diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-11-11 04:29:15 +0000 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2017-11-26 15:55:46 +0000 |
| commit | d35ed012ce62fae4344e80a0df3742619a4eaa0f (patch) | |
| tree | d99f602a61c949a7f83fb39af01467b7776a8027 /epan/dissectors/packet-ssl-utils.h | |
| parent | 7eb2c7dbc7b0cddb18297268677e3dc9a073f320 (diff) | |
TLS13: update for draft -22 (Server Hello, HRR, CCS, NST)
Draft -22 moved the server version to an extension and makes HRR look
like a SH. SH is now interpreted as TLS 1.2. Detecting TLS 1.3/HRR
requires scanning SH extensions before parsing the message, so do that.
Changes:
- Add draft 22 version identifier.
- Recognize special Server Hello magic for HRR.
- Dissect SupportedVersions for SH/HRR, rename the field to match spec.
- Recognise new Server Hello format (including legacy fields).
- Move version detection up to handshake message dissection to allow
HRR (disguised as SH) to be detected as such. DTLS does not have HRR
and fragmentation makes it harder, so use its version as usual.
- Ignore ChangeCipherSpec again for draft 22 (do not add expert info).
- Allow NST ticket_nonce to be empty.
Change-Id: I9d5f7dba173e1b5c901bf9a6917c65520ee60a2f
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/24340
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 36608f1979..667ce971d6 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -694,6 +694,10 @@ extern gboolean ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls); extern void +tls_scan_server_hello(tvbuff_t *tvb, guint32 offset, guint32 offset_end, + guint16 *server_version, gboolean *is_hrr); + +extern void ssl_try_set_version(SslSession *session, SslDecryptSession *ssl, guint8 content_type, guint8 handshake_type, gboolean is_dtls, guint16 version); @@ -753,7 +757,7 @@ typedef struct ssl_common_dissect { gint hs_ext_psk_binders; gint hs_ext_psk_identity_selected; gint hs_ext_supported_versions_len; - gint hs_ext_supported_versions; + gint hs_ext_supported_version; gint hs_ext_cookie_len; gint hs_ext_cookie; gint hs_ext_server_name; @@ -989,7 +993,7 @@ extern void ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo, proto_tree *tree, guint32 offset, guint32 offset_end, SslSession *session, SslDecryptSession *ssl, - gboolean is_dtls); + gboolean is_dtls, gboolean is_hrr); extern void ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo, @@ -1246,8 +1250,8 @@ ssl_common_dissect_t name = { \ FT_UINT8, BASE_DEC, NULL, 0x0, \ NULL, HFILL } \ }, \ - { & name .hf.hs_ext_supported_versions, \ - { "Supported Versions", prefix ".handshake.extensions.supported_versions", \ + { & name .hf.hs_ext_supported_version, \ + { "Supported Version", prefix ".handshake.extensions.supported_version", \ FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \ NULL, HFILL } \ }, \ |