diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2014-07-12 00:30:12 +0200 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2014-07-15 23:07:10 +0000 |
| commit | 2c772e38256e22974e05eef01d59efe2120df5d5 (patch) | |
| tree | a774356d2d1c390935fd8458b369a6d6eec6a1fa /epan/dissectors/packet-dtls.c | |
| parent | aecbb98365e3391603c203de4d2d1a6685f7247d (diff) | |
ssl: move decoder init from ClientKeyExchange to ChangeCipherSpec
My previous change removed master-key retrieval in the Server Hello.
This broke decryption when ClientKeyExchange is missing. That was done
because decryption is only needed after ChangeCipherSpec.
This patch moves the remaining initialization in ClientKeyExchange to
ChangeCipherSpec. In theory this could fix decryption of DTLS traffic
when an abbreviated handshake is used (and thus keyring material is
never generated in ClientKeyExchange since it is not called).
It also avoids saving a session ticket with an empty key which can
happen when no RSA key is present, but the NewSessionTicket message
is received. This could lead to garbage decryption.
Change-Id: If0f475232c270b1d7b006c1f9af0e8d8098c6b65
Reviewed-on: https://code.wireshark.org/review/3019
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-dtls.c')
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 56f86c101e..ebb23c9b7a 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -851,7 +851,11 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec"); dissect_dtls_change_cipher_spec(tvb, dtls_record_tree, offset, session, content_type); - if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo)); + if (ssl) { + ssl_finalize_decryption(ssl, dtls_session_hash, + dtls_options.keylog_filename); + ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo)); + } break; case SSL_ID_ALERT: { @@ -1386,21 +1390,13 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, case SSL_HND_CLIENT_KEY_EXCHG: ssl_dissect_hnd_cli_keyex(&dissect_dtls_hf, sub_tvb, ssl_hand_tree, 0, length, session); - /* here we can have all the data to build session key */ if (!ssl) break; + /* try to find master key from pre-master key */ if (ssl_generate_pre_master_secret(ssl, length, sub_tvb, 0, dtls_options.psk, dtls_options.keylog_filename) < 0) { ssl_debug_printf("dissect_dtls_handshake can't generate pre master secret\n"); - break; } - if (ssl_generate_keyring_material(ssl) < 0) { - ssl_debug_printf("dissect_dtls_handshake can't generate keyring material\n"); - break; - } - - ssl_save_session(ssl, dtls_session_hash); - ssl_debug_printf("dissect_dtls_handshake session keys successfully generated\n"); break; case SSL_HND_FINISHED: |