diff options
author | Peter Wu <peter@lekensteyn.nl> | 2015-10-15 02:00:47 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2015-10-16 09:27:47 +0000 |
commit | 36079a1eb55768755e4861801e3b651ebf603a52 (patch) | |
tree | 7ed00077aa0d9c822e3398827eda21e7d6899b0b /epan/dissectors/packet-ssl-utils.h | |
parent | b92caedf91f7711ad6e7add42957435ddd482eba (diff) | |
download | wireshark-36079a1eb55768755e4861801e3b651ebf603a52.tar.gz |
ssl-utils: allow gcrypt without GnuTLS, improve structure
Fix distinction between HAVE_LIBGNUTLS and HAVE_LIBGCRYPT. If GnuTLS is
unavailable, then the only missing feature is decryption using an RSA
private key file. Regardless of GnuTLS, allow SSL decryption (e.g. using
a SSL key log file or a PSK configured via preferences).
This change has no functional effect when GnuTLS and gcrypt are both
available (or not). Additionally, decryption is possible if only
libgcrypt is available.
Further changes to make ssl-utils more maintainable and documented:
- Group related functions, add markers and documentation. The following
functions are moved (with no further modifications):
- ssl_data_realloc, ssl_data_copy: related to StringInfo.
- ssl_change_cipher, ssl_create_flow: related to the decryption of a
session.
- ssl_decompress_record: related to Record Decompression.
- ssl_lib_init: moved to an arbitrary place.
- ssl_set_server: moved closer to ssl_packet_from_server.
- ssl_is_valid_content_type, ssl_is_valid_handshake_type: move closer
to dissection code.
- ssl_dissect_hnd_hello_ext_status_request,
ssl_dissect_hnd_hello_ext_status_request_v2,
ssl_dissect_hnd_hello_ext_elliptic_curves,
ssl_dissect_hnd_hello_ext_ec_point_formats: move to TLS extensions.
- Remove unused forward declaration of _gcry_rsa_decrypt.
- ssl-packet-utils.h:
- Remove ssl_equal, ssl_hash. These are only used in
packet-ssl-utils.c.
- ssl_private_key_equal, ssl_private_key_hash,
ssl_common_register_options: inline when decryption is not
possible.
- Remove ws_symbol_export.h, enable SSL debug log when libgcrypt is
compiled in (instead of depending on GnuTLS).
- Move/merge stub code when GnuTLS or libgcrypt are not available:
- ssl_find_cipher: move.
- ssl_cipher_setiv: move.
- ssl_generate_pre_master_secret, ssl_generate_keyring_material: move.
Compile-tested all combinations:
- no GnuTLS, no libgcrypt: CentOS 6.
- no GnuTLS, has libgcrypt: CentOS 6. Passes all decryption tests
except for the ones that need a RSA private key file.
- has GnuTLS, no libgcrypt: Arch Linux.
- has GnuTLS, has libgcrypt: Arch Linux. The decryption tests pass.
(GnuTLS support is useless without gcrypt, but included for completeness.)
Change-Id: I727248937331f8788de8ed78248bb33296206096
Reviewed-on: https://code.wireshark.org/review/11052
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index c09a39d4fc..a36b978ae4 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -37,14 +37,11 @@ #ifdef HAVE_LIBGNUTLS #include <gnutls/x509.h> #include <gnutls/pkcs12.h> - -#include "ws_symbol_export.h" - -#define SSL_DECRYPT_DEBUG #endif /* HAVE_LIBGNUTLS */ #ifdef HAVE_LIBGCRYPT #define SSL_CIPHER_CTX gcry_cipher_hd_t +#define SSL_DECRYPT_DEBUG #else /* HAVE_LIBGCRYPT */ #define SSL_CIPHER_CTX void* #endif /* HAVE_LIBGCRYPT */ @@ -529,12 +526,7 @@ ssl_decrypt_record(SslDecryptSession* ssl,SslDecoder* decoder, gint ct, /* Common part bitween SSL and DTLS dissectors */ -/* Hash Functions for TLS/DTLS sessions table and private keys table */ -extern gint -ssl_equal (gconstpointer v, gconstpointer v2); - -extern guint -ssl_hash (gconstpointer v); +/* Hash Functions for RSA private keys table */ extern gboolean ssl_private_key_equal (gconstpointer v, gconstpointer v2); @@ -547,6 +539,7 @@ ssl_private_key_hash (gconstpointer v); extern void ssl_private_key_free(gpointer key); + /* handling of association between tls/dtls ports and clear text protocol */ extern void ssl_association_add(GTree* associations, dissector_handle_t handle, guint port, const gchar *protocol, gboolean tcp, gboolean from_key_list); @@ -601,8 +594,15 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree* extern void ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash); +#ifdef HAVE_LIBGCRYPT extern void ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map); +#else /* ! HAVE_LIBGCRYPT */ +static inline void +ssl_finalize_decryption(SslDecryptSession *ssl _U_, ssl_master_key_map_t *mk_map _U_) +{ +} +#endif /* ! HAVE_LIBGCRYPT */ extern gboolean ssl_is_valid_content_type(guint8 type); |