From 8f81dd4f8274c2bd9b8438a59cbe232c09f5e573 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Wed, 25 Jan 2017 21:52:27 +0100
Subject: TLS: fix decryption of renegotiated sessions

Renegotiated sessions may interleave application data with handshake
records. These handshake records should however not be included in the
flow associated with the application data. This fixes a regression in
the previous patch, now the "1.12 Step: SSL Decryption (renegotiation)"
test passes again.

Also remove duplicate DTLS data sources for decrypted records.

Change-Id: I46d416ffba11a7c25c5a682b3b53f06d10d4ab79
Fixes: v2.3.0rc0-2152-g77404250d5 ("(D)TLS: consolidate and simplify decrypted records handling")
Reviewed-on: https://code.wireshark.org/review/19822
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
---
 epan/dissectors/packet-dtls.c | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'epan/dissectors/packet-dtls.c')

diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 7b25cafbf2..dd08f58da4 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -827,7 +827,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
       if (decrypted) {
         dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
                            session);
-        add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
       } else {
         dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset,
                            session);
@@ -843,7 +842,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
         dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
                                tvb_reported_length(decrypted), session, is_from_server,
                                ssl, content_type);
-        add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
       } else {
         dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset,
                                record_length, session, is_from_server, ssl,
@@ -923,7 +921,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
     if (decrypted) {
       dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0,
                              session, tvb_reported_length (decrypted), TRUE);
-      add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
     } else {
       dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset,
                              session, record_length, FALSE);
-- 
cgit v1.2.1