osmith/wireshark
1
0
Fork 0
forked from osmocom/wireshark
Code Pull requests Releases Wiki Activity

From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9546

Browse source 
PSK stream does not get decrypted with other TLS streams

Fix PSK decryption with keylog file

Session IDs may be empty (length zero). Currently, these sessions are
still stored in the session cache which is quite useless as is is very
likely that multiple TLS streams have no Session ID in their Hello
messages. This causes the wrong premaster secret to be restored when the
ClientHello is dissected (via dissect_ssl3_hnd_hello_common).

In the PSK case, this will prevent the SSL keylog file from being
consulted. When processing the ClientKeyExchange, the
ssl_generate_pre_master_secret function is called to set the pre-master
key... but this does not happen when ssl.psk is not available. In this
case, the PMK that was restored in ClientHello is used. This results in
faulty dissection.

RSA does not have this problem because it always tries to use the
private server key (and falls back to the keylog file).

This fix prevents empty session IDs from being stored with a PMK,
making the dissector use the keylog file for PSK.

svn path=/trunk/; revision=54122
This commit is contained in:
Alexis La Goutte 2013-12-15 16:16:54 +00:00
parent 1c85671ed2
commit 5c7c8e3886
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
epan/dissectors/packet-ssl-utils.c
View file

@ -4139,6 +4139,12 @@ ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash)
/* allocate stringinfo chunks for session id and master secret data*/
StringInfo* session_id;
StringInfo* master_secret;
if (ssl->session_id.data_len == 0) {
ssl_debug_printf("ssl_save_session SessionID is empty!\n");
return;
}
session_id = (StringInfo *)wmem_alloc0(wmem_file_scope(), sizeof(StringInfo) + ssl->session_id.data_len);
master_secret = (StringInfo *)wmem_alloc0(wmem_file_scope(), 48 + sizeof(StringInfo));
@ -4160,6 +4166,12 @@ gboolean
ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash)
{
StringInfo* ms;
if (ssl->session_id.data_len == 0) {
ssl_debug_printf("ssl_restore_session Cannot restore using an empty SessionID\n");
return FALSE;
}
ms = (StringInfo *)g_hash_table_lookup(session_hash, &ssl->session_id);
if (!ms) {