Re: Can the legacy HAVE_LIBGCRYPT_AEAD check be removed?

[Pascal Quantin <pascal () wireshark org>]

Hi Matthias,

Le lun. 12 juil. 2021 à 21:22, Dr. Matthias St. Pierre <
Matthias.St.Pierre () ncp-e com> a écrit :

> Hi all,
>
> in wsgcrypt.h the libgcrypt version is checked to ensure that it supports
> AEAD ciphers:
>
>         #if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
>         /* Whether to provide support for authentication in addition to
> decryption. */
>         #define HAVE_LIBGCRYPT_AEAD
>         #endif
>
>         (see [1])
>
> Given the fact that libgcrypt 1.6.0 was released in 2013-12-16 (see [2]),
> I was wondering whether after such a long time it would be acceptable to
> simplify
> all the conditional code depending on HAVE_LIBGCRYPT_AEAD by making
> GCRYPT_VERSION_NUMBER >= 0x010600 a requirement and removing  the
> #else code parts.
>
> The reason why I am asking is because the packet-isakmp dissector has some
> conditional code to emulate AES-GCM using AES-CTR in the absence
> of HAVE_LIBGCRYPT_AEAD which I'd like to remove. I did some git history
> research and noticed that there were some recent commits in 2020 related
> to fixing compilation without HAVE_LIBGCRYPT_AEAD  (see [3]). However, I'm
> not sure whether this was done deliberately to support libgcrypt < 1.6.0
> or just out of habit because nobody considered the option of removing the
> legacy check.

If some changes were done to fix the compilation, it means that some people
still use a libgcrypt version older than 1.6.0. And as seen in our
CMakeLists.txt file,
the minimum version required for now is 1.5.0.

Best regards,
Pascal.


> Regards,
> Matthias
>
>
> [1]
> https://gitlab.com/wireshark/wireshark/-/blob/06ed6930dc602b5b3b1a79a176272c1846840f8f/wsutil/wsgcrypt.h#L32-35
> [2]
> https://github.com/gpg/libgcrypt/blob/ccfa9f2c1427b40483984198c3df41f8057f69f8/NEWS#L673
>
>
> [3] output of:
>
>         for f in $(git grep -l HAVE_LIBGCRYPT_AEAD); do \
>                 git annotate $f | grep HAVE_LIBGCRYPT_AEAD; \
>         done | awk '{print $1}' | sort | uniq | xargs git show --oneline
> --pretty=reference  --no-patch  | grep -w fix
>
> 03af5553eb (ssl-utils: fix compilation if not HAVE_LIBGCRYPT_AEAD.,
> 2018-03-15)
> 151ee60555 (http3: fix build without support for AEAD cipher suites.,
> 2020-08-10)
> 8c99f4de8d (QUIC: fix compilation without HAVE_LIBGCRYPT_AEAD, 2020-11-19)
> 90c3e7dead (QUIC: fix build error without LIBGCRYPT_AEAD, 2020-07-13)
> e7642e162f (TLS: fix build error without LIBGCRYPT_AEAD, 2020-07-13)
> e846d238d7 (QUIC: fix compile  without LIBGCRYPT_AEAD,
> 2020-08-10)___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe