lua5.1.4 lua$(LUA_DIST)_lib.zip
!ENDIF
-!IFDEF GNUTLS_DIR
+!IFDEF GNUTLS_PKG
@$(SH) $(WIN_SETUP) "$(WIN_SETUP_OPT)" "$(WIRESHARK_LIBS)" \
- . gnutls-2.8.5-1.zip
+ . gnutls-$(GNUTLS_PKG)-$(WIRESHARK_TARGET_PLATFORM)ws.zip
!ENDIF
!IFDEF PORTAUDIO_DIR
@$(SH) $(WIN_SETUP) "$(WIN_SETUP_OPT)" "$(WIRESHARK_LIBS)" \
rm -r -f $(WIRESHARK_LIBS)/gettext-0.17-1 # win64
rm -r -f $(WIRESHARK_LIBS)/glib
rm -r -f $(WIRESHARK_LIBS)/gnutls-2.8.1-1
- rm -r -f $(WIRESHARK_LIBS)/gnutls-2.8.5-1
+ rm -r -f $(WIRESHARK_LIBS)/gnutls-2.8.5-*-win??ws
rm -r -f $(WIRESHARK_LIBS)/gtk2
rm -r -f $(WIRESHARK_LIBS)/gtk+
rm -r -f $(WIRESHARK_LIBS)/gtk-wimp
#endif
#ifdef HAVE_LIBGCRYPT
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif
#include <gcrypt.h>
-#endif
+#endif
#define PNAME "PKCS#12: Personal Information Exchange"
#define PSNAME "PKCS12"
static int hf_pkcs12_X509Certificate_PDU = -1;
static gint ett_decrypted_pbe = -1;
-static const char *object_identifier_id = NULL;
+static const char *object_identifier_id = NULL;
static int iteration_count = 0;
static tvbuff_t *salt = NULL;
static const char *password = NULL;
const char *name = NULL;
name = oid_resolved_from_string(oid);
- proto_item_append_text(tree, " (%s)", name ? name : oid);
+ proto_item_append_text(tree, " (%s)", name ? name : oid);
}
#ifdef HAVE_LIBGCRYPT
unsigned int i, j;
gcry_md_hd_t md;
gcry_mpi_t num_b1 = NULL;
- unsigned int pwlen;
+ size_t pwlen;
char hash[20], buf_b[64], buf_i[128], *p;
char *salt;
int salt_size;
unsigned char lid = id & 0xFF;
gcry_md_write (md, &lid, 1);
}
-
+
gcry_md_write(md, buf_i, pw ? 128 : 64);
gcry_md_final (md);
memcpy (hash, gcry_md_read (md, 0), 20);
-
+
gcry_md_close (md);
-
+
for (i = 1; i < iter; i++)
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
for (i = 0; i < 128; i += 64) {
gcry_mpi_t num_ij;
-
+
n = 64;
rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
if (rc != 0) {
return FALSE;
}
-
+
gcry_mpi_add (num_ij, num_ij, num_b1);
gcry_mpi_clear_highbit (num_ij, 64 * 8);
-
+
n = 64;
rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
}
}
-#endif
+#endif
void PBE_reset_parameters()
{
proto_tree *tree;
char byte;
gboolean decrypt_ok = TRUE;
-
+
if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) {
/* we are not configured to decrypt */
return FALSE;
mode = GCRY_CIPHER_MODE_CBC;
} else {
/* we don't know how to decrypt this */
-
+
proto_item_append_text(item, " [Unsupported encryption algorithm]");
return FALSE;
}
- if((iteration_count == 0) || (salt == NULL)) {
+ if((iteration_count == 0) || (salt == NULL)) {
proto_item_append_text(item, " [Insufficient parameters]");
return FALSE;
}
return FALSE;
if(ivlen) {
-
+
iv = ep_alloc(ivlen);
-
+
if(!generate_key_or_iv(2 /* IV */, salt, iteration_count, password, ivlen, iv))
return FALSE;
}
if (gcry_err_code (err))
return FALSE;
- err = gcry_cipher_setkey (cipher, key, keylen);
+ err = gcry_cipher_setkey (cipher, key, keylen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
}
-
+
if(ivlen) {
- err = gcry_cipher_setiv (cipher, iv, ivlen);
+ err = gcry_cipher_setiv (cipher, iv, ivlen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
gcry_cipher_close (cipher);
/* We don't know if we have successfully decrypted the data or not so we:
- a) check the trailing bytes
+ a) check the trailing bytes
b) see if we start with a sequence or a set (is this too constraining?
*/
break;
}
}
- } else {
+ } else {
/* XXX: is this a failure? */
}
/* add it as a new source */
add_new_data_source(actx->pinfo, clear_tvb, name->str);
-
+
g_string_free(name, TRUE);
/* now try and decode it */
call_ber_oid_callback(object_identifier_id, clear_tvb, 0, actx->pinfo, tree);
- return TRUE;
+ return TRUE;
#else
/* we cannot decrypt */
return FALSE;
#include "packet-pkcs12-fn.c"
-static int strip_octet_string(tvbuff_t *tvb)
+static int strip_octet_string(tvbuff_t *tvb)
{
gint8 class;
gboolean pc, ind;
proto_tree_add_text(tree, tvb, 0, 1, "BER Error: OCTET STRING expected");
}
-static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
offset = strip_octet_string(tvb);
-
+
dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
}
-static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
asn1_ctx_t asn1_ctx;
"Whether to try and decrypt the encrypted data within the"
" PKCS#12 with a NULL password", &try_null_password);
- register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
+ register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
register_ber_oid_syntax(".p12", NULL, "PKCS#12");
register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
}
#ifdef HAVE_LIBGCRYPT
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
#include <gcrypt.h>
#endif
snmp_lookup_specific_trap (guint specific_trap)
{
guint i;
-
+
for (i = 0; i < num_specific_traps; i++) {
snmp_st_assoc_t *u = &(specific_traps[i]);
#include <wsutil/privileges.h>
#ifdef HAVE_LIBGCRYPT
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif
#include <gcrypt.h>
#include <wsutil/file_util.h>
#endif
#pragma message( "_MSC_VER is:" WS_TO_STRING(_MSC_VER) " but required is:" WS_TO_STRING(MSC_VER_REQUIRED) )
#error Your MSVC_VARIANT setting in config.nmake doesn't match the MS compiler version!
#endif
+
+typedef int ssize_t;
#
# Optional: the GNUTLS library enables ssl decryption.
#
-# If you have the GNUTLS library, set this to the directory where
-# the lib and include files are stored.
+# If you have the GNUTLS library, set this to the package version.
#
-# If you don't have GNUTLS, comment this line out, so that GNUTLS_DIR
+# If you don't have GNUTLS, comment this line out, so that GNUTLS_PKG
# isn't defined.
#
# Platform SDK conflicts with openssl.h header
-GNUTLS_DIR=$(WIRESHARK_LIBS)\gnutls-2.8.5-1
+GNUTLS_PKG=2.8.5-4.12
#
# Optional: the KFW library enables kerberos/sasl/dcerpc decryption.
#
# Optional: the GNUTLS library enables ssl decryption.
#
-# If you have the GNUTLS library, set this to the directory where
-# the lib and include files are stored.
+# If you have the GNUTLS library, set this to the package version.
#
-# If you don't have GNUTLS, comment this line out, so that GNUTLS_DIR
+# If you don't have GNUTLS, comment this line out, so that GNUTLS_PKG
# isn't defined.
#
# Platform SDK conflicts with openssl.h header
-#GNUTLS_DIR=$(WIRESHARK_LIBS)\gnutls-2.8.1-1
+GNUTLS_PKG=2.8.5-3.16
#
# Optional: the KFW library enables kerberos/sasl/dcerpc decryption.
NETTLE_CONFIG=
!ENDIF
-!IFDEF GNUTLS_DIR
+!IFDEF GNUTLS_PKG
+GNUTLS_DIR=$(WIRESHARK_LIBS)\gnutls-$(GNUTLS_PKG)-$(WIRESHARK_TARGET_PLATFORM)ws
GNUTLS_PATH=$(GNUTLS_DIR)
# /DNOCRYPT avoids inclusion of Wincrypt.h, avoiding a X509_NAME define clash
GNUTLS_CFLAGS=/I$(GNUTLS_DIR)\include /DNOCRYPT /DIMPORT_LIGNUTLSDLL
CHG: HMAC-SHA256 is now HMAC-SHA-256-96 [draft-ietf-ipsec-ciph-sha-256-00]
-> It is implemented this way in USAGI/KAME (Linux/BSD).
ADD: HMAC-SHA-256-128 [RFC4868]
- ICV length of HMAC-SHA-256 was changed in draft-ietf-ipsec-ciph-sha-256-01
+ ICV length of HMAC-SHA-256 was changed in draft-ietf-ipsec-ciph-sha-256-01
to 128 bit. This is "SHOULD" be the standard now!
ADD: Additional generic (non-checked) ICV length of 128, 192 and 256.
This follows RFC 4868 for the SHA-256+ family.
