On 9/22/20 10:03 AM, Bruno Haible wrote:
I'm not really familiar with these. Does the libgcrypt documentation help,
maybe?
Bruno
I have become much more familiar that I'd really like to be. It seems
that without the crypto/gc-pbkdf2-sha1 module defined, then
GNULIB_GC_HMAC_SHA1 is not defined so the switch statement falls through
to the error return. If crypto/gc-pbkdf2 provides a definition for
GC_SHA1, then the code needs to handle it. There are legitimate uses for
SHA1, even if it should not be used for signing files. It cannot be
obsoleted. Ever.
101 Gc_rc
102 gc_pbkdf2_hmac (Gc_hash hash,
103 const char *P, size_t Plen,
104 const char *S, size_t Slen,
(gdb)
105 unsigned int c, char *DK, size_t dkLen)
106 {
107 gc_prf_func prf;
108 size_t hLen;
109
110 switch (hash)
111 {
112 #if GNULIB_GC_HMAC_SHA1
113 case GC_SHA1:
114 prf = gc_hmac_sha1;
(gdb)
115 hLen = GC_SHA1_DIGEST_SIZE;
116 break;
117 #endif
118
119 #if GNULIB_GC_HMAC_SHA256
120 case GC_SHA256:
121 prf = gc_hmac_sha256;
122 hLen = GC_SHA256_DIGEST_SIZE;
123 break;
124 #endif
(gdb)
125
126 #if GNULIB_GC_HMAC_SHA512
127 case GC_SHA512:
128 prf = gc_hmac_sha512;
129 hLen = GC_SHA512_DIGEST_SIZE;
130 break;
131 #endif
132
133 default:
134 return GC_INVALID_HASH;
(gdb)
135 }
136
137 return gc_pbkdf2_prf (prf, hLen, P, Plen, S, Slen, c, DK,
dkLen);
138 }