Wireshark-dev: Re: [Wireshark-dev] Remove our bundled crypto library (in favor of Libgcrypt)?
From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Sat, 11 Feb 2017 22:35:10 +0100
On Sat, Feb 11, 2017 at 09:31:17PM +0100, Erik de Jong wrote:
> On Sat, Feb 11, 2017 at 8:55 PM, Peter Wu <peter@xxxxxxxxxxxxx> wrote:
[..]
> > My original goal was to replace wsutil by an existing crypto library
> > (case 2). Since we Libgcrypt is already used in a lot of places, it
> > seemed natural to replace wsutil by Libgcrypt.
> >
> > When trying to do so, I noticed that having an optional Libgcrypt makes
> > it much harder and hence changeset 20030 was created first to make it
> > mandatory. Once that is in place, we can change the wsutil crypto users
> > to Libgcrypt. I plan to start working on that in the next days, let me
> > know if you want to join this effort :-)
> >
> 
> I'd like to help out, please tell me how I can assist in a way that won't
> be counterproductive.

Thanks!  The following files need to be modified / removed:

    debian/libwsutil0.symbols
    wsutil/CMakeLists.txt
    wsutil/Makefile.am
    wsutil/aes.c
    wsutil/aes.h
    wsutil/des.c
    wsutil/des.h
    wsutil/md4.c
    wsutil/md4.h
    wsutil/md5.c
    wsutil/md5.h
    wsutil/rc4.c
    wsutil/rc4.h
    wsutil/sha1.c
    wsutil/sha1.h
    wsutil/sha2.c
    wsutil/sha2.h

The symbols to be removed are:

- aes_cmac_encrypt_finish@Base 2.1.0
- aes_cmac_encrypt_starts@Base 2.1.0
- aes_cmac_encrypt_update@Base 2.1.0
- crypt_des_ecb@Base 1.12.0~rc1
- crypt_md4@Base 1.12.0~rc1
- crypt_rc4@Base 1.12.0~rc1
- crypt_rc4_init@Base 1.12.0~rc1
- md5_append@Base 1.12.0~rc1
- md5_finish@Base 1.12.0~rc1
- md5_hmac@Base 1.12.0~rc1
- md5_hmac_append@Base 1.12.0~rc1
- md5_hmac_finish@Base 1.12.0~rc1
- md5_hmac_init@Base 1.12.0~rc1
- md5_init@Base 1.12.0~rc1
- sha1_finish@Base 1.12.0~rc1
- sha1_hmac@Base 1.12.0~rc1
- sha1_hmac_finish@Base 1.12.0~rc1
- sha1_hmac_starts@Base 1.12.0~rc1
- sha1_hmac_update@Base 1.12.0~rc1
- sha1_starts@Base 1.12.0~rc1
- sha1_update@Base 1.12.0~rc1
- sha256_finish@Base 2.1.0
- sha256_hmac@Base 2.1.0
- sha256_hmac_finish@Base 2.1.0
- sha256_hmac_starts@Base 2.1.0
- sha256_hmac_update@Base 2.1.0
- sha256_starts@Base 2.1.0
- sha256_update@Base 2.1.0

Attached are the files that need to be modified (one list for any
occurrence per file, one list with files grouped per function).

The first three functions were "recently" added (see git logs) and is
only used in airpdcap code.

Looking at crypt_des_ecb, the users are packet-ntlmssp.c and
packet-dcerpc-netlogin.c. These also use md5 a lot and crypt_rc4.
Do you have any preference for a file/crypto function to tackle?

Note that the current minimum Libgcrypt version is 1.4.2. For CMAC you
need Libgcrypt 1.6.0 or newer. All other functions have been available
for longer time. References that might be helpful:
https://wiki.wireshark.org/Development/Support_library_version_tracking#Libgcrypt
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=NEWS
https://gnupg.org/documentation/manuals/gcrypt/

If it helps, an example of using Libgcrypt (see .c and _test.lua files):
https://github.com/Lekensteyn/luagcrypt
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl