Wireshark mailing list archives
Re: Remove our bundled crypto library (in favor of Libgcrypt)?
From: João Valverde <joao.valverde () tecnico ulisboa pt>
Date: Mon, 6 Feb 2017 23:17:10 +0000
On 02/06/2017 09:00 PM, Peter Wu wrote:
On Mon, Feb 06, 2017 at 11:46:23AM -0800, Gerald Combs wrote:On 2/5/17 8:15 AM, João Valverde wrote:On 02/05/2017 03:21 PM, Peter Wu wrote:Hey, Recently I discovered that wsutil actually contains a lot of cryptographic functionalities (AES, SHA-1, DES, etc.). This duplicates Libgcrypt functionality. At the moment Libgcrypt is optional and used to provide decryption functionality for SSL/TLS/DTLS, IPsec DVBCI, 802.15.4, SNMP, Zigbee and more. What do you think about nuking the bundled crypto routines in wsutil and use Libgcrypt instead? The easiest option would be making Libgcrypt mandatory, otherwise we would have to add ifdef's everywhere (or create a compatibility layer that disables crypto when Libgcrypt is unavailable).+1 mandatory dependency.No objections here, although this might require packaging changes on Windows. Libgcrypt is currently provided by the GnuTLS package on that platform, but it looks like they switched to Nettle in more recent versions.It seems that Libgcrypt support for GnuTLS was killed in November 2011 (GnuTLS 3.0.8). So the current GnuTLS 3.2.15 build for Windows does not even need it. GnuTLS is only used for supporting parsing private RSA key files (in various formats) in the SSL dissector. (If a new Libgcrypt package is built, the 1.7 series should be used for ChaCha20-Poly1305 support (TLS 1.3).) Thank you all for the feedback. Since there are no objections, I will start working on the transition in the next days (after the TLS changes).
None from me but can we use Nettle instead? Any reason not to? Word on the street is that it is more pleasant to work with than gcrypt.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 05)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 05)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 05)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Gerald Combs (Feb 06)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 06)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 06)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Guy Harris (Feb 06)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 08)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Guy Harris (Feb 08)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 08)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Guy Harris (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Bálint Réczey (Feb 09)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Bálint Réczey (Feb 09)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Gerald Combs (Feb 06)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 09)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 11)