_BODY PrintableString
+	tvbuff_t	*pstring = NULL;
+	char 		*fmt = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(doing_address && pstring) {
+  	  if(hf_index == hf_x411_printable_surname)			fmt = "/S=";
+	  else if(hf_index == hf_x411_printable_given_name)		fmt = "/G=";
+	  else if(hf_index == hf_x411_printable_initials)		fmt = "/I=";
+	  else if(hf_index == hf_x411_printable_generation_qualifier)	fmt = "/GQ=";
+	  else if(hf_index == hf_x411_printable_type)			fmt = "/DD.";
+	  else if(hf_index == hf_x411_printable_value)			fmt = "=";
+		
+	  if(fmt)
+	    g_strlcat(oraddress, fmt, MAX_ORA_STR_LEN);
+
+	  g_strlcat(oraddress, tvb_format_text(pstring, 0, tvb_length(pstring)), MAX_ORA_STR_LEN);
+
+	}
+
+#.FN_BODY ORAddress
+	
+	oraddress = ep_alloc(MAX_ORA_STR_LEN); oraddress[0] = '\0';	
+	doing_address = TRUE;
+	address_item = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(*oraddress && address_item)
+		proto_item_append_text(address_item, " %%s/", oraddress);
+
+	doing_address = FALSE;
+
+#.FN_BODY ORName
+	
+	oraddress = ep_alloc(MAX_ORA_STR_LEN); oraddress[0] = '\0';	
+	address_item = NULL;
+	doing_address = TRUE;
+
+	%(DEFAULT_BODY)s
+
+	if(*oraddress && address_item)
+		proto_item_append_text(address_item, " (%%s/)", oraddress);
+
+	doing_address = FALSE;
+
+#.FN_BODY GlobalDomainIdentifier
+	
+	oraddress = ep_alloc(MAX_ORA_STR_LEN); oraddress[0] = '\0';	
+	address_item = tree;
+
+	%(DEFAULT_BODY)s
+
+	if(*oraddress)
+		proto_item_append_text(address_item, " (%%s/", oraddress);
+
+
+#.FN_PARS LocalIdentifier
+	VAL_PTR=&id
+
+#.FN_BODY LocalIdentifier
+	tvbuff_t 	*id = NULL;
+	
+	%(DEFAULT_BODY)s
+	
+	if(doing_address && id)
+	  proto_item_append_text(address_item, " $ %%s)", tvb_format_text(id, 0, tvb_length(id)));
+
+#.FN_BODY MTSIdentifier
+
+	doing_address = TRUE;
+
+	%(DEFAULT_BODY)s
+
+	doing_address = FALSE;
+
+#.FN_BODY BuiltInStandardAttributes
+
+	address_item = tree;	
+
+	%(DEFAULT_BODY)s
+
+#.FN_BODY TraceInformationElement
+
+	doing_address = TRUE;
+
+	%(DEFAULT_BODY)s
+
+	doing_address = FALSE;
+
+#.FN_BODY InternalTraceInformationElement
+
+	doing_address = TRUE;
+
+	%(DEFAULT_BODY)s
+
+	doing_address = FALSE;
+
+
+#.FN_BODY DomainSuppliedInformation
+
+	doing_address = FALSE;
+
+	%(DEFAULT_BODY)s
+
+	doing_address = TRUE;
+	proto_item_append_text(tree, ")");
+
+#.FN_BODY MTASuppliedInformation
+
+	doing_address = FALSE;
+
+	%(DEFAULT_BODY)s
+
+	doing_address = TRUE;
+	proto_item_append_text(tree, ")");
+
+#.FN_PARS Time
+	VAL_PTR = &arrival
+
+#.FN_BODY Time
+	tvbuff_t *arrival = NULL;
+
+	%(DEFAULT_BODY)s
+
+	if(arrival)
+		proto_item_append_text(address_item, " %%s", tvb_format_text(arrival, 0, tvb_length(arrival)));
+
+#.FN_PARS RoutingAction
+	VAL_PTR = &action
+
+#.FN_BODY RoutingAction
+	int action = 0;
+
+	%(DEFAULT_BODY)s
+
+	proto_item_append_text(address_item, " %%s", val_to_str(action, x411_RoutingAction_vals, "action(%%d)"));
+
+#.FN_PARS MTABindError
+  VAL_PTR=&error
+
+#.FN_BODY MTABindError
+  int error = -1;
+  %(DEFAULT_BODY)s
+  if((error != -1) && check_col(pinfo->cinfo, COL_INFO))
+    col_append_fstr(pinfo->cinfo, COL_INFO, " (%%s)", val_to_str(error, x411_MTABindError_vals, "error(%%d)"));
+
+
+#.END
diff --git a/asn1/x420/x420.cnf b/asn1/x420/x420.cnf
index 564089c8a3..1ea117d1dc 100644
--- a/asn1/x420/x420.cnf
+++ b/asn1/x420/x420.cnf
@@ -62,22 +62,34 @@ IPMAssemblyInstructions	B "2.6.1.17.2"  "id-mst-assembly-instructions"
 
