diff options
author | Anders Broman <anders.broman@ericsson.com> | 2012-06-24 15:24:59 +0000 |
---|---|---|
committer | Anders Broman <anders.broman@ericsson.com> | 2012-06-24 15:24:59 +0000 |
commit | 9adf66b3fbbae568514c75b5c43641e2a87984d4 (patch) | |
tree | 36fbbaff9436a02f41fafe9fddffd8d28dfb5b84 /epan | |
parent | 464464d8b6e33ee6c58d831c0073971ca78e1ba2 (diff) |
From Adam Langley:
Decrypt resumed, SSL sessions from keylog file-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7396
svn path=/trunk/; revision=43458
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 11 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 6 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 12 |
3 files changed, 21 insertions, 8 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 5bab348b05..d41d2f4dd2 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -2280,6 +2280,9 @@ ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session, { gint i; + if (!encrypted_pre_master) + return -1; + if(ssl_session->cipher_suite.kex == KEX_DH) { ssl_debug_printf("ssl_decrypt_pre_master_secret session uses DH (%d) key exchange, which is impossible to decrypt\n", KEX_DH); @@ -3607,7 +3610,7 @@ ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash) ssl_print_string("ssl_save_session stored master secret", master_secret); } -void +gboolean ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash) { StringInfo* ms; @@ -3615,11 +3618,12 @@ ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash) if (!ms) { ssl_debug_printf("ssl_restore_session can't find stored session\n"); - return; + return FALSE; } ssl_data_set(&ssl->master_secret, ms->data, ms->data_len); ssl->state |= SSL_MASTER_SECRET; ssl_debug_printf("ssl_restore_session master key retrieved\n"); + return TRUE; } int @@ -3823,6 +3827,9 @@ ssl_keylog_lookup(SslDecryptSession* ssl_session, FILE* ssl_keylog; int ret = -1; + if (!ssl_keylog_filename) + return -1; + ssl_debug_printf("trying to use SSL keylog in %s\n", ssl_keylog_filename); ssl_keylog = ws_fopen(ssl_keylog_filename, "r"); diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index c7229ec1e5..603059c819 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -438,8 +438,8 @@ ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server); /** Try to find the pre-master secret for the given encrypted pre-master secret from a log of secrets. @param ssl_session the store for the decrypted pre_master_secret - @param ssl_keylog_filename a file that contains a log of pre-master secrets - @param encrypted_pre_master the rsa encrypted pre_master_secret + @param ssl_keylog_filename a file that contains a log of secrets (may be NULL) + @param encrypted_pre_master the rsa encrypted pre_master_secret (may be NULL) @return 0 on success */ int ssl_keylog_lookup(SslDecryptSession* ssl_session, @@ -534,7 +534,7 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree* extern void ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash); -extern void +extern gboolean ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash); extern gint diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 608ddd2e06..188c8903c8 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -2136,8 +2136,6 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, } } else { /* try to find the key in the key log */ - if (!ssl_keylog_filename) - break; if (ssl_keylog_lookup(ssl, ssl_keylog_filename, &encrypted_pre_master)<0) break; } @@ -2288,7 +2286,15 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree, (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0)) { /* client/server id match: try to restore a previous cached session*/ - ssl_restore_session(ssl, ssl_session_hash); + if (!ssl_restore_session(ssl, ssl_session_hash)) { + /* If we failed to find the previous session, we may still have + * the master secret in the key log. */ + if (ssl_keylog_lookup(ssl, ssl_keylog_filename, NULL)) { + ssl_debug_printf(" cannot find master secret in keylog file either\n"); + } else { + ssl_debug_printf(" found master secret in keylog file\n"); + } + } } else { tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length); ssl->session_id.data_len = session_id_length; |