TLS: fix decryption of renegotiated sessions

Renegotiated sessions may interleave application data with handshake records. These handshake records should however not be included in the flow associated with the application data. This fixes a regression in the previous patch, now the "1.12 Step: SSL Decryption (renegotiation)" test passes again. Also remove duplicate DTLS data sources for decrypted records. Change-Id: I46d416ffba11a7c25c5a682b3b53f06d10d4ab79 Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling") Reviewed-on: https://code.wireshark.org/review/19822 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2017-01-25 21:52:27 +01:00 · 2017-01-25 21:52:27 +01:00 · 8f81dd4f82
parent 0ce7b55fb4
commit 8f81dd4f82
2 changed files with 6 additions and 4 deletions
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@ -827,7 +827,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
      if (decrypted) {
        dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
                           session);
-        add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
      } else {
        dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset,
                           session);
@ -843,7 +842,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
        dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
                               tvb_reported_length(decrypted), session, is_from_server,
                               ssl, content_type);
-        add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
      } else {
        dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset,
                               record_length, session, is_from_server, ssl,
@ -923,7 +921,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
    if (decrypted) {
      dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0,
                             session, tvb_reported_length (decrypted), TRUE);
-      add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
    } else {
      dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset,
                             session, record_length, FALSE);
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@ -4482,10 +4482,15 @@ ssl_add_record_info(gint proto, packet_info *pinfo, const guchar *data, gint dat
    rec->type = type;
    rec->next = NULL;

-    if (flow) {
+    /* TODO allow Handshake records also to be reassembled. There needs to be
+     * one "flow" for each record type (appdata, handshake). "seq" for the
+     * record should then be relative within this flow. */
+    if (flow && type == SSL_ID_APP_DATA) {
        rec->seq = flow->byte_seq;
        rec->flow = flow;
        flow->byte_seq += data_len;
+        ssl_debug_printf("%s stored decrypted record seq=%d nxtseq=%d flow=%p\n",
+                         G_STRFUNC, rec->seq, rec->seq + data_len, flow);
    }

    /* Remember decrypted records. */