/* If you want to be able to decrypt or Check Authentication of ESP packets you MUST define this : */
#ifdef HAVE_LIBGCRYPT
-
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
-
#include <gcrypt.h>
#endif /* HAVE_LIBGCRYPT */
int ipv6_len = 0;
gboolean found = FALSE;
- ipv6_len = strlen(ipv6_address);
+ ipv6_len = (int) strlen(ipv6_address);
if(ipv6_len == 0)
{
/* Found a suffix */
- char *ipv6_addr : the valid ipv6 address to parse in char *
- char *ipv6_addr_expansed : the expanded ipv6 address associated in char *
- ex: if IPv6 address is "3ffe::1" the IPv6 expanded address
+ ex: if IPv6 address is "3ffe::1" the IPv6 expanded address
will be "3FFE0000000000000000000000000001" and the function will return 0
- if IPV6 address is "3ffe::*" the IPv6 expanded address
+ if IPV6 address is "3ffe::*" the IPv6 expanded address
will be "3FFE000000000000000000000000****" and the function will return 0
*/
#ifdef HAVE_LIBGCRYPT
}
suffix_cpt = get_ipv6_suffix(suffix,ipv6_addr);
- suffix_len = strlen(suffix);
+ suffix_len = (int) strlen(suffix);
if(suffix_len < IPSEC_STRLEN_IPV6)
{
prefix_addr = ep_strndup(ipv6_addr,strlen(ipv6_addr) - suffix_cpt);
prefix_remaining = get_ipv6_suffix(prefix,prefix_addr);
- prefix_len = strlen(prefix);
+ prefix_len = (int) strlen(prefix);
memcpy(ipv6_addr_expanded,prefix,prefix_len);
}
if(suffix_len < IPSEC_STRLEN_IPV6)
return (prefix_len - prefix_remaining);
else
- return strlen(ipv6_addr) - suffix_cpt;
+ return (int) strlen(ipv6_addr) - suffix_cpt;
}
#endif
/*
Name : static gboolean get_full_ipv4_addr(char* ipv4_addr_expanded, char *ipv4_addr)
Description : Get the extended IPv4 Address of an IPv4 Address
- Return : Return true if it can derive an IPv4 address. It does not mean that
+ Return : Return true if it can derive an IPv4 address. It does not mean that
the previous one was valid.
Params:
- char *ipv4_addr : the valid ipv4 address to parse in char *
ex: if IPv4 address is "190.*.*.1" the IPv4 expanded address will be "BE****01" and
the function will return 0
- if IPv4 address is "*" the IPv4 expanded address will be "********" and
+ if IPv4 address is "*" the IPv4 expanded address will be "********" and
the function will return 0
*/
#ifdef HAVE_LIBGCRYPT
else
{
- if((cpt == IPSEC_IPV4_ADDR_MAX - 1)
+ if((cpt == IPSEC_IPV4_ADDR_MAX - 1)
&& ((cpt + index_start) < strlen(sa))
&& (sa[cpt + index_start + 1] != IPSEC_SA_ADDR_LEN_SEPARATOR)
&& (sa[cpt + index_start + 1] != IPSEC_SA_SEPARATOR))
* first character had a 0 in front of it, making the
* number of characters even.
*/
- key_len = (strlen(key) - 2) / 2 + 1;
+ key_len = ((guint) strlen(key) - 2) / 2 + 1;
*ascii_key = (gchar *) g_malloc ((key_len + 1)* sizeof(gchar));
hex_digit = g_ascii_xdigit_value(key[i]);
i++;
}
(*ascii_key)[j] = (guchar)hex_digit;
j++;
- }
- else
+ }
+ else
{
/*
* Key has an even number of characters, so we treat each
* pair of hex digits as a single byte value.
*/
- key_len = (strlen(key) - 2) / 2;
+ key_len = ((guint) strlen(key) - 2) / 2;
*ascii_key = (gchar *) g_malloc ((key_len + 1)* sizeof(gchar));
}
-
+
while(i < (strlen(key) -1))
{
hex_digit = g_ascii_xdigit_value(key[i]);
else
{
- key_len = strlen(key);
+ key_len = (guint) strlen(key);
*ascii_key = g_strdup(key);
}
}
/* Debugging Purpose */
/*
- fprintf(stderr,
+ fprintf(stderr,
"VALID SA => <SA : %s> <Filter Source : %s/%i> <Filter Destination : %s/%i> <SPI : %s>\n",
g_esp_sad.table[i].sa, g_esp_sad.table[i].src, g_esp_sad.table[i].src_len,
g_esp_sad.table[i].dst, g_esp_sad.table[i].dst_len, g_esp_sad.table[i].spi);
if(get_address_ok)
{
/* Get the SPI */
- if (tvb_length(tvb) >= 4)
+ if (tvb_length(tvb) >= 4)
{
spi = tvb_get_ntohl(tvb, 0);
}
case IPSEC_AUTH_HMAC_RIPEMD160_96:
/*
- RFC 2857 : HMAC-RIPEMD-160-96 produces a 160-bit
- authenticator value. This 160-bit value can be
- truncated as described in RFC2104. For use with
- either ESP or AH, a truncated value using the first
- 96 bits MUST be supported.
+ RFC 2857 : HMAC-RIPEMD-160-96 produces a 160-bit
+ authenticator value. This 160-bit value can be
+ truncated as described in RFC2104. For use with
+ either ESP or AH, a truncated value using the first
+ 96 bits MUST be supported.
*/
{
auth_algo_libgcrypt = GCRY_MD_RMD160;
authenticator_data_computed = (guint8 *) g_malloc (( esp_auth_len * 2 + 1) * sizeof(guint8));
for (i = 0; i < esp_auth_len; i++)
{
- g_snprintf((char *)authenticator_data_computed_car, 3,
+ g_snprintf((char *)authenticator_data_computed_car, 3,
"%02X", authenticator_data_computed_md[i] & 0xFF);
authenticator_data_computed[i*2] = authenticator_data_computed_car[0];
authenticator_data_computed[i*2 + 1] = authenticator_data_computed_car[1];
The CAST-128 encryption algorithm has been designed to allow a key
size that can vary from 40 bits to 128 bits, in 8-bit increments
(that is, the allowable key sizes are 40, 48, 56, 64, ..., 112, 120,
- and 128 bits.
+ and 128 bits.
We support only 128 bits. */
/* Fix parameters for CAST5-CBC */
{
for(i = 0; i < esp_auth_len; i++)
{
- decrypted_data[i + decrypted_len -esp_auth_len]
+ decrypted_data[i + decrypted_len -esp_auth_len]
= encrypted_data[i + decrypted_len - esp_auth_len];
}
}
/* Handler to free the Decrypted Data Buffer. */
tvb_set_free_cb(tvb_decrypted,g_free);
-
+
if(tvb_bytes_exist(tvb, 8, esp_iv_len))
{
if(esp_iv_len > 0)
pinfo, esp_tree);
if(esp_tree)
- dissect_esp_authentication(esp_tree, tvb, len ,
+ dissect_esp_authentication(esp_tree, tvb, len ,
esp_auth_len, authenticator_data_computed,
authentication_ok, authentication_checking_ok );
*
* Added routines for RFC3947 Negotiation of NAT-Traversal in the IKE
* ronnie sahlberg
- *
+ *
* 04/2009 Added routines for decryption of IKEv2 Encrypted Payload
* Naoyoshi Ueda <piyomaru3141@gmail.com>
*
#include <glib.h>
#ifdef HAVE_LIBGCRYPT
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
#include <gcrypt.h>
#include <epan/strutil.h>
#include <wsutil/file_util.h>
/* Encryption algorithm ID to be passed to gcry_cipher_open() */
gint gcry_alg;
/* Cipher mode to be passed to gcry_cipher_open() */
- gint gcry_mode;
+ gint gcry_mode;
} ikev2_encr_alg_spec_t;
#define IKEV2_ENCR_NULL 1
{IKEV2_ENCR_3DES, 24, 8, 8, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC},
{IKEV2_ENCR_AES_CBC_128, 16, 16, 16, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC},
{IKEV2_ENCR_AES_CBC_192, 24, 16, 16, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC},
- {IKEV2_ENCR_AES_CBC_256, 32, 16, 16, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC},
+ {IKEV2_ENCR_AES_CBC_256, 32, 16, 16, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC},
{0, 0, 0, 0, 0, 0}
};
/*
- * Specifications of authentication algorithms for
+ * Specifications of authentication algorithms for
* decryption and/or ICD (Integrity Checksum Data) checking of IKEv2
*/
typedef struct _ikev2_auth_alg_spec {
guint spii_len;
guchar *spir;
guint spir_len;
-} ikev2_uat_data_key_t;
+} ikev2_uat_data_key_t;
typedef struct _ikev2_uat_data {
ikev2_uat_data_key_t key;
gchar *icookie_pfx = "| ICOOKIE: ";
gchar *enc_key_pfx = "| enc key: ";
gchar *pos, *endpos;
- gint icpfx_len = strlen(icookie_pfx);
- gint ec_len = strlen(enc_key_pfx);
+ gint icpfx_len = (gint) strlen(icookie_pfx);
+ gint ec_len = (gint) strlen(enc_key_pfx);
gint i;
address null_addr;
unsigned long hexval;
}
if (decr->secret_len < gcry_cipher_get_algo_keylen(gcry_cipher_algo))
return NULL;
- cbc_block_size = gcry_cipher_get_algo_blklen(gcry_cipher_algo);
+ cbc_block_size = (guint32) gcry_cipher_get_algo_blklen(gcry_cipher_algo);
switch(decr->hash_alg) {
case HMAC_MD5:
return NULL;
if (gcry_cipher_setkey(decr_ctx, decr->secret, decr->secret_len))
return NULL;
-
+
decrypted_data = g_malloc(buf_len);
if (gcry_cipher_decrypt(decr_ctx, decrypted_data, buf_len, buf, buf_len) != GPG_ERR_NO_ERROR) {
static void
dissect_cert(tvbuff_t *tvb, int offset, int length, proto_tree *tree,
- proto_tree *p _U_, packet_info *pinfo, int isakmp_version,
+ proto_tree *p _U_, packet_info *pinfo, int isakmp_version,
int unused _U_, guint8 inner_payload _U_)
{
guint8 cert_enc;
}
/*
- * Add the IV to the tree and store it in a packet scope buffer for later decryption
+ * Add the IV to the tree and store it in a packet scope buffer for later decryption
* if the specified encryption algorithm uses IV.
- */
+ */
if (iv_len) {
proto_tree_add_text(tree, tvb, offset, iv_len, "Initialization Vector (%d bytes): 0x%s",
iv_len, tvb_bytes_to_str(tvb, offset, iv_len));
offset += encr_data_len;
/*
- * Add the ICD (Integrity Checksum Data) to the tree before decryption to ensure
+ * Add the ICD (Integrity Checksum Data) to the tree before decryption to ensure
* the ICD be displayed even if the decryption fails.
- */
+ */
if (icd_len) {
icd_item = proto_tree_add_text(tree, tvb, offset, icd_len, "Integrity Checksum Data (%d bytes) ", icd_len);
/*
* Recalculate ICD value if the specified authentication algorithm allows it.
- */
+ */
if (key_info->auth_spec->gcry_alg) {
err = gcry_md_open(&md_hd, key_info->auth_spec->gcry_alg, key_info->auth_spec->gcry_flag);
if (err) {
/*
* Confirm encrypted data length is multiple of block size.
- */
+ */
if (encr_data_len % key_info->encr_spec->block_len != 0) {
proto_item_append_text(encr_data_item, "[Invalid length, should be a multiple of block size (%u)]",
key_info->encr_spec->block_len);
/*
* Allocate buffer for decrypted data.
- */
+ */
decr_data = (guchar*)g_malloc(encr_data_len);
decr_data_len = encr_data_len;
/*
- * If the cipher is NULL, just copy the encrypted data to the decrypted data buffer.
+ * If the cipher is NULL, just copy the encrypted data to the decrypted data buffer.
* And otherwise perform decryption with libgcrypt.
- */
+ */
if (key_info->encr_spec->number == IKEV2_ENCR_NULL) {
memcpy(decr_data, encr_data, decr_data_len);
} else {
gcry_cipher_close(cipher_hd);
}
-
+
decr_tvb = tvb_new_real_data(decr_data, decr_data_len, decr_data_len);
tvb_set_free_cb(decr_tvb, g_free);
tvb_set_child_real_data_tvbuff(tvb, decr_tvb);
}
/*
- * We dissect the inner payloads at last in order to ensure displaying Padding, Pad Length and ICD
+ * We dissect the inner payloads at last in order to ensure displaying Padding, Pad Length and ICD
* even if the dissection fails. This may occur when the user specify wrong encryption key.
*/
if (decr_payloads_tree) {
UAT_VS_DEF(ikev2_users, encr_alg, ikev2_uat_data_t, IKEV2_ENCR_3DES, "3DES")
UAT_BUFFER_CB_DEF(ikev2_users, sk_ai, ikev2_uat_data_t, sk_ai, sk_ai_len)
UAT_BUFFER_CB_DEF(ikev2_users, sk_ar, ikev2_uat_data_t, sk_ar, sk_ar_len)
-UAT_VS_DEF(ikev2_users, auth_alg, ikev2_uat_data_t, IKEV2_AUTH_HMAC_SHA1_96, "HMAC_SHA1_96")
+UAT_VS_DEF(ikev2_users, auth_alg, ikev2_uat_data_t, IKEV2_AUTH_HMAC_SHA1_96, "HMAC_SHA1_96")
static void ikev2_uat_data_update_cb(void* p, const char** err) {
ikev2_uat_data_t *ud = p;
#include "packet-ntp.h"
#ifdef HAVE_LIBGCRYPT
-
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
-
#include <gcrypt.h>
#endif /* HAVE_LIBGCRYPT */
#endif
#ifdef HAVE_LIBGCRYPT
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif
#include <gcrypt.h>
-#endif
+#endif
#define PNAME "PKCS#12: Personal Information Exchange"
#define PSNAME "PKCS12"
static int hf_pkcs12_X509Certificate_PDU = -1;
static gint ett_decrypted_pbe = -1;
-static const char *object_identifier_id = NULL;
+static const char *object_identifier_id = NULL;
static int iteration_count = 0;
static tvbuff_t *salt = NULL;
static const char *password = NULL;
const char *name = NULL;
name = oid_resolved_from_string(oid);
- proto_item_append_text(tree, " (%s)", name ? name : oid);
+ proto_item_append_text(tree, " (%s)", name ? name : oid);
}
#ifdef HAVE_LIBGCRYPT
unsigned int i, j;
gcry_md_hd_t md;
gcry_mpi_t num_b1 = NULL;
- unsigned int pwlen;
+ size_t pwlen;
char hash[20], buf_b[64], buf_i[128], *p;
char *salt;
int salt_size;
