ssl-utils: Fix parsing pre-master-secrets in keylog-file

With "PMS_CLIENT_RANDOM xxxx yyyy" lines, only 32 byte long pre-master
secrets could be entered, but they are 48 byte long for RSA and can be
of any length for DHE cipher suites.

When a line had the "RSA xxxx yyyy" format then yyyy was previously
parsed with the <master_secret> regex group but it contains
the pre-master secret, so now it is parsed with the <pms> group.
This didn't cause a functional issue for RSA, but it couldn't be used
where the pre-master secret isn't 48 byte long.

After this change the regex will accept everything that was previously
working.

Change-Id: I71f43f3e9977a5e98758f387ad69893e8be0e27a
Reviewed-on: https://code.wireshark.org/review/10923
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 39f59160188da1f46ea017baa163e6b183d5abbb..cc40ac35d79476210a46de9a740de39915e3dd4f 100644 (file)
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -4555,14 +4555,20 @@ ssl_compile_keyfile_regex(void)
 {
 #define OCTET "(?:[[:xdigit:]]{2})"
     const gchar *pattern =
-        "(?:PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) (?<pms>" OCTET "{32}))"
+        "(?:"
+        /* Matches Client Hellos having this Client Random */
+        "PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) "
+        /* Matches first part of encrypted RSA pre-master secret */
+        "|RSA (?<encrypted_pmk>" OCTET "{8}) "
+        /* Pre-Master-Secret is given, it is 48 bytes for RSA,
+           but it can be of any length for DHE */
+        ")(?<pms>" OCTET "+)"
         "|(?:"
-        /* First part of encrypted RSA pre-master secret */
-        "RSA (?<encrypted_pmk>" OCTET "{8}) "
         /* Matches Server Hellos having a Session ID */
-        "|RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:"
-        /* Matches Client Hellos having this Client.Random */
+        "RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:"
+        /* Matches Client Hellos having this Client Random */
         "|CLIENT_RANDOM (?<client_random>" OCTET "{32}) "
+        /* Master-Secret is given, its length is fixed */
         ")(?<master_secret>" OCTET "{" G_STRINGIFY(SSL_MASTER_SECRET_LENGTH) "})";
 #undef OCTET
     static GRegex *regex = NULL;