osmocom
/
wireshark
14
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

From Adam Langley: 

Decrypt resumed, SSL sessions from keylog file-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7396

svn path=/trunk/; revision=43458
This commit is contained in:
Anders Broman 2012-06-24 15:24:59 +00:00
parent 464464d8b6
commit 9adf66b3fb
3 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
epan/dissectors/packet-ssl-utils.c
View File

@ -2280,6 +2280,9 @@ ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session,
{
gint i;
if (!encrypted_pre_master)
return -1;
if(ssl_session->cipher_suite.kex == KEX_DH) {
ssl_debug_printf("ssl_decrypt_pre_master_secret session uses DH (%d) key exchange, which is impossible to decrypt\n",
KEX_DH);
@ -3607,7 +3610,7 @@ ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash)
ssl_print_string("ssl_save_session stored master secret", master_secret);
}
void
gboolean
ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash)
{
StringInfo* ms;
@ -3615,11 +3618,12 @@ ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash)
if (!ms) {
ssl_debug_printf("ssl_restore_session can't find stored session\n");
return;
return FALSE;
}
ssl_data_set(&ssl->master_secret, ms->data, ms->data_len);
ssl->state |= SSL_MASTER_SECRET;
ssl_debug_printf("ssl_restore_session master key retrieved\n");
return TRUE;
}
int
@ -3823,6 +3827,9 @@ ssl_keylog_lookup(SslDecryptSession* ssl_session,
FILE* ssl_keylog;
int ret = -1;
if (!ssl_keylog_filename)
return -1;
ssl_debug_printf("trying to use SSL keylog in %s\n", ssl_keylog_filename);
ssl_keylog = ws_fopen(ssl_keylog_filename, "r");

6
epan/dissectors/packet-ssl-utils.h
View File

@ -438,8 +438,8 @@ ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server);
/** Try to find the pre-master secret for the given encrypted pre-master secret
from a log of secrets.
@param ssl_session the store for the decrypted pre_master_secret
@param ssl_keylog_filename a file that contains a log of pre-master secrets
@param encrypted_pre_master the rsa encrypted pre_master_secret
@param ssl_keylog_filename a file that contains a log of secrets (may be NULL)
@param encrypted_pre_master the rsa encrypted pre_master_secret (may be NULL)
@return 0 on success */
int
ssl_keylog_lookup(SslDecryptSession* ssl_session,
@ -534,7 +534,7 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
extern void
ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash);
extern void
extern gboolean
ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash);
extern gint

12
epan/dissectors/packet-ssl.c
View File

@ -2136,8 +2136,6 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
}
} else {
/* try to find the key in the key log */
if (!ssl_keylog_filename)
break;
if (ssl_keylog_lookup(ssl, ssl_keylog_filename, &encrypted_pre_master)<0)
break;
}
@ -2288,7 +2286,15 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
(tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
{
/* client/server id match: try to restore a previous cached session*/
ssl_restore_session(ssl, ssl_session_hash);
if (!ssl_restore_session(ssl, ssl_session_hash)) {
/* If we failed to find the previous session, we may still have
* the master secret in the key log. */
if (ssl_keylog_lookup(ssl, ssl_keylog_filename, NULL)) {
ssl_debug_printf(" cannot find master secret in keylog file either\n");
} else {
ssl_debug_printf(" found master secret in keylog file\n");
}
}
} else {
tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
ssl->session_id.data_len = session_id_length;