Incorrect interpretation of algorithm name in packet-tls-utils.c (#19801) · Issues · Wireshark Foundation / Wireshark

Incorrect interpretation of algorithm name in packet-tls-utils.c

## Summary when I run the Version 4.2.4 (v4.2.4-0-g1fe5bce8d665) on a capture file having TLSv1.2 protocol, I found it mis-recognize algorithm 0x0804 as "unknown" hash and "SM2" signature,although it correctly identify it as "rsa_pss_rsae_sha256". Infact that is not true. 0x0804 can not be futher dissected into 08 and 04. I checked the source file and found out the error in packet-tls-utils.c: it misassigned 4 to SM2 which I failed to find the referrence, according to the implicit rule (but I am not sure the standard referrence) that the algorithm id is composed by hash-id+signature-id, the "sm2sig_sm3" 0x0708 should suggest 7 as SM3 and 8 as SM2, absolutely not 4. ``` const value_string tls_hash_algorithm[] = { { 0, "None" }, { 1, "MD5" }, { 2, "SHA1" }, { 3, "SHA224" }, { 4, "SHA256" }, { 5, "SHA384" }, { 6, "SHA512" }, { 7, "SM3" }, { 0, NULL } }; const value_string tls_signature_algorithm[] = { { 0, "Anonymous" }, { 1, "RSA" }, { 2, "DSA" }, { 3, "ECDSA" }, { 4, "SM2" }, { 0, NULL } }; /* RFC 8446 Section 4.2.3 */ const value_string tls13_signature_algorithm[] = { { 0x0201, "rsa_pkcs1_sha1" }, { 0x0203, "ecdsa_sha1" }, { 0x0401, "rsa_pkcs1_sha256" }, { 0x0403, "ecdsa_secp256r1_sha256" }, { 0x0420, "rsa_pkcs1_sha256_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ { 0x0501, "rsa_pkcs1_sha384" }, { 0x0503, "ecdsa_secp384r1_sha384" }, { 0x0520, "rsa_pkcs1_sha384_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ { 0x0601, "rsa_pkcs1_sha512" }, { 0x0603, "ecdsa_secp521r1_sha512" }, { 0x0620, "rsa_pkcs1_sha512_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ { 0x0708, "sm2sig_sm3" }, { 0x0709, "gostr34102012_256a" }, /* RFC9367 */ { 0x070a, "gostr34102012_256b" }, /* RFC9367 */ { 0x070b, "gostr34102012_256c" }, /* RFC9367 */ { 0x070c, "gostr34102012_256d" }, /* RFC9367 */ { 0x070d, "gostr34102012_512a" }, /* RFC9367 */ { 0x070e, "gostr34102012_512b" }, /* RFC9367 */ { 0x070f, "gostr34102012_512c" }, /* RFC9367 */ { 0x0804, "rsa_pss_rsae_sha256" },` ``` ## Sample capture file ## Steps to reproduce Just run the current version wireshark on the capture file ,click and expande on the No. 70 packet ## What is the current bug behavior? It misunderstood 0x0804 as unknown hash and SM2 signature, acutually it should be sha256 hash and rsa-pss signature. ## What is the expected correct behavior? it should be sha256 hash and rsa-pss signature. ## Build information ``` No build problem ```

issue