diff options
author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2013-12-23 20:42:28 +0000 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2013-12-23 20:42:28 +0000 |
commit | 7b75159f1e382b9b86164e07e84bff4ab82e7aba (patch) | |
tree | 085ce6b80ac23c1950560ea487ec06062f424590 | |
parent | a92a1252f5778a9446369be7bed758fc391bb0a5 (diff) |
From Hauke Mehrtens via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9498
ssl: move TLS ext dissect code to packet-ssl-utils.c
This moves the code used to parse the TLS extension into packet-
ssl-utils.c and adds an architecture that this code could be used by
dtls in the next patch. This patch should not change anything in the
functionality.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
svn path=/trunk/; revision=54418
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 507 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 335 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 824 |
3 files changed, 863 insertions, 803 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index c1dd5a07f3..25476311eb 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -40,6 +40,7 @@ #include <epan/strutil.h> #include <epan/addr_resolv.h> #include <epan/ipv6-utils.h> +#include <epan/expert.h> #include <wsutil/file_util.h> /* @@ -4594,6 +4595,512 @@ ssldecrypt_uat_fld_password_chk_cb(void* r _U_, const char* p, guint len _U_, co return TRUE; } + +/* dissect a list of hash algorithms, return the number of bytes dissected + this is used for the signature algorithms extension and for the + TLS1.2 certificate request */ +gint +ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, + guint32 offset, guint16 len) +{ + guint32 offset_start; + proto_tree *subtree, *alg_tree; + proto_item *ti; + + offset_start = offset; + if (len==0) + return 0; + + ti = proto_tree_add_none_format(tree, hf->hf.hs_sig_hash_algs, tvb, + offset, len, + "Signature Hash Algorithms (%u algorithm%s)", + len / 2, plurality(len / 2, "", "s")); + subtree = proto_item_add_subtree(ti, hf->ett.hs_sig_hash_algs); + + if (len % 2) { + proto_tree_add_text(tree, tvb, offset, 2, + "Invalid Signature Hash Algorithm length: %d", len); + return offset-offset_start; + } + + while (len > 0) { + ti = proto_tree_add_item(subtree, hf->hf.hs_sig_hash_alg, + tvb, offset, 2, ENC_BIG_ENDIAN); + alg_tree = proto_item_add_subtree(ti, hf->ett.hs_sig_hash_alg); + + proto_tree_add_item(alg_tree, hf->hf.hs_sig_hash_hash, + tvb, offset, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(alg_tree, hf->hf.hs_sig_hash_sig, + tvb, offset+1, 1, ENC_BIG_ENDIAN); + + offset += 2; + len -= 2; + } + return offset-offset_start; +} + +static gint +ssl_dissect_hnd_hello_ext_sig_hash_algs(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint16 sh_alg_length; + gint ret; + + sh_alg_length = tvb_get_ntohs(tvb, offset); + proto_tree_add_uint(tree, hf->hf.hs_sig_hash_alg_len, + tvb, offset, 2, sh_alg_length); + offset += 2; + if (ext_len < 2 || sh_alg_length != ext_len - 2) { + /* ERROR: sh_alg_length must be 2 less than ext_len */ + return offset; + } + + ret = ssl_dissect_hash_alg_list(hf, tvb, tree, offset, sh_alg_length); + if (ret >= 0) + offset += ret; + + return offset; +} + +static gint +ssl_dissect_hnd_hello_ext_alpn(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint16 alpn_length; + guint8 name_length; + proto_tree *alpn_tree; + proto_item *ti; + + alpn_length = tvb_get_ntohs(tvb, offset); + if (ext_len < 2 || alpn_length != ext_len - 2) { + /* ERROR: alpn_length must be 2 less than ext_len */ + return offset; + } + proto_tree_add_item(tree, hf->hf.hs_ext_alpn_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + ti = proto_tree_add_item(tree, hf->hf.hs_ext_alpn_list, + tvb, offset, alpn_length, ENC_NA); + alpn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alpn); + + while (alpn_length > 0) { + name_length = tvb_get_guint8(tvb, offset); + proto_tree_add_item(alpn_tree, hf->hf.hs_ext_alpn_str_len, + tvb, offset, 1, ENC_NA); + offset++; + alpn_length--; + proto_tree_add_item(alpn_tree, hf->hf.hs_ext_alpn_str, + tvb, offset, name_length, ENC_ASCII|ENC_NA); + offset += name_length; + alpn_length -= name_length; + } + + return offset; +} + +static gint +ssl_dissect_hnd_hello_ext_npn(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint8 npn_length; + proto_tree *npn_tree; + proto_item *ti; + + if (ext_len == 0) { + return offset; + } + + ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Next Protocol Negotiation"); + npn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_npn); + + while (ext_len > 0) { + npn_length = tvb_get_guint8(tvb, offset); + proto_tree_add_item(npn_tree, hf->hf.hs_ext_npn_str_len, + tvb, offset, 1, ENC_NA); + offset++; + ext_len--; + + if (npn_length > 0) { + tvb_ensure_bytes_exist(tvb, offset, npn_length); + proto_tree_add_item(npn_tree, hf->hf.hs_ext_npn_str, + tvb, offset, npn_length, ENC_ASCII|ENC_NA); + offset += npn_length; + ext_len -= npn_length; + } + } + + return offset; +} + +static gint +ssl_dissect_hnd_hello_ext_reneg_info(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint8 reneg_info_length; + proto_tree *reneg_info_tree; + proto_item *ti; + + if (ext_len == 0) { + return offset; + } + + ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Renegotiation Info extension"); + reneg_info_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_reneg_info); + + reneg_info_length = tvb_get_guint8(tvb, offset); + proto_tree_add_item(reneg_info_tree, hf->hf.hs_ext_reneg_info_len, + tvb, offset, 1, ENC_NA); + offset += 1; + + if (reneg_info_length > 0) { + tvb_ensure_bytes_exist(tvb, offset, reneg_info_length); + proto_tree_add_text(reneg_info_tree, tvb, offset, reneg_info_length, "Renegotiation Info"); + offset += reneg_info_length; + } + + return offset; +} + +static gint +ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint16 server_name_length; + proto_tree *server_name_tree; + proto_item *ti; + + + if (ext_len == 0) { + return offset; + } + + ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Server Name Indication extension"); + server_name_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_server_name); + + proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name_list_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + ext_len -= 2; + + while (ext_len > 0) { + proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name_type, + tvb, offset, 1, ENC_NA); + offset += 1; + ext_len -= 1; + + server_name_length = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + ext_len -= 2; + + if (server_name_length > 0) { + tvb_ensure_bytes_exist(tvb, offset, server_name_length); + proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name, + tvb, offset, server_name_length, ENC_ASCII|ENC_NA); + offset += server_name_length; + ext_len -= server_name_length; + } + } + return offset; +} + +void +ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset) +{ + guint16 url_hash_len; + + /* enum { + * individual_certs(0), pkipath(1), (255) + * } CertChainType; + * + * struct { + * CertChainType type; + * URLAndHash url_and_hash_list<1..2^16-1>; + * } CertificateURL; + * + * struct { + * opaque url<1..2^16-1>; + * unint8 padding; + * opaque SHA1Hash[20]; + * } URLAndHash; + */ + + proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_type, + tvb, offset, 