incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Stahl <...@openoffice.org>
Subject Re: Request dev help: Info for required crypto export declaration
Date Thu, 22 Sep 2011 16:17:32 GMT
[this mail has managed to hide in a draft folder for weeks...]

On 01.09.2011 23:01, Robert Burrell Donkin wrote:
> On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton 
> <dennis.hamilton@acm.org> wrote:
>> Technically, this was to have been resolved before the code was put
>> up on SVN.  We need to audit specifically for this rather quickly,
>> and including the places that Rob also identified (import-export
>> filters and http TLS)..
> 
> I definitely recommend a full crypto audit but IIRC it's not
> necessary before sending the initial notification.
> 
> AIUI (from [1] and [2]) all that's needed is a list of the 
> cryptographic libraries used by OOo. If the results of the full
> audit differ then we can just update the details and send an updated 
> notification.

looking through the external modules the following are obviously crypto
related:

xmlsec1-1.2.14.tar.gz
openssl-0.9.8o.tar.gz
nss-3.12.6-with-nspr-4.8.4.tar.gz
seamonkey-1.1.14.source.tar.gz

(Seamonkey also contains NSS but i guess we don't ship this but the one
from the "nss" module)

the internal implementation of Blowfish (and also RC4 it seems) is in
these files:

sal/inc/rtl/cipher.h
sal/rtl/source/cipher.c

hope that should get us started...

-- 
<sieni> State?
<sieni> There is no state :-)
<shapr> Haskell separates Church and state.


Mime
View raw message