|
From: | Bruce Korb |
Subject: | Re: gc-pbkdf2-sha1 must not be deprecated |
Date: | Wed, 23 Sep 2020 09:55:48 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 |
On 9/22/20 10:03 AM, Bruno Haible wrote:
I have become much more familiar that I'd really like to be. It seems that without the crypto/gc-pbkdf2-sha1 module defined, then GNULIB_GC_HMAC_SHA1 is not defined so the switch statement falls through to the error return. If crypto/gc-pbkdf2 provides a definition for GC_SHA1, then the code needs to handle it. There are legitimate uses for SHA1, even if it should not be used for signing files. It cannot be obsoleted. Ever.I'm not really familiar with these. Does the libgcrypt documentation help, maybe? Bruno
101 Gc_rc 102 gc_pbkdf2_hmac (Gc_hash hash, 103 const char *P, size_t Plen, 104 const char *S, size_t Slen, (gdb) 105 unsigned int c, char *DK, size_t dkLen) 106 { 107 gc_prf_func prf; 108 size_t hLen; 109 110 switch (hash) 111 { 112 #if GNULIB_GC_HMAC_SHA1 113 case GC_SHA1: 114 prf = gc_hmac_sha1; (gdb) 115 hLen = GC_SHA1_DIGEST_SIZE; 116 break; 117 #endif 118 119 #if GNULIB_GC_HMAC_SHA256 120 case GC_SHA256: 121 prf = gc_hmac_sha256; 122 hLen = GC_SHA256_DIGEST_SIZE; 123 break; 124 #endif (gdb) 125 126 #if GNULIB_GC_HMAC_SHA512 127 case GC_SHA512: 128 prf = gc_hmac_sha512; 129 hLen = GC_SHA512_DIGEST_SIZE; 130 break; 131 #endif 132 133 default: 134 return GC_INVALID_HASH; (gdb) 135 } 136137 return gc_pbkdf2_prf (prf, hLen, P, Plen, S, Slen, c, DK, dkLen);138 }
[Prev in Thread] | Current Thread | [Next in Thread] |