TLS13: restore draft -18 support for HRR

Draft 18 is still the most current boringssl version, avoid a malformed packet exception by recognizing a draft -18 HelloRetryRequest. Change-Id: I43cf91350a8a2ebfad6c1e0e35eb9621a3b3e44b Fixes: v2.3.0rc0-2789-g18c4d1bb1f ("TLS13: update HRR for draft -19") Ping-Bug: 12779 Reviewed-on: https://code.wireshark.org/review/23544 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2017-09-15 00:09:48 +0100
committer: Alexis La Goutte <alexis.lagoutte@gmail.com> 2017-09-18 07:31:35 +0000
commit: 8240518f91fb0215c6e031bd8761e72dd755da5f (patch)
tree: 6cc30f8b6ef57137df0f78c8b4725f159056a0f5 /epan/dissectors/packet-ssl-utils.c
parent: aa2b59cf5e9cc4a60e839652124376e65818b885 (diff)
1 files changed, 15 insertions, 10 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 7b824d1423..1797e37e14 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -7129,11 +7129,10 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
 
     /* This version is always better than the guess at the Record Layer */
     server_version = tvb_get_ntohs(tvb, offset);
-    if((server_version & 0xFF00) == 0x7f00) { /* if server_version start with 0x7f, it is (and force) TLS 1.3 */
-        session->tls13_draft_version = server_version & 0xff;
+    session->tls13_draft_version = tls13_draft_version(server_version);
+    if (session->tls13_draft_version != 0) {
+        /* This is TLS 1.3 (a draft version). */
         server_version = TLSV1DOT3_VERSION;
-    } else {
-        session->tls13_draft_version = 0;
     }
     ssl_try_set_version(session, ssl, SSL_ID_HANDSHAKE, SSL_HND_SERVER_HELLO,
             is_dtls, server_version);
@@ -7286,18 +7285,24 @@ ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb,
     /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.1.4
      * struct {
      *     ProtocolVersion server_version;
-     *     CipherSuite cipher_suite;
+     *     CipherSuite cipher_suite;        // not before draft -19
      *     Extension extensions<2..2^16-1>;
      * } HelloRetryRequest;
      */
-    proto_tree_add_item(tree, hf->hf.hs_server_version, tvb,
-                        offset, 2, ENC_BIG_ENDIAN);
-    offset += 2;
+    guint32     version;
+    guint8      draft_version;
 
-    proto_tree_add_item(tree, hf->hf.hs_cipher_suite,
-                        tvb, offset, 2, ENC_BIG_ENDIAN);
+    proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb,
+                                 offset, 2, ENC_BIG_ENDIAN, &version);
+    draft_version = tls13_draft_version(version);
     offset += 2;
 
+    if (draft_version == 0 || draft_version >= 19) {
+        proto_tree_add_item(tree, hf->hf.hs_cipher_suite,
+                            tvb, offset, 2, ENC_BIG_ENDIAN);
+        offset += 2;
+    }
+
     ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset,
                               offset_end, SSL_HND_HELLO_RETRY_REQUEST,
                               session, ssl, is_dtls);
author	Peter Wu <peter@lekensteyn.nl>	2017-09-15 00:09:48 +0100
committer	Alexis La Goutte <alexis.lagoutte@gmail.com>	2017-09-18 07:31:35 +0000
commit	8240518f91fb0215c6e031bd8761e72dd755da5f (patch)
tree	6cc30f8b6ef57137df0f78c8b4725f159056a0f5 /epan/dissectors/packet-ssl-utils.c
parent	aa2b59cf5e9cc4a60e839652124376e65818b885 (diff)