URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2c772e38256e22974e05eef01d59efe2120df5d5
Submitter: Evan Huus (eapache@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
2c772e3 by Peter Wu (peter@xxxxxxxxxxxxx):
ssl: move decoder init from ClientKeyExchange to ChangeCipherSpec
My previous change removed master-key retrieval in the Server Hello.
This broke decryption when ClientKeyExchange is missing. That was done
because decryption is only needed after ChangeCipherSpec.
This patch moves the remaining initialization in ClientKeyExchange to
ChangeCipherSpec. In theory this could fix decryption of DTLS traffic
when an abbreviated handshake is used (and thus keyring material is
never generated in ClientKeyExchange since it is not called).
It also avoids saving a session ticket with an empty key which can
happen when no RSA key is present, but the NewSessionTicket message
is received. This could lead to garbage decryption.
Change-Id: If0f475232c270b1d7b006c1f9af0e8d8098c6b65
Reviewed-on: https://code.wireshark.org/review/3019
Reviewed-by: Hauke Mehrtens <hauke@xxxxxxxxxx>
Reviewed-by: Evan Huus <eapache@xxxxxxxxx>
Actions performed:
from aecbb98 ssl: unify common Hello dissection to ssl-utils
adds 2c772e3 ssl: move decoder init from ClientKeyExchange to ChangeCipherSpec
Summary of changes:
epan/dissectors/packet-dtls.c | 16 ++++-------
epan/dissectors/packet-ssl-utils.c | 56 ++++++++++++++++++++++++++++++++++++
epan/dissectors/packet-ssl-utils.h | 4 +++
epan/dissectors/packet-ssl.c | 17 ++++-------
4 files changed, 72 insertions(+), 21 deletions(-)