forked from osmocom/wireshark
From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9546
PSK stream does not get decrypted with other TLS streams Fix PSK decryption with keylog file Session IDs may be empty (length zero). Currently, these sessions are still stored in the session cache which is quite useless as is is very likely that multiple TLS streams have no Session ID in their Hello messages. This causes the wrong premaster secret to be restored when the ClientHello is dissected (via dissect_ssl3_hnd_hello_common). In the PSK case, this will prevent the SSL keylog file from being consulted. When processing the ClientKeyExchange, the ssl_generate_pre_master_secret function is called to set the pre-master key... but this does not happen when ssl.psk is not available. In this case, the PMK that was restored in ClientHello is used. This results in faulty dissection. RSA does not have this problem because it always tries to use the private server key (and falls back to the keylog file). This fix prevents empty session IDs from being stored with a PMK, making the dissector use the keylog file for PSK. svn path=/trunk/; revision=54122
This commit is contained in:
parent
1c85671ed2
commit
5c7c8e3886
1 changed files with 12 additions and 0 deletions
|
@ -4139,6 +4139,12 @@ ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash)
|
|||
/* allocate stringinfo chunks for session id and master secret data*/
|
||||
StringInfo* session_id;
|
||||
StringInfo* master_secret;
|
||||
|
||||
if (ssl->session_id.data_len == 0) {
|
||||
ssl_debug_printf("ssl_save_session SessionID is empty!\n");
|
||||
return;
|
||||
}
|
||||
|
||||
session_id = (StringInfo *)wmem_alloc0(wmem_file_scope(), sizeof(StringInfo) + ssl->session_id.data_len);
|
||||
master_secret = (StringInfo *)wmem_alloc0(wmem_file_scope(), 48 + sizeof(StringInfo));
|
||||
|
||||
|
@ -4160,6 +4166,12 @@ gboolean
|
|||
ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash)
|
||||
{
|
||||
StringInfo* ms;
|
||||
|
||||
if (ssl->session_id.data_len == 0) {
|
||||
ssl_debug_printf("ssl_restore_session Cannot restore using an empty SessionID\n");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ms = (StringInfo *)g_hash_table_lookup(session_hash, &ssl->session_id);
|
||||
|
||||
if (!ms) {
|
||||
|
|
Loading…
Reference in a new issue