SSL/TLS payload decryption:

don't make private key and keylog file mutually exclusive

if we find a private key that does not match or is not usable for
getting the pre-master secret (e.g. because we're using an ephemeral
cipher suite), don't give up and exit with an error

continue reading the keylog file and search for our master secret there

Change-Id: I59fb460339e3e606a077b3a902fa1f9777b5e118
Reviewed-on: https://code.wireshark.org/review/590
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>

1 files changed, 10 insertions, 10 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index b39d40ecd7..9afa2e0362 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -2516,17 +2516,17 @@ ssl_generate_pre_master_secret(SslDecryptSession *ssl_session,
             /* go with ssl key processessing; encrypted_pre_master
              * will be used for master secret store*/
             ret = ssl_decrypt_pre_master_secret(ssl_session, &encrypted_pre_master, ssl_session->private_key);
-            if (ret < 0) {
-                ssl_debug_printf("ssl_generate_pre_master_secret: can't decrypt pre master secret\n");
-                return -1;
-            }
-            return 0;
-        } else if (keylog_filename != NULL) {
+            if (ret == 0)
+                return 0;
+
+            ssl_debug_printf("ssl_generate_pre_master_secret: can't decrypt pre master secret\n");
+        }
+
+        if (keylog_filename != NULL) {
             /* try to find the key in the key log */
-            if (ssl_keylog_lookup(ssl_session, keylog_filename, &encrypted_pre_master) < 0) {
-                return -1;
-            }
-            return 0;
+            ret = ssl_keylog_lookup(ssl_session, keylog_filename, &encrypted_pre_master);
+            if (ret == 0)
+                return 0;
         }
     }
     return -1;