aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/Makefile.in6
-rw-r--r--src/lib/ndpi_main.c8
-rw-r--r--src/lib/protocols/quic.c43
-rw-r--r--src/lib/third_party/include/gcrypt_light.h2
-rw-r--r--src/lib/third_party/src/gcrypt_light.c4
5 files changed, 21 insertions, 42 deletions
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index e3a3f9a9a..67ed0c758 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -25,6 +25,12 @@ NDPI_LIB_STATIC = libndpi.a
NDPI_LIB_SHARED_BASE = libndpi.so
NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@
NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED)
+USE_HOST_LIBGCRYPT = @USE_HOST_LIBGCRYPT@
+
+ifneq ($(USE_HOST_LIBGCRYPT),0)
+TMP_OBJS := $(OBJECTS)
+OBJECTS = $(filter-out third_party/src/gcrypt_light.o,$(TMP_OBJS))
+endif
ifneq ($(OS),Windows_NT)
OS := $(shell uname)
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index f85ff831d..c9ca62ea3 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -32,11 +32,10 @@
#include "ahocorasick.h"
#include "libcache.h"
-#ifdef HAVE_LIBGCRYPT
+#ifdef USE_HOST_LIBGCRYPT
#include <gcrypt.h>
#else
#include <gcrypt_light.h>
-#define HAVE_LIBGCRYPT 1
#endif
#include <time.h>
@@ -2420,7 +2419,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
if(prefs & ndpi_enable_ja3_plus)
ndpi_str->enable_ja3_plus = 1;
-#ifdef HAVE_LIBGCRYPT
if(!(prefs & ndpi_dont_init_libgcrypt)) {
if(!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
const char *gcrypt_ver = gcry_check_version(NULL);
@@ -2436,7 +2434,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
} else {
NDPI_LOG_DBG(ndpi_str, "Libgcrypt initialization skipped\n");
}
-#endif
if((ndpi_str->protocols_ptree = ndpi_patricia_new(32 /* IPv4 */)) != NULL) {
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, host_protocol_list);
@@ -7554,10 +7551,7 @@ u_int16_t ndpi_get_api_version() {
}
const char *ndpi_get_gcrypt_version(void) {
-#ifdef HAVE_LIBGCRYPT
return gcry_check_version(NULL);
-#endif
- return NULL;
}
ndpi_proto_defaults_t *ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_str) {
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index a25fa75df..39fc968f5 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -26,10 +26,9 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC
#include "ndpi_api.h"
-#ifdef HAVE_LIBGCRYPT
+#ifdef USE_HOST_LIBGCRYPT
#include <gcrypt.h>
#else
-#define HAVE_LIBGCRYPT 1
#include <gcrypt_light.h>
#endif
@@ -124,13 +123,13 @@ static uint8_t get_u8_quic_ver(uint32_t version)
return 0;
}
-#ifdef HAVE_LIBGCRYPT
+
static int is_quic_ver_less_than(uint32_t version, uint8_t max_version)
{
uint8_t u8_ver = get_u8_quic_ver(version);
return u8_ver && u8_ver <= max_version;
}
-#endif
+
static int is_quic_ver_greater_than(uint32_t version, uint8_t min_version)
{
return get_u8_quic_ver(version) >= min_version;
@@ -191,7 +190,6 @@ int is_version_with_ietf_long_header(uint32_t version)
((version & 0xFFFFFF00) == 0x51303500) /* Q05X */ ||
((version & 0xFFFFFF00) == 0x54303500) /* T05X */;
}
-#ifdef HAVE_LIBGCRYPT
int is_version_with_v1_labels(uint32_t version)
{
if(((version & 0xFFFFFF00) == 0x51303500) /* Q05X */ ||
@@ -199,7 +197,6 @@ int is_version_with_v1_labels(uint32_t version)
return 1;
return is_quic_ver_less_than(version, 33);
}
-#endif
int quic_len(const uint8_t *buf, uint64_t *value)
{
@@ -246,12 +243,10 @@ static uint16_t gquic_get_u16(const uint8_t *buf, uint32_t version)
}
-#if defined(HAVE_LIBGCRYPT)
-
#ifdef DEBUG_CRYPT
char *__gcry_err(gpg_error_t err, char *buf, size_t buflen)
{
-#if defined(HAVE_LIBGPG_ERROR) || defined(LIBGCRYPT_INTERNAL)
+#if defined(HAVE_LIBGPG_ERROR) || !defined(USE_HOST_LIBGCRYPT)
gpg_strerror_r(err, buf, buflen);
/* I am not sure if the string will be always null-terminated...
Better safe than sorry */
@@ -555,7 +550,7 @@ static int quic_hp_cipher_init(quic_hp_cipher *hp_cipher, int hash_algo,
{
uint8_t hp_key[256/8]; /* Maximum key size is for AES256 cipher. */
uint32_t hash_len = gcry_md_get_algo_dlen(hash_algo);
- char *label = is_version_with_v1_labels(version) ? "quic hp" : "quicv2 hp";
+ char const * const label = is_version_with_v1_labels(version) ? "quic hp" : "quicv2 hp";
if(!quic_hkdf_expand_label(hash_algo, secret, hash_len, label, hp_key, key_length)) {
return 0;
@@ -569,8 +564,8 @@ static int quic_pp_cipher_init(quic_pp_cipher *pp_cipher, int hash_algo,
{
uint8_t write_key[256/8]; /* Maximum key size is for AES256 cipher. */
uint32_t hash_len = gcry_md_get_algo_dlen(hash_algo);
- char *key_label = is_version_with_v1_labels(version) ? "quic key" : "quicv2 key";
- char *iv_label = is_version_with_v1_labels(version) ? "quic iv" : "quicv2 iv";
+ char const * const key_label = is_version_with_v1_labels(version) ? "quic key" : "quicv2 key";
+ char const * const iv_label = is_version_with_v1_labels(version) ? "quic iv" : "quicv2 iv";
if(key_length > sizeof(write_key)) {
return 0;
@@ -955,7 +950,6 @@ static int quic_derive_initial_secrets(uint32_t version,
static uint8_t *decrypt_initial_packet(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
const uint8_t *dest_conn_id, uint8_t dest_conn_id_len,
uint8_t source_conn_id_len, uint32_t version,
uint32_t *clear_payload_len)
@@ -1036,8 +1030,6 @@ static uint8_t *decrypt_initial_packet(struct ndpi_detection_module_struct *ndpi
return NULL;
}
-#endif /* HAVE_LIBGCRYPT */
-
static int __reassemble(struct ndpi_flow_struct *flow, const u_int8_t *frag,
uint64_t frag_len, uint64_t frag_offset,
@@ -1053,7 +1045,7 @@ static int __reassemble(struct ndpi_flow_struct *flow, const u_int8_t *frag,
*/
if(!flow->l4.udp.quic_reasm_buf) {
- flow->l4.udp.quic_reasm_buf = ndpi_malloc(max_quic_reasm_buffer_len);
+ flow->l4.udp.quic_reasm_buf = (uint8_t *)ndpi_malloc(max_quic_reasm_buffer_len);
if(!flow->l4.udp.quic_reasm_buf)
return -1; /* Memory error */
flow->l4.udp.quic_reasm_buf_len = 0;
@@ -1090,7 +1082,7 @@ static int is_ch_reassembler_pending(struct ndpi_flow_struct *flow)
flow->l4.udp.quic_reasm_buf_len);
}
static const uint8_t *get_reassembled_crypto_data(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
+ struct ndpi_flow_struct *flow,
const u_int8_t *frag,
uint64_t frag_offset, uint64_t frag_len,
uint64_t *crypto_data_len)
@@ -1265,15 +1257,12 @@ static const uint8_t *get_crypto_data(struct ndpi_detection_module_struct *ndpi_
}
static uint8_t *get_clear_payload(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
uint32_t version, uint32_t *clear_payload_len)
{
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
u_int8_t *clear_payload;
u_int8_t dest_conn_id_len;
-#ifdef HAVE_LIBGCRYPT
u_int8_t source_conn_id_len;
-#endif
if(is_gquic_ver_less_than(version, 43)) {
clear_payload = (uint8_t *)&packet->payload[26];
@@ -1300,16 +1289,13 @@ static uint8_t *get_clear_payload(struct ndpi_detection_module_struct *ndpi_stru
version, dest_conn_id_len);
return NULL;
}
-#ifdef HAVE_LIBGCRYPT
+
source_conn_id_len = packet->payload[6 + dest_conn_id_len];
const u_int8_t *dest_conn_id = &packet->payload[6];
- clear_payload = decrypt_initial_packet(ndpi_struct, flow,
+ clear_payload = decrypt_initial_packet(ndpi_struct,
dest_conn_id, dest_conn_id_len,
source_conn_id_len, version,
clear_payload_len);
-#else
- clear_payload = NULL;
-#endif
}
return clear_payload;
@@ -1435,7 +1421,6 @@ static void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
static int may_be_initial_pkt(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
uint32_t *version)
{
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
@@ -1529,7 +1514,7 @@ static int may_be_initial_pkt(struct ndpi_detection_module_struct *ndpi_struct,
/* ***************************************************************** */
static int eval_extra_processing(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow, u_int32_t version)
+ struct ndpi_flow_struct *flow, u_int32_t version)
{
/* For the time being we need extra processing in two cases only:
1) to detect Snapchat calls, i.e. RTP/RTCP multiplxed with QUIC.
@@ -1631,7 +1616,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
* anyone complains...
*/
- is_quic = may_be_initial_pkt(ndpi_struct, flow, &version);
+ is_quic = may_be_initial_pkt(ndpi_struct, &version);
if(!is_quic) {
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
return;
@@ -1659,7 +1644,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct,
/*
* 4) Extract the Payload from Initial Packets
*/
- clear_payload = get_clear_payload(ndpi_struct, flow, version, &clear_payload_len);
+ clear_payload = get_clear_payload(ndpi_struct, version, &clear_payload_len);
if(!clear_payload) {
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
return;
diff --git a/src/lib/third_party/include/gcrypt_light.h b/src/lib/third_party/include/gcrypt_light.h
index 7f31f24a0..6d6a115ee 100644
--- a/src/lib/third_party/include/gcrypt_light.h
+++ b/src/lib/third_party/include/gcrypt_light.h
@@ -2,8 +2,6 @@
#ifndef GCRY_LIGHT_H
#define GCRY_LIGHT_H
-#define LIBGCRYPT_INTERNAL
-
#define HMAC_SHA256_DIGEST_SIZE 32 /* Same as SHA-256's output size. */
#define SHA256_DIGEST_SIZE 32
#define GCRY_MD_BUFF_SIZE 256
diff --git a/src/lib/third_party/src/gcrypt_light.c b/src/lib/third_party/src/gcrypt_light.c
index ecd4b6fc4..c048e8704 100644
--- a/src/lib/third_party/src/gcrypt_light.c
+++ b/src/lib/third_party/src/gcrypt_light.c
@@ -8,8 +8,6 @@
#include "ndpi_api.h"
-#if !defined(HAVE_LIBGCRYPT)
-
#if defined(__GNUC__) && \
( defined(__amd64__) || defined(__x86_64__) ) && \
! defined(MBEDTLS_HAVE_X86_64)
@@ -372,6 +370,4 @@ gcry_error_t gcry_cipher_decrypt (gcry_cipher_hd_t h,
return _gcry_cipher_crypt(h,out,outsize,in,inlen,0);
}
-#endif /* HAVE_LIBGCRYPT */
-
/* vim: set ts=4 sw=4 et: */
Powered by cgit, Themed by Ted Yin.