(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-pkcs12.c) |
| |
| 311 | | | int PBE_decrypt_data(const char *object_identifier_id _U_, tvbuff_t *encrypted_tvb _U_, asn1_ctx_t *actx _U_, proto_item *item _U_) |
| 312 | | | { |
| 313 | | | #ifdef HAVE_LIBGCRYPT |
| 314 | | | const char *encryption_algorithm; |
| 315 | | | gcry_cipher_hd_t cipher; |
| 316 | | | gcry_error_t err; |
| 317 | | | int algo; |
| 318 | | | int mode; |
| 319 | | | int ivlen = 0; |
| 320 | | | int keylen = 0; |
| 321 | | | int datalen = 0; |
| 322 | | | char *key = NULL; |
| 323 | | | char *iv = NULL; |
| 324 | | | char *clear_data = NULL; |
| 325 | | | tvbuff_t *clear_tvb = NULL; |
| 326 | | | const gchar *oidname; |
| 327 | | | GString *name; |
| 328 | | | proto_tree *tree; |
| 329 | | | char byte; |
| 330 | | | gboolean decrypt_ok = TRUE; |
| 331 | | | |
| 332 | | | if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) { |
| 333 | | | |
| 334 | | | return FALSE; |
| 335 | | | } |
| 336 | | | |
| 337 | | | encryption_algorithm = x509af_get_last_algorithm_id(); |
| 338 | | | |
| 339 | | | |
| 340 | | | if(!strcmp(encryption_algorithm, PKCS12_PBE_3DES_SHA1_OID)) { |
| 341 | | | ivlen = 8; |
| 342 | | | keylen = 24; |
| 343 | | | algo = GCRY_CIPHER_3DES; |
| 344 | | | mode = GCRY_CIPHER_MODE_CBC; |
| 345 | | | } else if(!strcmp(encryption_algorithm, PKCS12_PBE_ARCFOUR_SHA1_OID)) { |
| 346 | | | ivlen = 0; |
Useless Assignment
This code assigns the variable the same value it already had. |
|
| 347 | | | keylen = 16; |
| 348 | | | algo = GCRY_CIPHER_ARCFOUR; |
| 349 | | | mode = GCRY_CIPHER_MODE_NONE; |
| 350 | | | } else if(!strcmp(encryption_algorithm, PKCS12_PBE_RC2_40_SHA1_OID)) { |
| 351 | | | ivlen = 8; |
| 352 | | | keylen = 5; |
| 353 | | | algo = GCRY_CIPHER_RFC2268_40; |
| 354 | | | mode = GCRY_CIPHER_MODE_CBC; |
| 355 | | | } else { |
| 356 | | | |
| 357 | | | |
| 358 | | | proto_item_append_text(item, " [Unsupported encryption algorithm]"); |
| 359 | | | return FALSE; |
| 360 | | | } |
| 361 | | | |
| 362 | | | if((iteration_count == 0) || (salt == NULL)) { |
| 363 | | | proto_item_append_text(item, " [Insufficient parameters]"); |
| 364 | | | return FALSE; |
| 365 | | | } |
| 366 | | | |
| 367 | | | |
| 368 | | | key = ep_alloc(keylen); |
| 369 | | | |
| 370 | | | if(!generate_key_or_iv(1 , salt, iteration_count, password, keylen, key)) |
| 371 | | | return FALSE; |
| 372 | | | |
| 373 | | | if(ivlen) { |
| 374 | | | |
| 375 | | | iv = ep_alloc(ivlen); |
| 376 | | | |
| 377 | | | if(!generate_key_or_iv(2 , salt, iteration_count, password, ivlen, iv)) |
| 378 | | | return FALSE; |
| 379 | | | } |
| 380 | | | |
| 381 | | | |
| 382 | | | err = gcry_cipher_open(&cipher, algo, mode, 0); |
| 383 | | | if (gcry_err_code (err)) |
| 384 | | | return FALSE; |
| 385 | | | |
| 386 | | | err = gcry_cipher_setkey (cipher, key, keylen); |
