URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=aaad273ec1ead7e2203e66536b0c80fce8c72e49
Submitter: "Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
aaad273 by Peter Wu (peter@xxxxxxxxxxxxx):
pkcs1: recognize explicit curve parameters
Add support for explicit curve parameters according to RFC 3279. This
allows an exploitation attempt of CVE-2020-0601 to be detected through
the pkcs1.specifiedCurve_element filter name. Be aware though that the
certificate is encrypted in TLS 1.3, so a negative match does not imply
that no exploitation has happened.
While these definitions are technically not part of PKCS #1, the
PKIXAlgs module is part of the pkcs1 dissector for historical reasons.
It probably makes sense splitting it into a separate pkixalgs dissector,
but that would result in field name changes. Defer that for now.
Bug: 16340
Change-Id: Ia9d47a8337d6246f52983460580310b12e5709cf
Reviewed-on: https://code.wireshark.org/review/35986
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Actions performed:
from 530e243 CMake: look for libcap on Linux only
add aaad273 pkcs1: recognize explicit curve parameters
Summary of changes:
epan/dissectors/asn1/pkcs1/PKIXAlgs-2009.asn | 57 ++++++--
epan/dissectors/asn1/pkcs1/pkcs1.cnf | 8 +-
epan/dissectors/packet-pkcs1.c | 195 ++++++++++++++++++++++++++-
3 files changed, 245 insertions(+), 15 deletions(-)