ssl-utils: allow gcrypt without GnuTLS, improve structure

Fix distinction between HAVE_LIBGNUTLS and HAVE_LIBGCRYPT. If GnuTLS is unavailable, then the only missing feature is decryption using an RSA private key file. Regardless of GnuTLS, allow SSL decryption (e.g. using a SSL key log file or a PSK configured via preferences). This change has no functional effect when GnuTLS and gcrypt are both available (or not). Additionally, decryption is possible if only libgcrypt is available. Further changes to make ssl-utils more maintainable and documented: - Group related functions, add markers and documentation. The following functions are moved (with no further modifications): - ssl_data_realloc, ssl_data_copy: related to StringInfo. - ssl_change_cipher, ssl_create_flow: related to the decryption of a session. - ssl_decompress_record: related to Record Decompression. - ssl_lib_init: moved to an arbitrary place. - ssl_set_server: moved closer to ssl_packet_from_server. - ssl_is_valid_content_type, ssl_is_valid_handshake_type: move closer to dissection code. - ssl_dissect_hnd_hello_ext_status_request, ssl_dissect_hnd_hello_ext_status_request_v2, ssl_dissect_hnd_hello_ext_elliptic_curves, ssl_dissect_hnd_hello_ext_ec_point_formats: move to TLS extensions. - Remove unused forward declaration of _gcry_rsa_decrypt. - ssl-packet-utils.h: - Remove ssl_equal, ssl_hash. These are only used in packet-ssl-utils.c. - ssl_private_key_equal, ssl_private_key_hash, ssl_common_register_options: inline when decryption is not possible. - Remove ws_symbol_export.h, enable SSL debug log when libgcrypt is compiled in (instead of depending on GnuTLS). - Move/merge stub code when GnuTLS or libgcrypt are not available: - ssl_find_cipher: move. - ssl_cipher_setiv: move. - ssl_generate_pre_master_secret, ssl_generate_keyring_material: move. Compile-tested all combinations: - no GnuTLS, no libgcrypt: CentOS 6. - no GnuTLS, has libgcrypt: CentOS 6. Passes all decryption tests except for the ones that need a RSA private key file. - has GnuTLS, no libgcrypt: Arch Linux. - has GnuTLS, has libgcrypt: Arch Linux. The decryption tests pass. (GnuTLS support is useless without gcrypt, but included for completeness.) Change-Id: I727248937331f8788de8ed78248bb33296206096 Reviewed-on: https://code.wireshark.org/review/11052 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
author: Peter Wu <peter@lekensteyn.nl> 2015-10-15 02:00:47 +0200
committer: Peter Wu <peter@lekensteyn.nl> 2015-10-16 09:27:47 +0000
commit: 36079a1eb55768755e4861801e3b651ebf603a52 (patch)
tree: 7ed00077aa0d9c822e3398827eda21e7d6899b0b /epan/dissectors/packet-dtls.c
parent: b92caedf91f7711ad6e7add42957435ddd482eba (diff)
download: wireshark-36079a1eb55768755e4861801e3b651ebf603a52.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 35948d5c66..c07082db61 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -147,7 +147,7 @@ static FILE               *dtls_keylog_file          = NULL;
 static uat_t *dtlsdecrypt_uat      = NULL;
 static const gchar *dtls_keys_list = NULL;
 static ssl_common_options_t dtls_options = { NULL, NULL};
-#ifdef HAVE_LIBGNUTLS
+#ifdef HAVE_LIBGCRYPT
 static const gchar *dtls_debug_file_name = NULL;
 #endif
 
@@ -1611,7 +1611,7 @@ looks_like_dtls(tvbuff_t *tvb, guint32 offset)
 
 /* UAT */
 
-#ifdef HAVE_LIBGNUTLS
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
 static void
 dtlsdecrypt_free_cb(void* r)
 {
@@ -1633,7 +1633,7 @@ dtlsdecrypt_update_cb(void* r _U_, const char** err _U_)
 }
 #endif
 
-#ifdef HAVE_LIBGNUTLS
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
 static void *
 dtlsdecrypt_copy_cb(void* dest, const void* orig, size_t len _U_)
 {
@@ -1867,10 +1867,11 @@ proto_register_dtls(void)
   expert_dtls = expert_register_protocol(proto_dtls);
   expert_register_field_array(expert_dtls, ei, array_length(ei));
 
-#ifdef HAVE_LIBGNUTLS
+#ifdef HAVE_LIBGCRYPT
   {
     module_t *dtls_module = prefs_register_protocol(proto_dtls, proto_reg_handoff_dtls);
 
+#ifdef HAVE_LIBGNUTLS
     static uat_field_t dtlskeylist_uats_flds[] = {
       UAT_FLD_CSTRING_OTHER(sslkeylist_uats, ipaddr, "IP address", ssldecrypt_uat_fld_ip_chk_cb, "IPv4 or IPv6 address"),
       UAT_FLD_CSTRING_OTHER(sslkeylist_uats, port, "Port", ssldecrypt_uat_fld_port_chk_cb, "Port Number"),
@@ -1898,6 +1899,7 @@ proto_register_dtls(void)
                                   "RSA keys list",
                                   "A table of RSA keys for DTLS decryption",
                                   dtlsdecrypt_uat);
+#endif /* HAVE_LIBGNUTLS */
 
     prefs_register_filename_preference(dtls_module, "debug_file", "DTLS debug file",
                                        "redirect dtls debug to file name; leave empty to disable debug, "
author	Peter Wu <peter@lekensteyn.nl>	2015-10-15 02:00:47 +0200
committer	Peter Wu <peter@lekensteyn.nl>	2015-10-16 09:27:47 +0000
commit	36079a1eb55768755e4861801e3b651ebf603a52 (patch)
tree	7ed00077aa0d9c822e3398827eda21e7d6899b0b /epan/dissectors/packet-dtls.c
parent	b92caedf91f7711ad6e7add42957435ddd482eba (diff)
download	wireshark-36079a1eb55768755e4861801e3b651ebf603a52.tar.gz