Re: [PATCH] Cryptography

[Vladimir 'phcoder' Serbinenko]

Robert Millan wrote:
> On Mon, Nov 16, 2009 at 08:38:54PM +0100, Vladimir 'phcoder' Serbinenko wrote:
>   
>> Robert Millan wrote:
>>     
>>> On Mon, Nov 16, 2009 at 03:56:26PM +0100, Vladimir 'phcoder' Serbinenko 
>>> wrote:
>>>   
>>>       
>>>> 2) Adaptation to the lack of gnulib abstraction layer on top of gcrypt
>>>>     
>>>>         
>>> It seems that the usual way of importing gc-pbkdf2-sha1.c is by linking it
>>> with gc-gnulib.c or gc-libgcrypt.c.  Is this option problematic?
>>>
>>>   
>>>       
>> libgcrypt is done like this:
>>
>> libgcrypt API ----> Common cryptographic algorithms layer (for some
>> algorithms it's quite a passthrough) --->  ciphers
>>
>> Although we use ciphers from libgcrypt, our middle layer is much simpler
>> and lacks per-cipher integer IDs. Because of it using gc-libgcrypt.c
>> would require an additional level of wrapping and it's much easier to
>> just modify few lines in PBKDF2
>>     
>
> Ok.  Then in principle we wouldn't contemplate resyncing this file, right?
>
>   
Unless there will be a cryptographic or legal issue, no. PBKDF2 is a
static standard
> What version of libgcrypt should be imported?
>
>   
I used 1.4.4. Latest ChangeLog entry in cipher/ directory is:

2009-01-22  Werner Koch  <address@hidden>

        * ecc.c (compute_keygrip): Remove superfluous const.

Latest SVN has latest ChangeLog entry:
2009-08-21  Werner Koch  <address@hidden>

        * dsa.c (dsa_generate_ext): Release retfactors array before
        setting it to NULL.  Reported by Daiko Ueno.

and ChangeLog doesn't mention anything that would result in a different
import, except of the currently unused public-key cryptography files
(and which will require adaptations in import_gcry.py to be handled) and
unused files md.c/cipher.c included in import for reference.
So I recommend importing 1.4.4


-- 
Regards
Vladimir 'phcoder' Serbinenko

signature.asc
Description: OpenPGP digital signature