 #.FN_BODY IPM
 
-  %(DEFAULT_BODY)s
  if((hf_index == hf_x420_ipm) && check_col(pinfo->cinfo, COL_INFO))
    col_append_fstr(pinfo->cinfo, COL_INFO, " Message");
 
+  %(DEFAULT_BODY)s
+
 
 #.FN_BODY IPN
 
-  %(DEFAULT_BODY)s
  if((hf_index == hf_x420_ipn) && check_col(pinfo->cinfo, COL_INFO))
    col_append_fstr(pinfo->cinfo, COL_INFO, " Notification");
 
+  %(DEFAULT_BODY)s
+
+#.FN_PARS SubjectField
+  VAL_PTR=&subject
+
+#.FN_BODY SubjectField
+  tvbuff_t *subject=NULL;
+
+  %(DEFAULT_BODY)s
+
+  if(subject && check_col(pinfo->cinfo, COL_INFO))
+   col_append_fstr(pinfo->cinfo, COL_INFO, " (%%s)", tvb_format_text(subject, 0, tvb_length(subject)));
+
+
 #.FN_BODY Interchange_Data_Element
-/*ARGSUSED*/
 /* XXX Not implemented yet */
 
 #.FN_BODY NationallyDefinedBodyPart
-/*ARGSUSED*/
 /* XXX Not implemented yet */
 
diff --git a/asn1/x509af/AuthenticationFramework.asn b/asn1/x509af/AuthenticationFramework.asn
index c51f7f1223..050015e4c6 100644
--- a/asn1/x509af/AuthenticationFramework.asn
+++ b/asn1/x509af/AuthenticationFramework.asn
@@ -14,7 +14,7 @@ IMPORTS
     basicAccessControl, certificateExtensions
     FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
       usefulDefinitions(0) 3}
-  Name, ATTRIBUTE, AttributeType, MATCHING-RULE, Attribute
+  Name, ATTRIBUTE, AttributeType, MATCHING-RULE, Attribute, RDNSequence
     FROM InformationFramework informationFramework
   ub-user-password
     FROM UpperBounds upperBounds
@@ -32,9 +32,9 @@ Certificate ::= SEQUENCE {
                version                  [0]  Version DEFAULT v1,
                serialNumber             CertificateSerialNumber,
                signature                AlgorithmIdentifier,
-               issuer                   Name,
+               issuer                   Name, 
                validity                 Validity,
-               subject                  Name,
+               subject                  SubjectName,
                subjectPublicKeyInfo     SubjectPublicKeyInfo,
                issuerUniqueIdentifier   [1] IMPLICIT UniqueIdentifier OPTIONAL,
                --  if present, version must be v2 or v3
@@ -46,6 +46,11 @@ Certificate ::= SEQUENCE {
   encrypted            BIT STRING
 }
 
+-- imported to allow labelling
+SubjectName ::= CHOICE {
+   rdnSequence  RDNSequence
+}
+
 Version ::= INTEGER {v1(0), v2(1), v3(2)}
 
