Allocate the unwrapped key in AES_unwrap().

Have it allocate the buffer for the unwrapped key and return a pointer
to it, rather than having it be handed a buffer for that key.

That makes it a bit easier to validate, in AES_unwrap, that we don't
write past the end of the buffer.

Change-Id: Id02852c23054b3ed33eeeb383e7aa6cf12d02ed9
Reviewed-on: https://code.wireshark.org/review/8371
Reviewed-by: Guy Harris <guy@alum.mit.edu>

3 files changed, 14 insertions, 13 deletions

diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c
index 17ef0d9647..7c0121790f 100644
--- a/epan/crypt/airpdcap.c
+++ b/epan/crypt/airpdcap.c
@@ -390,10 +390,8 @@ AirPDcapDecryptWPABroadcastKey(const EAPOL_RSN_KEY *pEAPKey, guint8  *decryption
         else
             sa->wpa.key_ver = (key_bytes_len >= (TKIP_GROUP_KEYBYTES_LEN))?AIRPDCAP_WPA_KEY_VER_NOT_CCMP:AIRPDCAP_WPA_KEY_VER_AES_CCMP;
 
-        /* This storage is needed for the AES_unwrap function */
-        decrypted_data = (guint8 *) g_malloc(key_bytes_len);
-
-        AES_unwrap(decryption_key, 16, szEncryptedKey,  key_bytes_len, decrypted_data);
+        /* Unwrap the key; the result is key_bytes_len in length */
+        decrypted_data = AES_unwrap(decryption_key, 16, szEncryptedKey,  key_bytes_len);
 
         /* With WPA2 what we get after Broadcast Key decryption is an actual RSN structure.
            The key itself is stored as a GTK KDE
diff --git a/epan/crypt/airpdcap_rijndael.c b/epan/crypt/airpdcap_rijndael.c
index 9cc26f9dd0..a4c26ef442 100644
--- a/epan/crypt/airpdcap_rijndael.c
+++ b/epan/crypt/airpdcap_rijndael.c
@@ -38,26 +38,29 @@
 This function is used to unwrap an encrypted AES key.  One example of its use is
 in the WPA-2 protocol to get the group key.
 */
-UCHAR
-AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len, UCHAR *output)
+UCHAR *
+AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len)
 {
+	UCHAR *output;
 	UCHAR a[8], b[16];
 	UCHAR *r;
-	UCHAR *c;
 	gint16 i, j, n;
 	rijndael_ctx  ctx;
 
-	if (! kek || cipher_len < 16 || ! cipher_text || ! output) {
-		return 1; /* We don't do anything with the return value */
+	if (kek == NULL || cipher_len < 16 || cipher_text == NULL) {
+		return NULL; /* "should not happen" */
 	}
 
+	/* Allocate buffer for the unwrapped key */
+
+	output = (guint8 *) g_malloc(cipher_len);
+
 	/* Initialize variables */
 
 	n = (cipher_len/8)-1;  /* the algorithm works on 64-bits at a time */
 	memcpy(a, cipher_text, 8);
 	r = output;
-	c = cipher_text;
-	memcpy(r, c+8, cipher_len - 8);
+	memcpy(r, cipher_text+8, cipher_len - 8);
 
 	/* Compute intermediate values */
 
@@ -84,7 +87,7 @@ AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len, UC
 	/* DEBUG_DUMP("a", a, 8); */
 	/* DEBUG_DUMP("output", output, cipher_len - 8); */
 
-	return 0;
+	return output;
 }
 
 /*																										*/
diff --git a/epan/crypt/airpdcap_rijndael.h b/epan/crypt/airpdcap_rijndael.h
index 6a1a85a98a..b70957a5f3 100644
--- a/epan/crypt/airpdcap_rijndael.h
+++ b/epan/crypt/airpdcap_rijndael.h
@@ -38,7 +38,7 @@
 /******************************************************************************/
 /*	Type definitions																				*/
 /*																										*/
-UCHAR AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len, UCHAR *output);
+UCHAR *AES_unwrap(UCHAR *kek, UINT16 key_len, UCHAR *cipher_text, UINT16 cipher_len);
 
 /*																										*/
 /******************************************************************************/