Re: gc-pbkdf2-sha1 must not be deprecated

[Bruce Korb]

On 9/22/20 10:03 AM, Bruno Haible wrote:
> I'm not really familiar with these. Does the libgcrypt documentation help,
> maybe?
>
> Bruno
I have become much more familiar that I'd really like to be. It seems 
that without the crypto/gc-pbkdf2-sha1 module defined, then 
GNULIB_GC_HMAC_SHA1 is not defined so the switch statement falls through 
to the error return. If crypto/gc-pbkdf2 provides a definition for 
GC_SHA1, then the code needs to handle it. There are legitimate uses for 
SHA1, even if it should not be used for signing files. It cannot be 
obsoleted. Ever.
> 101     Gc_rc
> 102     gc_pbkdf2_hmac (Gc_hash hash,
> 103                     const char *P, size_t Plen,
> 104                     const char *S, size_t Slen,
> (gdb)
> 105                     unsigned int c, char *DK, size_t dkLen)
> 106     {
> 107       gc_prf_func prf;
> 108       size_t hLen;
> 109
> 110       switch (hash)
> 111         {
> 112     #if GNULIB_GC_HMAC_SHA1
> 113         case GC_SHA1:
> 114           prf = gc_hmac_sha1;
> (gdb)
> 115           hLen = GC_SHA1_DIGEST_SIZE;
> 116           break;
> 117     #endif
> 118
> 119     #if GNULIB_GC_HMAC_SHA256
> 120         case GC_SHA256:
> 121           prf = gc_hmac_sha256;
> 122           hLen = GC_SHA256_DIGEST_SIZE;
> 123           break;
> 124     #endif
> (gdb)
> 125
> 126     #if GNULIB_GC_HMAC_SHA512
> 127         case GC_SHA512:
> 128           prf = gc_hmac_sha512;
> 129           hLen = GC_SHA512_DIGEST_SIZE;
> 130           break;
> 131     #endif
> 132
> 133         default:
> 134           return GC_INVALID_HASH;
> (gdb)
> 135         }
> 136
> 137       return gc_pbkdf2_prf (prf, hLen, P, Plen, S, Slen, c, DK, 
> dkLen);
> 138     }