 CertificateSerialNumber ::= INTEGER
@@ -122,7 +127,7 @@ CertificateList ::= SEQUENCE {
                version              Version OPTIONAL,
                --  if present, version must be v2
                signature            AlgorithmIdentifier,
-               issuer               Name,
+               issuer               Name, 
                thisUpdate           Time,
                nextUpdate           Time OPTIONAL,
                revokedCertificates
@@ -192,7 +197,7 @@ AttCertValidityPeriod ::= SEQUENCE {
 AttributeCertificateAssertion ::= SEQUENCE {
   subject
     [0]  CHOICE {baseCertificateID  [0]  IssuerSerial,
-                 subjectName        [1]  Name} OPTIONAL,
+                 subjectName        [1]  SubjectName} OPTIONAL,
   issuer           [1]  Name OPTIONAL,
   attCertValidity  [2]  GeneralizedTime OPTIONAL,
   attType          [3]  SET OF AttributeType OPTIONAL
@@ -264,6 +269,14 @@ id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
 
 --id-mr-attributeCertificateMatch OBJECT IDENTIFIER ::= {id-mr 42}
 
+-- these are sneaked in from DSS - a separate dissector seems OTT
+
+DSS-Params ::= SEQUENCE {
+  p INTEGER,
+  q INTEGER,
+  g INTEGER
+}
+
 END
 
 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/asn1/x509af/Makefile.nmake b/asn1/x509af/Makefile.nmake
index b88a7c8596..1e14d4f63d 100644
--- a/asn1/x509af/Makefile.nmake
+++ b/asn1/x509af/Makefile.nmake
@@ -37,5 +37,5 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
diff --git a/asn1/x509af/packet-x509af-template.c b/asn1/x509af/packet-x509af-template.c
index 393a052eea..c289bda7da 100644
--- a/asn1/x509af/packet-x509af-template.c
+++ b/asn1/x509af/packet-x509af-template.c
@@ -55,13 +55,14 @@ static gint ett_pkix_crl = -1;
 #include "packet-x509af-ett.c"
 
 static const char *algorithm_id;
-
-
 static const char *extension_id;
 
-
 #include "packet-x509af-fn.c"
 
+char *x509af_get_last_algorithm_id() {
+  return algorithm_id;
+}
+
 
 static int
 dissect_pkix_crl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
diff --git a/asn1/x509af/packet-x509af-template.h b/asn1/x509af/packet-x509af-template.h
index aee498631c..bd1b0cf86c 100644
--- a/asn1/x509af/packet-x509af-template.h
+++ b/asn1/x509af/packet-x509af-template.h
@@ -28,5 +28,7 @@
 
 #include "packet-x509af-exp.h"
 
+extern char* x509af_get_last_algorithm_id();
+
 #endif  /* PACKET_X509AF_H */
 
diff --git a/asn1/x509af/x509af.cnf b/asn1/x509af/x509af.cnf
index 4bde694356..182b1a6d48 100644
--- a/asn1/x509af/x509af.cnf
+++ b/asn1/x509af/x509af.cnf
@@ -47,6 +47,7 @@ CertificatePair      B "2.5.4.40" "id-at-crossCertificatePair"
 AttributeCertificate B "2.5.4.58" "id-at-attributeCertificate"
 CertificateList      B "2.5.4.59" "id-at-attributeCertificateRevocationList"
 
+DSS-Params	     B "1.2.840.10040.4.1" "id-dsa"
 #.NO_EMIT
 
 #.TYPE_RENAME
@@ -69,6 +70,16 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
 #.FN_PARS AlgorithmIdentifier/algorithmId
   FN_VARIANT = _str  HF_INDEX = hf_x509af_algorithm_id  VAL_PTR = &algorithm_id
 
+#.FN_BODY AlgorithmIdentifier/algorithmId
+  char *name;
+
+  %(DEFAULT_BODY)s
+
+  if(algorithm_id) {
+    name = get_ber_oid_name(algorithm_id);
+
+    proto_item_append_text(tree, " (%%s)", name ? name : algorithm_id); 
+  }
 
 #.FN_BODY AlgorithmIdentifier/parameters
   offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree);
@@ -76,6 +87,17 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
 #.FN_PARS Extension/extnId
   FN_VARIANT = _str  HF_INDEX = hf_x509af_extension_id  VAL_PTR = &extension_id
 
