Wireshark-dev: Re: [Wireshark-dev] Remove our bundled crypto library (in favor of Libgcrypt)?
From: Erik de Jong <[email protected]>
Date: Wed, 15 Feb 2017 16:06:16 +0100

On Mon, Feb 13, 2017 at 9:46 PM, Peter Wu <[email protected]> wrote:
On Mon, Feb 13, 2017 at 07:31:50PM +0100, Erik de Jong wrote:
> On Sun, Feb 12, 2017 at 3:38 PM, Peter Wu <[email protected]> wrote:
> > On Sun, Feb 12, 2017 at 02:40:03PM +0100, Pascal Quantin wrote:
> > > Le 12 févr. 2017 11:12, "Erik de Jong" <[email protected]> a écrit :
> > > On Sat, Feb 11, 2017 at 10:38 PM, Peter Wu <[email protected]> wrote:
> > > > (forgot to attach the file lists...)
> > >
> > > I'll get to work on the aes_cmac_encrypt_* and crypt_* symbols. Will you
> > > make a separate change for this on which we'll both work or is it
> > > additional work on 20030?
> >
> > You can create a separate change, 20030 is focussed on making Libgcrypt
> > mandatory but will not rewrite other parts (in order to make review
> > easier).
> >
> Alright! I've removed the md4 and rc4 symbols. Don't feel confident enough
> to remove the crypt_des_ecb calls because I'm not sure what is happening
> exactly, so I'm worried it'll break.

Ehh, that indeed needs a closer look. I'll take a look once you finished
the patch (to avoid possible conflicts within the file).

> Looks like wsutil/aes.h is also used by epan/dissectors/packet-dof.c and
> epan/crypt/airpdcap_ccmp.c for rijndael_encrypt(), so we ought to put those
> on the list as well.

Oh right! I grepped for the cipher names based on the filename and
missed Rijndael.

General remark, when rewriting files, can you try to find a pcap and
confirm that the before/after result is the same? You can then add this
to the commit message.

I did not find any captures that are appropriate for the rc4 related calls, looks like the captures up on the web are about other (AES) encryption. Removed the Rijndael references in the epan/crypt/* but looks like the information for the sample capture for the DOF protocol (https://wiki.wireshark.org/SampleCaptures#DOF_.28Distributed_Object_Framework.29_Protocols) either has the wrong decryption info or the decryption is already broken as it doesn't decrypt in Fedora's stock Wireshark (2.2), so that'll be difficult to verify.
Kind regards,
Peter Wu
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]wireshark.org?subject=unsubscribe