diff options
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 9edb327ed9..b2db4ec2f2 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -3982,10 +3982,6 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, /* Sequence number is left-padded with zeroes and XORed with write_iv */ phton64(nonce + nonce_len - 8, pntoh64(nonce + nonce_len - 8) ^ decoder->seq); ssl_debug_printf("%s seq %" G_GUINT64_FORMAT "\n", G_STRFUNC, decoder->seq); - /* sequence number for TLS 1.2 is incremented when calculating AAD. */ - if (!is_v12) { - decoder->seq++; /* Implicit sequence number for TLS 1.3. */ - } } /* Set nonce and additional authentication data */ @@ -4008,9 +4004,7 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, if (is_v12) { guchar aad[13]; phton64(aad, decoder->seq); /* record sequence number */ - if (version == TLSV1DOT2_VERSION) { - decoder->seq++; /* Implicit sequence number for TLS 1.2. */ - } else { + if (version == DTLSV1DOT2_VERSION) { phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ } aad[8] = ct; /* TLSCompressed.type */ @@ -4072,6 +4066,15 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, ssl_debug_printf("Libgcrypt is older than 1.6, unable to verify auth tag!\n"); #endif + /* + * Increment the (implicit) sequence number for TLS 1.2/1.3. This is done + * after successful authentication to ensure that early data is skipped when + * CLIENT_EARLY_TRAFFIC_SECRET keys are unavailable. + */ + if (version == TLSV1DOT2_VERSION || version == TLSV1DOT3_VERSION) { + decoder->seq++; + } + ssl_print_data("Plaintext", out_str->data, ciphertext_len); *outl = ciphertext_len; return TRUE; |