+#.FN_BODY Extension/extnId
+  char *name;
+
+  %(DEFAULT_BODY)s
+
+  if(extension_id) {
+    name = get_ber_oid_name(extension_id);
+
+    proto_item_append_text(tree, " (%%s)", name ? name : extension_id);
+  }
+
 #.FN_BODY Extension/extnValue
   gint8 class;
   gboolean pc, ind;
@@ -86,3 +108,10 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
   offset = dissect_ber_length(pinfo, tree, tvb, offset, &len, &ind);
   offset=call_ber_oid_callback(extension_id, tvb, offset, pinfo, tree);
 
+#.FN_BODY SubjectName
+
+  %(DEFAULT_BODY)s
+
+  proto_item_append_text(proto_item_get_parent(tree), " (%%s)", x509if_get_last_dn());
+
+#.END
diff --git a/asn1/x509if/Makefile.nmake b/asn1/x509if/Makefile.nmake
index a2daf38060..2d562986b4 100644
--- a/asn1/x509if/Makefile.nmake
+++ b/asn1/x509if/Makefile.nmake
@@ -37,5 +37,5 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
diff --git a/asn1/x509if/packet-x509if-template.c b/asn1/x509if/packet-x509if-template.c
index a53ddcc364..847231eebe 100644
--- a/asn1/x509if/packet-x509if-template.c
+++ b/asn1/x509if/packet-x509if-template.c
@@ -45,15 +45,32 @@
 /* Initialize the protocol and registered fields */
 int proto_x509if = -1;
 static int hf_x509if_object_identifier_id = -1;
+static int hf_x509if_any_string = -1;
 #include "packet-x509if-hf.c"
 
 /* Initialize the subtree pointers */
 #include "packet-x509if-ett.c"
 
 static const char *object_identifier_id;
+static proto_tree *top_of_dn = NULL;
+static proto_tree *top_of_rdn = NULL;
+
+static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */
+static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */
+static gboolean doing_dn = TRUE;
+
+#define MAX_RDN_STR_LEN   64
+#define MAX_DN_STR_LEN    (20 * MAX_RDN_STR_LEN)
+
+static char *last_dn = NULL;
+static char *last_rdn = NULL;
 
 #include "packet-x509if-fn.c"
 
+const char * x509if_get_last_dn()
+{
+  return last_dn;
+}
 
 /*--- proto_register_x509if ----------------------------------------------*/
 void proto_register_x509if(void) {
@@ -63,6 +80,9 @@ void proto_register_x509if(void) {
     { &hf_x509if_object_identifier_id, 
       { "Id", "x509if.id", FT_STRING, BASE_NONE, NULL, 0,
 	"Object identifier Id", HFILL }},
+    { &hf_x509if_any_string, 
+      { "AnyString", "x509if.any.String", FT_BYTES, BASE_HEX,
+	    NULL, 0, "This is any String", HFILL }},
 			 
 #include "packet-x509if-hfarr.c"
   };
@@ -84,5 +104,6 @@ void proto_register_x509if(void) {
 
 /*--- proto_reg_handoff_x509if -------------------------------------------*/
 void proto_reg_handoff_x509if(void) {
+
 }
 
diff --git a/asn1/x509if/packet-x509if-template.h b/asn1/x509if/packet-x509if-template.h
index 1326b15a40..d1614911df 100644
--- a/asn1/x509if/packet-x509if-template.h
+++ b/asn1/x509if/packet-x509if-template.h
@@ -28,5 +28,7 @@
 
 #include "packet-x509if-exp.h"
 
+extern const char * x509if_get_last_dn();
+
 #endif  /* PACKET_X509IF_H */
 
diff --git a/asn1/x509if/x509if-exp.cnf b/asn1/x509if/x509if-exp.cnf
index ff9802e1d5..bc2429db1f 100644
--- a/asn1/x509if/x509if-exp.cnf
+++ b/asn1/x509if/x509if-exp.cnf
@@ -1,4 +1,5 @@
 #.IMPORT_TAG
+AttributeValue           BER_CLASS_ANY 0
 Attribute                BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
 AttributeType            BER_CLASS_UNI BER_UNI_TAG_OID
 Context                  BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
@@ -41,6 +42,7 @@ MRSubstitution           BER_CLASS_UNI BER_UNI_TAG_SEQUENCE
 #.END
 
