diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2015-02-16 10:50:02 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2015-03-12 16:27:10 +0000 |
| commit | 410b40d37145ac217db41ea6bc403c36ab53195d (patch) | |
| tree | b5fee07b6d7d30b3658bbb210770139c1a653f4e /epan | |
| parent | 6c1e4d2e7a9bd4884feff393fe3cd9b18d8dfee3 (diff) | |
Export CLIENT_RANDOM with Export SSL Session Keys
This allows for exporting the SSL session keys for captures which were
decrypted using a RSA certificate, but where the server does not support
session resumption.
To avoid frequent reallocations, the expected length is used as initial
string size.
Tested against a nginx server with ssl_session_cache off.
Note that all keys loaded via ssl.keylog_file are exported, not just the
displayed ones!
Change-Id: Ie3a93d3692885502f46442953fa53303d16672d7
Reviewed-on: https://code.wireshark.org/review/7175
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 3 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 6 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl.h | 3 |
3 files changed, 10 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 61955910fe..b2c71cc3b2 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -4584,6 +4584,9 @@ ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) ssl_debug_printf("%s can't generate keyring material\n", G_STRFUNC); return; } + /* Save Client Random/ Session ID for "SSL Export Session keys" */ + ssl_save_master_key("Client Random", mk_map->crandom, + &ssl->client_random, &ssl->master_secret); ssl_save_master_key("Session ID", mk_map->session, &ssl->session_id, &ssl->master_secret); ssl_save_master_key("Session Ticket", mk_map->session, diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 593026d33f..4e0d86172d 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -251,8 +251,9 @@ ssl_proto_tree_add_segment_data( static ssl_master_key_map_t ssl_master_key_map; -/* ssl_session_hash is used by "Export SSL Session Keys" */ -GHashTable *ssl_session_hash = NULL; +/* used by "Export SSL Session Keys" */ +GHashTable *ssl_session_hash; +GHashTable *ssl_crandom_hash; static GHashTable *ssl_key_hash = NULL; static GTree *ssl_associations = NULL; @@ -301,6 +302,7 @@ ssl_init(void) /* for "Export SSL Session Keys" */ ssl_session_hash = ssl_master_key_map.session; + ssl_crandom_hash = ssl_master_key_map.crandom; /* We should have loaded "keys_list" by now. Mark it obsolete */ if (ssl_module) { diff --git a/epan/dissectors/packet-ssl.h b/epan/dissectors/packet-ssl.h index 0b8cd9cd46..499ba8d22e 100644 --- a/epan/dissectors/packet-ssl.h +++ b/epan/dissectors/packet-ssl.h @@ -25,7 +25,10 @@ #include "ws_symbol_export.h" +/** Maps Session-ID to pre-master secrets. */ WS_DLL_PUBLIC GHashTable *ssl_session_hash; +/** Maps Client Random to pre-master secrets. */ +WS_DLL_PUBLIC GHashTable *ssl_crandom_hash; WS_DLL_PUBLIC void ssl_dissector_add(guint port, const gchar *protocol, gboolean tcp); WS_DLL_PUBLIC void ssl_dissector_delete(guint port, const gchar *protocol, gboolean tcp); |