| 387 | | | if (gcry_err_code (err)) { |
| 388 | | | gcry_cipher_close (cipher); |
| 389 | | | return FALSE; |
| 390 | | | } |
| 391 | | | |
| 392 | | | if(ivlen) { |
| 393 | | | err = gcry_cipher_setiv (cipher, iv, ivlen); |
| 394 | | | if (gcry_err_code (err)) { |
| 395 | | | gcry_cipher_close (cipher); |
| 396 | | | return FALSE; |
| 397 | | | } |
| 398 | | | } |
| 399 | | | |
| 400 | | | datalen = tvb_length(encrypted_tvb); |
| 401 | | | clear_data = g_malloc(datalen); |
| 402 | | | |
| 403 | | | err = gcry_cipher_decrypt (cipher, clear_data, datalen, tvb_get_ephemeral_string(encrypted_tvb, 0, datalen), datalen); |
| 404 | | | if (gcry_err_code (err)) { |
| 405 | | | |
| 406 | | | proto_item_append_text(item, " [Failed to decrypt with password preference]"); |
| 407 | | | |
| 408 | | | gcry_cipher_close (cipher); |
| 409 | | | g_free(clear_data); |
| 410 | | | return FALSE; |
| 411 | | | } |
| 412 | | | |
| 413 | | | gcry_cipher_close (cipher); |
| 414 | | | |
| 415 | | | |
| 416 | | | |
| 417 | | | |
| 418 | | | |
| 419 | | | |
| 420 | | | |
| 421 | | | byte = clear_data[datalen-1]; |
| 422 | | | if(byte <= 0x08) { |
| 423 | | | int i; |
| 424 | | | |
| 425 | | | for(i = (int)byte; i > 0 ; i--) { |
| 426 | | | if(clear_data[datalen - i] != byte) { |
| 427 | | | decrypt_ok = FALSE; |
| 428 | | | break; |
| 429 | | | } |
| 430 | | | } |
| 431 | | | } else { |
| 432 | | | |
| 433 | | | } |
| 434 | | | |
| 435 | | | |
| 436 | | | byte = clear_data[0]; |
| 437 | | | if((byte != 0x30) && (byte != 0x31)) { |
| 438 | | | decrypt_ok = FALSE; |
| 439 | | | } |
| 440 | | | |
| 441 | | | if(!decrypt_ok) { |
| 442 | | | g_free(clear_data); |
| 443 | | | proto_item_append_text(item, " [Failed to decrypt with supplied password]"); |
| 444 | | | |
| 445 | | | return FALSE; |
| 446 | | | } |
| 447 | | | |
| 448 | | | proto_item_append_text(item, " [Decrypted successfully]"); |
| 449 | | | |
| 450 | | | tree = proto_item_add_subtree(item, ett_decrypted_pbe); |
| 451 | | | |
| 452 | | | |
| 453 | | | |
| 454 | | | clear_tvb = tvb_new_real_data((const guint8 *)clear_data, datalen, datalen); |
| 455 | | | tvb_set_free_cb(clear_tvb, g_free); |
| 456 | | | |
| 457 | | | name = g_string_new(""); |
| 458 | | | oidname = oid_resolved_from_string(object_identifier_id); |
| 459 | | | g_string_printf(name, "Decrypted %s", oidname ? oidname : object_identifier_id); |
| 460 | | | |
| 461 | | | |
| 462 | | | add_new_data_source(actx->pinfo, clear_tvb, name->str); |
| 463 | | | |
| 464 | | | g_string_free(name, TRUE); |
| 465 | | | |
| 466 | | | |
| 467 | | | call_ber_oid_callback(object_identifier_id, clear_tvb, 0, actx->pinfo, tree); |
| 468 | | | |
| 469 | | | return TRUE; |
| 470 | | | #else |
| 471 | | | |
| 472 | | | return FALSE; |
| 473 | | | |
| 474 | | | #endif |
| 475 | | | } |
| |