ssl/dtls: add keyfile support to dtls

This moves the keyfile and psk options from the ssl code into ssl-utils
and then uses them also for dtls.

This is the last missing part for bug 9499 from my side.

Change-Id: Ie2fe5bc565eabe1e6ce62498c985b8a36e913b0f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1369
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>

4 files changed, 48 insertions, 31 deletions

diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 20d2219f7c..7bb8a7689a 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -215,7 +215,7 @@ static gint                dtls_decrypted_data_avail = 0;
 
 static uat_t *dtlsdecrypt_uat      = NULL;
 static const gchar *dtls_keys_list = NULL;
-static const gchar *dtls_psk       = NULL;
+static ssl_common_options_t dtls_options = { NULL, NULL};
 #ifdef HAVE_LIBGNUTLS
 static const gchar *dtls_debug_file_name = NULL;
 #endif
@@ -1546,7 +1546,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
             if (!ssl)
                 break;
 
-            if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_psk, NULL) < 0) {
+            if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_options.psk, dtls_options.keylog_filename) < 0) {
                 ssl_debug_printf("dissect_dtls_handshake can't generate pre master secret\n");
                 break;
             }
@@ -3396,10 +3396,7 @@ proto_register_dtls(void)
                                      "Semicolon-separated list of private RSA keys used for DTLS decryption. "
                                      "Used by versions of Wireshark prior to 1.6",
                                      &dtls_keys_list);
-
-        prefs_register_string_preference(dtls_module, "psk", "Pre-Shared-Key",
-             "Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
-             &dtls_psk);
+    ssl_common_register_options(dtls_module, &dtls_options);
   }
 #endif
 
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 7917681771..248e827e13 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -5290,6 +5290,39 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
     return offset;
 }
 
+#ifdef HAVE_LIBGNUTLS
+void
+ssl_common_register_options(module_t *module, ssl_common_options_t *options)
+{
+        prefs_register_string_preference(module, "psk", "Pre-Shared-Key",
+             "Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
+             &(options->psk));
+
+        prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename",
+             "The filename of a file which contains a list of \n"
+             "(pre-)master secrets in one of the following formats:\n"
+             "\n"
+             "RSA <EPMS> <PMS>\n"
+             "RSA Session-ID:<SSLID> Master-Key:<MS>\n"
+             "CLIENT_RANDOM <CRAND> <MS>\n"
+             "\n"
+             "Where:\n"
+             "<EPMS> = First 8 bytes of the Encrypted PMS\n"
+             "<PMS> = The Pre-Master-Secret (PMS)\n"
+             "<SSLID> = The SSL Session ID\n"
+             "<MS> = The Master-Secret (MS)\n"
+             "<CRAND> = The Client's random number from the ClientHello message\n"
+             "\n"
+             "(All fields are in hex notation)",
+             &(options->keylog_filename));
+}
+#else
+void
+ssl_common_register_options(module_t *module _U_, ssl_common_options_t *options _U_)
+{
+}
+#endif
+
 /*
  * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
  *
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 23628a996d..6a18618be0 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -28,6 +28,7 @@
 
 #include <glib.h>
 #include <epan/packet.h>
+#include <epan/prefs.h>
 #include <epan/wmem/wmem.h>
 #include <epan/tvbuff.h>
 #include <epan/proto.h>
@@ -868,6 +869,13 @@ ssl_common_dissect_t name = {   \
         { & name .ei.hs_ext_cert_status_undecoded, { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE,   \
           "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL }}
 
+typedef struct ssl_common_options {
+    const gchar        *psk;
+    const gchar        *keylog_filename;
+} ssl_common_options_t;
+
+extern void
+ssl_common_register_options(module_t *module, ssl_common_options_t *options);
 
 #ifdef SSL_DECRYPT_DEBUG
 extern void
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 6f17f1eb14..230422ba45 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -345,8 +345,7 @@ static gint                ssl_decrypted_data_avail = 0;
 
 static uat_t              *ssldecrypt_uat           = NULL;
 static const gchar        *ssl_keys_list            = NULL;
-static const gchar        *ssl_psk                  = NULL;
-static const gchar        *ssl_keylog_filename      = NULL;
+static ssl_common_options_t ssl_options = { NULL, NULL};
 
 /* List of dissectors to call for SSL data */
 static heur_dissector_list_t ssl_heur_subdissector_list;
@@ -2106,7 +2105,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                 if (!ssl)
                     break;
 
-                if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_psk, ssl_keylog_filename) < 0) {
+                if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_options.psk, ssl_options.keylog_filename) < 0) {
                     ssl_debug_printf("dissect_ssl3_handshake can't generate pre master secret\n");
                     break;
                 }
@@ -2276,7 +2275,7 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
             if (!ssl_restore_session(ssl, ssl_session_hash)) {
                 /* If we failed to find the previous session, we may still have
                  * the master secret in the key log. */
-                if (ssl_keylog_lookup(ssl, ssl_keylog_filename, NULL)) {
+                if (ssl_keylog_lookup(ssl, ssl_options.keylog_filename, NULL)) {
                     ssl_debug_printf("  cannot find master secret in keylog file either\n");
                 } else {
                     ssl_debug_printf("  found master secret in keylog file\n");
@@ -5619,27 +5618,7 @@ proto_register_ssl(void)
              "For troubleshooting ignore the mac check result and decrypt also if the Message Authentication Code (MAC) fails.",
              &ssl_ignore_mac_failed);
 #ifdef HAVE_LIBGNUTLS
-        prefs_register_string_preference(ssl_module, "psk", "Pre-Shared-Key",
-             "Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
-             &ssl_psk);
-
-        prefs_register_filename_preference(ssl_module, "keylog_file", "(Pre)-Master-Secret log filename",
-             "The filename of a file which contains a list of \n"
-             "(pre-)master secrets in one of the following formats:\n"
-             "\n"
-             "RSA <EPMS> <PMS>\n"
-             "RSA Session-ID:<SSLID> Master-Key:<MS>\n"
-             "CLIENT_RANDOM <CRAND> <MS>\n"
-             "\n"
-             "Where:\n"
-             "<EPMS> = First 8 bytes of the Encrypted PMS\n"
-             "<PMS> = The Pre-Master-Secret (PMS)\n"
-             "<SSLID> = The SSL Session ID\n"
-             "<MS> = The Master-Secret (MS)\n"
-             "<CRAND> = The Client's random number from the ClientHello message\n"
-             "\n"
-             "(All fields are in hex notation)",
-             &ssl_keylog_filename);
+        ssl_common_register_options(ssl_module, &ssl_options);
 #endif
     }