summaryrefslogtreecommitdiff
path: root/epan/dissectors/packet-kerberos.c
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/packet-kerberos.c')
-rw-r--r--epan/dissectors/packet-kerberos.c40
1 files changed, 23 insertions, 17 deletions
diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c
index 88d3113b5f..976c74c90c 100644
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@@ -71,6 +71,7 @@
#include <epan/asn1.h>
#include <epan/expert.h>
#include <epan/prefs.h>
+#include <wsutil/wsgcrypt.h>
#include <wsutil/file_util.h>
#include <wsutil/str_util.h>
#include "packet-kerberos.h"
@@ -351,7 +352,7 @@ static int hf_kerberos_KDCOptions_renew = -1;
static int hf_kerberos_KDCOptions_validate = -1;
/*--- End of included file: packet-kerberos-hf.c ---*/
-#line 174 "./asn1/kerberos/packet-kerberos-template.c"
+#line 175 "./asn1/kerberos/packet-kerberos-template.c"
/* Initialize the subtree pointers */
static gint ett_kerberos = -1;
@@ -427,7 +428,7 @@ static gint ett_kerberos_KERB_PA_PAC_REQUEST = -1;
static gint ett_kerberos_ChangePasswdData = -1;
/*--- End of included file: packet-kerberos-ett.c ---*/
-#line 188 "./asn1/kerberos/packet-kerberos-template.c"
+#line 189 "./asn1/kerberos/packet-kerberos-template.c"
static expert_field ei_kerberos_decrypted_keytype = EI_INIT;
static expert_field ei_kerberos_address = EI_INIT;
@@ -456,7 +457,7 @@ static gboolean gbl_do_col_info;
#define KERBEROS_ADDR_TYPE_IPV6 24
/*--- End of included file: packet-kerberos-val.h ---*/
-#line 201 "./asn1/kerberos/packet-kerberos-template.c"
+#line 202 "./asn1/kerberos/packet-kerberos-template.c"
static void
call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb)
@@ -951,10 +952,10 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int id_offset, offset;
guint8 key[DES3_KEY_SIZE];
guint8 initial_vector[DES_BLOCK_SIZE];
- md5_state_t md5s;
- md5_byte_t digest[16];
- md5_byte_t zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
- md5_byte_t confounder[8];
+ gcry_md_hd_t md5_handle;
+ guint8 *digest;
+ guint8 zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ guint8 confounder[8];
gboolean ind;
GSList *ske;
service_key_t *sk;
@@ -980,11 +981,11 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
decrypted_data = wmem_alloc(wmem_packet_scope(), length);
for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
gboolean do_continue = FALSE;
+ gboolean digest_ok;
sk = (service_key_t *) ske->data;
des_fix_parity(DES3_KEY_SIZE, key, sk->contents);
- md5_init(&md5s);
memset(initial_vector, 0, DES_BLOCK_SIZE);
des3_set_key(&ctx, key);
cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector,
@@ -1016,12 +1017,17 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
continue;
}
- md5_append(&md5s, confounder, 8);
- md5_append(&md5s, zero_fill, 16);
- md5_append(&md5s, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
- md5_finish(&md5s, digest);
-
- if (tvb_memeql (encr_tvb, 8, digest, 16) == 0) {
+ if (gcry_md_open(&md5_handle, GCRY_MD_MD5, 0)) {
+ return NULL;
+ }
+ gcry_md_write(md5_handle, confounder, 8);
+ gcry_md_write(md5_handle, zero_fill, 16);
+ gcry_md_write(md5_handle, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
+ digest = gcry_md_read(md5_handle, 0);
+
+ digest_ok = (tvb_memeql (encr_tvb, 8, digest, HASH_MD5_LENGTH) == 0);
+ gcry_md_close(md5_handle);
+ if (digest_ok) {
plaintext = (guint8* )tvb_memdup(pinfo->pool, encr_tvb, CONFOUNDER_PLUS_CHECKSUM, data_len);
tvb_free(encr_tvb);
@@ -4206,7 +4212,7 @@ dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
/*--- End of included file: packet-kerberos-fn.c ---*/
-#line 1850 "./asn1/kerberos/packet-kerberos-template.c"
+#line 1856 "./asn1/kerberos/packet-kerberos-template.c"
/* Make wrappers around exported functions for now */
int
@@ -5260,7 +5266,7 @@ void proto_register_kerberos(void) {
NULL, HFILL }},
/*--- End of included file: packet-kerberos-hfarr.c ---*/
-#line 2231 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2237 "./asn1/kerberos/packet-kerberos-template.c"
};
/* List of subtrees */
@@ -5338,7 +5344,7 @@ void proto_register_kerberos(void) {
&ett_kerberos_ChangePasswdData,
/*--- End of included file: packet-kerberos-ettarr.c ---*/
-#line 2247 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2253 "./asn1/kerberos/packet-kerberos-template.c"
};
static ei_register_info ei[] = {
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-27 16:31:51 +0000