From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=AWL,BAYES_00,BODY_8BITS, MAILING_LIST_MULTI,NICE_REPLY_A,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id F1DCD1F4B4 for ; Wed, 23 Sep 2020 16:55:58 +0000 (UTC) Received: from localhost ([::1]:55776 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kL83h-0003F7-RX for normalperson@yhbt.net; Wed, 23 Sep 2020 12:55:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:32838) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kL83f-0003EX-Jg for bug-gnulib@gnu.org; Wed, 23 Sep 2020 12:55:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47849) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kL83d-0005wA-2c; Wed, 23 Sep 2020 12:55:54 -0400 Received: from c-71-198-222-86.hsd1.ca.comcast.net ([71.198.222.86]:38762 helo=[172.16.16.102]) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1kL83c-00078b-L9; Wed, 23 Sep 2020 12:55:52 -0400 Subject: Re: gc-pbkdf2-sha1 must not be deprecated To: Bruno Haible References: <15f388d6-fd18-178d-e58c-6199e950086c@gnu.org> <133410b7-2cd7-9a24-71e5-e9c6a8e72b14@gnu.org> <1659983.Jv00QytavF@omega> From: Bruce Korb Message-ID: Date: Wed, 23 Sep 2020 09:55:48 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <1659983.Jv00QytavF@omega> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: bug-gnulib@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" On 9/22/20 10:03 AM, Bruno Haible wrote: > I'm not really familiar with these. Does the libgcrypt documentation help, > maybe? > > Bruno I have become much more familiar that I'd really like to be. It seems that without the crypto/gc-pbkdf2-sha1 module defined, then GNULIB_GC_HMAC_SHA1 is not defined so the switch statement falls through to the error return. If crypto/gc-pbkdf2 provides a definition for GC_SHA1, then the code needs to handle it. There are legitimate uses for SHA1, even if it should not be used for signing files. It cannot be obsoleted. Ever. > 101     Gc_rc > 102     gc_pbkdf2_hmac (Gc_hash hash, > 103                     const char *P, size_t Plen, > 104                     const char *S, size_t Slen, > (gdb) > 105                     unsigned int c, char *DK, size_t dkLen) > 106     { > 107       gc_prf_func prf; > 108       size_t hLen; > 109 > 110       switch (hash) > 111         { > 112     #if GNULIB_GC_HMAC_SHA1 > 113         case GC_SHA1: > 114           prf = gc_hmac_sha1; > (gdb) > 115           hLen = GC_SHA1_DIGEST_SIZE; > 116           break; > 117     #endif > 118 > 119     #if GNULIB_GC_HMAC_SHA256 > 120         case GC_SHA256: > 121           prf = gc_hmac_sha256; > 122           hLen = GC_SHA256_DIGEST_SIZE; > 123           break; > 124     #endif > (gdb) > 125 > 126     #if GNULIB_GC_HMAC_SHA512 > 127         case GC_SHA512: > 128           prf = gc_hmac_sha512; > 129           hLen = GC_SHA512_DIGEST_SIZE; > 130           break; > 131     #endif > 132 > 133         default: > 134           return GC_INVALID_HASH; > (gdb) > 135         } > 136 > 137       return gc_pbkdf2_prf (prf, hLen, P, Plen, S, Slen, c, DK, > dkLen); > 138     }