From a386fc99ac72b4cdb88cb3d26fd19d6251391b96 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <ngg@ngg.hu>
Date: Mon, 12 Oct 2015 16:23:31 +0200
Subject: [PATCH] ssl-utils: Fix parsing pre-master-secrets in keylog-file

With "PMS_CLIENT_RANDOM xxxx yyyy" lines, only 32 byte long pre-master
secrets could be entered, but they are 48 byte long for RSA and can be
of any length for DHE cipher suites.

When a line had the "RSA xxxx yyyy" format then yyyy was previously
parsed with the <master_secret> regex group but it contains
the pre-master secret, so now it is parsed with the <pms> group.
This didn't cause a functional issue for RSA, but it couldn't be used
where the pre-master secret isn't 48 byte long.

After this change the regex will accept everything that was previously
working.

Change-Id: I71f43f3e9977a5e98758f387ad69893e8be0e27a
Reviewed-on: https://code.wireshark.org/review/10923
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
---
 epan/dissectors/packet-ssl-utils.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 39f5916018..cc40ac35d7 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -4555,14 +4555,20 @@ ssl_compile_keyfile_regex(void)
 {
 #define OCTET "(?:[[:xdigit:]]{2})"
     const gchar *pattern =
-        "(?:PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) (?<pms>" OCTET "{32}))"
+        "(?:"
+        /* Matches Client Hellos having this Client Random */
+        "PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) "
+        /* Matches first part of encrypted RSA pre-master secret */
+        "|RSA (?<encrypted_pmk>" OCTET "{8}) "
+        /* Pre-Master-Secret is given, it is 48 bytes for RSA,
+           but it can be of any length for DHE */
+        ")(?<pms>" OCTET "+)"
         "|(?:"
-        /* First part of encrypted RSA pre-master secret */
-        "RSA (?<encrypted_pmk>" OCTET "{8}) "
         /* Matches Server Hellos having a Session ID */
-        "|RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:"
-        /* Matches Client Hellos having this Client.Random */
+        "RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:"
+        /* Matches Client Hellos having this Client Random */
         "|CLIENT_RANDOM (?<client_random>" OCTET "{32}) "
+        /* Master-Secret is given, its length is fixed */
         ")(?<master_secret>" OCTET "{" G_STRINGIFY(SSL_MASTER_SECRET_LENGTH) "})";
 #undef OCTET
     static GRegex *regex = NULL;
-- 
2.34.1