1, ENC_NA); + offset++; + + url_hash_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_url_hash_list_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + while (url_hash_len-- > 0) { + proto_item *urlhash_item; + proto_tree *urlhash_tree; + guint16 url_len; + + urlhash_item = proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_item, + tvb, offset, -1, ENC_NA); + urlhash_tree = proto_item_add_subtree(urlhash_item, hf->ett.urlhash); + + url_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url, + tvb, offset, url_len, ENC_ASCII|ENC_NA); + offset += url_len; + + proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_padding, + tvb, offset, 1, ENC_NA); + offset++; + /* Note: RFC 6066 says that padding must be 0x01 */ + + proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_sha1, + tvb, offset, 20, ENC_NA); + offset += 20; + } +} + +static gint +ssl_dissect_hnd_hello_ext_status_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, + guint32 offset, gboolean has_length) +{ + guint cert_status_type; + + cert_status_type = tvb_get_guint8(tvb, offset); + proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_type, + tvb, offset, 1, ENC_NA); + offset++; + + if (has_length) { + proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_request_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + } + + switch (cert_status_type) { + case SSL_HND_CERT_STATUS_TYPE_OCSP: + case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI: + { + guint16 responder_id_list_len; + guint16 request_extensions_len; + proto_item *responder_id; + proto_item *request_extensions; + + responder_id_list_len = tvb_get_ntohs(tvb, offset); + responder_id = + proto_tree_add_item(tree, + hf->hf.hs_ext_cert_status_responder_id_list_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + if (responder_id_list_len != 0) { + expert_add_info_format(NULL, responder_id, + &hf->ei.hs_ext_cert_status_undecoded, + "Responder ID list is not implemented, contact Wireshark" + " developers if you want this to be supported"); + /* Non-empty responder ID list would mess with extensions. */ + break; + } + + request_extensions_len = tvb_get_ntohs(tvb, offset); + request_extensions = + proto_tree_add_item(tree, + hf->hf.hs_ext_cert_status_request_extensions_len, tvb, offset, + 2, ENC_BIG_ENDIAN); + offset += 2; + if (request_extensions_len != 0) + expert_add_info_format(NULL, request_extensions, + &hf->ei.hs_ext_cert_status_undecoded, + "Request Extensions are not implemented, contact" + " Wireshark developers if you want this to be supported"); + break; + } + } + + return offset; +} + +static gint +ssl_dissect_hnd_hello_ext_status_request_v2(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, + guint32 offset) +{ + guint list_len; + + list_len = tvb_get_ntoh24(tvb, offset); + offset += 3; + + while (list_len-- > 0) + offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, tree, offset, TRUE); + + return offset; +} + +static gint +ssl_dissect_hnd_hello_ext_elliptic_curves(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset) +{ + guint16 curves_length; + proto_tree *curves_tree; + proto_item *ti; + + curves_length = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(tree, hf->hf.hs_ext_elliptic_curves_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + + offset += 2; + tvb_ensure_bytes_exist(tvb, offset, curves_length); + ti = proto_tree_add_none_format(tree, + hf->hf.hs_ext_elliptic_curves, + tvb, offset, curves_length, + "Elliptic curves (%d curve%s)", + curves_length / 2, + plurality(curves_length/2, "", "s")); + + /* make this a subtree */ + curves_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_curves); + + /* loop over all curves */ + while (curves_length > 0) + { + proto_tree_add_item(curves_tree, hf->hf.hs_ext_elliptic_curve, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + curves_length -= 2; + } + + return offset; +} + +static gint +ssl_dissect_hnd_hello_ext_ec_point_formats(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset) +{ + guint8 ecpf_length; + proto_tree *ecpf_tree; + proto_item *ti; + + ecpf_length = tvb_get_guint8(tvb, offset); + proto_tree_add_item(tree, hf->hf.hs_ext_ec_point_formats_len, + tvb, offset, 1, ENC_BIG_ENDIAN); + + offset += 1; + tvb_ensure_bytes_exist(tvb, offset, ecpf_length); + ti = proto_tree_add_none_format(tree, + hf->hf.hs_ext_elliptic_curves, + tvb, offset, ecpf_length, + "Elliptic curves point formats (%d)", + ecpf_length); + + /* make this a subtree */ + ecpf_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_curves_point_formats); + + /* loop over all point formats */ + while (ecpf_length > 0) + { + proto_tree_add_item(ecpf_tree, hf->hf.hs_ext_ec_point_format, tvb, offset, 1, ENC_BIG_ENDIAN); + offset++; + ecpf_length--; + } + + return offset; +} + +gint +ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, + guint32 offset, guint32 left, gboolean is_client) +{ + guint16 extension_length; + guint16 ext_type; + guint16 ext_len; + proto_item *pi; + proto_tree *ext_tree; + + if (left < 2) + return offset; + + extension_length = tvb_get_ntohs(tvb, offset); + proto_tree_add_uint(tree, hf->hf.hs_exts_len, + tvb, offset, 2, extension_length); + offset += 2; + left -= 2; + + while (left >= 4) + { + ext_type = tvb_get_ntohs(tvb, offset); + ext_len = tvb_get_ntohs(tvb, offset + 2); + + pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len, "Extension: %s", + val_to_str(ext_type, + tls_hello_extension_types, + "Unknown %u")); + ext_tree = proto_item_add_subtree(pi, hf->ett.hs_ext); + if (!ext_tree) + ext_tree = tree; + + proto_tree_add_uint(ext_tree, hf->hf.hs_ext_type, + tvb, offset, 2, ext_type); + offset += 2; + + proto_tree_add_uint(ext_tree, hf->hf.hs_ext_len, + tvb, offset, 2, ext_len); + offset += 2; + + switch (ext_type) { + case SSL_HND_HELLO_EXT_STATUS_REQUEST: + if (is_client) + offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, ext_tree, offset, FALSE); + else + offset += ext_len; /* server must return empty extension_data */ + break; + case SSL_HND_HELLO_EXT_STATUS_REQUEST_V2: + if (is_client) + offset = ssl_dissect_hnd_hello_ext_status_request_v2(hf, tvb, ext_tree, offset); + else + offset += ext_len; /* server must return empty extension_data */ + break; + case SSL_HND_HELLO_EXT_ELLIPTIC_CURVES: + offset = ssl_dissect_hnd_hello_ext_elliptic_curves(hf, tvb, ext_tree, offset); + break; + case SSL_HND_HELLO_EXT_EC_POINT_FORMATS: + offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset); + break; + case SSL_HND_HELLO_EXT_SIG_HASH_ALGS: + offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, offset, ext_len); + break; + case SSL_HND_HELLO_EXT_ALPN: + offset = ssl_dissect_hnd_hello_ext_alpn(hf, tvb, ext_tree, offset, ext_len); + break; + case SSL_HND_HELLO_EXT_NPN: + offset = ssl_dissect_hnd_hello_ext_npn(hf, tvb, ext_tree, offset, ext_len); + break; + case SSL_HND_HELLO_EXT_RENEG_INFO: + offset = ssl_dissect_hnd_hello_ext_reneg_info(hf, tvb, ext_tree, offset, ext_len); + break; + case SSL_HND_HELLO_EXT_SERVER_NAME: + offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, ext_tree, offset, ext_len); + break; + case SSL_HND_HELLO_EXT_HEARTBEAT: + proto_tree_add_item(ext_tree, hf->hf.hs_ext_heartbeat_mode, + tvb, offset, 1, ENC_BIG_ENDIAN); + offset += ext_len; + break; + default: + proto_tree_add_bytes_format(ext_tree, hf->hf.hs_ext_data, + tvb, offset, ext_len, NULL, + "Data (%u byte%s)", + ext_len, plurality(ext_len, "", "s")); + offset += ext_len; + break; + } + + left -= 2 + 2 + ext_len; + } + + return offset; +} + /* * Editor modelines - http://www.wireshark.org/tools/modelines.html * diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 0a5813cce2..0b0372c8df 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -31,6 +31,9 @@ #include <glib.h> #include <epan/packet.h> #include <epan/wmem/wmem.h> +#include <epan/tvbuff.h> +#include <epan/proto.h> +#include <epan/expert.h> #ifdef HAVE_LIBGNUTLS #include <wsutil/wsgcrypt.h> @@ -567,6 +570,338 @@ ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash); extern gint ssl_is_valid_content_type(guint8 type); +typedef struct ssl_common_dissect { + struct { + gint hs_exts_len; + gint hs_ext_alpn_len; + gint hs_ext_alpn_list; + gint hs_ext_alpn_str; + gint hs_ext_alpn_str_len; + gint hs_ext_cert_status_request_extensions_len; + gint hs_ext_cert_status_request_len; + gint hs_ext_cert_status_responder_id_list_len; + gint hs_ext_cert_status_type; + gint hs_ext_cert_url_item; + gint hs_ext_cert_url_padding; + gint hs_ext_cert_url_sha1; + gint hs_ext_cert_url_type; + gint hs_ext_cert_url_url; + gint hs_ext_cert_url_url_hash_list_len; + gint hs_ext_cert_url_url_len; + gint hs_ext_data; + gint hs_ext_ec_point_format; + gint hs_ext_ec_point_formats_len; + gint hs_ext_elliptic_curve; + gint hs_ext_elliptic_curves; + gint hs_ext_elliptic_curves_len; + gint hs_ext_heartbeat_mode; + gint hs_ext_len; + gint hs_ext_npn_str; + gint hs_ext_npn_str_len; + gint hs_ext_reneg_info_len; + gint hs_ext_server_name; + gint hs_ext_server_name_len; + gint hs_ext_server_name_list_len; + gint hs_ext_server_name_type; + gint hs_ext_type; + gint hs_sig_hash_alg; + gint hs_sig_hash_alg_len; + gint hs_sig_hash_algs; + gint hs_sig_hash_hash; + gint hs_sig_hash_sig; + } hf; + struct { + gint hs_ext; + gint hs_ext_alpn; + gint hs_ext_curves; + gint hs_ext_curves_point_formats; + gint hs_ext_npn; + gint hs_ext_reneg_info; + gint hs_ext_server_name; + gint hs_sig_hash_alg; + gint hs_sig_hash_algs; + gint urlhash; + } ett; + struct { + expert_field hs_ext_cert_status_undecoded; + } ei; +} ssl_common_dissect_t; + +extern gint +ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, + guint32 offset, guint32 left, gboolean is_client); + +extern gint +ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, + guint32 offset, guint16 len); + +extern void +ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset); + +#define SSL_COMMON_LIST_T(name) \ +ssl_common_dissect_t name = { \ + .hf = { \ + .hs_exts_len = -1, \ + .hs_ext_alpn_len = -1, \ + .hs_ext_alpn_list = -1, \ + .hs_ext_alpn_str = -1, \ + .hs_ext_alpn_str_len = -1, \ + .hs_ext_cert_status_request_extensions_len = -1, \ + .hs_ext_cert_status_request_len = -1, \ + .hs_ext_cert_status_responder_id_list_len = -1, \ + .hs_ext_cert_status_type = -1, \ + .hs_ext_cert_url_item = -1, \ + .hs_ext_cert_url_padding = -1, \ + .hs_ext_cert_url_sha1 = -1, \ + .hs_ext_cert_url_type = -1, \ + .hs_ext_cert_url_url = -1, \ + .hs_ext_cert_url_url_hash_list_len = -1, \ + .hs_ext_cert_url_url_len = -1, \ + .hs_ext_data = -1, \ + .hs_ext_ec_point_format = -1, \ + .hs_ext_ec_point_formats_len = -1, \ + .hs_ext_elliptic_curve = -1, \ + .hs_ext_elliptic_curves = -1, \ + .hs_ext_elliptic_curves_len = -1, \ + .hs_ext_heartbeat_mode = -1, \ + .hs_ext_len = -1, \ + .hs_ext_npn_str = -1, \ + .hs_ext_npn_str_len = -1, \ + .hs_ext_reneg_info_len = -1, \ + .hs_ext_server_name = -1, \ + .hs_ext_server_name_len = -1, \ + .hs_ext_server_name_list_len = -1, \ + .hs_ext_server_name_type = -1, \ + .hs_ext_type = -1, \ + .hs_sig_hash_alg = -1, \ + .hs_sig_hash_alg_len = -1, \ + .hs_sig_hash_algs = -1, \ + .hs_sig_hash_hash = -1, \ + .hs_sig_hash_sig = -1, \ + }, \ + .ett = { \ + .hs_ext = -1, \ + .hs_ext_alpn = -1, \ + .hs_ext_curves = -1, \ + .hs_ext_curves_point_formats = -1, \ + .hs_ext_npn = -1, \ + .hs_ext_reneg_info = -1, \ + .hs_ext_server_name = -1, \ + .hs_sig_hash_alg = -1, \ + .hs_sig_hash_algs = -1, \ + .urlhash = -1, \ + }, \ + .ei = { \ + .hs_ext_cert_status_undecoded = EI_INIT, \ + }, \ +} + +#define SSL_COMMON_HF_LIST(name, prefix) \ + { & name .hf.hs_exts_len, \ + { "Extensions Length", prefix ".handshake.extensions_length", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of hello extensions", HFILL } \ + }, \ + { & name .hf.hs_ext_type, \ + { "Type", prefix ".handshake.extension.type", \ + FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0, \ + "Hello extension type", HFILL } \ + }, \ + { & name .hf.hs_ext_len, \ + { "Length", prefix ".handshake.extension.len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of a hello extension", HFILL } \ + }, \ + { & name .hf.hs_ext_data, \ + { "Data", prefix ".handshake.extension.data", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "Hello Extension data", HFILL } \ + }, \ + { & name .hf.hs_ext_elliptic_curves_len, \ + { "Elliptic Curves Length", prefix ".handshake.extensions_elliptic_curves_length", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of elliptic curves field", HFILL } \ + }, \ + { & name .hf.hs_ext_elliptic_curves, \ + { "Elliptic Curves List", prefix ".handshake.extensions_elliptic_curves", \ + FT_NONE, BASE_NONE, NULL, 0x0, \ + "List of elliptic curves supported", HFILL } \ + }, \ + { & name .hf.hs_ext_elliptic_curve, \ + { "Elliptic curve", prefix ".handshake.extensions_elliptic_curve",\ + FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_ec_point_formats_len, \ + { "EC point formats Length", prefix ".handshake.extensions_ec_point_formats_length", \ + FT_UINT8, BASE_DEC, NULL, 0x0, \ + "Length of elliptic curves point formats field", HFILL } \ + }, \ + { & name .hf.hs_ext_ec_point_format, \ + { "EC point format", prefix ".handshake.extensions_ec_point_format", \ + FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \ + "Elliptic curves point format", HFILL } \ + }, \ + { & name .hf.hs_ext_alpn_len, \ + { "ALPN Extension Length", prefix ".handshake.extensions_alpn_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of the ALPN Extension", HFILL } \ + }, \ + { & name .hf.hs_ext_alpn_list, \ + { "ALPN Protocol", prefix ".handshake.extensions_alpn_list", \ + FT_NONE, BASE_NONE, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_alpn_str_len, \ + { "ALPN string length", prefix ".handshake.extensions_alpn_str_len", \ + FT_UINT8, BASE_DEC, NULL, 0x0, \ + "Length of ALPN string", HFILL } \ + }, \ + { & name .hf.hs_ext_alpn_str, \ + { "ALPN Next Protocol", prefix ".handshake.extensions_alpn_str", \ + FT_STRING, BASE_NONE, NULL, 0x00, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_npn_str_len, \ + { "Protocol string length", prefix ".handshake.extensions_npn_str_len", \ + FT_UINT8, BASE_DEC, NULL, 0x0, \ + "Length of next protocol string", HFILL } \ + }, \ + { & name .hf.hs_ext_npn_str, \ + { "Next Protocol", prefix ".handshake.extensions_npn", \ + FT_STRING, BASE_NONE, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_reneg_info_len, \ + { "Renegotiation info extension length", prefix ".handshake.extensions_reneg_info_len", \ + FT_UINT8, BASE_DEC, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_server_name_list_len, \ + { "Server Name list length", prefix ".handshake.extensions_server_name_list_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of server name list", HFILL } \ + }, \ + { & name .hf.hs_ext_server_name_len, \ + { "Server Name length", prefix ".handshake.extensions_server_name_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of server name string", HFILL } \ + }, \ + { & name .hf.hs_ext_server_name_type, \ + { "Server Name Type", prefix ".handshake.extensions_server_name_type", \ + FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_server_name, \ + { "Server Name", prefix ".handshake.extensions_server_name", \ + FT_STRING, BASE_NONE, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_cert_url_type, \ + { "Certificate Chain Type", prefix ".handshake.cert_url_type", \ + FT_UINT8, BASE_DEC, VALS(tls_cert_chain_type), 0x0, \ + "Certificate Chain Type for Client Certificate URL", HFILL } \ + }, \ + { & name .hf.hs_ext_cert_url_url_hash_list_len, \ + { "URL and Hash list Length", prefix ".handshake.cert_url.url_hash_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_cert_url_item, \ + { "URL and Hash", prefix ".handshake.cert_url.url_hash", \ + FT_NONE, BASE_NONE, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_cert_url_url_len, \ + { "URL Length", prefix ".handshake.cert_url.url_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_cert_url_url, \ + { "URL", prefix ".handshake.cert_url.url_hash_len", \ + FT_STRING, BASE_NONE, NULL, 0x0, \ + "URL used to fetch the certificate(s)", HFILL } \ + }, \ + { & name .hf.hs_ext_cert_url_padding, \ + { "Padding", prefix ".handshake.cert_url.padding", \ + FT_NONE, BASE_NONE, NULL, 0x0, \ + "Padding that MUST be 0x01 for backwards compatibility", HFILL } \ + }, \ + { & name .hf.hs_ext_cert_url_sha1, \ + { "SHA1 Hash", prefix ".handshake.cert_url.sha1", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "SHA1 Hash of the certificate", HFILL } \ + }, \ + { & name .hf.hs_ext_cert_status_type, \ + { "Certificate Status Type", prefix ".handshake.extensions_status_request_type", \ + FT_UINT8, BASE_DEC, VALS(tls_cert_status_type), 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_cert_status_request_len, \ + { "Certificate Status Length", prefix ".handshake.extensions_status_request_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_cert_status_responder_id_list_len, \ + { "Responder ID list Length", prefix ".handshake.extensions_status_request_responder_ids_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_cert_status_request_extensions_len, \ + { "Request Extensions Length", prefix ".handshake.extensions_status_request_exts_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_sig_hash_alg_len, \ + { "Signature Hash Algorithms Length", prefix ".handshake.sig_hash_alg_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of Signature Hash Algorithms", HFILL } \ + }, \ + { & name .hf.hs_sig_hash_algs, \ + { "Signature Hash Algorithms", prefix ".handshake.sig_hash_algs", \ + FT_NONE, BASE_NONE, NULL, 0x0, \ + "List of Signature Hash Algorithms", HFILL } \ + }, \ + { & name .hf.hs_sig_hash_alg, \ + { "Signature Hash Algorithm", prefix ".handshake.sig_hash_alg", \ + FT_UINT16, BASE_HEX, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_sig_hash_hash, \ + { "Signature Hash Algorithm Hash", prefix ".handshake.sig_hash_hash", \ + FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_sig_hash_sig, \ + { "Signature Hash Algorithm Signature", prefix ".handshake.sig_hash_sig", \ + FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_heartbeat_mode, \ + { "Mode", prefix ".handshake.extension.heartbeat.mode", \ + FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, \ + "Heartbeat extension mode", HFILL } \ + } + + +#define SSL_COMMON_ETT_LIST(name) \ + & name .ett.hs_ext, \ + & name .ett.hs_ext_alpn, \ + & name .ett.hs_ext_curves, \ + & name .ett.hs_ext_curves_point_formats, \ + & name .ett.hs_ext_npn, \ + & name .ett.hs_ext_reneg_info, \ + & name .ett.hs_ext_server_name, \ + & name .ett.hs_sig_hash_alg, \ + & name .ett.hs_sig_hash_algs, \ + & name .ett.urlhash + + +#define SSL_COMMON_EI_LIST(name, prefix) \ + { & name .ei.hs_ext_cert_status_undecoded, { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \ + "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL }} + + #ifdef SSL_DECRYPT_DEBUG extern void ssl_debug_printf(const gchar* fmt,...) G_GNUC_PRINTF(1,2); diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 67b7c556cc..d3748e2b0f 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -161,37 +161,6 @@ static gint hf_ssl_handshake_session_id = -1; static gint hf_ssl_handshake_comp_methods_len = -1; static gint hf_ssl_handshake_comp_methods = -1; static gint hf_ssl_handshake_comp_method = -1; -static gint hf_ssl_handshake_extensions_len = -1; -static gint hf_ssl_handshake_extension_type = -1; -static gint hf_ssl_handshake_extension_len = -1; -static gint hf_ssl_handshake_extension_data = -1; -static gint hf_ssl_handshake_extension_elliptic_curves_len = -1; -static gint hf_ssl_handshake_extension_elliptic_curves = -1; -static gint hf_ssl_handshake_extension_elliptic_curve = -1; -static gint hf_ssl_handshake_extension_ec_point_formats_len = -1; -static gint hf_ssl_handshake_extension_ec_point_format = -1; -static gint hf_ssl_handshake_extension_alpn_len = -1; -static gint hf_ssl_handshake_extension_alpn_list = -1; -static gint hf_ssl_handshake_extension_alpn_str_len = -1; -static gint hf_ssl_handshake_extension_alpn_str = -1; -static gint hf_ssl_handshake_extension_npn_str_len = -1; -static gint hf_ssl_handshake_extension_npn_str = -1; -static gint hf_ssl_handshake_extension_reneg_info_len = -1; -static gint hf_ssl_handshake_extension_server_name_len = -1; -static gint hf_ssl_handshake_extension_server_name_list_len = -1; -static gint hf_ssl_handshake_extension_server_name_type = -1; -static gint hf_ssl_handshake_extension_server_name = -1; -static gint hf_ssl_hs_ext_cert_status_type = -1; -static gint hf_ssl_hs_ext_cert_status_request_len = -1; -static gint hf_ssl_hs_ext_cert_url_type = -1; -static gint hf_ssl_hs_ext_cert_url_url_hash_list_len = -1; -static gint hf_ssl_hs_ext_cert_url_item = -1; -static gint hf_ssl_hs_ext_cert_url_url_len = -1; -static gint hf_ssl_hs_ext_cert_url_url = -1; -static gint hf_ssl_hs_ext_cert_url_padding = -1; -static gint hf_ssl_hs_ext_cert_url_sha1 = -1; -static gint hf_ssl_hs_ext_cert_status_responder_id_list_len = -1; -static gint hf_ssl_hs_ext_cert_status_request_extensions_len = -1; static gint hf_ssl_handshake_session_ticket_lifetime_hint = -1; static gint hf_ssl_handshake_session_ticket_len = -1; static gint hf_ssl_handshake_session_ticket = -1; @@ -228,11 +197,6 @@ static gint hf_ssl_handshake_server_keyex_hint_len = -1; static gint hf_ssl_handshake_server_keyex_hint = -1; static gint hf_ssl_handshake_client_keyex_identity_len = -1; static gint hf_ssl_handshake_client_keyex_identity = -1; -static gint hf_ssl_handshake_sig_hash_alg_len = -1; -static gint hf_ssl_handshake_sig_hash_algs = -1; -static gint hf_ssl_handshake_sig_hash_alg = -1; -static gint hf_ssl_handshake_sig_hash_hash = -1; -static gint hf_ssl_handshake_sig_hash_sig = -1; static gint hf_ssl_handshake_cert_status = -1; static gint hf_ssl_handshake_cert_status_type = -1; static gint hf_ssl_handshake_cert_status_len = -1; @@ -287,7 +251,6 @@ static int hf_ssl_segment_error = -1; static int hf_ssl_segment_count = -1; static int hf_ssl_segment_data = -1; -static gint hf_ssl_heartbeat_extension_mode = -1; static gint hf_ssl_heartbeat_message = -1; static gint hf_ssl_heartbeat_message_type = -1; static gint hf_ssl_heartbeat_message_payload_length = -1; @@ -302,18 +265,8 @@ static gint ett_ssl_handshake = -1; static gint ett_ssl_heartbeat = -1; static gint ett_ssl_cipher_suites = -1; static gint ett_ssl_comp_methods = -1; -static gint ett_ssl_extension = -1; -static gint ett_ssl_extension_curves = -1; -static gint ett_ssl_extension_curves_point_formats = -1; -static gint ett_ssl_extension_alpn = -1; -static gint ett_ssl_extension_npn = -1; -static gint ett_ssl_extension_reneg_info = -1; -static gint ett_ssl_extension_server_name = -1; -static gint ett_ssl_urlhash = -1; static gint ett_ssl_certs = -1; static gint ett_ssl_cert_types = -1; -static gint ett_ssl_sig_hash_algs = -1; -static gint ett_ssl_sig_hash_alg = -1; static gint ett_ssl_dnames = -1; static gint ett_ssl_random = -1; static gint ett_ssl_new_ses_ticket = -1; @@ -330,7 +283,6 @@ static gint ett_ssl_segment = -1; static expert_field ei_ssl_handshake_cipher_suites_mult2 = EI_INIT; static expert_field ei_ssl_handshake_sig_hash_algs_mult2 = EI_INIT; static expert_field ei_ssl2_handshake_session_id_len_error = EI_INIT; -static expert_field ei_ssl_hs_ext_cert_status_undecoded = EI_INIT; /* not all of the hf_fields below make sense for SSL but we have to provide @@ -353,6 +305,8 @@ static const fragment_items ssl_segment_items = { "Segments" }; +static SSL_COMMON_LIST_T(dissect_ssl3_hf); + /* These two "SSL segment data" items are factored out to obey DRY. */ #define SSL_SEGMENT_DATA_TEXT "SSL segment data" @@ -569,34 +523,6 @@ static void dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint *conv_version, guint32 record_length); -/* hello extension dissector */ -static gint dissect_ssl3_hnd_hello_ext_status_request(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, gboolean has_length); - -static gint dissect_ssl3_hnd_hello_ext_status_request_v2(tvbuff_t *tvb, - proto_tree *tree, guint32 offset); - -static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb, - proto_tree *tree, guint32 offset); - -static gint dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb, - proto_tree *tree, guint32 offset); - -static gint dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len); - -static gint dissect_ssl3_hnd_hello_ext_alpn(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len); - -static gint dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len); - -static gint dissect_ssl3_hnd_hello_ext_reneg_info(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len); - -static gint dissect_ssl3_hnd_hello_ext_server_name(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len); - static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 length, @@ -664,9 +590,6 @@ static void dissect_ssl3_hnd_finished(tvbuff_t *tvb, const guint32 offset, const guint *conv_version); -static void dissect_ssl3_hnd_cert_url(tvbuff_t *tvb, proto_tree *tree, - guint32 offset); - static void dissect_ssl3_hnd_cert_status(tvbuff_t *tvb, proto_tree *tree, guint32 offset, @@ -742,9 +665,6 @@ static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, const guint32 offset, const guint32 record_length); -static gint dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint16 len); - /********************************************************************* * * Main dissector @@ -2188,7 +2108,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_CERT_URL: - dissect_ssl3_hnd_cert_url(tvb, ssl_hand_tree, offset); + ssl_dissect_hnd_cert_url(&dissect_ssl3_hf, tvb, ssl_hand_tree, offset); break; case SSL_HND_CERT_STATUS: @@ -2375,469 +2295,6 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree, return session_id_length+33; } -static gint -dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb, proto_tree *tree, guint32 offset, - guint32 left, gboolean is_client) -{ - guint16 extension_length; - guint16 ext_type; - guint16 ext_len; - proto_item *pi; - proto_tree *ext_tree; - - if (left < 2) - return offset; - - extension_length = tvb_get_ntohs(tvb, offset); - proto_tree_add_uint(tree, hf_ssl_handshake_extensions_len, - tvb, offset, 2, extension_length); - offset += 2; - left -= 2; - - while (left >= 4) - { - ext_type = tvb_get_ntohs(tvb, offset); - ext_len = tvb_get_ntohs(tvb, offset + 2); - - pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len, - "Extension: %s", - val_to_str(ext_type, - tls_hello_extension_types, - "Unknown %u")); - ext_tree = proto_item_add_subtree(pi, ett_ssl_extension); - if (!ext_tree) - ext_tree = tree; - - proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_type, - tvb, offset, 2, ext_type); - offset += 2; - - proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_len, - tvb, offset, 2, ext_len); - offset += 2; - - switch (ext_type) { - case SSL_HND_HELLO_EXT_STATUS_REQUEST: - if (is_client) - offset = dissect_ssl3_hnd_hello_ext_status_request(tvb, ext_tree, offset, FALSE); - else - offset += ext_len; /* server must return empty extension_data */ - break; - case SSL_HND_HELLO_EXT_STATUS_REQUEST_V2: - if (is_client) - offset = dissect_ssl3_hnd_hello_ext_status_request_v2(tvb, ext_tree, offset); - else - offset += ext_len; /* server must return empty extension_data */ - break; - case SSL_HND_HELLO_EXT_ELLIPTIC_CURVES: - offset = dissect_ssl3_hnd_hello_ext_elliptic_curves(tvb, ext_tree, offset); - break; - case SSL_HND_HELLO_EXT_EC_POINT_FORMATS: - offset = dissect_ssl3_hnd_hello_ext_ec_point_formats(tvb, ext_tree, offset); - break; - case SSL_HND_HELLO_EXT_SIG_HASH_ALGS: - offset = dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvb, ext_tree, offset, ext_len); - break; - case SSL_HND_HELLO_EXT_ALPN: - offset = dissect_ssl3_hnd_hello_ext_alpn(tvb, ext_tree, offset, ext_len); - break; - case SSL_HND_HELLO_EXT_NPN: - offset = dissect_ssl3_hnd_hello_ext_npn(tvb, ext_tree, offset, ext_len); - break; - case SSL_HND_HELLO_EXT_RENEG_INFO: - offset = dissect_ssl3_hnd_hello_ext_reneg_info(tvb, ext_tree, offset, ext_len); - break; - case SSL_HND_HELLO_EXT_SERVER_NAME: - offset = dissect_ssl3_hnd_hello_ext_server_name(tvb, ext_tree, offset, ext_len); - break; - case SSL_HND_HELLO_EXT_HEARTBEAT: - proto_tree_add_item(ext_tree, hf_ssl_heartbeat_extension_mode, - tvb, offset, 1, ENC_BIG_ENDIAN); - offset += ext_len; - break; - default: - proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data, - tvb, offset, ext_len, NULL, - "Data (%u byte%s)", - ext_len, plurality(ext_len, "", "s")); - offset += ext_len; - break; - } - - left -= 2 + 2 + ext_len; - } - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_sig_hash_algs(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len) -{ - guint16 sh_alg_length; - gint ret; - - sh_alg_length = tvb_get_ntohs(tvb, offset); - proto_tree_add_uint(tree, hf_ssl_handshake_sig_hash_alg_len, - tvb, offset, 2, sh_alg_length); - offset += 2; - if (ext_len<2 || sh_alg_length!=ext_len-2) { - /* ERROR: sh_alg_length must be 2 less than ext_len */ - return offset; - } - - ret = dissect_ssl_hash_alg_list(tvb, tree, offset, sh_alg_length); - if (ret >=0) - offset += ret; - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_alpn(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len) -{ - guint16 alpn_length; - guint8 name_length; - proto_tree *alpn_tree; - proto_item *ti; - - alpn_length = tvb_get_ntohs(tvb, offset); - if (ext_len<2 || alpn_length!=ext_len-2) { - /* ERROR: alpn_length must be 2 less than ext_len */ - return offset; - } - proto_tree_add_item(tree, hf_ssl_handshake_extension_alpn_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - ti = proto_tree_add_item(tree, hf_ssl_handshake_extension_alpn_list, - tvb, offset, alpn_length, ENC_NA); - alpn_tree = proto_item_add_subtree(ti, ett_ssl_extension_alpn); - - while (alpn_length > 0) { - name_length = tvb_get_guint8(tvb, offset); - proto_tree_add_item(alpn_tree, hf_ssl_handshake_extension_alpn_str_len, - tvb, offset, 1, ENC_NA); - offset++; - alpn_length--; - proto_tree_add_item(alpn_tree, hf_ssl_handshake_extension_alpn_str, - tvb, offset, name_length, ENC_ASCII|ENC_NA); - offset += name_length; - alpn_length -= name_length; - } - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len) -{ - guint8 npn_length; - proto_tree *npn_tree; - proto_item *ti; - - if (ext_len == 0) { - return offset; - } - - ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Next Protocol Negotiation"); - npn_tree = proto_item_add_subtree(ti, ett_ssl_extension_npn); - - while (ext_len > 0) { - npn_length = tvb_get_guint8(tvb, offset); - proto_tree_add_item(npn_tree, hf_ssl_handshake_extension_npn_str_len, - tvb, offset, 1, ENC_NA); - offset++; - ext_len--; - - if (npn_length > 0) { - tvb_ensure_bytes_exist(tvb, offset, npn_length); - proto_tree_add_item(npn_tree, hf_ssl_handshake_extension_npn_str, - tvb, offset, npn_length, ENC_ASCII|ENC_NA); - offset += npn_length; - ext_len -= npn_length; - } - } - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_reneg_info(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len) -{ - guint8 reneg_info_length; - proto_tree *reneg_info_tree; - proto_item *ti; - - if (ext_len == 0) { - return offset; - } - - ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Renegotiation Info extension"); - reneg_info_tree = proto_item_add_subtree(ti, ett_ssl_extension_reneg_info); - - reneg_info_length = tvb_get_guint8(tvb, offset); - proto_tree_add_item(reneg_info_tree, hf_ssl_handshake_extension_reneg_info_len, - tvb, offset, 1, ENC_NA); - offset += 1; - - if (reneg_info_length > 0) { - tvb_ensure_bytes_exist(tvb, offset, reneg_info_length); - proto_tree_add_text(reneg_info_tree, tvb, offset, reneg_info_length, "Renegotiation Info"); - offset += reneg_info_length; - } - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_server_name(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 ext_len) -{ - guint16 server_name_length; - proto_tree *server_name_tree; - proto_item *ti; - - - if (ext_len == 0) { - return offset; - } - - ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Server Name Indication extension"); - server_name_tree = proto_item_add_subtree(ti, ett_ssl_extension_server_name); - - proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_list_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - ext_len -= 2; - - while (ext_len > 0) { - proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_type, - tvb, offset, 1, ENC_NA); - offset += 1; - ext_len -= 1; - - server_name_length = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - ext_len -= 2; - - if (server_name_length > 0) { - tvb_ensure_bytes_exist(tvb, offset, server_name_length); - proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name, - tvb, offset, server_name_length, ENC_ASCII|ENC_NA); - offset += server_name_length; - ext_len -= server_name_length; - } - } - return offset; -} - -static void -dissect_ssl3_hnd_cert_url(tvbuff_t *tvb, proto_tree *tree, guint32 offset) -{ - guint16 url_hash_len; - - /* enum { - * individual_certs(0), pkipath(1), (255) - * } CertChainType; - * - * struct { - * CertChainType type; - * URLAndHash url_and_hash_list<1..2^16-1>; - * } CertificateURL; - * - * struct { - * opaque url<1..2^16-1>; - * unint8 padding; - * opaque SHA1Hash[20]; - * } URLAndHash; - */ - - proto_tree_add_item(tree, hf_ssl_hs_ext_cert_url_type, - tvb, offset, 1, ENC_NA); - offset++; - - url_hash_len = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_hs_ext_cert_url_url_hash_list_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - while (url_hash_len-- > 0) { - proto_item *urlhash_item; - proto_tree *urlhash_tree; - guint16 url_len; - - urlhash_item = proto_tree_add_item(tree, hf_ssl_hs_ext_cert_url_item, - tvb, offset, -1, ENC_NA); - urlhash_tree = proto_item_add_subtree(urlhash_item, ett_ssl_urlhash); - - url_len = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(urlhash_tree, hf_ssl_hs_ext_cert_url_url_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - proto_tree_add_item(urlhash_tree, hf_ssl_hs_ext_cert_url_url, - tvb, offset, url_len, ENC_ASCII|ENC_NA); - offset += url_len; - - proto_tree_add_item(urlhash_tree, hf_ssl_hs_ext_cert_url_padding, - tvb, offset, 1, ENC_NA); - offset++; - /* Note: RFC 6066 says that padding must be 0x01 */ - - proto_tree_add_item(urlhash_tree, hf_ssl_hs_ext_cert_url_sha1, - tvb, offset, 20, ENC_NA); - offset += 20; - } -} - -static gint -dissect_ssl3_hnd_hello_ext_status_request(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, gboolean has_length) -{ - guint cert_status_type; - - cert_status_type = tvb_get_guint8(tvb, offset); - proto_tree_add_item(tree, hf_ssl_hs_ext_cert_status_type, - tvb, offset, 1, ENC_NA); - offset++; - - if (has_length) { - proto_tree_add_item(tree, hf_ssl_hs_ext_cert_status_request_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - } - - switch (cert_status_type) { - case SSL_HND_CERT_STATUS_TYPE_OCSP: - case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI: - { - guint16 responder_id_list_len; - guint16 request_extensions_len; - proto_item *responder_id; - proto_item *request_extensions; - - responder_id_list_len = tvb_get_ntohs(tvb, offset); - responder_id = - proto_tree_add_item(tree, - hf_ssl_hs_ext_cert_status_responder_id_list_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - if (responder_id_list_len != 0) { - expert_add_info_format(NULL, responder_id, - &ei_ssl_hs_ext_cert_status_undecoded, - "Responder ID list is not implemented, contact Wireshark" - " developers if you want this to be supported"); - /* Non-empty responder ID list would mess with extensions. */ - break; - } - - request_extensions_len = tvb_get_ntohs(tvb, offset); - request_extensions = - proto_tree_add_item(tree, - hf_ssl_hs_ext_cert_status_request_extensions_len, tvb, offset, - 2, ENC_BIG_ENDIAN); - offset += 2; - if (request_extensions_len != 0) - expert_add_info_format(NULL, request_extensions, - &ei_ssl_hs_ext_cert_status_undecoded, - "Request Extensions are not implemented, contact" - " Wireshark developers if you want this to be supported"); - break; - } - } - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_status_request_v2(tvbuff_t *tvb, proto_tree *tree, - guint32 offset) -{ - guint list_len; - - list_len = tvb_get_ntoh24(tvb, offset); - offset += 3; - - while (list_len-- > 0) - offset = dissect_ssl3_hnd_hello_ext_status_request(tvb, tree, offset, TRUE); - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb, - proto_tree *tree, guint32 offset) -{ - guint16 curves_length; - proto_tree *curves_tree; - proto_item *ti; - - curves_length = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_handshake_extension_elliptic_curves_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - - offset += 2; - tvb_ensure_bytes_exist(tvb, offset, curves_length); - ti = proto_tree_add_none_format(tree, - hf_ssl_handshake_extension_elliptic_curves, - tvb, offset, curves_length, - "Elliptic curves (%d curve%s)", - curves_length / 2, - plurality(curves_length/2, "", "s")); - - /* make this a subtree */ - curves_tree = proto_item_add_subtree(ti, ett_ssl_extension_curves); - - /* loop over all curves */ - while (curves_length > 0) - { - proto_tree_add_item(curves_tree, hf_ssl_handshake_extension_elliptic_curve, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - curves_length -= 2; - } - - return offset; -} - -static gint -dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb, - proto_tree *tree, guint32 offset) -{ - guint8 ecpf_length; - proto_tree *ecpf_tree; - proto_item *ti; - - ecpf_length = tvb_get_guint8(tvb, offset); - proto_tree_add_item(tree, hf_ssl_handshake_extension_ec_point_formats_len, - tvb, offset, 1, ENC_BIG_ENDIAN); - - offset += 1; - tvb_ensure_bytes_exist(tvb, offset, ecpf_length); - ti = proto_tree_add_none_format(tree, - hf_ssl_handshake_extension_elliptic_curves, - tvb, offset, ecpf_length, - "Elliptic curves point formats (%d)", - ecpf_length); - - /* make this a subtree */ - ecpf_tree = proto_item_add_subtree(ti, ett_ssl_extension_curves_point_formats); - - /* loop over all point formats */ - while (ecpf_length > 0) - { - proto_tree_add_item(ecpf_tree, hf_ssl_handshake_extension_ec_point_format, tvb, offset, 1, ENC_BIG_ENDIAN); - offset++; - ecpf_length--; - } - - return offset; -} - static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 length, @@ -2965,7 +2422,7 @@ dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo, if (length > offset - start_offset) { - dissect_ssl3_hnd_hello_ext(tvb, tree, offset, + ssl_dissect_hnd_hello_ext(&dissect_ssl3_hf, tvb, tree, offset, length - (offset - start_offset), TRUE); } } @@ -3040,7 +2497,7 @@ no_cipher: if (length > offset - start_offset) { - dissect_ssl3_hnd_hello_ext(tvb, tree, offset, + ssl_dissect_hnd_hello_ext(&dissect_ssl3_hf, tvb, tree, offset, length - (offset - start_offset), FALSE); } } @@ -3235,11 +2692,11 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, return; } - proto_tree_add_uint(tree, hf_ssl_handshake_sig_hash_alg_len, + proto_tree_add_uint(tree, dissect_ssl3_hf.hf.hs_sig_hash_alg_len, tvb, offset, 2, sh_alg_length); offset += 2; - ret = dissect_ssl_hash_alg_list(tvb, tree, offset, sh_alg_length); + ret = ssl_dissect_hash_alg_list(&dissect_ssl3_hf, tvb, tree, offset, sh_alg_length); if (ret>=0) offset += ret; break; @@ -3364,13 +2821,13 @@ dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, switch (*conv_version) { case SSL_VER_TLSv1DOT2: - ti_algo = proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_sig_hash_alg, + ti_algo = proto_tree_add_uint(ssl_ecdh_tree, dissect_ssl3_hf.hf.hs_sig_hash_alg, tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, ett_ssl_sig_hash_alg); + ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_ssl3_hf.ett.hs_sig_hash_alg); - proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_hash, + proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_hash, tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_sig, + proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_sig, tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); break; @@ -3563,13 +3020,13 @@ dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, switch (*conv_version) { case SSL_VER_TLSv1DOT2: - ti_algo = proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_sig_hash_alg, + ti_algo = proto_tree_add_uint(ssl_rsa_tree, dissect_ssl3_hf.hf.hs_sig_hash_alg, tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, ett_ssl_sig_hash_alg); + ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_ssl3_hf.ett.hs_sig_hash_alg); - proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_hash, + proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_hash, tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, hf_ssl_handshake_sig_hash_sig, + proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_sig, tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); break; @@ -5309,52 +4766,6 @@ ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, const guint32 offset, } -/* dissect a list of hash algorithms, return the number of bytes dissected - this is used for the signature algorithms extension and for the - TLS1.2 certificate request */ -static gint -dissect_ssl_hash_alg_list(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint16 len) -{ - guint32 offset_start; - proto_tree *subtree, *alg_tree; - proto_item *ti; - - offset_start = offset; - if (len==0) - return 0; - - ti = proto_tree_add_none_format(tree, - hf_ssl_handshake_sig_hash_algs, - tvb, offset, len, - "Signature Hash Algorithms (%u algorithm%s)", - len/2, - plurality(len/2, "", "s")); - subtree = proto_item_add_subtree(ti, ett_ssl_sig_hash_algs); - - if (len % 2) { - proto_tree_add_text(tree, tvb, offset, 2, - "Invalid Signature Hash Algorithm length: %d", len); - return offset-offset_start; - } - - while (len > 0) { - ti = proto_tree_add_item(subtree, hf_ssl_handshake_sig_hash_alg, - tvb, offset, 2, ENC_BIG_ENDIAN); - alg_tree = proto_item_add_subtree(ti, ett_ssl_sig_hash_alg); - - proto_tree_add_item(alg_tree, hf_ssl_handshake_sig_hash_hash, - tvb, offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(alg_tree, hf_ssl_handshake_sig_hash_sig, - tvb, offset+1, 1, ENC_BIG_ENDIAN); - - offset += 2; - len -= 2; - } - return offset-offset_start; -} - - /* UAT */ #ifdef HAVE_LIBGNUTLS @@ -5549,161 +4960,6 @@ proto_register_ssl(void) FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, NULL, HFILL } }, - { &hf_ssl_handshake_extensions_len, - { "Extensions Length", "ssl.handshake.extensions_length", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of hello extensions", HFILL } - }, - { &hf_ssl_handshake_extension_type, - { "Type", "ssl.handshake.extension.type", - FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0, - "Hello extension type", HFILL } - }, - { &hf_ssl_handshake_extension_len, - { "Length", "ssl.handshake.extension.len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of a hello extension", HFILL } - }, - { &hf_ssl_handshake_extension_data, - { "Data", "ssl.handshake.extension.data", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Hello Extension data", HFILL } - }, - { &hf_ssl_handshake_extension_elliptic_curves_len, - { "Elliptic Curves Length", "ssl.handshake.extensions_elliptic_curves_length", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of elliptic curves field", HFILL } - }, - { &hf_ssl_handshake_extension_elliptic_curves, - { "Elliptic Curves List", "ssl.handshake.extensions_elliptic_curves", - FT_NONE, BASE_NONE, NULL, 0x0, - "List of elliptic curves supported", HFILL } - }, - { &hf_ssl_handshake_extension_elliptic_curve, - { "Elliptic curve", "ssl.handshake.extensions_elliptic_curve", - FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, - NULL, HFILL } - }, - { &hf_ssl_handshake_extension_ec_point_formats_len, - { "EC point formats Length", "ssl.handshake.extensions_ec_point_formats_length", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of elliptic curves point formats field", HFILL } - }, - { &hf_ssl_handshake_extension_ec_point_format, - { "EC point format", "ssl.handshake.extensions_ec_point_format", - FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, - "Elliptic curves point format", HFILL } - }, - { &hf_ssl_handshake_extension_alpn_len, - { "ALPN Extension Length", "ssl.handshake.extensions_alpn_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of the ALPN Extension", HFILL } - }, - { &hf_ssl_handshake_extension_alpn_list, - { "ALPN Protocol", "ssl.handshake.extensions_alpn_list", - FT_NONE, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_handshake_extension_alpn_str_len, - { "ALPN string length", "ssl.handshake.extensions_alpn_str_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of ALPN string", HFILL } - }, - { &hf_ssl_handshake_extension_alpn_str, - { "ALPN Next Protocol", "ssl.handshake.extensions_alpn_str", - FT_STRING, BASE_NONE, NULL, 0x00, - NULL, HFILL } - }, - { &hf_ssl_handshake_extension_npn_str_len, - { "Protocol string length", "ssl.handshake.extensions_npn_str_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of next protocol string", HFILL } - }, - { &hf_ssl_handshake_extension_npn_str, - { "Next Protocol", "ssl.handshake.extensions_npn", - FT_STRING, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_handshake_extension_reneg_info_len, - { "Renegotiation info extension length", "ssl.handshake.extensions_reneg_info_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_handshake_extension_server_name_list_len, - { "Server Name list length", "ssl.handshake.extensions_server_name_list_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of server name list", HFILL } - }, - { &hf_ssl_handshake_extension_server_name_len, - { "Server Name length", "ssl.handshake.extensions_server_name_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of server name string", HFILL } - }, - { &hf_ssl_handshake_extension_server_name_type, - { "Server Name Type", "ssl.handshake.extensions_server_name_type", - FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, - NULL, HFILL } - }, - { &hf_ssl_handshake_extension_server_name, - { "Server Name", "ssl.handshake.extensions_server_name", - FT_STRING, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_hs_ext_cert_url_type, - { "Certificate Chain Type", "ssl.handshake.cert_url_type", - FT_UINT8, BASE_DEC, VALS(tls_cert_chain_type), 0x0, - "Certificate Chain Type for Client Certificate URL", HFILL } - }, - { &hf_ssl_hs_ext_cert_url_url_hash_list_len, - { "URL and Hash list Length", "ssl.handshake.cert_url.url_hash_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_hs_ext_cert_url_item, - { "URL and Hash", "ssl.handshake.cert_url.url_hash", - FT_NONE, BASE_NONE, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_hs_ext_cert_url_url_len, - { "URL Length", "ssl.handshake.cert_url.url_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_hs_ext_cert_url_url, - { "URL", "ssl.handshake.cert_url.url_hash_len", - FT_STRING, BASE_NONE, NULL, 0x0, - "URL used to fetch the certificate(s)", HFILL } - }, - { &hf_ssl_hs_ext_cert_url_padding, - { "Padding", "ssl.handshake.cert_url.padding", - FT_NONE, BASE_NONE, NULL, 0x0, - "Padding that MUST be 0x01 for backwards compatibility", HFILL } - }, - { &hf_ssl_hs_ext_cert_url_sha1, - { "SHA1 Hash", "ssl.handshake.cert_url.sha1", - FT_BYTES, BASE_NONE, NULL, 0x0, - "SHA1 Hash of the certificate", HFILL } - }, - { &hf_ssl_hs_ext_cert_status_type, - { "Certificate Status Type", "ssl.handshake.extensions_status_request_type", - FT_UINT8, BASE_DEC, VALS(tls_cert_status_type), 0x0, - NULL, HFILL } - }, - { &hf_ssl_hs_ext_cert_status_request_len, - { "Certificate Status Length", "ssl.handshake.extensions_status_request_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_hs_ext_cert_status_responder_id_list_len, - { "Responder ID list Length", "ssl.handshake.extensions_status_request_responder_ids_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_hs_ext_cert_status_request_extensions_len, - { "Request Extensions Length", "ssl.handshake.extensions_status_request_exts_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - NULL, HFILL } - }, { &hf_ssl_handshake_session_ticket_lifetime_hint, { "Session Ticket Lifetime Hint", "ssl.handshake.session_ticket_lifetime_hint", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -5884,31 +5140,6 @@ proto_register_ssl(void) FT_BYTES, BASE_NONE, NULL, 0x0, "PSK Identity", HFILL } }, - { &hf_ssl_handshake_sig_hash_alg_len, - { "Signature Hash Algorithms Length", "ssl.handshake.sig_hash_alg_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of Signature Hash Algorithms", HFILL } - }, - { &hf_ssl_handshake_sig_hash_algs, - { "Signature Hash Algorithms", "ssl.handshake.sig_hash_algs", - FT_NONE, BASE_NONE, NULL, 0x0, - "List of Signature Hash Algorithms", HFILL } - }, - { &hf_ssl_handshake_sig_hash_alg, - { "Signature Hash Algorithm", "ssl.handshake.sig_hash_alg", - FT_UINT16, BASE_HEX, NULL, 0x0, - NULL, HFILL } - }, - { &hf_ssl_handshake_sig_hash_hash, - { "Signature Hash Algorithm Hash", "ssl.handshake.sig_hash_hash", - FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0, - NULL, HFILL } - }, - { &hf_ssl_handshake_sig_hash_sig, - { "Signature Hash Algorithm Signature", "ssl.handshake.sig_hash_sig", - FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, - NULL, HFILL } - }, { &hf_ssl_handshake_cert_status, { "Certificate Status", "ssl.handshake.cert_status", FT_NONE, BASE_NONE, NULL, 0x0, @@ -5984,11 +5215,6 @@ proto_register_ssl(void) FT_NONE, BASE_NONE, NULL, 0x0, "Distinguished name of a CA that server trusts", HFILL } }, - { &hf_ssl_heartbeat_extension_mode, - { "Mode", "ssl.handshake.extension.heartbeat.mode", - FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, - "Heartbeat extension mode", HFILL } - }, { &hf_ssl_heartbeat_message, { "Heartbeat Message", "ssl.heartbeat_message", FT_NONE, BASE_NONE, NULL, 0x0, @@ -6194,7 +5420,9 @@ proto_register_ssl(void) { &hf_ssl_segment_data, { SSL_SEGMENT_DATA_TEXT, "ssl.segment.data", FT_BYTES, BASE_NONE, NULL, 0x00, - "The payload of a single SSL segment", HFILL }}, + "The payload of a single SSL segment", HFILL } + }, + SSL_COMMON_HF_LIST(dissect_ssl3_hf, "ssl") }; /* Setup protocol subtree array */ @@ -6206,18 +5434,8 @@ proto_register_ssl(void) &ett_ssl_heartbeat, &ett_ssl_cipher_suites, &ett_ssl_comp_methods, - &ett_ssl_extension, - &ett_ssl_extension_curves, - &ett_ssl_extension_curves_point_formats, - &ett_ssl_extension_alpn, - &ett_ssl_extension_npn, - &ett_ssl_extension_reneg_info, - &ett_ssl_extension_server_name, - &ett_ssl_urlhash, &ett_ssl_certs, &ett_ssl_cert_types, - &ett_ssl_sig_hash_algs, - &ett_ssl_sig_hash_alg, &ett_ssl_dnames, &ett_ssl_random, &ett_ssl_new_ses_ticket, @@ -6229,15 +5447,15 @@ proto_register_ssl(void) &ett_pct_cert_suites, &ett_pct_exch_suites, &ett_ssl_segments, - &ett_ssl_segment + &ett_ssl_segment, + SSL_COMMON_ETT_LIST(dissect_ssl3_hf) }; static ei_register_info ei[] = { { &ei_ssl_handshake_cipher_suites_mult2, { "ssl.handshake.cipher_suites_length.mult2", PI_MALFORMED, PI_ERROR, "Cipher suite length must be a multiple of 2", EXPFILL }}, { &ei_ssl_handshake_sig_hash_algs_mult2, { "ssl.handshake.sig_hash_alg_len.mult2", PI_MALFORMED, PI_ERROR, "Signature Hash Algorithm length must be a multiple of 2", EXPFILL }}, { &ei_ssl2_handshake_session_id_len_error, { "ssl.handshake.session_id_length.error", PI_MALFORMED, PI_ERROR, "Session ID length error", EXPFILL }}, - { &ei_ssl_hs_ext_cert_status_undecoded, { "ssl.handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, - "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL }} + SSL_COMMON_EI_LIST(dissect_ssl3_hf, "ssl") }; expert_module_t* expert_ssl; |