Drop support for non-gcrypt builds. (#1469)

* As there is now a builtin, lightweight libgcrypt
   there is no need to disable tls-clho decryption.
 * It is still possible to use a host libgcrypt
   with `--with-local-libgcrypt'.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 14 insertions, 29 deletions

diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index a25fa75df..39fc968f5 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -26,10 +26,9 @@
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC
 #include "ndpi_api.h"
 
-#ifdef HAVE_LIBGCRYPT
+#ifdef USE_HOST_LIBGCRYPT
 #include <gcrypt.h>
 #else
-#define HAVE_LIBGCRYPT 1
 #include <gcrypt_light.h>
 #endif
 
@@ -124,13 +123,13 @@ static uint8_t get_u8_quic_ver(uint32_t version)
 
   return 0;
 }
-#ifdef HAVE_LIBGCRYPT
+
 static int is_quic_ver_less_than(uint32_t version, uint8_t max_version)
 {
   uint8_t u8_ver = get_u8_quic_ver(version);
   return u8_ver && u8_ver <= max_version;
 }
-#endif
+
 static int is_quic_ver_greater_than(uint32_t version, uint8_t min_version)
 {
   return get_u8_quic_ver(version) >= min_version;
@@ -191,7 +190,6 @@ int is_version_with_ietf_long_header(uint32_t version)
     ((version & 0xFFFFFF00) == 0x51303500) /* Q05X */ ||
     ((version & 0xFFFFFF00) == 0x54303500) /* T05X */;
 }
-#ifdef HAVE_LIBGCRYPT
 int is_version_with_v1_labels(uint32_t version)
 {
   if(((version & 0xFFFFFF00) == 0x51303500)  /* Q05X */ ||
@@ -199,7 +197,6 @@ int is_version_with_v1_labels(uint32_t version)
     return 1;
   return is_quic_ver_less_than(version, 33);
 }
-#endif
 
 int quic_len(const uint8_t *buf, uint64_t *value)
 {
@@ -246,12 +243,10 @@ static uint16_t gquic_get_u16(const uint8_t *buf, uint32_t version)
 }
 
 
-#if defined(HAVE_LIBGCRYPT)
-
 #ifdef DEBUG_CRYPT
 char *__gcry_err(gpg_error_t err, char *buf, size_t buflen)
 {
-#if defined(HAVE_LIBGPG_ERROR) || defined(LIBGCRYPT_INTERNAL)
+#if defined(HAVE_LIBGPG_ERROR) || !defined(USE_HOST_LIBGCRYPT)
   gpg_strerror_r(err, buf, buflen);
   /* I am not sure if the string will be always null-terminated...
      Better safe than sorry */
@@ -555,7 +550,7 @@ static int quic_hp_cipher_init(quic_hp_cipher *hp_cipher, int hash_algo,
 {
   uint8_t hp_key[256/8]; /* Maximum key size is for AES256 cipher. */
   uint32_t hash_len = gcry_md_get_algo_dlen(hash_algo);
-  char *label = is_version_with_v1_labels(version) ? "quic hp" : "quicv2 hp";
+  char const * const label = is_version_with_v1_labels(version) ? "quic hp" : "quicv2 hp";
 
   if(!quic_hkdf_expand_label(hash_algo, secret, hash_len, label, hp_key, key_length)) {
     return 0;
@@ -569,8 +564,8 @@ static int quic_pp_cipher_init(quic_pp_cipher *pp_cipher, int hash_algo,
 {
   uint8_t write_key[256/8]; /* Maximum key size is for AES256 cipher. */
   uint32_t hash_len = gcry_md_get_algo_dlen(hash_algo);
-  char *key_label = is_version_with_v1_labels(version) ? "quic key" : "quicv2 key";
-  char *iv_label = is_version_with_v1_labels(version) ? "quic iv" : "quicv2 iv";
+  char const * const key_label = is_version_with_v1_labels(version) ? "quic key" : "quicv2 key";
+  char const * const iv_label = is_version_with_v1_labels(version) ? "quic iv" : "quicv2 iv";
 
   if(key_length > sizeof(write_key)) {
     return 0;
@@ -955,7 +950,6 @@ static int quic_derive_initial_secrets(uint32_t version,
 
 
 static uint8_t *decrypt_initial_packet(struct ndpi_detection_module_struct *ndpi_struct,
-				       struct ndpi_flow_struct *flow,
 				       const uint8_t *dest_conn_id, uint8_t dest_conn_id_len,
 				       uint8_t source_conn_id_len, uint32_t version,
 				       uint32_t *clear_payload_len)
@@ -1036,8 +1030,6 @@ static uint8_t *decrypt_initial_packet(struct ndpi_detection_module_struct *ndpi
   return NULL;
 }
 
-#endif /* HAVE_LIBGCRYPT */
-
 
 static int __reassemble(struct ndpi_flow_struct *flow, const u_int8_t *frag,
                         uint64_t frag_len, uint64_t frag_offset,
@@ -1053,7 +1045,7 @@ static int __reassemble(struct ndpi_flow_struct *flow, const u_int8_t *frag,
   */
 
   if(!flow->l4.udp.quic_reasm_buf) {
-    flow->l4.udp.quic_reasm_buf = ndpi_malloc(max_quic_reasm_buffer_len);
+    flow->l4.udp.quic_reasm_buf = (uint8_t *)ndpi_malloc(max_quic_reasm_buffer_len);
     if(!flow->l4.udp.quic_reasm_buf)
       return -1; /* Memory error */
     flow->l4.udp.quic_reasm_buf_len = 0;
@@ -1090,7 +1082,7 @@ static int is_ch_reassembler_pending(struct ndpi_flow_struct *flow)
 			 flow->l4.udp.quic_reasm_buf_len);
 }
 static const uint8_t *get_reassembled_crypto_data(struct ndpi_detection_module_struct *ndpi_struct,
-                                                  struct ndpi_flow_struct *flow,
+						  struct ndpi_flow_struct *flow,
 						  const u_int8_t *frag,
 						  uint64_t frag_offset, uint64_t frag_len,
 						  uint64_t *crypto_data_len)
@@ -1265,15 +1257,12 @@ static const uint8_t *get_crypto_data(struct ndpi_detection_module_struct *ndpi_
 }
 
 static uint8_t *get_clear_payload(struct ndpi_detection_module_struct *ndpi_struct,
-				  struct ndpi_flow_struct *flow,
 				  uint32_t version, uint32_t *clear_payload_len)
 {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int8_t *clear_payload;
   u_int8_t dest_conn_id_len;
-#ifdef HAVE_LIBGCRYPT
   u_int8_t source_conn_id_len;
-#endif
 
   if(is_gquic_ver_less_than(version, 43)) {
     clear_payload = (uint8_t *)&packet->payload[26];
@@ -1300,16 +1289,13 @@ static uint8_t *get_clear_payload(struct ndpi_detection_module_struct *ndpi_stru
 		   version, dest_conn_id_len);
       return NULL;
     }
-#ifdef HAVE_LIBGCRYPT
+
     source_conn_id_len = packet->payload[6 + dest_conn_id_len];
     const u_int8_t *dest_conn_id = &packet->payload[6];
-    clear_payload = decrypt_initial_packet(ndpi_struct, flow,
+    clear_payload = decrypt_initial_packet(ndpi_struct,
 					   dest_conn_id, dest_conn_id_len,
 					   source_conn_id_len, version,
 					   clear_payload_len);
-#else
-    clear_payload = NULL;
-#endif
   }
 
   return clear_payload;
@@ -1435,7 +1421,6 @@ static void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
 
 
 static int may_be_initial_pkt(struct ndpi_detection_module_struct *ndpi_struct,
-			      struct ndpi_flow_struct *flow,
 			      uint32_t *version)
 {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
@@ -1529,7 +1514,7 @@ static int may_be_initial_pkt(struct ndpi_detection_module_struct *ndpi_struct,
 /* ***************************************************************** */
 
 static int eval_extra_processing(struct ndpi_detection_module_struct *ndpi_struct,
-				 struct ndpi_flow_struct *flow, u_int32_t version)
+								 struct ndpi_flow_struct *flow, u_int32_t version)
 {
   /* For the time being we need extra processing in two cases only:
      1) to detect Snapchat calls, i.e. RTP/RTCP multiplxed with QUIC.
@@ -1631,7 +1616,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
    *    anyone complains...
    */
 
-  is_quic = may_be_initial_pkt(ndpi_struct, flow, &version);
+  is_quic = may_be_initial_pkt(ndpi_struct, &version);
   if(!is_quic) {
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     return;
@@ -1659,7 +1644,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
   /*
    * 4) Extract the Payload from Initial Packets
    */
-  clear_payload = get_clear_payload(ndpi_struct, flow, version, &clear_payload_len);
+  clear_payload = get_clear_payload(ndpi_struct, version, &clear_payload_len);
   if(!clear_payload) {
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
     return;