 #.TYPE_ATTR
+AttributeValue           TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
 Attribute                TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
 AttributeType            TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
 Context                  TYPE = FT_NONE    DISPLAY = BASE_NONE  STRINGS = NULL  BITMASK = 0
diff --git a/asn1/x509if/x509if.cnf b/asn1/x509if/x509if.cnf
index d59a97022a..63f964bca7 100644
--- a/asn1/x509if/x509if.cnf
+++ b/asn1/x509if/x509if.cnf
@@ -16,6 +16,7 @@ AttributeType
 AttributeTypeAndDistinguishedValue
 AttributeTypeAssertion
 AttributeUsage
+AttributeValue
 AttributeValueAssertion
 BaseDistance
 ChopSpecification
@@ -49,6 +50,10 @@ SearchRuleDescription
 SearchRuleId
 SubtreeSpecification
 
+#.PDU
+DistinguishedName
+Name
+
 #.NO_EMIT
 
 #.TYPE_RENAME
@@ -93,9 +98,48 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
 #.FN_PARS AttributeId
   FN_VARIANT = _str  HF_INDEX = hf_x509if_object_identifier_id  VAL_PTR = &object_identifier_id
 
+#.FN_BODY AttributeId
+  char *name;
+
+  %(DEFAULT_BODY)s
+
+  if(object_identifier_id) {
+    /* see if we can find a nice name */
+    name = get_ber_oid_name(object_identifier_id);
+    if(!name) name = object_identifier_id;    
+
+    if(doing_dn) { /* append it to the RDN */
+      g_strlcat(last_rdn, name, MAX_RDN_STR_LEN);
+      g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN);
+
+     /* append it to the tree */
+     proto_item_append_text(tree, " (%%s=", name);
+    }
+  }
+
 #.FN_BODY AttributeValue
+  int old_offset = offset;
+  tvbuff_t	*out_tvb;
+  char *value = NULL;
+ 
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
 
+  /* try and dissect as a string */
+  dissect_ber_octet_string(FALSE, pinfo, NULL, tvb, old_offset, hf_x509if_any_string, &out_tvb);
+  
+  if(out_tvb) {
+    /* it was a string - format it */
+    value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb));
+
+    if(doing_dn) {
+      g_strlcat(last_rdn, value, MAX_RDN_STR_LEN);
+
+      /* append it to the tree*/
+      proto_item_append_text(tree, "%%s)", value);
+    }
+
+  }
+
 #.FN_BODY SelectedValues
   offset=call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
 
@@ -108,6 +152,69 @@ RequestAttribute/selectedValues/_item			ra_selectedValues_item
 #.FN_BODY ValuesWithContextValue
   offset=call_ber_oid_callback("unknown", tvb, offset, pinfo, tree);
 
