Wireshark mailing list archives

Re: Remove our bundled crypto library (in favor of Libgcrypt)?

From: Bálint Réczey <balint () balintreczey hu>
Date: Sat, 11 Feb 2017 22:57:42 +0100

Hi,

2017-02-11 22:44 GMT+01:00 Peter Wu <peter () lekensteyn nl>:

On Sat, Feb 11, 2017 at 08:54:39PM +0000, João Valverde wrote:
[..]

I think a small abstraction layer above the lower-level crypto routines,
whatever those may be (libgcrypt, nettle, home-grown - yuck), would be a
useful thing to have. It would accomplish two things:

1. Easily change dependencies without having to change dissector code.

2. Disable crypto in a saner way and keep the dependency optional, without
having to use #ifdefs all over the place (just one place in fact). Example:

  int ws_aes_decrypt(...) {
  #ifdef HAVE_AES_DEPENDENCY
     err = aes_decrypt(...);
     if (err == AES_OK) {
      return WS_CRYPTO_OK;
     } else {
        ...
     }
  #else
     return WS_CRYPTO_DISABLED;
  #endif
  }

Then of course require crypto consumers (dissectors and whatever else) to
handle the WS_CRYPTO_DISABLED case as appropriate.


Disabling is an option if you want to make the crypto library optional,
but the vast majority of the files/functions are hash functions (md5 is
used for example in editcap.c for duplicate detection). Since you need a
crypto library for the hash functions, you get decryption algorithms
like AES for free. (Unless you want to keep the bundled algorithms... I
would rather not).

At this moment I don't know how the end result looks like. Maybe after
actually looking at the files/functions, we'll see whether an extra
abstraction is worth it or not.


+1 for going without a new layer of indirections.
Making libgcrypt mandatory is easy and every level of indirection make
understanding the code harder which is a source of bugs.

If we ever feel dropping libgcrypt necessary we can add the new layer.

Cheers,
Balint
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Remove our bundled crypto library (in favor of Libgcrypt)?, (continued)
- - - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 12)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Pascal Quantin (Feb 12)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 12)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 13)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 13)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 15)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 11)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Bálint Réczey (Feb 11)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Guy Harris (Feb 11)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Ed Beroset (Feb 11)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 11)
    - Message not available
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Pascal Quantin (Feb 06)
    - Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 09)