aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2017-10-14 18:43:58 +0100
committerAlexis La Goutte <alexis.lagoutte@gmail.com>2017-10-15 08:02:49 +0000
commit9d189c7e20de37f95b2ad70725ab65b9bf863227 (patch)
treeb89ceafcb74f77fc55403b7f2968879512b92384
parentb5948a042a9925619a464cde7b0de245fab45594 (diff)
ssl: assume everything after CCS is encrypted
After ChangeCipherSpec, record fragments are encrypted. Use this strong hint to fix misinterpreting the explicit nonce as a handshake message. One edge case remaing unsolved though, if an encrypted Finished message follows the CCS in the same TCP packet, then it could still be misinterpreted. Bug: 14117 Change-Id: Ie54bb5335f115d0fd8f05a13d1c826e3807cbbd3 Reviewed-on: https://code.wireshark.org/review/23900 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
-rw-r--r--epan/dissectors/packet-ssl-utils.c5
-rw-r--r--epan/dissectors/packet-ssl-utils.h2
-rw-r--r--epan/dissectors/packet-ssl.c9
3 files changed, 16 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 7b3683d..5d0172a 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -5565,6 +5565,11 @@ ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb,
val_to_str_const(SSL_ID_CHG_CIPHER_SPEC, ssl_31_content_type, "unknown"));
ti = proto_tree_add_item(tree, hf->hf.change_cipher_spec, tvb, offset, 1, ENC_NA);
+ /* Remember frame number of first CCS */
+ guint32 *ccs_frame = is_from_server ? &session->server_ccs_frame : &session->client_ccs_frame;
+ if (*ccs_frame == 0)
+ *ccs_frame = pinfo->num;
+
/* Use heuristics to detect an abbreviated handshake, assume that missing
* ServerHelloDone implies reusing previously negotiating keys. Then when
* a Session ID or ticket is present, it must be a resumed session.
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 4fe57ba..edf070e 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -430,6 +430,8 @@ typedef struct _SslSession {
guchar tls13_draft_version;
gint8 client_cert_type;
gint8 server_cert_type;
+ guint32 client_ccs_frame;
+ guint32 server_ccs_frame;
/* The address/proto/port of the server as determined from heuristics
* (e.g. ClientHello) or set externally (via ssl_set_master_secret()). */
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index c0e4233..87983e8 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2037,6 +2037,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
if (maybe_encrypted) {
maybe_encrypted = tvb_bytes_exist(tvb, offset, 5) && tvb_get_ntoh40(tvb, offset) == 0;
}
+ /*
+ * Everything after the ChangeCipherSpec message is encrypted.
+ * TODO handle Finished message after CCS in the same frame and remove the
+ * above nonce-based heuristic.
+ */
+ if (!maybe_encrypted) {
+ guint32 ccs_frame = is_from_server ? session->server_ccs_frame : session->client_ccs_frame;
+ maybe_encrypted = ccs_frame != 0 && pinfo->num > ccs_frame;
+ }
/* just as there can be multiple records per packet, there
* can be multiple messages per record as long as they have