aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2017-11-23 01:55:27 +0000
committerAnders Broman <a.broman58@gmail.com>2017-11-23 05:37:29 +0000
commitd790c524b41907ebaa0f29afec19ee6913173129 (patch)
tree34e2c1d0fb83c4b01594b874ad71816ffcc6a523
parentb4419eacce6d76f0e854280f8c20d4849ba2c067 (diff)
TLS: fix decryption with EMS and client auth
When extended_master_secret is enabled with client authentication, decryption using an RSA private key file would fail because the wrong master secret is derived. This happens due to an excess CertificateVerify message in the handshake hash. Bug: 14243 Change-Id: I02f8302ac4a85422f7df52a234bdddfcb5fe3307 Reviewed-on: https://code.wireshark.org/review/24543 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r--epan/dissectors/packet-ssl.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 6c17bd2..1b85132 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2133,8 +2133,14 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
/*
* Add handshake message (including type, length, etc.) to hash (for
* Extended Master Secret).
+ * Hash ClientHello up to and including ClientKeyExchange. As the
+ * premaster secret is looked up during ChangeCipherSpec processing (an
+ * implementation detail), we must skip the CertificateVerify message
+ * which can appear between CKE and CCS when mutual auth is enabled.
*/
- ssl_calculate_handshake_hash(ssl, tvb, hs_offset, 4 + length);
+ if (msg_type != SSL_HND_CERT_VERIFY) {
+ ssl_calculate_handshake_hash(ssl, tvb, hs_offset, 4 + length);
+ }
/* now dissect the handshake message, if necessary */
switch ((HandshakeType) msg_type) {