diff options
| author | Erik de Jong <erikdejong@gmail.com> | 2017-02-13 19:31:26 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2017-03-02 23:58:05 +0000 |
| commit | f1c75cf6ef7e9f9de1ec7fd798df941b972ec71c (patch) | |
| tree | 7d7c2f66bf7595e010026d6f4d3b3a53175af824 /epan/dissectors/packet-radius.c | |
| parent | 4bd3c4d44ddcdf8e98fdf08a425e3a68e9b18395 (diff) | |
Rewrite dissectors to use Libgcrypt functions.
As discussed on the mailinglist, rewriting dissectors to use Libgcrypt
functions as Libgcrypt will be mandatory after change 20030.
Removal of following functions:
- crypt_md4
- crypt_rc4*
- aes_cmac_encrypt_*
- md5_*
- sha1_*
- sha256_*
Further candidates:
- aes_*
- rijndael_*
- ...
Added functions:
- ws_hmac_buffer
Added const macros:
- HASH_MD5_LENGTH
- HASH_SHA1_LENGTH
Changes on epan/crypt/* verified with captures from
https://wiki.wireshark.org/HowToDecrypt802.11
Changes on packet-snmp.c and packet-radius.c verified with captures from
https://wiki.wireshark.org/SampleCapture
Changes on packet-tacacs.c verified with capture from
http://ccie-in-3-months.blogspot.nl/2009/04/decoding-login-credentials-regardless.html
Change-Id: Iea6ba2bf207cf0f1bf2117068fb1abcfeaafaa46
Link: https://www.wireshark.org/lists/wireshark-dev/201702/msg00011.html
Reviewed-on: https://code.wireshark.org/review/20095
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-radius.c')
| -rw-r--r-- | epan/dissectors/packet-radius.c | 53 |
1 files changed, 35 insertions, 18 deletions
diff --git a/epan/dissectors/packet-radius.c b/epan/dissectors/packet-radius.c index a40e0ad8bc..1909ff43fd 100644 --- a/epan/dissectors/packet-radius.c +++ b/epan/dissectors/packet-radius.c @@ -68,7 +68,7 @@ #include <epan/addr_resolv.h> #include <wsutil/filesystem.h> #include <wsutil/report_err.h> -#include <wsutil/md5.h> +#include <wsutil/wsgcrypt.h> #include "packet-radius.h" @@ -912,8 +912,8 @@ dissect_rfc4675_egress_vlan_name(proto_tree *tree, tvbuff_t *tvb, packet_info *p static void radius_decrypt_avp(gchar *dest, int dest_len, tvbuff_t *tvb, int offset, int length) { - md5_state_t md_ctx, old_md_ctx; - md5_byte_t digest[AUTHENTICATOR_LENGTH]; + gcry_md_hd_t md5_handle, old_md5_handle; + guint8 digest[HASH_MD5_LENGTH]; int i, j; gint totlen = 0, returned_length, padded_length; guint8 *pd; @@ -932,11 +932,17 @@ radius_decrypt_avp(gchar *dest, int dest_len, tvbuff_t *tvb, int offset, int len if (length > 128) length = 128; - md5_init(&md_ctx); - md5_append(&md_ctx, (const guint8 *)shared_secret, (int)strlen(shared_secret)); - old_md_ctx = md_ctx; - md5_append(&md_ctx, authenticator, AUTHENTICATOR_LENGTH); - md5_finish(&md_ctx, digest); + if (gcry_md_open(&md5_handle, GCRY_MD_MD5, 0)) { + return; + } + gcry_md_write(md5_handle, (const guint8 *)shared_secret, (int)strlen(shared_secret)); + if (gcry_md_copy(&old_md5_handle, md5_handle)) { + gcry_md_close(md5_handle); + return; + } + gcry_md_write(md5_handle, authenticator, AUTHENTICATOR_LENGTH); + memcpy(digest, gcry_md_read(md5_handle, 0), HASH_MD5_LENGTH); + gcry_md_close(md5_handle); padded_length = length + ((length % AUTHENTICATOR_LENGTH) ? (AUTHENTICATOR_LENGTH - (length % AUTHENTICATOR_LENGTH)) : 0); @@ -958,10 +964,16 @@ radius_decrypt_avp(gchar *dest, int dest_len, tvbuff_t *tvb, int offset, int len } } - md_ctx = old_md_ctx; - md5_append(&md_ctx, &pd[i], AUTHENTICATOR_LENGTH); - md5_finish(&md_ctx, digest); + if (gcry_md_copy(&md5_handle, old_md5_handle)) { + gcry_md_close(old_md5_handle); + return; + } + gcry_md_write(md5_handle, &pd[i], AUTHENTICATOR_LENGTH); + memcpy(digest, gcry_md_read(md5_handle, 0), HASH_MD5_LENGTH); + gcry_md_close(md5_handle); } + + gcry_md_close(old_md5_handle); } @@ -1778,8 +1790,9 @@ is_radius(tvbuff_t *tvb) static gboolean valid_authenticator(tvbuff_t *tvb, guint8 request_authenticator[]) { - md5_state_t md_ctx; - md5_byte_t digest[16]; + gcry_md_hd_t md5_handle; + guint8 *digest; + gboolean result; guint tvb_length; guint8 *payload; @@ -1792,12 +1805,16 @@ valid_authenticator(tvbuff_t *tvb, guint8 request_authenticator[]) memcpy(payload+4, request_authenticator, AUTHENTICATOR_LENGTH); /* calculate MD5 hash (payload+shared_secret) */ - md5_init(&md_ctx); - md5_append(&md_ctx, payload, tvb_length); - md5_append(&md_ctx, shared_secret, strlen(shared_secret)); - md5_finish(&md_ctx, digest); + if (gcry_md_open(&md5_handle, GCRY_MD_MD5, 0)) { + return FALSE; + } + gcry_md_write(md5_handle, payload, tvb_length); + gcry_md_write(md5_handle, shared_secret, strlen(shared_secret)); + digest = gcry_md_read(md5_handle, 0); - return !memcmp(digest, authenticator, AUTHENTICATOR_LENGTH); + result = !memcmp(digest, authenticator, AUTHENTICATOR_LENGTH); + gcry_md_close(md5_handle); + return result; } static int |