ssl,dtls: use ProtocolVersion from Server Hello

A DTLS capture from Jitsi Videobridge for Windows x64 (v519) using a
(patched?) BouncyCastle 1.51.0 exposed the odd behavior where the
ProtocolVersion from the record layer was always fixed to DTLSv1.2 while
the server agrees to use DTLSv1.0.

This resulted in a Malformed packet dissection of the ServerKeyExchange
message which mistakenly expects a SignatureAndHash field. Fix this
by using the protocol version from the ServerHello. Keep the fallback
in case a capture starts in the middle of a SSL conversation.

(Also display "DTLS" instead of "SSL" when the version is not yet
determined for DTLS packets.)

Bug: 11709
Change-Id: I0719977e3b2208da1960121b01dc109fa76bfcb6
Reviewed-on: https://code.wireshark.org/review/11821
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

1 files changed, 3 insertions, 35 deletions

diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 0ce1ec8295..b873d99c96 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -548,8 +548,6 @@ static void dissect_pct_msg_error(tvbuff_t *tvb,
  *
  */
 static gint  ssl_is_valid_ssl_version(const guint16 version);
-static gint  ssl_is_authoritative_version_message(const guint8 content_type,
-                                                  const guint8 next_byte);
 static gint  ssl_is_v2_client_hello(tvbuff_t *tvb, const guint32 offset);
 static gint  ssl_looks_like_sslv2(tvbuff_t *tvb, const guint32 offset);
 static gint  ssl_looks_like_sslv3(tvbuff_t *tvb, const guint32 offset);
@@ -1541,21 +1539,8 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
      * structure and print the column version
      */
     next_byte = tvb_get_guint8(tvb, offset);
-    if (session->version == SSL_VER_UNKNOWN
-        && ssl_is_authoritative_version_message(content_type, next_byte))
-    {
-        switch (version) {
-        case SSLV3_VERSION:
-        case TLSV1_VERSION:
-        case TLSV1DOT1_VERSION:
-        case TLSV1DOT2_VERSION:
-            session->version = version;
-            if (ssl) {
-                ssl->state |= SSL_VERSION;
-                ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", version, ssl->state);
-            }
-        }
-    }
+    if (session->version == SSL_VER_UNKNOWN)
+        ssl_try_set_version(session, ssl, content_type, next_byte, FALSE, version);
 
     /* on second and subsequent records per frame
      * add a delimiter on info column
@@ -1926,7 +1911,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
 
             case SSL_HND_SERVER_HELLO:
                 ssl_dissect_hnd_srv_hello(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree,
-                        offset, length, session, ssl);
+                        offset, length, session, ssl, FALSE);
                 break;
 
             case SSL_HND_HELLO_VERIFY_REQUEST:
@@ -3276,23 +3261,6 @@ ssl_is_valid_ssl_version(const guint16 version)
 }
 
 static gint
-ssl_is_authoritative_version_message(const guint8 content_type,
-                                     const guint8 next_byte)
-{
-    if (content_type == SSL_ID_HANDSHAKE
-        && ssl_is_valid_handshake_type(next_byte, FALSE))
-    {
-        return (next_byte != SSL_HND_CLIENT_HELLO);
-    }
-    else if (ssl_is_valid_content_type(content_type)
-             && content_type != SSL_ID_HANDSHAKE)
-    {
-        return 1;
-    }
-    return 0;
-}
-
-static gint
 ssl_is_v2_client_hello(tvbuff_t *tvb, const guint32 offset)
 {
     guint8 byte;