aboutsummaryrefslogtreecommitdiffstats
path: root/editcap.c
diff options
context:
space:
mode:
authorPeter Wu <peter@lekensteyn.nl>2019-02-05 13:40:23 +0100
committerPeter Wu <peter@lekensteyn.nl>2019-02-05 15:36:40 +0000
commit53b55bfb5f775dad6c434bb5b18e260d79b0104d (patch)
treecd3e26894d7b2799bf517667efce43965570684e /editcap.c
parentaf3c6115f2f57eba177fc33d2df7c00621cbd4c4 (diff)
editcap: warn when --inject-secrets is given a RSA private key
While the documentation of "editcap --inject-secrets" mentions support for key log files only, people might misinterpret that and assume support for RSA private keys. This is explicitly not supported due to the sensitivity of these files. In order to be helpful, print a warning. Change-Id: Ia7b464c17f1dfb550729dd35775290ed28e14510 Reviewed-on: https://code.wireshark.org/review/31893 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'editcap.c')
-rw-r--r--editcap.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/editcap.c b/editcap.c
index c1616db61e..5d162c31be 100644
--- a/editcap.c
+++ b/editcap.c
@@ -932,6 +932,24 @@ lookup_secrets_type(const char *type)
return 0;
}
+static void
+validate_secrets_file(const char *filename, guint32 secrets_type, const char *data)
+{
+ if (secrets_type == SECRETS_TYPE_TLS) {
+ /*
+ * A key log file is unlikely going to look like either:
+ * - a PEM-encoded private key file.
+ * - a BER-encoded PKCS #12 file ("PFX file"). (Look for a Constructed
+ * SEQUENCE tag, e.g. bytes 0x30 which happens to be ASCII '0'.)
+ */
+ if (g_str_has_prefix(data, "-----BEGIN ") || data[0] == 0x30) {
+ fprintf(stderr,
+ "editcap: Warning: \"%s\" is not a key log file, but an unsupported private key file. Decryption will not work.\n",
+ filename);
+ }
+ }
+}
+
static int
framenum_compare(gconstpointer a, gconstpointer b, gpointer user_data _U_)
{
@@ -1474,6 +1492,9 @@ main(int argc, char *argv[])
continue;
}
+ /* Warn for badly formatted files, but proceed anyway. */
+ validate_secrets_file(secrets_filename, secrets_type_id, data);
+
block = wtap_block_create(WTAP_BLOCK_DSB);
dsb = (wtapng_dsb_mandatory_t *)wtap_block_get_mandatory_data(block);
dsb->secrets_type = secrets_type_id;