4 files changed, 17 insertions, 16 deletions

diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 526a080c54..1330dc47e0 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -1332,6 +1332,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
           case SSL_HND_SUPPLEMENTAL_DATA:
           case SSL_HND_KEY_UPDATE:
           case SSL_HND_ENCRYPTED_EXTS:
+          case SSL_HND_END_OF_EARLY_DATA: /* TLS 1.3 */
           case SSL_HND_ENCRYPTED_EXTENSIONS: /* TLS 1.3 */
             /* TODO: does this need further dissection? */
             break;
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 55fc59a77f..ebf5e5ba6a 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -558,6 +558,7 @@ const value_string ssl_31_handshake_type[] = {
     { SSL_HND_SERVER_HELLO,      "Server Hello" },
     { SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"},
     { SSL_HND_NEWSESSION_TICKET, "New Session Ticket" },
+    { SSL_HND_END_OF_EARLY_DATA, "End of Early Data" },
     { SSL_HND_HELLO_RETRY_REQUEST, "Hello Retry Request" },
     { SSL_HND_ENCRYPTED_EXTENSIONS, "Encrypted Extensions" },
     { SSL_HND_CERTIFICATE,       "Certificate" },
@@ -6823,6 +6824,7 @@ ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls)
     case SSL_HND_CLIENT_HELLO:
     case SSL_HND_SERVER_HELLO:
     case SSL_HND_NEWSESSION_TICKET:
+    case SSL_HND_END_OF_EARLY_DATA:
     case SSL_HND_HELLO_RETRY_REQUEST:
     case SSL_HND_ENCRYPTED_EXTENSIONS:
     case SSL_HND_CERTIFICATE:
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index b1e1485813..918ae59945 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -59,6 +59,7 @@ typedef enum {
     SSL_HND_SERVER_HELLO           = 2,
     SSL_HND_HELLO_VERIFY_REQUEST   = 3,
     SSL_HND_NEWSESSION_TICKET      = 4,
+    SSL_HND_END_OF_EARLY_DATA      = 5,
     SSL_HND_HELLO_RETRY_REQUEST    = 6,
     SSL_HND_ENCRYPTED_EXTENSIONS   = 8,
     SSL_HND_CERTIFICATE            = 11,
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index d108345c47..51284b3a1c 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -553,8 +553,7 @@ static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
 /* alert message dissector */
 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
                                proto_tree *tree, guint32 offset,
-                               const SslSession *session, gboolean is_from_server,
-                               SslDecryptSession *ssl);
+                               const SslSession *session);
 
 /* handshake protocol dissector */
 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
@@ -1764,9 +1763,9 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
         break;
     case SSL_ID_ALERT:
         if (decrypted) {
-            dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, session, is_from_server, ssl);
+            dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, session);
         } else {
-            dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, session, is_from_server, ssl);
+            dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, session);
         }
         break;
     case SSL_ID_HANDSHAKE:
@@ -1854,8 +1853,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
 static void
 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
                    proto_tree *tree, guint32 offset,
-                   const SslSession *session, gboolean is_from_server,
-                   SslDecryptSession *ssl)
+                   const SslSession *session)
 {
     /*     struct {
      *         AlertLevel level;
@@ -1887,16 +1885,6 @@ dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
     desc_byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
     desc = try_val_to_str(desc_byte, ssl_31_alert_description);
 
-    /*
-     * TLS 1.3: clients send an Alert at warning (1) level with description
-     * end_of_early_data (1) to end 0-RTT application data.
-     */
-    if (level_byte == 1 && desc_byte == 1 && !is_from_server && ssl) {
-        ssl_load_keyfile(ssl_options.keylog_filename, &ssl_keylog_file, &ssl_master_key_map);
-        tls13_change_key(ssl, &ssl_master_key_map, FALSE, TLS_SECRET_HANDSHAKE);
-        ssl->has_early_data = FALSE;
-    }
-
     /* now set the text in the record layer line */
     if (level && desc)
     {
@@ -2123,6 +2111,15 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                         ssl_master_key_map.tickets);
                 break;
 
+            case SSL_HND_END_OF_EARLY_DATA:
+                /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.5 */
+                if (!is_from_server && ssl) {
+                    ssl_load_keyfile(ssl_options.keylog_filename, &ssl_keylog_file, &ssl_master_key_map);
+                    tls13_change_key(ssl, &ssl_master_key_map, FALSE, TLS_SECRET_HANDSHAKE);
+                    ssl->has_early_data = FALSE;
+                }
+                break;
+
             case SSL_HND_HELLO_RETRY_REQUEST:
                 ssl_dissect_hnd_hello_retry_request(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree,
                                                     offset, offset + length, session, ssl, FALSE);