Wireshark mailing list archives
Re: Remove our bundled crypto library (in favor of Libgcrypt)?
From: Erik de Jong <erikdejong () gmail com>
Date: Sat, 11 Feb 2017 21:31:17 +0100
On Sat, Feb 11, 2017 at 8:55 PM, Peter Wu <peter () lekensteyn nl> wrote:
On Sat, Feb 11, 2017 at 06:27:41PM +0000, João Valverde wrote:On 02/11/2017 12:14 PM, Peter Wu wrote:On Fri, Feb 10, 2017 at 12:59:46AM +0000, João Valverde wrote:On 02/08/2017 01:40 PM, Peter Wu wrote:On Mon, Feb 06, 2017 at 03:25:40PM -0800, Guy Harris wrote:On Feb 6, 2017, at 3:17 PM, João Valverde <joao.valverde () tecnico ulisboa pt> wrote:None from me but can we use Nettle instead? Any reason not to?Word on the street is that it is more pleasant to work with than gcrypt.I am only familiar with Libgcrypt which is not that hard to use.Haveyou tried both libraries? What were your experiences? License-wise they are similar. Based on development activity(commitcount), it seems that Nettle is mostly developed by one personwhileLibgcrypt has more. An actual look at the Nettle documentation shows that Nettleprovidesdirect access to crypto routines (aes128_encrypt, aes256_encrypt, aes_decrypt, chacha_poly1305_set_key, etc.). Libgcrypt provides amoregeneric interface (gcry_cipher_open, gcry_cipher_encrypt) whichmeans itis easier to use when multiple ciphers can be chosen (which is thecasefor SSL/TLS, IPsec, IKE). Thus, I think that it is better to stick to Libgcrypt than migratetoNettle.I was not considering a migration from gcrypt to nettle, justchoosing oneof the two libraries to replace our bundled crypto. Assuming theeffortrequired for that is similar (maybe an incorrect assumption).The status quo is that Libgcrypt is already used in many places while nettle is only an implicit dependency (needed for GnuTLS). Since Libgcrypt and nettle are comparable in feature set, changing to nettle would be more effort and it seems better to stick to Libgcrypt.There are two things here: one is a bunch of Libgcrypt calls guarded by #ifdefs. Those will stay, obviously, unless someone wants to stepforward todo the porting work and review to move to a different library. The other is a bunch of of crypto files in wsutil that could be replacedbyany number of crypto libraries. For example wsutil/aes.c comes fromFreeBSDapparently. I hadn't even thought of Nettle before Gerald mentioned itbut Iwas just wondering if it would be a better option than Libgcrypt. No big deal, just thought I would ask. Your change set (20030) hasn't addressed the second case. All the wsutil code is still there. Just out of curiosity are you planning to work onthis? My original goal was to replace wsutil by an existing crypto library (case 2). Since we Libgcrypt is already used in a lot of places, it seemed natural to replace wsutil by Libgcrypt. When trying to do so, I noticed that having an optional Libgcrypt makes it much harder and hence changeset 20030 was created first to make it mandatory. Once that is in place, we can change the wsutil crypto users to Libgcrypt. I plan to start working on that in the next days, let me know if you want to join this effort :-)
I'd like to help out, please tell me how I can assist in a way that won't be counterproductive.
-- Kind regards, Peter Wu https://lekensteyn.nl ____________________________________________________________ _______________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject= unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Remove our bundled crypto library (in favor of Libgcrypt)?, (continued)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 08)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Guy Harris (Feb 08)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 08)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Guy Harris (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Bálint Réczey (Feb 09)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Bálint Réczey (Feb 09)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 09)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 12)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Pascal Quantin (Feb 12)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 12)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 13)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 13)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Erik de Jong (Feb 15)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? João Valverde (Feb 11)
- Re: Remove our bundled crypto library (in favor of Libgcrypt)? Peter Wu (Feb 11)