Re: New legal rquirement: import and export of encryption in France

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21.02.23 23:17, Patrick Luby wrote:

3. My next planned step was to look through the code in the libreoffice-7-5-0 branch and see if I can fill out the table in question B.3.4. Can anyone confirm that the following are the only cryptographic APIs that we use now and in the near future?:
- MS-CAPI (Windows only)
- NSS (all non-Windows platforms)
- OpenSSL
- OpenPGP

the following are missing which we ship:

- sal contains some implementations of mostly old things like PBKDF2, Blowfish, RC4, MD5, SHA1 (the last one with a hilarious bug that produces incorrect results for certain lengths of input that is retained for compatibility)
  (see include/rtl/cipher.h include/rtl/digest.h)

- some joke algorithms required for importing MS Office files
  (iirc one of which is literally XOR)

- some external libraries may contain their own implementation of algorithms, for example this one:
  workdir/UnpackedTarball/redland/src/rdf_digest_md5.c
  (probably impossible to find all of these)

the following are missing which we don't ship but use from the OS:

- Windows: STunnel TLS implementation (used by libcurl)
- Miklos already mentioned MS-CAPI
- Apple platforms: Darwin TLS implementation (used by libcurl)
- the bundled Wiki Publisher extension (might not be shipped in app store builds?) uses the Java runtime environment's TLS implementation




[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux