diff options
33 files changed, 90 insertions, 631 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index bfa36d8d54..08eb05c31b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -790,11 +790,9 @@ if(ENABLE_SMI) endif() # GNU crypto -if(ENABLE_GCRYPT) - set(PACKAGELIST ${PACKAGELIST} GCRYPT) - # Minimum version needed. - set(GCRYPT_OPTIONS "1.4.2") -endif() +set(PACKAGELIST ${PACKAGELIST} GCRYPT) +# Minimum version needed. +set(GCRYPT_OPTIONS "1.4.2" REQUIRED) # GNU SSL/TLS support if(ENABLE_GNUTLS) @@ -1571,15 +1569,13 @@ if(WIN32) "${_dll_output_dir}" ) endif(LIBSSH_FOUND) - if(GCRYPT_FOUND) - foreach( _dll ${GCRYPT_DLLS} ) - add_custom_command(TARGET copy_cli_dlls PRE_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_if_different - "${GCRYPT_DLL_DIR}/${_dll}" - "${_dll_output_dir}" - ) - endforeach(_dll) - endif(GCRYPT_FOUND) + foreach( _dll ${GCRYPT_DLLS} ) + add_custom_command(TARGET copy_cli_dlls PRE_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_if_different + "${GCRYPT_DLL_DIR}/${_dll}" + "${_dll_output_dir}" + ) + endforeach(_dll) if(GNUTLS_FOUND) foreach( _dll ${GNUTLS_DLLS} ) add_custom_command(TARGET copy_cli_dlls PRE_BUILD diff --git a/CMakeOptions.txt b/CMakeOptions.txt index 867c33e544..9e507b3150 100644 --- a/CMakeOptions.txt +++ b/CMakeOptions.txt @@ -68,7 +68,6 @@ option(ENABLE_SNAPPY "Build with Snappy compression support" ON) option(ENABLE_LUA "Build with Lua dissector support" ON) option(ENABLE_SMI "Build with libsmi snmp support" ON) option(ENABLE_GNUTLS "Build with GNU TLS support" ON) -option(ENABLE_GCRYPT "Build with GNU crypto support" ON) option(ENABLE_GEOIP "Build with GeoIP support" ON) if(WIN32) option(ENABLE_WINSPARKLE "Enable WinSparkle support" ON) diff --git a/capinfos.c b/capinfos.c index 572f8afb36..fcdbb1ff9c 100644 --- a/capinfos.c +++ b/capinfos.c @@ -151,7 +151,6 @@ static gboolean cap_packet_size = TRUE; /* Report average packet size */ static gboolean cap_packet_rate = TRUE; /* Report average packet rate */ static gboolean cap_order = TRUE; /* Report if packets are in chronological order (True/False) */ -#ifdef HAVE_LIBGCRYPT static gboolean cap_file_hashes = TRUE; /* Calculate file hashes */ #define HASH_SIZE_SHA1 20 @@ -166,11 +165,6 @@ static gchar file_sha1[HASH_STR_SIZE]; static gchar file_rmd160[HASH_STR_SIZE]; static gchar file_md5[HASH_STR_SIZE]; -#define FILE_HASH_OPT "H" -#else -#define FILE_HASH_OPT "" -#endif /* HAVE_LIBGCRYPT */ - /* * If we have at least two packets with time stamps, and they're not in * order - i.e., the later packet has a time stamp older than the earlier @@ -252,9 +246,7 @@ enable_all_infos(void) cap_packet_size = TRUE; cap_packet_rate = TRUE; -#ifdef HAVE_LIBGCRYPT cap_file_hashes = TRUE; -#endif /* HAVE_LIBGCRYPT */ } static void @@ -282,9 +274,7 @@ disable_all_infos(void) cap_packet_size = FALSE; cap_packet_rate = FALSE; -#ifdef HAVE_LIBGCRYPT cap_file_hashes = FALSE; -#endif /* HAVE_LIBGCRYPT */ } static const gchar * @@ -701,13 +691,11 @@ print_stats(const gchar *filename, capture_info *cf_info) } } } -#ifdef HAVE_LIBGCRYPT if (cap_file_hashes) { printf ("SHA1: %s\n", file_sha1); printf ("RIPEMD160: %s\n", file_rmd160); printf ("MD5: %s\n", file_md5); } -#endif /* HAVE_LIBGCRYPT */ if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order)); if (cf_info->shb != NULL) { @@ -791,13 +779,11 @@ print_stats_table_header(void) if (cap_data_rate_bit) print_stats_table_header_label("Data bit rate (bits/sec)"); if (cap_packet_size) print_stats_table_header_label("Average packet size (bytes)"); if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)"); -#ifdef HAVE_LIBGCRYPT if (cap_file_hashes) { print_stats_table_header_label("SHA1"); print_stats_table_header_label("RIPEMD160"); print_stats_table_header_label("MD5"); } -#endif /* HAVE_LIBGCRYPT */ if (cap_order) print_stats_table_header_label("Strict time order"); if (cap_comment) print_stats_table_header_label("Capture comment"); if (cap_file_more_info) { @@ -959,7 +945,6 @@ print_stats_table(const gchar *filename, capture_info *cf_info) putquote(); } -#ifdef HAVE_LIBGCRYPT if (cap_file_hashes) { putsep(); putquote(); @@ -976,7 +961,6 @@ print_stats_table(const gchar *filename, capture_info *cf_info) printf("%s", file_md5); putquote(); } -#endif /* HAVE_LIBGCRYPT */ if (cap_order) { putsep(); @@ -1320,9 +1304,7 @@ print_usage(FILE *output) fprintf(output, " -E display the capture file encapsulation\n"); fprintf(output, " -I display the capture file interface information\n"); fprintf(output, " -F display additional capture file information\n"); -#ifdef HAVE_LIBGCRYPT fprintf(output, " -H display the SHA1, RMD160, and MD5 hashes of the file\n"); -#endif fprintf(output, " -k display the capture comment\n"); fprintf(output, "\n"); fprintf(output, "Size infos:\n"); @@ -1371,9 +1353,7 @@ print_usage(FILE *output) fprintf(output, "\n"); fprintf(output, "If no options are given the default is to display all infos in long report\n"); fprintf(output, "output format.\n"); -#ifndef HAVE_LIBGCRYPT fprintf(output, "\nFile hashing support (-H) is not present.\n"); -#endif } #ifdef HAVE_PLUGINS @@ -1389,7 +1369,6 @@ failure_message(const char *msg_format, va_list ap) } #endif -#ifdef HAVE_LIBGCRYPT static void hash_to_str(const unsigned char *hash, size_t length, char *str) { int i; @@ -1398,7 +1377,6 @@ hash_to_str(const unsigned char *hash, size_t length, char *str) { g_snprintf(str+(i*2), 3, "%02x", hash[i]); } } -#endif /* HAVE_LIBGCRYPT */ int main(int argc, char *argv[]) @@ -1418,12 +1396,10 @@ main(int argc, char *argv[]) }; int status = 0; -#ifdef HAVE_LIBGCRYPT FILE *fh; char *hash_buf = NULL; gcry_md_hd_t hd = NULL; size_t hash_bytes; -#endif /* Set the C-language locale to the native environment. */ setlocale(LC_ALL, ""); @@ -1487,8 +1463,7 @@ main(int argc, char *argv[]) #endif /* Process the options */ - /* FILE_HASH_OPT will be "H" if libgcrypt is compiled in, so don't use "H" */ - while ((opt = getopt_long(argc, argv, "abcdehiklmoqrstuvxyzABCEF" FILE_HASH_OPT "ILMNQRST", long_options, NULL)) !=-1) { + while ((opt = getopt_long(argc, argv, "abcdehiklmoqrstuvxyzABCEFHILMNQRST", long_options, NULL)) !=-1) { switch (opt) { @@ -1561,12 +1536,10 @@ main(int argc, char *argv[]) cap_packet_rate = TRUE; break; -#ifdef HAVE_LIBGCRYPT case 'H': if (report_all_infos) disable_all_infos(); cap_file_hashes = TRUE; break; -#endif case 'o': if (report_all_infos) disable_all_infos(); @@ -1674,7 +1647,6 @@ main(int argc, char *argv[]) print_stats_table_header(); } -#ifdef HAVE_LIBGCRYPT if (cap_file_hashes) { gcry_check_version(NULL); gcry_md_open(&hd, GCRY_MD_SHA1, 0); @@ -1684,13 +1656,11 @@ main(int argc, char *argv[]) } hash_buf = (char *)g_malloc(HASH_BUF_SIZE); } -#endif overall_error_status = 0; for (opt = optind; opt < argc; opt++) { -#ifdef HAVE_LIBGCRYPT g_strlcpy(file_sha1, "<unknown>", HASH_STR_SIZE); g_strlcpy(file_rmd160, "<unknown>", HASH_STR_SIZE); g_strlcpy(file_md5, "<unknown>", HASH_STR_SIZE); @@ -1709,7 +1679,6 @@ main(int argc, char *argv[]) if (fh) fclose(fh); if (hd) gcry_md_reset(hd); } -#endif /* HAVE_LIBGCRYPT */ wth = wtap_open_offline(argv[opt], WTAP_TYPE_AUTO, &err, &err_info, FALSE); @@ -1739,9 +1708,7 @@ main(int argc, char *argv[]) } exit: -#ifdef HAVE_LIBGCRYPT g_free(hash_buf); -#endif return overall_error_status; } diff --git a/cmakeconfig.h.in b/cmakeconfig.h.in index a91414db7f..2ee3933369 100644 --- a/cmakeconfig.h.in +++ b/cmakeconfig.h.in @@ -130,9 +130,6 @@ /* Define to use the libcap library */ #cmakedefine HAVE_LIBCAP 1 -/* Define to use libgcrypt */ -#cmakedefine HAVE_LIBGCRYPT 1 - /* Define to use GnuTLS library */ #cmakedefine HAVE_LIBGNUTLS 1 diff --git a/configure.ac b/configure.ac index 95d3b6808f..a984955523 100644 --- a/configure.ac +++ b/configure.ac @@ -302,35 +302,10 @@ if test "x$with_gnutls" = "xyes"; then fi fi -# libgrypt -gcrypt_message="no" -want_gcrypt="if_available" -AC_ARG_WITH([gcrypt], - AC_HELP_STRING( [--with-gcrypt=@<:@yes/no@:>@], - [use gcrypt library @<:@default=yes, if available@:>@]), - [ with_gcrypt="$withval"; want_gcrypt="yes" ], with_gcrypt="yes") - -if test "x$with_gcrypt" = "xyes"; then - AM_PATH_LIBGCRYPT(1.4.2, - [ - AC_DEFINE(HAVE_LIBGCRYPT, 1, [Define to use libgcrypt]) - gcrypt_message="yes" - ] - , [ - if test x$libgcrypt_config_prefix != x ; then - AC_MSG_ERROR([[libgcrypt not found; install libgcrypt-devel package for your system]]) - else - AS_ECHO(["libgcrypt not found, disabling decryption for ipsec, ssl, etc."]) - gcrypt_message="no" - fi - - # Error out if the user explicitly requested gcrypt - if test "x$want_gcrypt" = "xyes"; then - AC_MSG_ERROR([libgcrypt library was requested, but is not available]) - fi - ] - ) -fi +# libgrypt (for decryption, MAC, etc. functionality). +AM_PATH_LIBGCRYPT(1.4.2, [ ] , [ + AC_MSG_ERROR([[libgcrypt not found; install libgcrypt-devel package for your system]]) +]) AC_ARG_WITH(libnl, AC_HELP_STRING([--with-libnl@<:@=VERSION@:>@], @@ -3203,7 +3178,7 @@ echo " Use zlib library : $zlib_message" echo " Use kerberos library : $krb5_message" echo " Use c-ares library : $c_ares_message" echo " Use SMI MIB library : $libsmi_message" -echo " Use GNU gcrypt library : $gcrypt_message" +echo " Use GNU gcrypt library : yes" echo " Use SSL crypto library : $ssl_message" echo " Use GnuTLS library : $tls_message" echo " Use POSIX capabilities library : $libcap_message" diff --git a/doc/README.developer b/doc/README.developer index 774e41e973..1525ba1aca 100644 --- a/doc/README.developer +++ b/doc/README.developer @@ -399,10 +399,9 @@ platform-dependent implementations and platform-independent APIs, such as the routines in epan/filesystem.c, allowing the code that calls it to be written portably without #ifdefs. -Wireshark uses libgcrypt as general-purpose crypto library. To use it from -your dissector, protect libgcrypt calls with #ifdef HAVE_LIBGCRYPT. Don't -include gcrypt.h directly, include the wrapper file wsutil/wsgcrypt.h -instead. +Wireshark uses Libgcrypt as general-purpose crypto library. To use it from +your dissector, do not include gcrypt.h directly, but use the wrapper file +wsutil/wsgcrypt.h instead. 