unsigned char lid = id & 0xFF;
gcry_md_write (md, &lid, 1);
}
-
+
gcry_md_write(md, buf_i, pw ? 128 : 64);
gcry_md_final (md);
memcpy (hash, gcry_md_read (md, 0), 20);
-
+
gcry_md_close (md);
-
+
for (i = 1; i < iter; i++)
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash, 20);
for (i = 0; i < 128; i += 64) {
gcry_mpi_t num_ij;
-
+
n = 64;
rc = gcry_mpi_scan (&num_ij, GCRYMPI_FMT_USG, buf_i + i, n, &n);
if (rc != 0) {
return FALSE;
}
-
+
gcry_mpi_add (num_ij, num_ij, num_b1);
gcry_mpi_clear_highbit (num_ij, 64 * 8);
-
+
n = 64;
rc = gcry_mpi_print (GCRYMPI_FMT_USG, buf_i + i, n, &n, num_ij);
}
}
-#endif
+#endif
void PBE_reset_parameters()
{
proto_tree *tree;
char byte;
gboolean decrypt_ok = TRUE;
-
+
if(((password == NULL) || (*password == '\0')) && (try_null_password == FALSE)) {
/* we are not configured to decrypt */
return FALSE;
mode = GCRY_CIPHER_MODE_CBC;
} else {
/* we don't know how to decrypt this */
-
+
proto_item_append_text(item, " [Unsupported encryption algorithm]");
return FALSE;
}
- if((iteration_count == 0) || (salt == NULL)) {
+ if((iteration_count == 0) || (salt == NULL)) {
proto_item_append_text(item, " [Insufficient parameters]");
return FALSE;
}
return FALSE;
if(ivlen) {
-
+
iv = ep_alloc(ivlen);
-
+
if(!generate_key_or_iv(2 /* IV */, salt, iteration_count, password, ivlen, iv))
return FALSE;
}
if (gcry_err_code (err))
return FALSE;
- err = gcry_cipher_setkey (cipher, key, keylen);
+ err = gcry_cipher_setkey (cipher, key, keylen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
}
-
+
if(ivlen) {
- err = gcry_cipher_setiv (cipher, iv, ivlen);
+ err = gcry_cipher_setiv (cipher, iv, ivlen);
if (gcry_err_code (err)) {
gcry_cipher_close (cipher);
return FALSE;
gcry_cipher_close (cipher);
/* We don't know if we have successfully decrypted the data or not so we:
- a) check the trailing bytes
+ a) check the trailing bytes
b) see if we start with a sequence or a set (is this too constraining?
*/
break;
}
}
- } else {
+ } else {
/* XXX: is this a failure? */
}
/* add it as a new source */
add_new_data_source(actx->pinfo, clear_tvb, name->str);
-
+
g_string_free(name, TRUE);
/* now try and decode it */
call_ber_oid_callback(object_identifier_id, clear_tvb, 0, actx->pinfo, tree);
- return TRUE;
+ return TRUE;
#else
/* we cannot decrypt */
return FALSE;
static const ber_sequence_t DigestInfo_sequence[] = {
- { &hf_pkcs12_digestAlgorithm, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_cms_DigestAlgorithmIdentifier },
+ { &hf_pkcs12_digestAlgorithm, -1/*imported*/, -1/*imported*/, BER_FLAGS_NOOWNTAG, dissect_cms_DigestAlgorithmIdentifier },
{ &hf_pkcs12_digest , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_cms_Digest },
{ NULL, 0, 0, 0, NULL }
};
/*--- End of included file: packet-pkcs12-fn.c ---*/
#line 386 "packet-pkcs12-template.c"
-static int strip_octet_string(tvbuff_t *tvb)
+static int strip_octet_string(tvbuff_t *tvb)
{
gint8 class;
gboolean pc, ind;
proto_tree_add_text(tree, tvb, 0, 1, "BER Error: OCTET STRING expected");
}
-static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static void dissect_SafeContents_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
asn1_ctx_t asn1_ctx;
asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
offset = strip_octet_string(tvb);
-
+
dissect_pkcs12_SafeContents(FALSE, tvb, offset, &asn1_ctx, tree, hf_pkcs12_SafeContents_PDU);
}
-static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static void dissect_X509Certificate_OCTETSTRING_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
asn1_ctx_t asn1_ctx;
"Whether to try and decrypt the encrypted data within the"
" PKCS#12 with a NULL password", &try_null_password);
- register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
+ register_ber_syntax_dissector("PKCS#12", proto_pkcs12, dissect_PFX_PDU);
register_ber_oid_syntax(".p12", NULL, "PKCS#12");
register_ber_oid_syntax(".pfx", NULL, "PKCS#12");
}
#ifdef HAVE_LIBGCRYPT
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
#include <gcrypt.h>
#endif
static int hf_snmp_operation = -1; /* T_operation */
/*--- End of included file: packet-snmp-hf.c ---*/
-#line 224 "packet-snmp-template.c"
+#line 221 "packet-snmp-template.c"
static int hf_smux_version = -1;
static int hf_smux_pdutype = -1;
static gint ett_snmp_RReqPDU_U = -1;
/*--- End of included file: packet-snmp-ett.c ---*/
-#line 243 "packet-snmp-template.c"
+#line 240 "packet-snmp-template.c"
static const true_false_string auth_flags = {
"OK",
snmp_lookup_specific_trap (guint specific_trap)
{
guint i;
-
+
for (i = 0; i < num_specific_traps; i++) {
snmp_st_assoc_t *u = &(specific_traps[i]);
/*--- End of included file: packet-snmp-fn.c ---*/
-#line 1446 "packet-snmp-template.c"
+#line 1443 "packet-snmp-template.c"
guint
"snmp.T_operation", HFILL }},
/*--- End of included file: packet-snmp-hfarr.c ---*/
-#line 2003 "packet-snmp-template.c"
+#line 2000 "packet-snmp-template.c"
};
/* List of subtrees */
&ett_snmp_RReqPDU_U,
/*--- End of included file: packet-snmp-ettarr.c ---*/
-#line 2019 "packet-snmp-template.c"
+#line 2016 "packet-snmp-template.c"
};
module_t *snmp_module;
};
static gint
-ssl_data_alloc(StringInfo* str, guint len)
+ssl_data_alloc(StringInfo* str, size_t len)
{
str->data = g_malloc(len);
/* the allocator can return a null pointer for a size equal to 0,
* and that must be allowed */
if (len > 0 && !str->data)
return -1;
- str->data_len = len;
+ str->data_len = (guint) len;
return 0;
}
rc = 0;
for (i = 1; i < decr_len; i++) {
if (decr_data_ptr[i] == 0) {
- rc = i+1;
+ rc = (gint) i+1;
break;
}
}
decr_len -= rc;
#endif /* SSL_FAST */
gcry_mpi_release(text);
- return decr_len;
+ return (int) decr_len;
}
/* stringinfo interface */
guint8 *ptr;
StringInfo s1, s2;
guint i,s_l, r;
- gint usage_len;
+ size_t usage_len;
r=-1;
usage_len = strlen(usage);
if (ret != 0) {
ssl_debug_printf( "gnutls_x509_privkey_get_key_id(ssl_pkey, 0, buf_keyid, &buf_len) - %s\n", gnutls_strerror(ret));
} else {
- ssl_debug_printf( "Private key imported: KeyID %s\n", bytes_to_str_punct(buf_keyid, buf_len, ':'));
+ ssl_debug_printf( "Private key imported: KeyID %s\n", bytes_to_str_punct(buf_keyid, (int) buf_len, ':'));
}
/*
}
key.data = g_malloc(size);
key.size = size;
- bytes = fread(key.data, 1, key.size, fp);
+ bytes = (guint) fread(key.data, 1, key.size, fp);
if (bytes < key.size) {
ssl_debug_printf("ssl_load_key: can't read from file %d bytes, got %d\n",
key.size, bytes);
Ssl_private_key_t *
ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd) {
- int i, j, ret, len;
- size_t rest;
+ int i, j, ret;
+ int rest;
unsigned char *p;
gnutls_datum_t data;
gnutls_pkcs12_bag_t bag = NULL;
gnutls_pkcs12_bag_type_t bag_type;
- size_t buf_len;
+ size_t len, buf_len;
static char buf_name[256];
static char buf_email[128];
unsigned char buf_keyid[32];
p = data.data;
while ((len = fread(p, 1, rest, fp)) > 0) {
p += len;
- rest -= len;
+ rest -= (int) len;
if (!rest) {
rest = 1024;
data.data = g_realloc(data.data, data.size + rest);
if (ret < 0) { g_strlcpy(buf_keyid, "<ERROR>", 32); }
private_key->x509_cert = ssl_cert;
