diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-09-15 00:09:48 +0100 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2017-09-18 07:31:35 +0000 |
| commit | 8240518f91fb0215c6e031bd8761e72dd755da5f (patch) | |
| tree | 6cc30f8b6ef57137df0f78c8b4725f159056a0f5 | |
| parent | aa2b59cf5e9cc4a60e839652124376e65818b885 (diff) | |
TLS13: restore draft -18 support for HRR
Draft 18 is still the most current boringssl version, avoid a malformed
packet exception by recognizing a draft -18 HelloRetryRequest.
Change-Id: I43cf91350a8a2ebfad6c1e0e35eb9621a3b3e44b
Fixes: v2.3.0rc0-2789-g18c4d1bb1f ("TLS13: update HRR for draft -19")
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/23544
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 25 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 8 |
2 files changed, 23 insertions, 10 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 7b824d1423..1797e37e14 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -7129,11 +7129,10 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, /* This version is always better than the guess at the Record Layer */ server_version = tvb_get_ntohs(tvb, offset); - if((server_version & 0xFF00) == 0x7f00) { /* if server_version start with 0x7f, it is (and force) TLS 1.3 */ - session->tls13_draft_version = server_version & 0xff; + session->tls13_draft_version = tls13_draft_version(server_version); + if (session->tls13_draft_version != 0) { + /* This is TLS 1.3 (a draft version). */ server_version = TLSV1DOT3_VERSION; - } else { - session->tls13_draft_version = 0; } ssl_try_set_version(session, ssl, SSL_ID_HANDSHAKE, SSL_HND_SERVER_HELLO, is_dtls, server_version); @@ -7286,18 +7285,24 @@ ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.1.4 * struct { * ProtocolVersion server_version; - * CipherSuite cipher_suite; + * CipherSuite cipher_suite; // not before draft -19 * Extension extensions<2..2^16-1>; * } HelloRetryRequest; */ - proto_tree_add_item(tree, hf->hf.hs_server_version, tvb, - offset, 2, ENC_BIG_ENDIAN); - offset += 2; + guint32 version; + guint8 draft_version; - proto_tree_add_item(tree, hf->hf.hs_cipher_suite, - tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, + offset, 2, ENC_BIG_ENDIAN, &version); + draft_version = tls13_draft_version(version); offset += 2; + if (draft_version == 0 || draft_version >= 19) { + proto_tree_add_item(tree, hf->hf.hs_cipher_suite, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + } + ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, offset_end, SSL_HND_HELLO_RETRY_REQUEST, session, ssl, is_dtls); diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 7c9cff4a6d..4fb1742b33 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -277,6 +277,14 @@ typedef struct _StringInfo { #define DTLSV1DOT0_OPENSSL_VERSION 0x100 #define DTLSV1DOT2_VERSION 0xfefd +/* Returns the TLS 1.3 draft version or 0 if not applicable. */ +static inline guint8 tls13_draft_version(guint32 version) { + if ((version & 0xff00) == 0x7f00) { + return (guint8) version; + } + return 0; +} + #define SSL_CLIENT_RANDOM (1<<0) #define SSL_SERVER_RANDOM (1<<1) |