From Adam Langley:

Decrypt resumed, SSL sessions from keylog file- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7396 svn path=/trunk/; revision=43458
author: Anders Broman <anders.broman@ericsson.com> 2012-06-24 15:24:59 +0000
committer: Anders Broman <anders.broman@ericsson.com> 2012-06-24 15:24:59 +0000
commit: 9adf66b3fbbae568514c75b5c43641e2a87984d4 (patch)
tree: 36fbbaff9436a02f41fafe9fddffd8d28dfb5b84 /epan
parent: 464464d8b6e33ee6c58d831c0073971ca78e1ba2 (diff)
3 files changed, 21 insertions, 8 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 5bab348b05..d41d2f4dd2 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -2280,6 +2280,9 @@ ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session,
 {
     gint i;
 
+    if (!encrypted_pre_master)
+        return -1;
+
     if(ssl_session->cipher_suite.kex == KEX_DH) {
         ssl_debug_printf("ssl_decrypt_pre_master_secret session uses DH (%d) key exchange, which is impossible to decrypt\n",
             KEX_DH);
@@ -3607,7 +3610,7 @@ ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash)
     ssl_print_string("ssl_save_session stored master secret", master_secret);
 }
 
-void
+gboolean
 ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash)
 {
     StringInfo* ms;
@@ -3615,11 +3618,12 @@ ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash)
 
     if (!ms) {
         ssl_debug_printf("ssl_restore_session can't find stored session\n");
-        return;
+        return FALSE;
     }
     ssl_data_set(&ssl->master_secret, ms->data, ms->data_len);
     ssl->state |= SSL_MASTER_SECRET;
     ssl_debug_printf("ssl_restore_session master key retrieved\n");
+    return TRUE;
 }
 
 int
@@ -3823,6 +3827,9 @@ ssl_keylog_lookup(SslDecryptSession* ssl_session,
     FILE* ssl_keylog;
     int ret = -1;
 
+    if (!ssl_keylog_filename)
+        return -1;
+
     ssl_debug_printf("trying to use SSL keylog in %s\n", ssl_keylog_filename);
 
     ssl_keylog = ws_fopen(ssl_keylog_filename, "r");
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index c7229ec1e5..603059c819 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -438,8 +438,8 @@ ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server);
 /** Try to find the pre-master secret for the given encrypted pre-master secret
     from a log of secrets.
  @param ssl_session the store for the decrypted pre_master_secret
- @param ssl_keylog_filename a file that contains a log of pre-master secrets
- @param encrypted_pre_master the rsa encrypted pre_master_secret
+ @param ssl_keylog_filename a file that contains a log of secrets (may be NULL)
+ @param encrypted_pre_master the rsa encrypted pre_master_secret (may be NULL)
  @return 0 on success */
 int
 ssl_keylog_lookup(SslDecryptSession* ssl_session,
@@ -534,7 +534,7 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
 extern void
 ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash);
 
-extern void
+extern gboolean
 ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash);
 
 extern gint
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 608ddd2e06..188c8903c8 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2136,8 +2136,6 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                             }
                         } else {
                             /* try to find the key in the key log */
-                            if (!ssl_keylog_filename)
-                                break;
                             if (ssl_keylog_lookup(ssl, ssl_keylog_filename, &encrypted_pre_master)<0)
                                 break;
                         }
@@ -2288,7 +2286,15 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
                  (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
         {
             /* client/server id match: try to restore a previous cached session*/
-            ssl_restore_session(ssl, ssl_session_hash);
+            if (!ssl_restore_session(ssl, ssl_session_hash)) {
+                /* If we failed to find the previous session, we may still have
+                 * the master secret in the key log. */
+                if (ssl_keylog_lookup(ssl, ssl_keylog_filename, NULL)) {
+                    ssl_debug_printf("  cannot find master secret in keylog file either\n");
+                } else {
+                    ssl_debug_printf("  found master secret in keylog file\n");
+                }
+            }
         } else {
             tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
             ssl->session_id.data_len = session_id_length;
author	Anders Broman <anders.broman@ericsson.com>	2012-06-24 15:24:59 +0000
committer	Anders Broman <anders.broman@ericsson.com>	2012-06-24 15:24:59 +0000
commit	9adf66b3fbbae568514c75b5c43641e2a87984d4 (patch)
tree	36fbbaff9436a02f41fafe9fddffd8d28dfb5b84 /epan
parent	464464d8b6e33ee6c58d831c0073971ca78e1ba2 (diff)