On 21.02.23 23:17, Patrick Luby wrote:
3. My next planned step was to look through the code in the
libreoffice-7-5-0 branch and see if I can fill out the table in question
B.3.4. Can anyone confirm that the following are the only cryptographic
APIs that we use now and in the near future?:
- MS-CAPI (Windows only)
- NSS (all non-Windows platforms)
- OpenSSL
- OpenPGP
the following are missing which we ship:
- sal contains some implementations of mostly old things like PBKDF2,
Blowfish, RC4, MD5, SHA1
(the last one with a hilarious bug that produces incorrect results
for certain lengths of input that is retained for compatibility)
(see include/rtl/cipher.h include/rtl/digest.h)
- some joke algorithms required for importing MS Office files
(iirc one of which is literally XOR)
- some external libraries may contain their own implementation of
algorithms, for example this one:
workdir/UnpackedTarball/redland/src/rdf_digest_md5.c
(probably impossible to find all of these)
the following are missing which we don't ship but use from the OS:
- Windows: STunnel TLS implementation (used by libcurl)
- Miklos already mentioned MS-CAPI
- Apple platforms: Darwin TLS implementation (used by libcurl)
- the bundled Wiki Publisher extension (might not be shipped in app
store builds?) uses the Java runtime environment's TLS implementation