2. String handling diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc index b53008ef9b..a247917dcf 100644 --- a/docbook/release-notes.asciidoc +++ b/docbook/release-notes.asciidoc @@ -100,6 +100,7 @@ _Non-empty section placeholder._ //=== Major API Changes IEEE802.11: wlan_mgt display filter element got renamed to wlan. +Libgcrypt is now a required dependency. == Getting Wireshark diff --git a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc index 24b9658831..dbfaa1c833 100644 --- a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc +++ b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc @@ -270,10 +270,11 @@ https://anonsvn.wireshark.org/wireshark-win32-libs/trunk/packages/[]. [[ChLibsGcrypt]] -=== Gcrypt (optional) +=== Gcrypt -The Gcrypt Library is a low-level encryption library that provides -support for many ciphers, such as DES, 3DES, AES, Blowfish, and others.. +The Gcrypt Library is a low-level cryptographic library that provides +support for many ciphers and message authentication codes, such as DES, 3DES, +AES, Blowfish, SHA-1, SHA-256, and others. [[ChLibsUnixGcrypt]] diff --git a/epan/dissectors/asn1/c1222/c1222.cnf b/epan/dissectors/asn1/c1222/c1222.cnf index d3d4fb8da5..07c2af8e73 100644 --- a/epan/dissectors/asn1/c1222/c1222.cnf +++ b/epan/dissectors/asn1/c1222/c1222.cnf @@ -97,9 +97,7 @@ AE-qualifier TYPE=FT_UINT32 FILL_TABLE(iv_element); #.FN_BODY MESSAGE -/**/#ifdef HAVE_LIBGCRYPT clear_canon(); -/**/#endif %(DEFAULT_BODY)s #.END diff --git a/epan/dissectors/asn1/c1222/packet-c1222-template.c b/epan/dissectors/asn1/c1222/packet-c1222-template.c index 7fdea6f5b1..cb9174824d 100644 --- a/epan/dissectors/asn1/c1222/packet-c1222-template.c +++ b/epan/dissectors/asn1/c1222/packet-c1222-template.c @@ -146,7 +146,6 @@ static int ett_c1222_flags = -1; static int ett_c1222_crypto = -1; static int ett_c1222_cmd = -1; -#ifdef HAVE_LIBGCRYPT /* these pointers are for the header elements that may be needed to verify the crypto */ static guint8 *aSO_context = NULL; static guint8 *called_AP_title = NULL; @@ -172,18 +171,13 @@ static guint32 user_information_len = 0; static guint32 calling_AP_title_len = 0; static guint32 key_id_element_len = 0; static guint32 iv_element_len = 0; -#endif /* HAVE_LIBGCRYPT */ #include "packet-c1222-ett.c" static expert_field ei_c1222_command_truncated = EI_INIT; static expert_field ei_c1222_bad_checksum = EI_INIT; static expert_field ei_c1222_epsem_missing = EI_INIT; -#ifdef HAVE_LIBGCRYPT static expert_field ei_c1222_epsem_failed_authentication = EI_INIT; -#else -static expert_field ei_c1222_epsem_not_authenticated = EI_INIT; -#endif static expert_field ei_c1222_epsem_not_decryped = EI_INIT; static expert_field ei_c1222_ed_class_missing = EI_INIT; static expert_field ei_c1222_epsem_ber_length_error = EI_INIT; @@ -192,9 +186,7 @@ static expert_field ei_c1222_mac_missing = EI_INIT; /* Preferences */ static gboolean c1222_desegment = TRUE; -#ifdef HAVE_LIBGCRYPT static gboolean c1222_decrypt = TRUE; -#endif static const gchar *c1222_baseoid_str = NULL; static guint8 *c1222_baseoid = NULL; static guint c1222_baseoid_len = 0; @@ -283,7 +275,6 @@ static const value_string commandnames[] = { { 0, NULL } }; -#ifdef HAVE_LIBGCRYPT /* these are for the key tables */ typedef struct _c1222_uat_data { guint keynum; @@ -326,12 +317,6 @@ static uat_t *c1222_uat; fieldname##_len = length; \ break; \ } -#else /* HAVE_LIBGCRYPT */ -#define FILL_TABLE(fieldname) -#define FILL_TABLE_TRUNCATE(fieldname, len) -#define FILL_TABLE_APTITLE(fieldname) -#define FILL_START -#endif /* HAVE_LIBGCRYPT */ /*------------------------------ * Function Prototypes @@ -629,7 +614,6 @@ parse_c1222_detailed(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int cm } } -#ifdef HAVE_LIBGCRYPT typedef struct tagTOP_ELEMENT_CONTROL { /* TRUE if this tag is required */ @@ -850,7 +834,6 @@ decrypt_packet(guchar *buffer, guint32 length, gboolean decrypt) } return status; } -#endif /* HAVE_LIBGCRYPT */ /** * Checks to make sure that a complete, valid BER-encoded length is in the buffer. @@ -914,9 +897,7 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ gint len2; int cmd_err; gboolean ind; -#ifdef HAVE_LIBGCRYPT guchar *buffer; -#endif tvbuff_t *epsem_buffer = NULL; gboolean crypto_good = FALSE; gboolean crypto_bad = FALSE; @@ -939,7 +920,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ if (len2 <= 0) return offset; encrypted = TRUE; -#ifdef HAVE_LIBGCRYPT if (c1222_decrypt) { buffer = (guchar *)tvb_memdup(pinfo->pool, tvb, offset, len2); if (!decrypt_packet(buffer, len2, TRUE)) { @@ -952,7 +932,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ encrypted = FALSE; } } -#endif break; case EAX_MODE_CLEARTEXT_AUTH: /* mode is cleartext with authentication */ @@ -961,7 +940,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ if (len2 <= 0) return offset; epsem_buffer = tvb_new_subset_remaining(tvb, offset); -#ifdef HAVE_LIBGCRYPT buffer = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, len2); if (c1222_decrypt) { if (!decrypt_packet(buffer, len2, FALSE)) { @@ -971,9 +949,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ crypto_good = TRUE; } } -#else /* HAVE_LIBGCRYPT */ - expert_add_info(pinfo, tree, &ei_c1222_epsem_not_authenticated); -#endif /* HAVE_LIBGCRYPT */ break; default: /* it's not encrypted */ @@ -1341,11 +1316,7 @@ void proto_register_c1222(void) { { &ei_c1222_command_truncated, { "c1222.command_truncated", PI_MALFORMED, PI_ERROR, "C12.22 command truncated", EXPFILL }}, { &ei_c1222_bad_checksum, { "c1222.bad_checksum", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }}, { &ei_c1222_epsem_missing, { "c1222.epsem.missing", PI_MALFORMED, PI_ERROR, "C12.22 EPSEM missing", EXPFILL }}, -#ifdef HAVE_LIBGCRYPT { &ei_c1222_epsem_failed_authentication, { "c1222.epsem.failed_authentication", PI_SECURITY, PI_ERROR, "C12.22 EPSEM failed authentication", EXPFILL }}, -#else - { &ei_c1222_epsem_not_authenticated, { "c1222.epsem.not_authenticated", PI_SECURITY, PI_WARN, "C12.22 EPSEM could not be authenticated", EXPFILL }}, -#endif { &ei_c1222_epsem_not_decryped, { "c1222.epsem.not_decryped", PI_UNDECODED, PI_WARN, "C12.22 EPSEM could not be decrypted", EXPFILL }}, { &ei_c1222_ed_class_missing, { "c1222.ed_class_missing", PI_SECURITY, PI_ERROR, "C12.22 ED Class missing", EXPFILL }}, { &ei_c1222_epsem_ber_length_error, { "c1222.epsem.ber_length_error", PI_MALFORMED, PI_ERROR, "C12.22 EPSEM BER length error", EXPFILL }}, @@ -1356,13 +1327,11 @@ void proto_register_c1222(void) { expert_module_t* expert_c1222; module_t *c1222_module; -#ifdef HAVE_LIBGCRYPT static uat_field_t c1222_uat_flds[] = { UAT_FLD_HEX(c1222_users,keynum,"Key ID","Key identifier in hexadecimal"), UAT_FLD_BUFFER(c1222_users, key, "Key", "Encryption key as 16-byte hex string"), UAT_END_FIELDS }; -#endif /* HAVE_LIBGCRYPT */ /* Register protocol */ proto_c1222 = proto_register_protocol(PNAME, PSNAME, PFNAME); @@ -1379,7 +1348,6 @@ void proto_register_c1222(void) { prefs_register_string_preference(c1222_module, "baseoid", "Base OID to use for relative OIDs", "Base object identifier for use in resolving relative object identifiers", &c1222_baseoid_str); -#ifdef HAVE_LIBGCRYPT prefs_register_bool_preference(c1222_module, "decrypt", "Verify crypto for all applicable C12.22 messages", "Whether the C12.22 dissector should verify the crypto for all relevant messages", @@ -1405,7 +1373,6 @@ void proto_register_c1222(void) { "Decryption Table", "Table of security parameters for decryption of C12.22 packets", c1222_uat); -#endif /* HAVE_LIBGCRYPT */ } /*--- proto_reg_handoff_c1222 ---------------------------------------*/ diff --git a/epan/dissectors/asn1/pkcs12/packet-pkcs12-template.c b/epan/dissectors/asn1/pkcs12/packet-pkcs12-template.c index bff6cee915..cce82d553b 100644 --- a/epan/dissectors/asn1/pkcs12/packet-pkcs12-template.c +++ b/epan/dissectors/asn1/pkcs12/packet-pkcs12-template.c @@ -85,8 +85,6 @@ static void append_oid(proto_tree *tree, const char *oid) proto_item_append_text(tree, " (%s)", name ? name : oid); } -#ifdef HAVE_LIBGCRYPT - static int generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter, const char *pw, unsigned int req_keylen, char * keybuf) @@ -209,8 +207,6 @@ generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter, } } -#endif - void PBE_reset_parameters(void) { iteration_count = 0; @@ -219,7 +215,6 @@ void PBE_reset_parameters(void) int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encrypted_tvb _U_, packet_info *pinfo _U_, asn1_ctx_t *actx _U_, proto_item *item _U_) { -#ifdef HAVE_LIBGCRYPT const char *encryption_algorithm; gcry_cipher_hd_t cipher; gcry_error_t err; @@ -373,11 +368,6 @@ int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encry call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree, NULL); return TRUE; -#else - /* we cannot decrypt */ - return FALSE; - -#endif } #include "packet-pkcs12-fn.c" diff --git a/epan/dissectors/asn1/snmp/packet-snmp-template.c b/epan/dissectors/asn1/snmp/packet-snmp-template.c index 13719286a4..3665a761fd 100644 --- a/epan/dissectors/asn1/snmp/packet-snmp-template.c +++ b/epan/dissectors/asn1/snmp/packet-snmp-template.c @@ -1649,9 +1649,8 @@ snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_a } static tvbuff_t* -snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error _U_) +snmp_usm_priv_des(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT gcry_error_t err; gcry_cipher_hd_t hd = NULL; @@ -1716,13 +1715,8 @@ on_gcry_error: *error = (const gchar *)gpg_strerror(err); if (hd) gcry_cipher_close(hd); return NULL; -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } -#ifdef HAVE_LIBGCRYPT static tvbuff_t* snmp_usm_priv_aes_common(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error, int algo) { @@ -1787,39 +1781,23 @@ on_gcry_error: if (hd) gcry_cipher_close(hd); return NULL; } -#endif static tvbuff_t* -snmp_usm_priv_aes128(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error) +snmp_usm_priv_aes128(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT return snmp_usm_priv_aes_common(p, encryptedData, pinfo, error, GCRY_CIPHER_AES); -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } static tvbuff_t* -snmp_usm_priv_aes192(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error) +snmp_usm_priv_aes192(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT return snmp_usm_priv_aes_common(p, encryptedData, pinfo, error, GCRY_CIPHER_AES192); -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } static tvbuff_t* -snmp_usm_priv_aes256(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error) +snmp_usm_priv_aes256(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT return snmp_usm_priv_aes_common(p, encryptedData, pinfo, error, GCRY_CIPHER_AES256); -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } static gboolean diff --git a/epan/dissectors/packet-c1222.c b/epan/dissectors/packet-c1222.c index 98c8163573..a696c45a33 100644 --- a/epan/dissectors/packet-c1222.c +++ b/epan/dissectors/packet-c1222.c @@ -184,7 +184,6 @@ static int ett_c1222_flags = -1; static int ett_c1222_crypto = -1; static int ett_c1222_cmd = -1; -#ifdef HAVE_LIBGCRYPT /* these pointers are for the header elements that may be needed to verify the crypto */ static guint8 *aSO_context = NULL; static guint8 *called_AP_title = NULL; @@ -210,7 +209,6 @@ static guint32 user_information_len = 0; static guint32 calling_AP_title_len = 0; static guint32 key_id_element_len = 0; static guint32 iv_element_len = 0; -#endif /* HAVE_LIBGCRYPT */ /*--- Included file: packet-c1222-ett.c ---*/ @@ -225,16 +223,12 @@ static gint ett_c1222_Calling_authentication_value_c1222_U = -1; static gint ett_c1222_Calling_authentication_value_c1221_U = -1; /*--- End of included file: packet-c1222-ett.c ---*/ -#line 178 "./asn1/c1222/packet-c1222-template.c" +#line 176 "./asn1/c1222/packet-c1222-template.c" static expert_field ei_c1222_command_truncated = EI_INIT; static expert_field ei_c1222_bad_checksum = EI_INIT; static expert_field ei_c1222_epsem_missing = EI_INIT; -#ifdef HAVE_LIBGCRYPT static expert_field ei_c1222_epsem_failed_authentication = EI_INIT; -#else -static expert_field ei_c1222_epsem_not_authenticated = EI_INIT; -#endif static expert_field ei_c1222_epsem_not_decryped = EI_INIT; static expert_field ei_c1222_ed_class_missing = EI_INIT; static expert_field ei_c1222_epsem_ber_length_error = EI_INIT; @@ -243,9 +237,7 @@ static expert_field ei_c1222_mac_missing = EI_INIT; /* Preferences */ static gboolean c1222_desegment = TRUE; -#ifdef HAVE_LIBGCRYPT static gboolean c1222_decrypt = TRUE; -#endif static const gchar *c1222_baseoid_str = NULL; static guint8 *c1222_baseoid = NULL; static guint c1222_baseoid_len = 0; @@ -334,7 +326,6 @@ static const value_string commandnames[] = { { 0, NULL } }; -#ifdef HAVE_LIBGCRYPT /* these are for the key tables */ typedef struct _c1222_uat_data { guint keynum; @@ -377,12 +368,6 @@ static uat_t *c1222_uat; fieldname##_len = length; \ break; \ } -#else /* HAVE_LIBGCRYPT */ -#define FILL_TABLE(fieldname) -#define FILL_TABLE_TRUNCATE(fieldname, len) -#define FILL_TABLE_APTITLE(fieldname) -#define FILL_START -#endif /* HAVE_LIBGCRYPT */ /*------------------------------ * Function Prototypes @@ -680,7 +665,6 @@ parse_c1222_detailed(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int cm } } -#ifdef HAVE_LIBGCRYPT typedef struct tagTOP_ELEMENT_CONTROL { /* TRUE if this tag is required */ @@ -901,7 +885,6 @@ decrypt_packet(guchar *buffer, guint32 length, gboolean decrypt) } return status; } -#endif /* HAVE_LIBGCRYPT */ /** * Checks to make sure that a complete, valid BER-encoded length is in the buffer. @@ -965,9 +948,7 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ gint len2; int cmd_err; gboolean ind; -#ifdef HAVE_LIBGCRYPT guchar *buffer; -#endif tvbuff_t *epsem_buffer = NULL; gboolean crypto_good = FALSE; gboolean crypto_bad = FALSE; @@ -990,7 +971,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ if (len2 <= 0) return offset; encrypted = TRUE; -#ifdef HAVE_LIBGCRYPT if (c1222_decrypt) { buffer = (guchar *)tvb_memdup(pinfo->pool, tvb, offset, len2); if (!decrypt_packet(buffer, len2, TRUE)) { @@ -1003,7 +983,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ encrypted = FALSE; } } -#endif break; case EAX_MODE_CLEARTEXT_AUTH: /* mode is cleartext with authentication */ @@ -1012,7 +991,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ if (len2 <= 0) return offset; epsem_buffer = tvb_new_subset_remaining(tvb, offset); -#ifdef HAVE_LIBGCRYPT buffer = (guchar *)tvb_memdup(wmem_packet_scope(), tvb, offset, len2); if (c1222_decrypt) { if (!decrypt_packet(buffer, len2, FALSE)) { @@ -1022,9 +1000,6 @@ dissect_epsem(tvbuff_t *tvb, int offset, guint32 len, packet_info *pinfo, proto_ crypto_good = TRUE; } } -#else /* HAVE_LIBGCRYPT */ - expert_add_info(pinfo, tree, &ei_c1222_epsem_not_authenticated); -#endif /* HAVE_LIBGCRYPT */ break; default: /* it's not encrypted */ @@ -1536,9 +1511,7 @@ dissect_c1222_MESSAGE_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_c1222_MESSAGE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { #line 100 "./asn1/c1222/c1222.cnf" -/**/#ifdef HAVE_LIBGCRYPT clear_canon(); -/**/#endif offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, hf_index, BER_CLASS_APP, 0, TRUE, dissect_c1222_MESSAGE_U); @@ -1559,7 +1532,7 @@ static int dissect_MESSAGE_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_ /*--- End of included file: packet-c1222-fn.c ---*/ -#line 1041 "./asn1/c1222/packet-c1222-template.c" +#line 1016 "./asn1/c1222/packet-c1222-template.c" /** * Dissects a a full (reassembled) C12.22 message. @@ -1951,7 +1924,7 @@ void proto_register_c1222(void) { "OCTET_STRING_SIZE_CONSTR002", HFILL }}, /*--- End of included file: packet-c1222-hfarr.c ---*/ -#line 1328 "./asn1/c1222/packet-c1222-template.c" +#line 1303 "./asn1/c1222/packet-c1222-template.c" }; /* List of subtrees */ @@ -1974,18 +1947,14 @@ void proto_register_c1222(void) { &ett_c1222_Calling_authentication_value_c1221_U, /*--- End of included file: packet-c1222-ettarr.c ---*/ -#line 1338 "./asn1/c1222/packet-c1222-template.c" +#line 1313 "./asn1/c1222/packet-c1222-template.c" }; static ei_register_info ei[] = { { &ei_c1222_command_truncated, { "c1222.command_truncated", PI_MALFORMED, PI_ERROR, "C12.22 command truncated", EXPFILL }}, { &ei_c1222_bad_checksum, { "c1222.bad_checksum", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }}, { &ei_c1222_epsem_missing, { "c1222.epsem.missing", PI_MALFORMED, PI_ERROR, "C12.22 EPSEM missing", EXPFILL }}, -#ifdef HAVE_LIBGCRYPT { &ei_c1222_epsem_failed_authentication, { "c1222.epsem.failed_authentication", PI_SECURITY, PI_ERROR, "C12.22 EPSEM failed authentication", EXPFILL }}, -#else - { &ei_c1222_epsem_not_authenticated, { "c1222.epsem.not_authenticated", PI_SECURITY, PI_WARN, "C12.22 EPSEM could not be authenticated", EXPFILL }}, -#endif { &ei_c1222_epsem_not_decryped, { "c1222.epsem.not_decryped", PI_UNDECODED, PI_WARN, "C12.22 EPSEM could not be decrypted", EXPFILL }}, { &ei_c1222_ed_class_missing, { "c1222.ed_class_missing", PI_SECURITY, PI_ERROR, "C12.22 ED Class missing", EXPFILL }}, { &ei_c1222_epsem_ber_length_error, { "c1222.epsem.ber_length_error", PI_MALFORMED, PI_ERROR, "C12.22 EPSEM BER length error", EXPFILL }}, @@ -1996,13 +1965,11 @@ void proto_register_c1222(void) { expert_module_t* expert_c1222; module_t *c1222_module; -#ifdef HAVE_LIBGCRYPT static uat_field_t c1222_uat_flds[] = { UAT_FLD_HEX(c1222_users,keynum,"Key ID","Key identifier in hexadecimal"), UAT_FLD_BUFFER(c1222_users, key, "Key", "Encryption key as 16-byte hex string"), UAT_END_FIELDS }; -#endif /* HAVE_LIBGCRYPT */ /* Register protocol */ proto_c1222 = proto_register_protocol(PNAME, PSNAME, PFNAME); @@ -2019,7 +1986,6 @@ void proto_register_c1222(void) { prefs_register_string_preference(c1222_module, "baseoid", "Base OID to use for relative OIDs", "Base object identifier for use in resolving relative object identifiers", &c1222_baseoid_str); -#ifdef HAVE_LIBGCRYPT prefs_register_bool_preference(c1222_module, "decrypt", "Verify crypto for all applicable C12.22 messages", "Whether the C12.22 dissector should verify the crypto for all relevant messages", @@ -2045,7 +2011,6 @@ void proto_register_c1222(void) { "Decryption Table", "Table of security parameters for decryption of C12.22 packets", c1222_uat); -#endif /* HAVE_LIBGCRYPT */ } /*--- proto_reg_handoff_c1222 ---------------------------------------*/ diff --git a/epan/dissectors/packet-dof.c b/epan/dissectors/packet-dof.c index 12def11191..dda9d743ee 100644 --- a/epan/dissectors/packet-dof.c +++ b/epan/dissectors/packet-dof.c @@ -193,12 +193,10 @@ #include <stdio.h> #include <glib.h> -#ifdef HAVE_LIBGCRYPT #include <wsutil/wsgcrypt.h> -#if (defined GCRYPT_VERSION_NUMBER) && (GCRYPT_VERSION_NUMBER >= 0x010600) +#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */ #define LIBGCRYPT_OK #endif -#endif #include <epan/packet.h> #include <epan/proto.h> diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 0a1be9aaac..ce56201c6f 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -168,9 +168,7 @@ static FILE *dtls_keylog_file = NULL; static uat_t *dtlsdecrypt_uat = NULL; static const gchar *dtls_keys_list = NULL; static ssl_common_options_t dtls_options = { NULL, NULL}; -#ifdef HAVE_LIBGCRYPT static const gchar *dtls_debug_file_name = NULL; -#endif static heur_dissector_list_t heur_subdissector_list; @@ -275,7 +273,7 @@ dtls_parse_uat(void) dissector_add_for_decode_as("udp.port", dtls_handle); } -#if defined(HAVE_LIBGCRYPT) && defined(HAVE_LIBGNUTLS) +#if defined(HAVE_LIBGNUTLS) static void dtls_reset_uat(void) { @@ -1560,7 +1558,7 @@ looks_like_dtls(tvbuff_t *tvb, guint32 offset) /* UAT */ -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) static void dtlsdecrypt_free_cb(void* r) { @@ -1582,7 +1580,7 @@ dtlsdecrypt_update_cb(void* r _U_, const char** err _U_) } #endif -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) static void * dtlsdecrypt_copy_cb(void* dest, const void* orig, size_t len _U_) { @@ -1891,7 +1889,6 @@ proto_register_dtls(void) expert_dtls = expert_register_protocol(proto_dtls); expert_register_field_array(expert_dtls, ei, array_length(ei)); -#ifdef HAVE_LIBGCRYPT { module_t *dtls_module = prefs_register_protocol(proto_dtls, proto_reg_handoff_dtls); @@ -1937,7 +1934,6 @@ proto_register_dtls(void) &dtls_keys_list); ssl_common_register_options(dtls_module, &dtls_options); } -#endif dtls_handle = register_dissector("dtls", dissect_dtls, proto_dtls); diff --git a/epan/dissectors/packet-dvbci.c b/epan/dissectors/packet-dvbci.c index 6940ad331f..1207c312ab 100644 --- a/epan/dissectors/packet-dvbci.c +++ b/epan/dissectors/packet-dvbci.c @@ -2356,7 +2356,6 @@ dissect_cc_data_payload(guint32 tag, tvbuff_t *tvb, gint offset, } -#ifdef HAVE_LIBGCRYPT /* convert a 0-terminated preference key_string that contains a hex number * into its binary representation * e.g. key_string "abcd" will be converted into two bytes 0xab, 0xcd @@ -2435,23 +2434,6 @@ end: return clear_tvb; } -#else -/* HAVE_LIBGCRYPT is not set */ -static gint -pref_key_string_to_bin(const gchar *key_string _U_, unsigned char **key_bin _U_) -{ - return 0; -} - -static tvbuff_t * -decrypt_sac_msg_body(packet_info *pinfo _U_, guint8 enc_cip _U_, - tvbuff_t *encrypted_tvb _U_, gint offset _U_, gint len _U_) -{ - return NULL; -} - -#endif - /* dissect a text string that is encoded according to DVB-SI (EN 300 468) */ static void diff --git a/epan/dissectors/packet-ieee802154.c b/epan/dissectors/packet-ieee802154.c index 7cd95e0fbb..154c01dc3c 100644 --- a/epan/dissectors/packet-ieee802154.c +++ b/epan/dissectors/packet-ieee802154.c @@ -3160,7 +3160,6 @@ ccm_init_block(gchar *block, gboolean adata, gint M, guint64 addr, ieee802154_pa *@param length Length of the buffer. *@return TRUE on SUCCESS, FALSE on error. */ -#ifdef HAVE_LIBGCRYPT static gboolean ccm_ctr_encrypt(const gchar *key, const gchar *iv, gchar *mic, gchar *data, gint length) { @@ -3196,13 +3195,6 @@ ccm_ctr_encrypt(const gchar *key, const gchar *iv, gchar *mic, gchar *data, gint gcry_cipher_close(cipher_hd); return TRUE; } /* ccm_ctr_encrypt */ -#else -static gboolean -ccm_ctr_encrypt(const gchar *key _U_, const gchar *iv _U_, gchar *mic _U_, gchar *data _U_, gint length _U_) -{ - return FALSE; -} -#endif /* HAVE_LIBGCRYPT */ /** *Generate a CBC-MAC of the decrypted payload and additional authentication headers. @@ -3215,7 +3207,6 @@ ccm_ctr_encrypt(const gchar *key _U_, const gchar *iv _U_, gchar *mic _U_, gchar *@param mic Output for CBC-MAC. *@return TRUE on SUCCESS, FALSE on error. */ -#ifdef HAVE_LIBGCRYPT static gboolean ccm_cbc_mac(const gchar *key, const gchar *iv, const gchar *a, gint a_len, const gchar *m, gint m_len, gchar *mic) { @@ -3313,14 +3304,6 @@ ccm_cbc_mac(const gchar *key, const gchar *iv, const gchar *a, gint a_len, const gcry_cipher_close(cipher_hd); return TRUE; } /* ccm_cbc_mac */ -#else -static gboolean -ccm_cbc_mac(const gchar *key _U_, const gchar *iv _U_, - const gchar *a _U_, gint a_len _U_, const gchar *m _U_, gint m_len _U_, gchar *mic _U_) -{ - return FALSE; -} -#endif /* HAVE_LIBGCRYPT */ /* Key hash function. */ guint ieee802154_short_addr_hash(gconstpointer key) diff --git a/epan/dissectors/packet-ipsec.c b/epan/dissectors/packet-ipsec.c index 3d72158857..24be677afb 100644 --- a/epan/dissectors/packet-ipsec.c +++ b/epan/dissectors/packet-ipsec.c @@ -81,12 +81,9 @@ ADD: Additional generic (non-checked) ICV length of 128, 192 and 256. #include <epan/decode_as.h> #include <epan/capture_dissectors.h> -/* If you want to be able to decrypt or Check Authentication of ESP packets you MUST define this : */ -#ifdef HAVE_LIBGCRYPT #include <stdio.h> #include <epan/uat.h> #include <wsutil/wsgcrypt.h> -#endif /* HAVE_LIBGCRYPT */ #include "packet-ipsec.h" #include "packet-ipv6.h" @@ -133,7 +130,6 @@ static dissector_handle_t data_handle; static dissector_table_t ip_dissector_table; -#ifdef HAVE_LIBGCRYPT /* Encryption algorithms defined in RFC 4305 */ #define IPSEC_ENCRYPT_NULL 0 #define IPSEC_ENCRYPT_3DES_CBC 1 @@ -176,7 +172,6 @@ static dissector_table_t ip_dissector_table; /* the maximum number of bytes (10)(including the terminating nul character(11)) */ #define IPSEC_SPI_LEN_MAX 11 -#endif /* well-known algorithm number (in CPI), from RFC2409 */ #define IPCOMP_OUI 1 /* vendor specific */ @@ -194,7 +189,6 @@ static const value_string cpi2val[] = { #define NEW_ESP_DATA_SIZE 8 -#ifdef HAVE_LIBGCRYPT /*------------------------------------- * UAT for ESP *------------------------------------- @@ -456,7 +450,6 @@ static gboolean g_esp_enable_encryption_decode = FALSE; /* Default ESP payload Authentication Checking to off */ static gboolean g_esp_enable_authentication_check = FALSE; -#endif /**************************************************/ /* Sequence number analysis */ @@ -569,7 +562,6 @@ static gboolean g_esp_do_sequence_analysis = TRUE; -#ifdef HAVE_LIBGCRYPT #if 0 /* @@ -1072,7 +1064,6 @@ get_esp_sa(gint protocol_typ, gchar *src, gchar *dst, guint spi, return found; } -#endif static void ah_prompt(packet_info *pinfo, gchar *result) { @@ -1204,7 +1195,6 @@ Params: - gboolean authentication_ok : set to true if the authentication checking has been run successfully - gboolean authentication_checking_ok : set to true if the authentication was the one expected */ -#ifdef HAVE_LIBGCRYPT static void dissect_esp_authentication(proto_tree *tree, tvbuff_t *tvb, gint len, gint esp_auth_len, guint8 *authenticator_data_computed, gboolean authentication_ok, gboolean authentication_checking_ok) @@ -1257,7 +1247,6 @@ dissect_esp_authentication(proto_tree *tree, tvbuff_t *tvb, gint len, gint esp_a tvb, len - esp_auth_len, esp_auth_len, bad); PROTO_ITEM_SET_GENERATED(item); } -#endif static int dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) @@ -1266,13 +1255,11 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) proto_item *ti; gint len = 0; -#ifdef HAVE_LIBGCRYPT gint i; /* Packet Variables related */ gchar *ip_src = NULL; gchar *ip_dst = NULL; -#endif guint32 spi = 0; guint encapsulated_protocol = 0; @@ -1281,7 +1268,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) dissector_handle_t dissector_handle; guint32 saved_match_uint; -#ifdef HAVE_LIBGCRYPT gboolean null_encryption_decode_heuristic = FALSE; guint8 *decrypted_data = NULL; guint8 *authenticator_data = NULL; @@ -1308,10 +1294,8 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) gboolean authentication_ok = FALSE; gboolean authentication_checking_ok = FALSE; gboolean sad_is_present = FALSE; -#endif gint esp_pad_len = 0; -#ifdef HAVE_LIBGCRYPT /* Variables for decryption and authentication checking used for libgrypt */ int decrypted_len_alloc = 0; @@ -1326,7 +1310,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) unsigned char ctr_block[16]; -#endif guint32 sequence_number; @@ -1363,7 +1346,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) tvb, esp_tree, pinfo); } -#ifdef HAVE_LIBGCRYPT /* The SAD is not activated */ if(g_esp_enable_null_encryption_decode_heuristic && !g_esp_enable_encryption_decode) @@ -2115,7 +2097,6 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) /* The packet does not belong to a security association and the field g_esp_enable_null_encryption_decode_heuristic is set */ else if(null_encryption_decode_heuristic) { -#endif if(g_esp_enable_null_encryption_decode_heuristic) { /* Get length of whole ESP packet. */ @@ -2167,9 +2148,7 @@ dissect_esp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) } } } -#ifdef HAVE_LIBGCRYPT } -#endif return tvb_captured_length(tvb); } @@ -2235,7 +2214,6 @@ dissect_ipcomp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* dissec return tvb_captured_length(tvb); } -#ifdef HAVE_LIBGCRYPT static void ipsec_cleanup_protocol(void) { /* Free any SA records added by other dissectors */ @@ -2249,7 +2227,6 @@ static void ipsec_cleanup_protocol(void) extra_esp_sa_records.records = NULL; extra_esp_sa_records.num_records = 0; } -#endif void proto_register_ipsec(void) @@ -2335,8 +2312,6 @@ proto_register_ipsec(void) { &ei_esp_sequence_analysis_wrong_sequence_number, { "esp.sequence-analysis.wrong-sequence-number", PI_SEQUENCE, PI_WARN, "Wrong Sequence Number", EXPFILL }} }; -#ifdef HAVE_LIBGCRYPT - static const value_string esp_proto_type_vals[] = { { IPSEC_SA_IPV4, "IPv4" }, { IPSEC_SA_IPV6, "IPv6" }, @@ -2385,7 +2360,6 @@ proto_register_ipsec(void) UAT_FLD_CSTRING(uat_esp_sa_records, authentication_key_string, "Authentication Key", "Authentication Key"), UAT_END_FIELDS }; -#endif static build_valid_func ah_da_build_value[1] = {ah_value}; static decode_as_value_t ah_da_values = {ah_prompt, 1, ah_da_build_value}; @@ -2431,7 +2405,6 @@ proto_register_ipsec(void) "Check that successive frames increase sequence number by 1 within an SPI. This should work OK when only one host is sending frames on an SPI", &g_esp_do_sequence_analysis); -#ifdef HAVE_LIBGCRYPT prefs_register_bool_preference(esp_module, "enable_encryption_decode", "Attempt to detect/decode encrypted ESP payloads", "Attempt to decode based on the SAD described hereafter.", @@ -2462,13 +2435,10 @@ proto_register_ipsec(void) "ESP SAs", "Preconfigured ESP Security Associations", esp_uat); -#endif esp_sequence_analysis_hash = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_direct_hash, g_direct_equal); esp_sequence_analysis_report_hash = wmem_map_new_autoreset(wmem_epan_scope(), wmem_file_scope(), g_direct_hash, g_direct_equal); -#ifdef HAVE_LIBGCRYPT register_cleanup_routine(&ipsec_cleanup_protocol); -#endif register_dissector("esp", dissect_esp, proto_esp); register_dissector("ah", dissect_ah, proto_ah); diff --git a/epan/dissectors/packet-isakmp.c b/epan/dissectors/packet-isakmp.c index 7c668cdde1..d324d447fa 100644 --- a/epan/dissectors/packet-isakmp.c +++ b/epan/dissectors/packet-isakmp.c @@ -61,7 +61,6 @@ #include "packet-gsm_a_common.h" #include "packet-isakmp.h" -#ifdef HAVE_LIBGCRYPT #include <wsutil/wsgcrypt.h> #include <epan/proto_data.h> #include <epan/strutil.h> @@ -69,7 +68,6 @@ #if GCRYPT_VERSION_NUMBER >= 0x010600 #define HAVE_LIBGCRYPT_AEAD 1 #endif -#endif void proto_register_isakmp(void); void proto_reg_handoff_isakmp(void); @@ -390,11 +388,9 @@ static gint ett_isakmp_attr = -1; static gint ett_isakmp_id = -1; static gint ett_isakmp_notify_data = -1; static gint ett_isakmp_ts = -1; -#ifdef HAVE_LIBGCRYPT /* For decrypted IKEv2 Encrypted payload*/ static gint ett_isakmp_decrypted_data = -1; static gint ett_isakmp_decrypted_payloads = -1; -#endif /* HAVE_LIBGCRYPT */ static expert_field ei_isakmp_enc_iv = EI_INIT; static expert_field ei_isakmp_ikev2_integrity_checksum = EI_INIT; @@ -1644,8 +1640,6 @@ static const range_string rohc_attr_type[] = { #define ISAKMP_HDR_SIZE ((int)sizeof(struct isakmp_hdr) + (2 * COOKIE_SIZE)) -#ifdef HAVE_LIBGCRYPT - #define MAX_KEY_SIZE 256 #define MAX_DIGEST_SIZE 64 #define MAX_OAKLEY_KEY_LEN 32 @@ -2229,8 +2223,6 @@ decrypt_payload(tvbuff_t *tvb, packet_info *pinfo, const guint8 *buf, guint buf_ return encr_tvb; } -#endif /* HAVE_LIBGCRYPT */ - static proto_tree *dissect_payload_header(tvbuff_t *, packet_info *, int, int, int, guint8, guint8 *, guint16 *, proto_tree *); @@ -2263,10 +2255,8 @@ typedef struct ikev2_fragmentation_state_t { guint8 next_payload; } ikev2_fragmentation_state_t; -#ifdef HAVE_LIBGCRYPT /* frame_number -> next_payload. The key will be the frame that completes the original message */ static GHashTable *defrag_next_payload_hash = NULL; -#endif static void dissect_ikev2_fragmentation(tvbuff_t *, int, proto_tree *, packet_info *, guint32 message_id, guint8 next_payload, gboolean is_request, void* decr_info); @@ -3147,13 +3137,11 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ int isakmp_version; void* decr_data = NULL; guint8 flags; -#ifdef HAVE_LIBGCRYPT guint8 i_cookie[COOKIE_SIZE], *ic_key; decrypt_data_t *decr = NULL; tvbuff_t *decr_tvb; proto_tree *decr_tree; address null_addr; -#endif /* HAVE_LIBGCRYPT */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "ISAKMP"); col_clear(pinfo->cinfo, COL_INFO); @@ -3184,7 +3172,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ isakmp_version = hi_nibble(hdr.version); /* save the version */ hdr.flags = tvb_get_guint8(tvb, COOKIE_SIZE + COOKIE_SIZE + 1 + 1 + 1); -#ifdef HAVE_LIBGCRYPT if (isakmp_version == 1) { clear_address(&null_addr); @@ -3231,7 +3218,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ decr_data = ikev2_dec_data; } } -#endif /* HAVE_LIBGCRYPT */ { proto_tree_add_item(isakmp_tree, hf_isakmp_ispi, tvb, offset, COOKIE_SIZE, ENC_NA); @@ -3327,7 +3313,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ ti = proto_tree_add_item(isakmp_tree, hf_isakmp_enc_data, tvb, offset, len, ENC_NA); proto_item_append_text(ti, " (%d byte%s)", len, plurality(len, "", "s")); -#ifdef HAVE_LIBGCRYPT /* Collect initialization vectors during first pass. */ if (!PINFO_FD_VISITED(pinfo)) if (prepare_decrypt(decr)) @@ -3338,7 +3323,6 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ dissect_payloads(decr_tvb, decr_tree, isakmp_version, hdr.next_payload, 0, tvb_reported_length(decr_tvb), pinfo, hdr.message_id, !(flags & R_FLAG), decr_data); } -#endif /* HAVE_LIBGCRYPT */ } } else { dissect_payloads(tvb, isakmp_tree, isakmp_version, hdr.next_payload, @@ -3352,7 +3336,7 @@ dissect_isakmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _ static proto_tree * dissect_payload_header(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, - int isakmp_version, guint8 payload _U_, guint8 *next_payload_p, + int isakmp_version, guint8 payload, guint8 *next_payload_p, guint16 *payload_length_p, proto_tree *tree) { guint8 next_payload; @@ -3810,10 +3794,7 @@ dissect_resp_lifetime_ipsec_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_t /* Returns the number of bytes consumed by this attribute. */ static int -dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset -#ifdef HAVE_LIBGCRYPT - , decrypt_data_t *decr -#endif +dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, decrypt_data_t *decr ) { guint headerlen, value_len, attr_type; @@ -3837,30 +3818,22 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o case IKE_ATTR_ENCRYPTION_ALGORITHM: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_encryption_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_enc_algo, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->ike_encr_alg = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_HASH_ALGORITHM: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_hash_algorithm, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_hash_algo, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->ike_hash_alg = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_AUTHENTICATION_METHOD: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_authentication_method, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), ike_attr_authmeth, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->is_psk = tvb_get_ntohs(tvb, offset) == 0x01 ? TRUE : FALSE; -#endif break; case IKE_ATTR_GROUP_DESCRIPTION: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_description, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %s", val_to_str(tvb_get_ntohs(tvb, offset), dh_group, "Unknown %d")); -#ifdef HAVE_LIBGCRYPT decr->group = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_GROUP_TYPE: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_group_type, tvb, offset, value_len, ENC_BIG_ENDIAN); @@ -3894,9 +3867,7 @@ dissect_ike_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int o case IKE_ATTR_KEY_LENGTH: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_key_length, tvb, offset, value_len, ENC_BIG_ENDIAN); proto_item_append_text(attr_item, ": %d", tvb_get_ntohs(tvb, offset)); -#ifdef HAVE_LIBGCRYPT decr->ike_encr_keylen = tvb_get_ntohs(tvb, offset); -#endif break; case IKE_ATTR_FIELD_SIZE: proto_tree_add_item(attr_tree, hf_isakmp_ike_attr_field_size, tvb, offset, value_len, ENC_NA); @@ -3984,19 +3955,13 @@ dissect_ike2_transform_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_tree * } static void -dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, int protocol_id, void* decr_data -#ifndef HAVE_LIBGCRYPT - _U_ -#endif -) +dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, proto_tree *tree, int isakmp_version, int protocol_id, void* decr_data) { if (isakmp_version == 1) { guint8 transform_id; guint8 transform_num; -#ifdef HAVE_LIBGCRYPT decrypt_data_t *decr = (decrypt_data_t *)decr_data; -#endif /* HAVE_LIBGCRYPT */ int offset_end = 0; offset_end = offset + length; @@ -4038,20 +4003,14 @@ dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, pro offset += 2; if (protocol_id == 1 && transform_id == 1) { -#ifdef HAVE_LIBGCRYPT /* Allow detection of missing IKE transform attributes: * Make sure their values are not carried over from another transform * dissected previously. */ decr->ike_encr_alg = 0; decr->ike_encr_keylen = 0; decr->ike_hash_alg = 0; -#endif while (offset < offset_end) { - offset += dissect_ike_attribute(tvb, pinfo, tree, offset -#ifdef HAVE_LIBGCRYPT - , decr -#endif - ); + offset += dissect_ike_attribute(tvb, pinfo, tree, offset, decr); } } else { @@ -4103,14 +4062,7 @@ dissect_transform(tvbuff_t *tvb, packet_info *pinfo, int offset, int length, pro static void dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int isakmp_version, -#ifdef HAVE_LIBGCRYPT - packet_info* pinfo, - void* decr_data -#else - packet_info* pinfo _U_, - void* decr_data _U_ -#endif -) + packet_info* pinfo, void* decr_data) { if (isakmp_version == 2) { proto_tree_add_item(tree, hf_isakmp_key_exch_dh_group, tvb, offset, 2, ENC_BIG_ENDIAN); @@ -4124,7 +4076,6 @@ dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int is proto_tree_add_item(tree, hf_isakmp_key_exch_data, tvb, offset, length, ENC_NA); -#ifdef HAVE_LIBGCRYPT if (isakmp_version == 1 && decr_data) { decrypt_data_t *decr = (decrypt_data_t *)decr_data; @@ -4138,7 +4089,6 @@ dissect_key_exch(tvbuff_t *tvb, int offset, int length, proto_tree *tree, int is decr->gr_len = length; } } -#endif /* HAVE_LIBGCRYPT */ } static void @@ -4425,21 +4375,15 @@ dissect_cisco_fragmentation(tvbuff_t *tvb, int offset, int length, proto_tree *t /* This is RFC7383 reassembly. */ static void dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree, -#ifdef HAVE_LIBGCRYPT packet_info *pinfo, guint message_id, guint8 next_payload, gboolean is_request, void* decr_info) -#else - packet_info *pinfo, guint message_id, guint8 next_payload, gboolean is_request _U_, void* decr_info _U_) -#endif { guint16 fragment_number, total_fragments; -#ifdef HAVE_LIBGCRYPT gboolean message_next_payload_set = FALSE; guint8 message_next_payload = 0; gint iv_len, icd_len; gint iv_offset; gint icd_offset; ikev2_decrypt_data_t *key_info; -#endif /* Fragment Number */ fragment_number = tvb_get_ntohs(tvb, offset); @@ -4478,7 +4422,6 @@ dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree, /* Show fragment summary in Info column */ col_append_fstr(pinfo->cinfo, COL_INFO, " (fragment %u/%u)", fragment_number, total_fragments); -#ifdef HAVE_LIBGCRYPT offset += 2; /* If this is the last fragment, need to know what the payload type for the reassembled message is, @@ -4589,7 +4532,6 @@ dissect_ikev2_fragmentation(tvbuff_t *tvb, int offset, proto_tree *tree, pinfo->fragmented = save_fragmented; } /* End Reassembly stuff for IKE2 fragmentation */ -#endif } @@ -5364,21 +5306,12 @@ dissect_enc(tvbuff_t *tvb, int offset, int length, proto_tree *tree, -#ifdef HAVE_LIBGCRYPT packet_info *pinfo, guint8 inner_payload, gboolean is_request, void* decr_info, gboolean dissect_payload_now) -#else - packet_info *pinfo _U_, - guint8 inner_payload _U_, - gboolean is_request _U_, - void* decr_info _U_, - gboolean dissect_payload_now _U_) -#endif { -#ifdef HAVE_LIBGCRYPT ikev2_decrypt_data_t *key_info = NULL; gint iv_len, encr_data_len, icd_len, decr_data_len, md_len, icv_len, encr_key_len, encr_iv_len; guint8 pad_len; @@ -5711,15 +5644,10 @@ dissect_enc(tvbuff_t *tvb, dissect_payloads(decr_tvb, decr_payloads_tree, 2, inner_payload, 0, payloads_len, pinfo, 0, is_request, decr_info); } }else{ -#endif /* HAVE_LIBGCRYPT */ proto_tree_add_item(tree, hf_isakmp_enc_iv, tvb, offset, 4, ENC_NA); proto_tree_add_item(tree, hf_isakmp_enc_data, tvb, offset+4 , length, ENC_NA); -#ifdef HAVE_LIBGCRYPT } return decr_tvb; -#else /* HAVE_LIBGCRYPT */ - return NULL; -#endif } static void @@ -5746,7 +5674,6 @@ dissect_gspm(tvbuff_t *tvb, int offset, int length, proto_tree *tree) * Protocol initialization */ -#ifdef HAVE_LIBGCRYPT static guint isakmp_hash_func(gconstpointer c) { const guint8 *i_cookie = (const guint8 *) c; @@ -5809,9 +5736,7 @@ static gint ikev2_key_equal_func(gconstpointer k1, gconstpointer k2) { return 1; } -#endif /* HAVE_LIBGCRYPT */ -#ifdef HAVE_LIBGCRYPT static void free_cookie_key(gpointer key_arg) { @@ -5828,16 +5753,12 @@ free_cookie_value(gpointer value) g_hash_table_destroy(decr->iv_hash); g_slice_free1(sizeof(decrypt_data_t), decr); } -#endif static void isakmp_init_protocol(void) { -#ifdef HAVE_LIBGCRYPT guint i; decrypt_data_t *decr; guint8 *ic_key; -#endif /* HAVE_LIBGCRYPT */ -#ifdef HAVE_LIBGCRYPT isakmp_hash = g_hash_table_new_full(isakmp_hash_func, isakmp_equal_func, free_cookie_key, free_cookie_value); @@ -5859,20 +5780,15 @@ isakmp_init_protocol(void) { ikev2_uat_data[i].auth_spec = ikev2_decrypt_find_auth_spec(ikev2_uat_data[i].auth_alg); } defrag_next_payload_hash = g_hash_table_new(g_direct_hash, g_direct_equal); -#endif /* HAVE_LIBGCRYPT */ } static void isakmp_cleanup_protocol(void) { -#ifdef HAVE_LIBGCRYPT g_hash_table_destroy(isakmp_hash); g_hash_table_destroy(ikev2_key_hash); g_hash_table_destroy(defrag_next_payload_hash); -#endif /* HAVE_LIBGCRYPT */ } -#ifdef HAVE_LIBGCRYPT - UAT_BUFFER_CB_DEF(ikev1_users, icookie, ikev1_uat_data_key_t, icookie, icookie_len) UAT_BUFFER_CB_DEF(ikev1_users, key, ikev1_uat_data_key_t, key, key_len) @@ -5959,14 +5875,11 @@ static gboolean ikev2_uat_data_update_cb(void* p, char** err) { return TRUE; } -#endif /* HAVE_LIBGCRYPT */ void proto_register_isakmp(void) { -#ifdef HAVE_LIBGCRYPT module_t *isakmp_module; -#endif static hf_register_info hf[] = { { &hf_isakmp_ispi, { "Initiator SPI", "isakmp.ispi", @@ -7194,10 +7107,8 @@ proto_register_isakmp(void) &ett_isakmp_id, &ett_isakmp_notify_data, &ett_isakmp_ts, -#ifdef HAVE_LIBGCRYPT &ett_isakmp_decrypted_data, &ett_isakmp_decrypted_payloads -#endif /* HAVE_LIBGCRYPT */ }; static ei_register_info ei[] = { @@ -7212,7 +7123,6 @@ proto_register_isakmp(void) expert_module_t* expert_isakmp; -#ifdef HAVE_LIBGCRYPT static uat_field_t ikev1_uat_flds[] = { UAT_FLD_BUFFER(ikev1_users, icookie, "Initiator's COOKIE", "Initiator's COOKIE"), UAT_FLD_BUFFER(ikev1_users, key, "Encryption Key", "Encryption Key"), @@ -7230,7 +7140,7 @@ proto_register_isakmp(void) UAT_FLD_VS(ikev2_users, auth_alg, "Integrity algorithm", vs_ikev2_auth_algs, "Integrity algorithm of IKE_SA"), UAT_END_FIELDS }; -#endif /* HAVE_LIBGCRYPT */ + proto_isakmp = proto_register_protocol("Internet Security Association and Key Management Protocol", "ISAKMP", "isakmp"); proto_register_field_array(proto_isakmp, hf, array_length(hf)); @@ -7246,7 +7156,6 @@ proto_register_isakmp(void) isakmp_handle = register_dissector("isakmp", dissect_isakmp, proto_isakmp); -#ifdef HAVE_LIBGCRYPT isakmp_module = prefs_register_protocol(proto_isakmp, NULL); ikev1_uat = uat_new("IKEv1 Decryption Table", sizeof(ikev1_uat_data_key_t), @@ -7289,8 +7198,6 @@ proto_register_isakmp(void) "IKEv2 Decryption Table", "Table of IKE_SA security parameters for decryption of IKEv2 packets", ikev2_uat); - -#endif /* HAVE_LIBGCRYPT */ } void diff --git a/epan/dissectors/packet-lwm.c b/epan/dissectors/packet-lwm.c index 453416d4cd..7bbcce0d12 100644 --- a/epan/dissectors/packet-lwm.c +++ b/epan/dissectors/packet-lwm.c @@ -403,7 +403,6 @@ static int dissect_lwm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void /*An exception will occur if there are not enough bytes for the MIC */ proto_tree_add_item_ret_uint(lwm_tree, hf_lwm_mic, new_tvb, start, LWM_MIC_LEN, ENC_LITTLE_ENDIAN, &lwm_mic); -#ifdef HAVE_LIBGCRYPT if(lwmes_key_valid) { ieee802154_packet *ieee_packet = NULL; @@ -503,15 +502,6 @@ static int dissect_lwm(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void tvb_set_reported_length(new_tvb, tvb_reported_length(new_tvb) - LWM_MIC_LEN); call_data_dissector(new_tvb, pinfo, lwm_tree); } -#else /* ! HAVE_LIBGCRYPT */ - col_add_fstr(pinfo->cinfo, COL_INFO, - "Encrypted data (%i byte(s)): libgcrypt not present, cannot decrypt", - tvb_reported_length(new_tvb) - LWM_MIC_LEN); - - expert_add_info(pinfo, lwm_tree, &ei_lwm_no_decryption_key); - tvb_set_reported_length(new_tvb, tvb_reported_length(new_tvb) - LWM_MIC_LEN); - call_data_dissector(new_tvb, pinfo, lwm_tree); -#endif /* ! HAVE_LIBGCRYPT */ } /*stack command endpoint 0 and not secured*/ else if( (lwm_src_endp == 0) && (lwm_dst_endp == 0) ){ diff --git a/epan/dissectors/packet-pdcp-lte.c b/epan/dissectors/packet-pdcp-lte.c index 5e483324b7..dca2ee3c00 100644 --- a/epan/dissectors/packet-pdcp-lte.c +++ b/epan/dissectors/packet-pdcp-lte.c @@ -1514,12 +1514,7 @@ static tvbuff_t *decipher_payload(tvbuff_t *tvb, packet_info *pinfo, int *offset #endif } else - if (pdu_security_settings->ciphering == eea2) { -#ifndef HAVE_LIBGCRYPT - return tvb; -#endif - } - else { + if (pdu_security_settings->ciphering != eea2) { /* An algorithm we don't support at all! */ return tvb; } @@ -1545,7 +1540,6 @@ static tvbuff_t *decipher_payload(tvbuff_t *tvb, packet_info *pinfo, int *offset return tvb; } -#ifdef HAVE_LIBGCRYPT /* AES */ if (pdu_security_settings->ciphering == eea2) { unsigned char ctr_block[16]; @@ -1597,7 +1591,6 @@ static tvbuff_t *decipher_payload(tvbuff_t *tvb, packet_info *pinfo, int *offset /* Close gcrypt handle */ gcry_cipher_close(cypher_hd); } -#endif #ifdef HAVE_SNOW3G /* SNOW-3G */ @@ -1672,7 +1665,7 @@ static guint32 calculate_digest(pdu_security_settings_t *pdu_security_settings, } #endif -#if (defined GCRYPT_VERSION_NUMBER) && (GCRYPT_VERSION_NUMBER >= 0x010600) +#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */ case eia2: { gcry_mac_hd_t mac_hd; diff --git a/epan/dissectors/packet-pkcs12.c b/epan/dissectors/packet-pkcs12.c index ea21bf5861..b8bf6fe452 100644 --- a/epan/dissectors/packet-pkcs12.c +++ b/epan/dissectors/packet-pkcs12.c @@ -173,8 +173,6 @@ static void append_oid(proto_tree *tree, const char *oid) proto_item_append_text(tree, " (%s)", name ? name : oid); } -#ifdef HAVE_LIBGCRYPT - static int generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter, const char *pw, unsigned int req_keylen, char * keybuf) @@ -297,8 +295,6 @@ generate_key_or_iv(unsigned int id, tvbuff_t *salt_tvb, unsigned int iter, } } -#endif - void PBE_reset_parameters(void) { iteration_count = 0; @@ -307,7 +303,6 @@ void PBE_reset_parameters(void) int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encrypted_tvb _U_, packet_info *pinfo _U_, asn1_ctx_t *actx _U_, proto_item *item _U_) { -#ifdef HAVE_LIBGCRYPT const char *encryption_algorithm; gcry_cipher_hd_t cipher; gcry_error_t err; @@ -461,11 +456,6 @@ int PBE_decrypt_data(const char *object_identifier_id_param _U_, tvbuff_t *encry call_ber_oid_callback(object_identifier_id_param, clear_tvb, 0, actx->pinfo, tree, NULL); return TRUE; -#else - /* we cannot decrypt */ - return FALSE; - -#endif } @@ -1129,7 +1119,7 @@ static int dissect_PBMAC1Params_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, p /*--- End of included file: packet-pkcs12-fn.c ---*/ -#line 384 "./asn1/pkcs12/packet-pkcs12-template.c" +#line 374 "./asn1/pkcs12/packet-pkcs12-template.c" static int strip_octet_string(tvbuff_t *tvb) { @@ -1414,7 +1404,7 @@ void proto_register_pkcs12(void) { "AlgorithmIdentifier", HFILL }}, /*--- End of included file: packet-pkcs12-hfarr.c ---*/ -#line 460 "./asn1/pkcs12/packet-pkcs12-template.c" +#line 450 "./asn1/pkcs12/packet-pkcs12-template.c" }; /* List of subtrees */ @@ -1444,7 +1434,7 @@ void proto_register_pkcs12(void) { &ett_pkcs12_PBMAC1Params, /*--- End of included file: packet-pkcs12-ettarr.c ---*/ -#line 466 "./asn1/pkcs12/packet-pkcs12-template.c" +#line 456 "./asn1/pkcs12/packet-pkcs12-template.c" }; static ei_register_info ei[] = { { &ei_pkcs12_octet_string_expected, { "pkcs12.octet_string_expected", PI_PROTOCOL, PI_WARN, "BER Error: OCTET STRING expected", EXPFILL }}, @@ -1512,7 +1502,7 @@ void proto_reg_handoff_pkcs12(void) { /*--- End of included file: packet-pkcs12-dis-tab.c ---*/ -#line 505 "./asn1/pkcs12/packet-pkcs12-template.c" +#line 495 "./asn1/pkcs12/packet-pkcs12-template.c" register_ber_oid_dissector("1.2.840.113549.1.9.22.1", dissect_X509Certificate_OCTETSTRING_PDU, proto_pkcs12, "x509Certificate"); diff --git a/epan/dissectors/packet-smb2.c b/epan/dissectors/packet-smb2.c index 915c547c6a..8cb8bd891c 100644 --- a/epan/dissectors/packet-smb2.c +++ b/epan/dissectors/packet-smb2.c @@ -940,12 +940,11 @@ smb2_conv_destroy(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _U_, return FALSE; } -static void smb2_key_derivation(const guint8 *KI _U_, guint32 KI_len _U_, - const guint8 *Label _U_, guint32 Label_len _U_, - const guint8 *Context _U_, guint32 Context_len _U_, +static void smb2_key_derivation(const guint8 *KI, guint32 KI_len, + const guint8 *Label, guint32 Label_len, + const guint8 *Context, guint32 Context_len, guint8 KO[16]) { -#ifdef HAVE_LIBGCRYPT gcry_md_hd_t hd = NULL; guint8 buf[4]; guint8 *digest = NULL; @@ -972,9 +971,6 @@ static void smb2_key_derivation(const guint8 *KI _U_, guint32 KI_len _U_, memcpy(KO, digest, 16); gcry_md_close(hd); -#else - memset(KO, 0, 16); -#endif } /* for export-object-smb2 */ @@ -8361,7 +8357,7 @@ static smb2_function smb2_dissector[256] = { #define ENC_ALG_aes128_ccm 0x0001 static int -dissect_smb2_transform_header(packet_info *pinfo _U_, proto_tree *tree, +dissect_smb2_transform_header(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset, smb2_transform_info_t *sti, tvbuff_t **enc_tvb, tvbuff_t **plain_tvb) @@ -8371,9 +8367,7 @@ dissect_smb2_transform_header(packet_info *pinfo _U_, proto_tree *tree, smb2_sesid_info_t sesid_key; int sesid_offset; guint8 *plain_data = NULL; -#ifdef HAVE_LIBGCRYPT guint8 *decryption_key = NULL; -#endif proto_item *item; static const int *sf_fields[] = { @@ -8435,7 +8429,6 @@ dissect_smb2_transform_header(packet_info *pinfo _U_, proto_tree *tree, PROTO_ITEM_SET_GENERATED(item); } -#ifdef HAVE_LIBGCRYPT if (sti->session != NULL && sti->alg == ENC_ALG_aes128_ccm) { if (pinfo->destport == sti->session->server_port) { decryption_key = sti->session->server_decryption_key; @@ -8491,7 +8484,6 @@ dissect_smb2_transform_header(packet_info *pinfo _U_, proto_tree *tree, gcry_cipher_close(cipher_hd); } done_decryption: -#endif *enc_tvb = tvb_new_subset_length(tvb, offset, sti->size); if (plain_data != NULL) { diff --git a/epan/dissectors/packet-snmp.c b/epan/dissectors/packet-snmp.c index 772f4055e1..b7606ff532 100644 --- a/epan/dissectors/packet-snmp.c +++ b/epan/dissectors/packet-snmp.c @@ -1751,9 +1751,8 @@ snmp_usm_auth_sha1(snmp_usm_params_t* p _U_, guint8** calc_auth_p, guint* calc_a } static tvbuff_t* -snmp_usm_priv_des(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error _U_) +snmp_usm_priv_des(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT gcry_error_t err; gcry_cipher_hd_t hd = NULL; @@ -1818,13 +1817,8 @@ on_gcry_error: *error = (const gchar *)gpg_strerror(err); if (hd) gcry_cipher_close(hd); return NULL; -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } -#ifdef HAVE_LIBGCRYPT static tvbuff_t* snmp_usm_priv_aes_common(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error, int algo) { @@ -1889,39 +1883,23 @@ on_gcry_error: if (hd) gcry_cipher_close(hd); return NULL; } -#endif static tvbuff_t* -snmp_usm_priv_aes128(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error) +snmp_usm_priv_aes128(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT return snmp_usm_priv_aes_common(p, encryptedData, pinfo, error, GCRY_CIPHER_AES); -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } static tvbuff_t* -snmp_usm_priv_aes192(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error) +snmp_usm_priv_aes192(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT return snmp_usm_priv_aes_common(p, encryptedData, pinfo, error, GCRY_CIPHER_AES192); -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } static tvbuff_t* -snmp_usm_priv_aes256(snmp_usm_params_t* p _U_, tvbuff_t* encryptedData _U_, packet_info *pinfo _U_, gchar const** error) +snmp_usm_priv_aes256(snmp_usm_params_t* p, tvbuff_t* encryptedData, packet_info *pinfo, gchar const** error) { -#ifdef HAVE_LIBGCRYPT return snmp_usm_priv_aes_common(p, encryptedData, pinfo, error, GCRY_CIPHER_AES256); -#else - *error = "libgcrypt not present, cannot decrypt"; - return NULL; -#endif } static gboolean @@ -3068,7 +3046,7 @@ static int dissect_SMUX_PDUs_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, prot /*--- End of included file: packet-snmp-fn.c ---*/ -#line 1863 "./asn1/snmp/packet-snmp-template.c" +#line 1841 "./asn1/snmp/packet-snmp-template.c" guint @@ -3885,7 +3863,7 @@ void proto_register_snmp(void) { NULL, HFILL }}, /*--- End of included file: packet-snmp-hfarr.c ---*/ -#line 2415 "./asn1/snmp/packet-snmp-template.c" +#line 2393 "./asn1/snmp/packet-snmp-template.c" }; /* List of subtrees */ @@ -3925,7 +3903,7 @@ void proto_register_snmp(void) { &ett_snmp_RReqPDU_U, /*--- End of