ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Remove our bundled crypto library (in favor of Libgcrypt)?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Tue, 7 Feb 2017 07:51:38 +0100


Le 6 févr. 2017 22:00, "Peter Wu" <peter@xxxxxxxxxxxxx> a écrit :
On Mon, Feb 06, 2017 at 11:46:23AM -0800, Gerald Combs wrote:
> On 2/5/17 8:15 AM, João Valverde wrote:
> >
> >
> > On 02/05/2017 03:21 PM, Peter Wu wrote:
> >> Hey,
> >>
> >> Recently I discovered that wsutil actually contains a lot of
> >> cryptographic functionalities (AES, SHA-1, DES, etc.). This duplicates
> >> Libgcrypt functionality.
> >>
> >> At the moment Libgcrypt is optional and used to provide decryption
> >> functionality for SSL/TLS/DTLS, IPsec DVBCI, 802.15.4, SNMP, Zigbee and
> >> more.  What do you think about nuking the bundled crypto routines in
> >> wsutil and use Libgcrypt instead?
> >>
> >> The easiest option would be making Libgcrypt mandatory, otherwise we
> >> would have to add ifdef's everywhere (or create a compatibility layer
> >> that disables crypto when Libgcrypt is unavailable).
> >>
> >
> > +1 mandatory dependency.
>
> No objections here, although this might require packaging changes on
> Windows. Libgcrypt is currently provided by the GnuTLS package on that
> platform, but it looks like they switched to Nettle in more recent versions.

It seems that Libgcrypt support for GnuTLS was killed in November 2011
(GnuTLS 3.0.8). So the current GnuTLS 3.2.15 build for Windows does not
even need it. GnuTLS is only used for supporting parsing private RSA key
files (in various formats) in the SSL dissector.

(If a new Libgcrypt package is built, the 1.7 series should be used for
ChaCha20-Poly1305 support (TLS 1.3).)

I can probably have a look at this when I'm back from vacation. OpenSuse still provides a 1.6.x version but we are already running our own libgcrypt build to workaround an issue with AES-NI.


Thank you all for the feedback.  Since there are no objections, I will
start working on the transition in the next days (after the TLS
changes).
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube