Wireshark-commits: [Wireshark-commits] master-2.0 e4c4864: ssl-utils: allow gcrypt without GnuTLS,

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Thu, 29 Oct 2015 17:42:55 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e4c48646537ce76afb17fcb8ff02ff7d68411500
Submitter: Michael Mann (mmann78@xxxxxxxxxxxx)
Changed: branch: master-2.0
Repository: wireshark

Commits:

e4c4864 by Peter Wu (peter@xxxxxxxxxxxxx):

    ssl-utils: allow gcrypt without GnuTLS, improve structure
    
    Fix distinction between HAVE_LIBGNUTLS and HAVE_LIBGCRYPT. If GnuTLS is
    unavailable, then the only missing feature is decryption using an RSA
    private key file. Regardless of GnuTLS, allow SSL decryption (e.g. using
    a SSL key log file or a PSK configured via preferences).
    
    This change has no functional effect when GnuTLS and gcrypt are both
    available (or not). Additionally, decryption is possible if only
    libgcrypt is available.
    
    Further changes to make ssl-utils more maintainable and documented:
     - Group related functions, add markers and documentation. The following
       functions are moved (with no further modifications):
       - ssl_data_realloc, ssl_data_copy: related to StringInfo.
       - ssl_change_cipher, ssl_create_flow: related to the decryption of a
         session.
       - ssl_decompress_record: related to Record Decompression.
       - ssl_lib_init: moved to an arbitrary place.
       - ssl_set_server: moved closer to ssl_packet_from_server.
       - ssl_is_valid_content_type, ssl_is_valid_handshake_type: move closer
         to dissection code.
       - ssl_dissect_hnd_hello_ext_status_request,
         ssl_dissect_hnd_hello_ext_status_request_v2,
         ssl_dissect_hnd_hello_ext_elliptic_curves,
         ssl_dissect_hnd_hello_ext_ec_point_formats: move to TLS extensions.
     - Remove unused forward declaration of _gcry_rsa_decrypt.
     - ssl-packet-utils.h:
       - Remove ssl_equal, ssl_hash. These are only used in
         packet-ssl-utils.c.
       - ssl_private_key_equal, ssl_private_key_hash,
         ssl_common_register_options: inline when decryption is not
         possible.
       - Remove ws_symbol_export.h, enable SSL debug log when libgcrypt is
         compiled in (instead of depending on GnuTLS).
     - Move/merge stub code when GnuTLS or libgcrypt are not available:
       - ssl_find_cipher: move.
       - ssl_cipher_setiv: move.
       - ssl_generate_pre_master_secret, ssl_generate_keyring_material: move.
    
    Compile-tested all combinations:
     - no GnuTLS, no libgcrypt: CentOS 6.
     - no GnuTLS, has libgcrypt: CentOS 6. Passes all decryption tests
       except for the ones that need a RSA private key file.
     - has GnuTLS, no libgcrypt: Arch Linux.
     - has GnuTLS, has libgcrypt: Arch Linux. The decryption tests pass.
    (GnuTLS support is useless without gcrypt, but included for completeness.)
    
    Change-Id: I727248937331f8788de8ed78248bb33296206096
    Reviewed-on: https://code.wireshark.org/review/11052
    Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
    (cherry picked from commit 36079a1eb55768755e4861801e3b651ebf603a52)
    Reviewed-on: https://code.wireshark.org/review/11404
    Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>
    

Actions performed:

    from  c1758a8   EtherCAT: wrong display name
    adds  e4c4864   ssl-utils: allow gcrypt without GnuTLS, improve structure


Summary of changes:
 epan/dissectors/packet-dtls.c      |   10 +-
 epan/dissectors/packet-ssl-utils.c |  840 ++++++++++++++++++++----------------
 epan/dissectors/packet-ssl-utils.h |   20 +-
 epan/dissectors/packet-ssl.c       |   11 +-
 4 files changed, 487 insertions(+), 394 deletions(-)