included file: packet-snmp-ettarr.c ---*/ -#line 2431 "./asn1/snmp/packet-snmp-template.c" +#line 2409 "./asn1/snmp/packet-snmp-template.c" }; static ei_register_info ei[] = { { &ei_snmp_failed_decrypted_data_pdu, { "snmp.failed_decrypted_data_pdu", PI_MALFORMED, PI_WARN, "Failed to decrypt encryptedPDU", EXPFILL }}, diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 1f2aeef216..28b49aaa61 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -54,7 +54,7 @@ #include "packet-ssl-utils.h" #include "packet-ssl.h" #include "packet-dtls.h" -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) #include <gnutls/abstract.h> #endif #if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */ @@ -1633,7 +1633,6 @@ ssl_data_set(StringInfo* str, const guchar* data, guint len) str->data_len = len; } -#ifdef HAVE_LIBGCRYPT static gint ssl_data_realloc(StringInfo* str, guint len) { @@ -1666,7 +1665,6 @@ ssl_data_copy(StringInfo* dst, StringInfo* src) dst->data_len = src->data_len; return 0; } -#endif /* from_hex converts |hex_len| bytes of hex data from |in| and sets |*out| to * the result. |out->data| will be allocated using wmem_file_scope. Returns TRUE on @@ -1691,8 +1689,6 @@ static gboolean from_hex(StringInfo* out, const char* in, gsize hex_len) { /* StringInfo structure (len + data) functions }}} */ -#ifdef HAVE_LIBGCRYPT - /* libgcrypt wrappers for HMAC/message digest operations {{{ */ /* hmac abstraction layer */ #define SSL_HMAC gcry_md_hd_t @@ -2019,18 +2015,6 @@ out: } /* }}} */ #endif /* HAVE_LIBGNUTLS */ -#else /* ! HAVE_LIBGCRYPT */ - -gint -ssl_cipher_setiv(SSL_CIPHER_CTX *cipher _U_, guchar* iv _U_, gint iv_len _U_) -{ - ssl_debug_printf("ssl_cipher_setiv: impossible without gnutls.\n"); - return 0; -} -#endif /* ! HAVE_LIBGCRYPT */ - - -#ifdef HAVE_LIBGCRYPT /* Save space if decryption is not enabled. */ /* Digests, Ciphers and Cipher Suites registry {{{ */ static const SslDigestAlgo digests[]={ @@ -2381,27 +2365,10 @@ ssl_get_cipher_export_keymat_size(int cipher_suite_num) return 0; } } -#else /* ! HAVE_LIBGCRYPT */ -const SslCipherSuite * -ssl_find_cipher(int num) -{ - ssl_debug_printf("ssl_find_cipher: dummy without gnutls. num %d\n", - num); - return NULL; -} - -guint -ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite _U_) -{ - return 0; -} -#endif /* ! HAVE_LIBGCRYPT */ /* Digests, Ciphers and Cipher Suites registry }}} */ -#ifdef HAVE_LIBGCRYPT - /* HMAC and the Pseudorandom function {{{ */ static void tls_hash(StringInfo *secret, StringInfo *seed, gint md, @@ -2760,45 +2727,6 @@ tls13_hkdf_expand_label(int md, const StringInfo *secret, const char *label, con } /* HMAC and the Pseudorandom function }}} */ -#else /* ! HAVE_LIBGCRYPT */ -/* Stub code when decryption support is not available. {{{ */ -gboolean -ssl_generate_pre_master_secret(SslDecryptSession *ssl_session _U_, - guint32 length _U_, tvbuff_t *tvb _U_, guint32 offset _U_, - const gchar *ssl_psk _U_, const ssl_master_key_map_t *mk_map _U_) -{ - ssl_debug_printf("%s: impossible without gnutls.\n", G_STRFUNC); - return FALSE; -} -int -ssl_generate_keyring_material(SslDecryptSession*ssl) -{ - ssl_debug_printf("ssl_generate_keyring_material: impossible without gnutls. ssl %p\n", - ssl); - /* We cannot determine whether the cipher suite is valid. Fail such that - * ssl_set_master_secret bails out. */ - return -1; -} -void -ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server) -{ - ssl_debug_printf("ssl_change_cipher %s: makes no sense without gnutls. ssl %p\n", - (server)?"SERVER":"CLIENT", ssl_session); -} - -int -ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, guint8 ct, guint16 record_version, - const guchar *in, guint16 inl, StringInfo *comp_str _U_, StringInfo *out_str, guint *outl) -{ - ssl_debug_printf("ssl_decrypt_record: impossible without gnutls. ssl %p" - "decoder %p ct %d version %d in %p inl %d out %p outl %p\n", ssl, decoder, ct, - record_version, in, inl, out_str, outl); - return 0; -} -/* }}} */ -#endif /* ! HAVE_LIBGCRYPT */ - -#ifdef HAVE_LIBGCRYPT /* Record Decompression (after decryption) {{{ */ #ifdef HAVE_ZLIB /* memory allocation functions for zlib initialization */ @@ -2893,9 +2821,7 @@ ssl_decompress_record(SslDecompress* decomp _U_, const guchar* in _U_, guint inl } #endif /* Record Decompression (after decryption) }}} */ -#endif /* HAVE_LIBGCRYPT */ -#ifdef HAVE_LIBGCRYPT /* Create a new structure to store decrypted chunks. {{{ */ static SslFlow* ssl_create_flow(void) @@ -4136,10 +4062,8 @@ skip_mac: } /* Record decryption glue based on security parameters }}} */ -#endif /* HAVE_LIBGCRYPT */ - -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) /* RSA private key file processing {{{ */ #define RSA_PARS 6 static gcry_sexp_t @@ -4487,12 +4411,12 @@ end: /* RSA private key file processing }}} */ -#else /* ! (defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)) */ +#else /* ! defined(HAVE_LIBGNUTLS) */ void ssl_private_key_free(gpointer key _U_) { } -#endif /* ! (defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)) */ +#endif /* ! defined(HAVE_LIBGNUTLS) */ /*--- Start of dissector-related code below ---*/ @@ -4562,7 +4486,7 @@ static void ssl_reset_session(SslSession *session, SslDecryptSession *ssl, gbool clear_flags |= SSL_SERVER_EXTENDED_MASTER_SECRET | SSL_NEW_SESSION_TICKET; ssl->server_random.data_len = 0; ssl->pre_master_secret.data_len = 0; -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) ssl->private_key = NULL; #endif ssl->psk.data_len = 0; @@ -4893,7 +4817,7 @@ ssl_common_cleanup(ssl_master_key_map_t *mk_map, FILE **ssl_keylog_file, /* }}} */ /* parse ssl related preferences (private keys and ports association strings) */ -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) /* Load a single RSA key file item from preferences. {{{ */ void ssl_parse_key_list(const ssldecrypt_assoc_t *uats, GHashTable *key_hash, const char* dissector_table_name, dissector_handle_t main_handle, gboolean tcp) @@ -4979,7 +4903,6 @@ ssl_parse_key_list(const ssldecrypt_assoc_t *uats _U_, GHashTable *key_hash _U_, #endif -#ifdef HAVE_LIBGCRYPT /* useless without decryption support. */ /* Store/load a known (pre-)master secret from/for this SSL session. {{{ */ /** store a known (pre-)master secret into cache */ static void @@ -5239,7 +5162,6 @@ tls13_key_update(SslDecryptSession *ssl, gboolean is_from_server) wmem_free(NULL, new_secret); tls13_generate_keys(ssl, app_secret, is_from_server); } -#endif /* HAVE_LIBGCRYPT */ /** SSL keylog file handling. {{{ */ @@ -5502,9 +5424,7 @@ ssl_set_debug(const gchar* name) #ifdef HAVE_LIBGNUTLS ssl_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL)); #endif -#ifdef HAVE_LIBGCRYPT ssl_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL)); -#endif ssl_debug_printf("\n"); } @@ -5617,7 +5537,7 @@ ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U_, const char* p, guint len _U_, co gboolean ssldecrypt_uat_fld_password_chk_cb(void *r _U_, const char *p _U_, guint len _U_, const void *u1 _U_, const void *u2 _U_, char **err) { -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) ssldecrypt_assoc_t* f = (ssldecrypt_assoc_t *)r; FILE *fp = NULL; @@ -6965,8 +6885,8 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, void ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 offset_end, - const SslSession *session, SslDecryptSession *ssl _U_, - GHashTable *session_hash _U_) + const SslSession *session, SslDecryptSession *ssl, + GHashTable *session_hash) { /* https://tools.ietf.org/html/rfc5077#section-3.3 (TLS >= 1.0): * struct { @@ -7013,7 +6933,6 @@ ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_i proto_tree_add_item(subtree, hf->hf.hs_session_ticket, tvb, offset, ticket_len, ENC_NA); /* save the session ticket to cache for ssl_finalize_decryption */ -#ifdef HAVE_LIBGCRYPT if (ssl && !is_tls13) { tvb_ensure_bytes_exist(tvb, offset, ticket_len); ssl->session_ticket.data = (guchar*)wmem_realloc(wmem_file_scope(), @@ -7029,7 +6948,6 @@ ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_i &ssl->session_ticket, &ssl->master_secret); ssl->state |= SSL_NEW_SESSION_TICKET; } -#endif offset += ticket_len; if (is_tls13) { @@ -7116,7 +7034,7 @@ ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, */ enum { CERT_X509, CERT_RPK } cert_type; asn1_ctx_t asn1_ctx; -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) gnutls_datum_t subjectPublicKeyInfo = { NULL, 0 }; #endif guint32 next_offset; @@ -7130,7 +7048,7 @@ ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, cert_type = CERT_X509; } -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) /* Ask the pkcs1 dissector to return the public key details */ if (ssl) asn1_ctx.private_data = &subjectPublicKeyInfo; @@ -7201,7 +7119,7 @@ ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, offset += 3; dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) /* Only attempt to get the RSA modulus for the first cert. */ asn1_ctx.private_data = NULL; #endif @@ -7227,7 +7145,7 @@ ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, } } -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) if (is_from_server && ssl) ssl_find_private_key_by_pubkey(ssl, key_hash, &subjectPublicKeyInfo); #endif @@ -8142,7 +8060,6 @@ tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree_add_item(tree, hf->hf.hs_key_update_request_update, tvb, offset, 1, ENC_NA); } -#ifdef HAVE_LIBGCRYPT void ssl_common_register_options(module_t *module, ssl_common_options_t *options) { @@ -8169,12 +8086,6 @@ ssl_common_register_options(module_t *module, ssl_common_options_t *options) "(All fields are in hex notation)", &(options->keylog_filename)); } -#else -void -ssl_common_register_options(module_t *module _U_, ssl_common_options_t *options _U_) -{ -} -#endif void ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guint32 offset, guint32 length) diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index bb56664e7d..9462f93f87 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -39,12 +39,9 @@ #include <gnutls/pkcs12.h> #endif /* HAVE_LIBGNUTLS */ -#ifdef HAVE_LIBGCRYPT +/* TODO inline this now that Libgcrypt is mandatory? */ #define SSL_CIPHER_CTX gcry_cipher_hd_t #define SSL_DECRYPT_DEBUG -#else /* HAVE_LIBGCRYPT */ -#define SSL_CIPHER_CTX void* -#endif /* HAVE_LIBGCRYPT */ /* other defines */ @@ -427,7 +424,7 @@ typedef struct _SslDecryptSession { SslDecoder *client; SslDecoder *server_new; SslDecoder *client_new; -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) gcry_sexp_t private_key; #endif StringInfo psk; @@ -625,7 +622,6 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, const extern void ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash); -#ifdef HAVE_LIBGCRYPT extern void ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map); @@ -635,23 +631,6 @@ tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, extern void tls13_key_update(SslDecryptSession *ssl, gboolean is_from_server); -#else /* ! HAVE_LIBGCRYPT */ -static inline void -ssl_finalize_decryption(SslDecryptSession *ssl _U_, ssl_master_key_map_t *mk_map _U_) -{ -} - -static inline void -tls13_change_key(SslDecryptSession *ssl _U_, ssl_master_key_map_t *mk_map _U_, - gboolean is_from_server _U_, TLSRecordType type _U_) -{ -} - -static inline void -tls13_key_update(SslDecryptSession *ssl _U_, gboolean is_from_server _U_) -{ -} -#endif /* ! HAVE_LIBGCRYPT */ extern gboolean ssl_is_valid_content_type(guint8 type); diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 3290556f86..679462908e 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -332,9 +332,7 @@ static ssl_common_options_t ssl_options = { NULL, NULL}; /* List of dissectors to call for SSL data */ static heur_dissector_list_t ssl_heur_subdissector_list; -#ifdef HAVE_LIBGCRYPT static const gchar *ssl_debug_file_name = NULL; -#endif /* Forward declaration we need below */ @@ -427,7 +425,7 @@ ssl_parse_uat(void) ssl_debug_flush(); } -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) static void ssl_reset_uat(void) { @@ -3703,7 +3701,7 @@ ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, const guint32 offset, /* UAT */ -#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) +#if defined(HAVE_LIBGNUTLS) static void ssldecrypt_free_cb(void *r) { @@ -4255,7 +4253,6 @@ proto_register_ssl(void) { module_t *ssl_module = prefs_register_protocol(proto_ssl, proto_reg_handoff_ssl); -#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGNUTLS static uat_field_t sslkeylist_uats_flds[] = { UAT_FLD_CSTRING_OTHER(sslkeylist_uats, ipaddr, "IP address", ssldecrypt_uat_fld_ip_chk_cb, "IPv4 or IPv6 address"), @@ -4296,7 +4293,6 @@ proto_register_ssl(void) "Semicolon-separated list of private RSA keys used for SSL decryption. " "Used by versions of Wireshark prior to 1.6", &ssl_keys_list); -#endif /* HAVE_LIBGCRYPT */ prefs_register_bool_preference(ssl_module, "desegment_ssl_records", diff --git a/epan/dissectors/packet-zbee-security.c b/epan/dissectors/packet-zbee-security.c index 76bb364bc4..905f0edbb8 100644 --- a/epan/dissectors/packet-zbee-security.c +++ b/epan/dissectors/packet-zbee-security.c @@ -45,12 +45,10 @@ #include "packet-zbee-security.h" /* Helper Functions */ -#ifdef HAVE_LIBGCRYPT static void zbee_sec_key_hash(guint8 *, guint8, guint8 *); static void zbee_sec_make_nonce (zbee_security_packet *, guint8 *); static gboolean zbee_sec_decrypt_payload(zbee_security_packet *, const gchar *, const gchar, guint8 *, guint, guint, guint8 *); -#endif static gboolean zbee_security_parse_key(const gchar *, guint8 *, gboolean); /* Field pointers. */ @@ -449,7 +447,6 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o gint payload_len; tvbuff_t *payload_tvb; -#ifdef HAVE_LIBGCRYPT proto_item *ti; proto_item *key_item; guint8 *enc_buffer; @@ -458,7 +455,6 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o GSList **nwk_keyring; GSList *GSList_i; key_record_t *key_rec = NULL; -#endif zbee_nwk_hints_t *nwk_hints; ieee802154_hints_t *ieee_hints; ieee802154_map_rec *map_rec = NULL; @@ -495,7 +491,6 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o * so we can fix these 3 bits. Memory allocated by tvb_memdup(wmem_packet_scope(),...) * is automatically freed before the next packet is processed. */ -#ifdef HAVE_LIBGCRYPT enc_buffer = (guint8 *)tvb_memdup(wmem_packet_scope(), tvb, 0, tvb_captured_length(tvb)); /* * Override the const qualifiers and patch the security level field, we @@ -503,7 +498,6 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o * allocated this memory via tvb_memdup(wmem_packet_scope(),...). */ enc_buffer[offset] = packet.control; -#endif /* HAVE_LIBGCRYPT */ packet.level = zbee_get_bit_field(packet.control, ZBEE_SEC_CONTROL_LEVEL); packet.key_id = zbee_get_bit_field(packet.control, ZBEE_SEC_CONTROL_KEY); packet.nonce = zbee_get_bit_field(packet.control, ZBEE_SEC_CONTROL_NONCE); @@ -627,7 +621,6 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o return tvb_new_subset_length(tvb, offset, payload_len); } -#ifdef HAVE_LIBGCRYPT /* Have we captured all the payload? */ if (tvb_captured_length_remaining(tvb, offset+mic_len) < payload_len) { /* @@ -754,7 +747,6 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o /* Done! */ return payload_tvb; } -#endif /* HAVE_LIBGCRYPT */ /* Add expert info. */ expert_add_info(pinfo, sec_tree, &ei_zbee_sec_encrypted_payload); @@ -766,7 +758,6 @@ dissect_zbee_secure(tvbuff_t *tvb, packet_info *pinfo, proto_tree* tree, guint o return NULL; } /* dissect_zbee_secure */ -#ifdef HAVE_LIBGCRYPT /*FUNCTION:------------------------------------------------------ * NAME * zbee_sec_decrypt_payload @@ -863,9 +854,7 @@ zbee_sec_make_nonce(zbee_security_packet *packet, guint8 *nonce) /* Next byte is the security control field. */ *(nonce) = packet->control; } /* zbee_sec_make_nonce */ -#endif -#ifdef HAVE_LIBGCRYPT /*FUNCTION:------------------------------------------------------ * NAME * zbee_sec_ccm_decrypt @@ -1235,21 +1224,6 @@ zbee_sec_key_hash(guint8 *key, guint8 input, guint8 *hash_out) /* Hash the contents of hash_in to get the final result. */ zbee_sec_hash(hash_in, 2*ZBEE_SEC_CONST_BLOCKSIZE, hash_out); } /* zbee_sec_key_hash */ -#else /* HAVE_LIBGCRYPT */ -gboolean -zbee_sec_ccm_decrypt(const gchar *key _U_, /* Input */ - const gchar *nonce _U_, /* Input */ - const gchar *a _U_, /* Input */ - const gchar *c _U_, /* Input */ - gchar *m _U_, /* Output */ - guint l_a _U_, /* sizeof(a) */ - guint l_m _U_, /* sizeof(m) */ - guint M _U_) /* sizeof(c) - sizeof(m) = sizeof(MIC) */ -{ - /* No libgcrypt, no decryption. */ - return FALSE; -} -#endif /* HAVE_LIBGCRYPT */ /* * Editor modelines - http://www.wireshark.org/tools/modelines.html diff --git a/epan/epan.c b/epan/epan.c index ffb4bddecf..e5f2bf4867 100644 --- a/epan/epan.c +++ b/epan/epan.c @@ -90,7 +90,7 @@ epan_get_version(void) { return VERSION; } -#if defined(HAVE_LIBGCRYPT) && defined(_WIN32) +#if defined(_WIN32) // Libgcrypt prints all log messages to stderr by default. This is noisier // than we would like on Windows. In particular slow_gatherer tends to print // "NOTE: you should run 'diskperf -y' to enable the disk statistics" @@ -119,7 +119,7 @@ quiet_gcrypt_logger (void *dummy _U_, int level, const char *format, va_list arg } g_logv(NULL, log_level, format, args); } -#endif // HAVE_LIBGCRYPT && _WIN32 +#endif // _WIN32 /* * Register all the plugin types that are part of libwireshark, namely @@ -155,15 +155,14 @@ epan_init(void (*register_all_protocols_func)(register_cb cb, gpointer client_da addr_resolv_init(); except_init(); -#ifdef HAVE_LIBGCRYPT /* initialize libgcrypt (beware, it won't be thread-safe) */ + gcry_check_version(NULL); -#if defined(HAVE_LIBGCRYPT) && defined(_WIN32) +#if defined(_WIN32) gcry_set_log_handler (quiet_gcrypt_logger, NULL); #endif gcry_control (GCRYCTL_DISABLE_SECMEM, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); -#endif #ifdef HAVE_LIBGNUTLS gnutls_global_init(); #endif @@ -596,11 +595,7 @@ epan_get_compiled_version_info(GString *str) /* Gcrypt */ g_string_append(str, ", "); -#ifdef HAVE_LIBGCRYPT g_string_append(str, "with Gcrypt " GCRYPT_VERSION); -#else - g_string_append(str, "without Gcrypt"); -#endif /* HAVE_LIBGCRYPT */ /* Kerberos */ /* XXX - I don't see how to get the version number, at least for KfW */ @@ -654,11 +649,7 @@ epan_get_compiled_version_info(GString *str) * Get runtime information for libraries used by libwireshark. */ void -epan_get_runtime_version_info(GString *str -#if !defined(HAVE_LIBGNUTLS) && !defined(HAVE_LIBGCRYPT) -_U_ -#endif -) +epan_get_runtime_version_info(GString *str) { /* GnuTLS */ #ifdef HAVE_LIBGNUTLS @@ -666,9 +657,7 @@ _U_ #endif /* HAVE_LIBGNUTLS */ /* Gcrypt */ -#ifdef HAVE_LIBGCRYPT g_string_append_printf(str, ", with Gcrypt %s", gcry_check_version(NULL)); -#endif /* HAVE_LIBGCRYPT */ } /* diff --git a/macosx-setup.sh b/macosx-setup.sh index 2ed1811a3a..aff1d76741 100755 --- a/macosx-setup.sh +++ b/macosx-setup.sh @@ -118,9 +118,14 @@ LIBSMI_VERSION=0.4.8 # LIBGPG_ERROR_VERSION=1.10 # -# libgcrypt is required for GnuTLS. +# libgcrypt is required. # LIBGCRYPT_VERSION=1.5.0 +# +# GnuTLS is optional. +# Note that since GnuTLS 3.0.8, Libgcrypt can no longer be used and nettle is +# needed (which is not yet installed by this script). +# GNUTLS_VERSION=2.12.19 # Use 5.2.4, not 5.3, for now; lua_bitop.c hasn't been ported to 5.3 # yet, and we need to check for compatibility issues (we'd want Lua @@ -1309,9 +1314,8 @@ install_gnutls() { bzcat gnutls-$GNUTLS_VERSION.tar.bz2 | tar xf - || exit 1 cd gnutls-$GNUTLS_VERSION # - # Use libgcrypt, not nettle. - # XXX - is there some reason to prefer nettle? Or does - # Wireshark directly use libgcrypt routines? + # Use libgcrypt instead of nettle since it is already required by + # Wireshark. # CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" ./configure --with-libgcrypt --without-p11-kit || exit 1 make $MAKE_BUILD_OPTS || exit 1 diff --git a/tools/macos-setup-brew.sh b/tools/macos-setup-brew.sh index d6403bff72..ca1aacd18c 100755 --- a/tools/macos-setup-brew.sh +++ b/tools/macos-setup-brew.sh @@ -25,7 +25,7 @@ brew update #install some lib need by Wireshark -brew install c-ares glib gnutls lua cmake nghttp2 snappy lz4 +brew install c-ares glib libgcrypt gnutls lua cmake nghttp2 snappy lz4 #install Qt5 brew install qt5 diff --git a/wsutil/eax.c b/wsutil/eax.c index a428c6be6d..71c5e388fa 100644 --- a/wsutil/eax.c +++ b/wsutil/eax.c @@ -22,7 +22,6 @@ */ #include "config.h" #include <stdlib.h> -#ifdef HAVE_LIBGCRYPT #include <string.h> /* Use libgcrypt for cipher libraries. */ #include <wsutil/wsgcrypt.h> @@ -247,7 +246,6 @@ void AesEncrypt(unsigned char msg[EAX_SIZEOF_KEY], unsigned char key[EAX_SIZEOF_ gcry_cipher_close(cipher_hd); return; } -#endif /* HAVE_LIBGCRYPT */ /* * Editor modelines - http://www.wireshark.org/tools/modelines.html diff --git a/wsutil/wsgcrypt.h b/wsutil/wsgcrypt.h index a6f2844fbf..d56e456cb2 100644 --- a/wsutil/wsgcrypt.h +++ b/wsutil/wsgcrypt.h @@ -27,8 +27,6 @@ #ifndef __WSGCRYPT_H__ #define __WSGCRYPT_H__ -#ifdef HAVE_LIBGCRYPT - #include <ws_diag_control.h> DIAG_OFF(deprecated-declarations) @@ -37,6 +35,4 @@ DIAG_OFF(deprecated-declarations) DIAG_ON(deprecated-declarations) -#endif /* HAVE_LIBGCRYPT */ - #endif /* __WSGCRYPT_H__ */ |