[PATCH] MD2 for libgcrypt

Stephan Mueller smueller at chronox.de
Fri Jul 16 21:29:35 CEST 2010


Am Freitag, den 16.07.2010, 16:25 +0200 schrieb Stephan Mueller:
> Hi,

Hi again,

as the issue with the Verisign CA certificates would be solved with this
patch and considering that the Verisign CAs are used pervasively, may I
ask whether it is possible to add the Verisign CAs to com-certs.pem?

However, I have one question: as far as I understand, the list in
com-certs.pem are used as trusted certificates, not needing to reference
them in trustlist.txt. However, the Verisign CA certs all need the
"relax" flag as otherwise the CA cert is not accepted by gpgsm.

How can that "relax" flag be assumed for the Verisign CA certs, if they
are in com-certs.pem?

Thanks
Stephan
> 
> please see attached the patch adding MD2 to libgcrypt. The
> implementation is copied from NSS. As this implementation is covered by
> the LGPL, it should be consistent with libgcrypt.
> 
> The code works, the test case passes (and I even verified that negative
> tests fail).
> 
> Furthermore, I am able to import the infamous Verisign Class 1
> certificate using MD2 into the key store with gpgsm.
> 
> Please verify the code attached and let me know.
> 
> There is one issue I need help with: I have no real idea about the size I should add to burn_stack().
> 
> The code base is libgcrypt 1.4.4 as found on Ubuntu Lucid.
> 
> Thanks
> Stephan
> 
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel





More information about the Gcrypt-devel mailing list