ssl,dtls,ssl-utils: Prepare for STARTTLS handling

All STARTTLS-like dissectors (protocols which can switch to SSL/TLS
after a protocol command) currently fail to get called after decryption.
The reason for this is that the port is not registered for SSL
dissection via ssl_dissector_add. Besides this, the MySQL dissector
breaks in the event of multiple segments because it does not properly
set desegmentation.

The call path TCP | App | SSL | App is a bad, error-prone pattern which
requires duplication of required functionality in dissectors. This patch
enables to bypass the App (TCP | SSL | App) by registering a SSL as
conversation dissector after a STARTTLS switch.

Logical overview of changes:

 - Move srv_addr, srv_ptype and srv_port to SslSession and adjust the
   users. This allows passing SslSession around which will never be null
   unlike SslDecryptSession. This is needed for looking up the packet
   direction (server or client) before calling a subdissector.
 - Add app_handle to store the dissector and last_nontls_frame the
   frame that initiated STARTTLS.
 - The same app_handle is now used to store the dissector handle from
   a ssl association.
 - Moved conversation data (SslDecryptSession) to ssl-utils to avoid
   code duplication. Merge ssl_session_init into it. The new
   ssl_session_get() is needed for STARTTLS frame/handle storage.
 - Introduce new "ssl_starttls_ack" function to signal the last non-TLS
   packet.
 - Ensure that match_uint is set before calling the conversation
   dissector. This ensures that dissectors using match_uint to check
   the direction of a packet (client vs. server) see the TCP port
   instead of the IP proto. At least the MySQL and SMTP dissectors
   require such special treatment.
 - Move epan/conversation.h outside HAVE_LIBGNUTLS, remove from dtls
   (as it is already included by ssl-utils).
 - Various comment/debug string updates. Remove outdated comment before
   SSL association lookup.

Besides setting match_uint and caching the app_handle, existing
dissectors should not be affected by this patch. Follow-up patches
will update existing dissectors to use the new ssl_starttls_ack
interface.

Bug: 9515
Change-Id: I795d16b6a901e672a5d89e922adc7e5bbcda0333
Reviewed-on: https://code.wireshark.org/review/6872
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

1 files changed, 32 insertions, 11 deletions

diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index a74f3b911c..19fcf2c26f 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -31,13 +31,13 @@
 #include <epan/prefs.h>
 #include <epan/wmem/wmem.h>
 #include <epan/expert.h>
+#include <epan/conversation.h>
 #include <wsutil/wsgcrypt.h>
 
 #ifdef HAVE_LIBGNUTLS
 #include <gnutls/x509.h>
 #include <gnutls/pkcs12.h>
 
-#include <epan/conversation.h>
 #include "ws_symbol_export.h"
 
 /* #define SSL_FAST 1 */
@@ -353,6 +353,16 @@ typedef struct _SslSession {
     guint32 version;
     gint8 client_cert_type;
     gint8 server_cert_type;
+
+    /* The address/proto/port of the server as determined from heuristics
+     * (e.g. ClientHello) or set externally (via ssl_set_master_secret()). */
+    address srv_addr;
+    port_type srv_ptype;
+    guint srv_port;
+
+    /* The Application layer protocol if known (for STARTTLS support) */
+    dissector_handle_t   app_handle;
+    guint32              last_nontls_frame;
 } SslSession;
 
 /* RFC 5246, section 8.1 says that the master secret is always 48 bytes */
@@ -389,10 +399,6 @@ typedef struct _SslDecryptSession {
     StringInfo app_data_segment;
     SslSession session;
 
-    address srv_addr;
-    port_type srv_ptype;
-    guint srv_port;
-
 } SslDecryptSession;
 
 typedef struct _SslAssociation {
@@ -452,14 +458,29 @@ gboolean ssldecrypt_uat_fld_password_chk_cb(void*, const char*, unsigned, const
 extern void
 ssl_lib_init(void);
 
-/** Initialize an ssl session struct
- @param ssl pointer to ssl session struct to be initialized */
-extern void
-ssl_session_init(SslDecryptSession* ssl);
+/** Retrieve a SslSession, creating it if it did not already exist.
+ * @param conversation The SSL conversation.
+ * @param ssl_handle The dissector handle for SSL or DTLS.
+ */
+extern SslDecryptSession *
+ssl_get_session(conversation_t *conversation, dissector_handle_t ssl_handle);
 
 /** Set server address and port */
 extern void
-ssl_set_server(SslDecryptSession* ssl, address *addr, port_type ptype, guint32 port);
+ssl_set_server(SslSession *session, address *addr, port_type ptype, guint32 port);
+
+/** Marks this packet as the last one before switching to SSL that is supposed
+ * to encapsulate this protocol.
+ * @param ssl_handle The dissector handle for SSL or DTLS.
+ * @param pinfo Packet Info.
+ * @param app_handle Dissector handle for the protocol inside the decrypted
+ * Application Data record.
+ * @return 0 for the first STARTTLS acknowledgement (success) or if ssl_handle
+ * is NULL. >0 if STARTTLS was started before.
+ */
+extern guint32
+ssl_starttls_ack(dissector_handle_t ssl_handle, packet_info *pinfo,
+                 dissector_handle_t app_handle);
 
 /** set the data and len for the stringInfo buffer. buf should be big enough to
  * contain the provided data
@@ -561,7 +582,7 @@ extern gint
 ssl_assoc_from_key_list(gpointer key _U_, gpointer data, gpointer user_data);
 
 extern gint
-ssl_packet_from_server(SslDecryptSession* ssl, GTree* associations, packet_info *pinfo);
+ssl_packet_from_server(SslSession *session, GTree *associations, packet_info *pinfo);
 
 /* add to packet data a copy of the specified real data */
 extern void