- ssl_debug_printf( "Certificate imported: %s <%s>, KeyID %s\n", buf_name, buf_email, bytes_to_str(buf_keyid, buf_len));
+ ssl_debug_printf( "Certificate imported: %s <%s>, KeyID %s\n", buf_name, buf_email, bytes_to_str(buf_keyid, (int) buf_len));
break;
case GNUTLS_BAG_PKCS8_KEY:
}
void
-ssl_print_text_data(const gchar* name, const guchar* data, gint len)
+ssl_print_text_data(const gchar* name, const guchar* data, size_t len)
{
gint i;
if (!ssl_debug_file)
}
void
-ssl_print_data(const gchar* name, const guchar* data, gint len)
+ssl_print_data(const gchar* name, const guchar* data, size_t len)
{
gint i;
if (!ssl_debug_file)
#include <epan/value_string.h>
#ifdef HAVE_LIBGNUTLS
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
-
#include <stdio.h>
#include <gcrypt.h>
#include <gnutls/x509.h>
extern const value_string pct_error_code[];
extern const value_string tls_hello_extension_types[];
+/* XXX Should we use GByteArray instead? */
typedef struct _StringInfo {
guchar* data;
guint data_len;
gnutls_x509_crt_t x509_cert;
gnutls_x509_privkey_t x509_pkey;
#endif
- SSL_PRIVATE_KEY *sexp_pkey;
+ SSL_PRIVATE_KEY *sexp_pkey;
} Ssl_private_key_t;
/** Initialize decryption engine/ssl layer. To be called once per execution */
extern Ssl_private_key_t *
ssl_load_key(FILE* fp);
-extern Ssl_private_key_t *
+extern Ssl_private_key_t *
ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd);
/** Deallocate the memory used for specified key
extern void
ssl_debug_printf(const gchar* fmt,...) GNUC_FORMAT_CHECK(printf,1,2);
extern void
-ssl_print_data(const gchar* name, const guchar* data, gint len);
+ssl_print_data(const gchar* name, const guchar* data, size_t len);
extern void
ssl_print_string(const gchar* name, const StringInfo* data);
extern void
-ssl_print_text_data(const gchar* name, const guchar* data, gint len);
+ssl_print_text_data(const gchar* name, const guchar* data, size_t len);
extern void
ssl_set_debug(gchar* name);
extern void
* we can do is parse the security header and give up.
*/
#ifdef HAVE_LIBGCRYPT
-#ifdef _WIN32
-#include <winposixtype.h>
-#endif /* _WIN32 */
-
#include <gcrypt.h>
#endif /* HAVE_LIBGCRYPT */
#include "config.h"
#endif
-#if (defined(HAVE_LIBGCRYPT) || defined(HAVE_LIBGNUTLS)) && defined(_WIN32)
-#include <winposixtype.h>
-#endif
-
#ifdef HAVE_LIBGCRYPT
#include <gcrypt.h>
#endif /* HAVE_LIBGCRYPT */
#include "config.h"
#endif
-#ifdef _WIN32
-/* #include <windows.h> */
-#include <winposixtype.h>
-#else
+#ifndef _WIN32
#include <sys/types.h>
#include <sys/time.h>
#include <sys/sysinfo.h>
#define MD5Init(md) gcry_md_open(md, GCRY_MD_MD5, 0)
#define MD5Update(md, data, len) gcry_md_write(*(md), data, len)
#define MD5Final(buf, md) memcpy(buf, gcry_md_read(*(md), GCRY_MD_MD5), gcry_md_get_algo_dlen(GCRY_MD_MD5))
-#endif
+#endif
/* set the following to the number of 100ns ticks of the actual
resolution of your system's clock */
# 32-bit wrapper for win-setup.sh.
-export DOWNLOAD_TAG="2009-12-17"
+export DOWNLOAD_TAG="2009-12-21"
export WIRESHARK_TARGET_PLATFORM="win32"
WIN_SETUP=`echo $0 | sed -e s/win32/win/`
# 64-bit wrapper for win-setup.sh.
-export DOWNLOAD_TAG="2009-12-17"
+export DOWNLOAD_TAG="2009-12-21"
export WIRESHARK_TARGET_PLATFORM="win64"
WIN_SETUP=`echo $0 | sed -e s/win64/win/`
#include <pcre.h> /* to get the libpcre version number */
#endif /* HAVE_LIBPCRE */
-#if (defined(HAVE_LIBGCRYPT) || defined(HAVE_LIBGNUTLS)) && defined(_WIN32)
-#include <winposixtype.h>
-#endif
-
#ifdef HAVE_LIBGCRYPT
#include <gcrypt.h>
#endif /* HAVE_LIBGCRYPT */