+#.FN_BODY RelativeDistinguishedName
+  char *temp_dn;
+
+  rdn_one_value = FALSE;
+  top_of_rdn = tree;
+  last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0';
+  doing_dn = TRUE;
+
+  %(DEFAULT_BODY)s
+
+  /* we've finished - close the bracket */
+  proto_item_append_text(top_of_rdn, " (%%s)", last_rdn);
+
+  /* now append this to the DN */
+  if(*last_dn) {
+     temp_dn = ep_alloc(MAX_DN_STR_LEN); /* is there a better way to use ep_alloc here ? */
+     g_snprintf(temp_dn, MAX_DN_STR_LEN, "%%s,%%s", last_rdn, last_dn);
+     last_dn[0] = '\0';
+     g_strlcat(last_dn, temp_dn, MAX_DN_STR_LEN);
+  } else
+     g_strlcat(last_dn, last_rdn, MAX_DN_STR_LEN);
+
+  doing_dn = FALSE;
+  last_rdn = NULL; /* it will get freed when the next packet is dissected */
+
+#.FN_BODY RelativeDistinguishedName/_item
+
+  if(!rdn_one_value) {
+    top_of_rdn = tree;
+  } else {
+
+   if(doing_dn)  
+     /* this is an additional value - delimit */
+     g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN);
+  }
+
+  %(DEFAULT_BODY)s
+
+  rdn_one_value = TRUE;
+
+#.FN_BODY RDNSequence
+
+  dn_one_rdn = FALSE; /* reset */
+  last_dn = ep_alloc(MAX_RDN_STR_LEN); *last_dn = '\0';
+  top_of_dn = NULL;
+
+  %(DEFAULT_BODY)s
+
+  /* we've finished - append the dn */
+  proto_item_append_text(top_of_dn, " (%%s)", last_dn);
+
+
+#.FN_BODY RDNSequence/_item
+
+  if(!dn_one_rdn)  {
+    /* this is the first element - record the top */
+    top_of_dn = tree;
+  } 
+
+  %(DEFAULT_BODY)s
+
+  dn_one_rdn = TRUE;
+
 #.END
 
 
diff --git a/asn1/x509sat/Makefile.nmake b/asn1/x509sat/Makefile.nmake
index 8b6b884f5f..25d633f0f1 100644
--- a/asn1/x509sat/Makefile.nmake
+++ b/asn1/x509sat/Makefile.nmake
@@ -37,6 +37,6 @@ fix_eol: generate_dissector
 	del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
 
 copy_files: generate_dissector fix_eol
-	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d
-	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d
+	xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+	xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
 
diff --git a/asn1/x509sat/SelectedAttributeTypes.asn b/asn1/x509sat/SelectedAttributeTypes.asn
index aba6a6278d..e4f3fc6474 100644
--- a/asn1/x509sat/SelectedAttributeTypes.asn
+++ b/asn1/x509sat/SelectedAttributeTypes.asn
@@ -218,11 +218,11 @@ CountryName ::= PrintableString
 --                            ID           id-at-searchGuide
 -- }
 
--- XXX Asn2eth bug   it can not handle SET for BER, only for PER
--- Guide ::= SET {
---   objectClass  [0]  OBJECT IDENTIFIER OPTIONAL,
---   criteria     [1]  Criteria
--- }
+
+Guide ::= SET {
+  objectClass  [0]  OBJECT IDENTIFIER OPTIONAL,
+  criteria     [1]  Criteria
+}
 
 Criteria ::= CHOICE {
   type  [0]  CriteriaItem,
diff --git a/asn1/x509sat/x509sat.cnf b/asn1/x509sat/x509sat.cnf
index 6cf27891cf..c112117295 100644
--- a/asn1/x509sat/x509sat.cnf
+++ b/asn1/x509sat/x509sat.cnf
@@ -40,6 +40,27 @@ XDayOf
 ZonalResult
 ZonalSelect
 
+#.PDU
+CaseIgnoreListMatch
+CountryName
+Criteria
+DayTime
+DayTimeBand
+DestinationIndicator
+DirectoryString
+EnhancedGuide
+FacsimileTelephoneNumber
+Guide
+InternationalISDNNumber
+NameAndOptionalUID
+PostalAddress
+PreferredDeliveryMethod
+PresentationAddress
+TelephoneNumber
+TelexNumber
+UniqueIdentifier
+X121Address
+
 #.REGISTER
 CountryName     B "2.5.4.6"    "id-at-countryName"
 DirectoryString B "2.5.4.2"    "id-at-knowledgeInformation"
author	etxrab <etxrab@f5534014-38df-0310-8fa8-9805f1628bb7>	2005-11-16 07:13:12 +0000
committer	etxrab <etxrab@f5534014-38df-0310-8fa8-9805f1628bb7>	2005-11-16 07:13:12 +0000
commit	3cf9e6ac03bb6b962f17a02ee566b81d0404e4f4 (patch)
tree	0c7664cef1a075c4ecb3ad5ddc8d364055957829 /asn1
parent	8a88ef70268ceb7c186b15406f4d786f866ed481 (diff)