forked from osmocom/wireshark
d7187e0b1b
The WireGuard dissector will need X25519 to enable decryption, add a Gcrypt implementation that implements the NaCl/Sodium interface. While inspired by the MPI example in t-cv25519.c, note subtle but important correctness/interoperability fixes: add a check for infinity (gcry_mpi_ec_get_affine) and handle short values from gcry_mpi_print. The last issue is ugly, perhaps the high level API (gcry_pk_decrypt) should be used instead (which < 2% slower than this MPI implementation). (Both issues were found through fuzzing.) As for alternative options, Sodium is superior but would be a new dependency. For some older performance and usability notes (comparing crypto_scalarmult_curve25519_base (note "_base") against others), see https://lists.gnupg.org/pipermail/gcrypt-devel/2018-July/004532.html Performance comparison on Ubuntu 18.04 (i7-3770) between Sodium 1.0.16 against Gcrypt 1.8.3 and Gcrypt 86e5e06a (git master, future 1.9.x) by computing 65536 times X25519(1, 8) via crypto_scalarmult_curve25519: Sodium (sandy2x): 1.4x faster than ref10 Sodium (ref10): 1 (baseline) Gcrypt (git): 5x slower than ref10, 7x slower than sandy2x Gcrypt (1.8.3): 17x ref10, 24x sandy2x (took 65 seconds) Change-Id: Ia54e73cc3cc469a6697554729aff4edd19f55630 Ping-Bug: 15011 Reviewed-on: https://code.wireshark.org/review/28987 Reviewed-by: Anders Broman <a.broman58@gmail.com> |
||
|---|---|---|
| .. | ||
| patches | ||
| po | ||
| source | ||
| README.Debian | ||
| README.Debian.security | ||
| changelog | ||
| compat | ||
| control | ||
| copyright | ||
| dirs | ||
| ethereal-common.NEWS | ||
| headers-check.c | ||
| libwireshark-data.install | ||
| libwireshark-dev.install | ||
| libwireshark0.install | ||
| libwireshark0.lintian-overrides | ||
| libwireshark0.symbols | ||
| libwiretap-dev.install | ||
| libwiretap0.docs | ||
| libwiretap0.install | ||
| libwiretap0.symbols | ||
| libwscodecs0.install | ||
| libwscodecs0.symbols | ||
| libwsutil-dev.install | ||
| libwsutil0.install | ||
| libwsutil0.symbols | ||
| license-text-about-dialog | ||
| maxmind_db_paths | ||
| postinst | ||
| rules | ||
| templates | ||
| tshark.docs | ||
| tshark.install | ||
| tshark.lintian-overrides | ||
| tshark.manpages | ||
| wireshark-common.config | ||
| wireshark-common.install | ||
| wireshark-common.lintian-overrides | ||
| wireshark-common.manpages | ||
| wireshark-common.postinst | ||
| wireshark-common.postrm | ||
| wireshark-dev.docs | ||
| wireshark-dev.install | ||
| wireshark-dev.manpages | ||
| wireshark-dev.prerm | ||
| wireshark-doc.docs | ||
| wireshark-qt.docs | ||
| wireshark-qt.install | ||
| wireshark-qt.lintian-overrides | ||
| wireshark-qt.manpages | ||
README.Debian.security
Handling security fixes in source package wireshark Wireshark is a network protocol analyzer and it's ability to perform deep packet inspection in live traffic may encourage users to use Wireshark/Tshark as a part of an intrusion detection or traffic monitoring system. In that case, please note that Wireshark/Tshark may contain remotely triggerable bugs causing crashes or allowing code injection. Bugs allowing code injection will be fixed in regular Debian Security Advisories, but fixes for pure crash bugs may be delayed. -- Balint Reczey <balint@balintreczey.hu> Fri, 10 Jul 2009 15:38:33 +0200