New legal rquirement: import and export of encryption in France

[Michael Stahl]

On 21.02.23 23:17, Patrick Luby wrote:

> 3. My next planned step was to look through the code in the 
> libreoffice-7-5-0 branch and see if I can fill out the table in question 
> B.3.4. Can anyone confirm that the following are the only cryptographic 
> APIs that we use now and in the near future?:
> - MS-CAPI (Windows only)
> - NSS (all non-Windows platforms)
> - OpenSSL
> - OpenPGP

the following are missing which we ship:

- sal contains some implementations of mostly old things like PBKDF2, 
Blowfish, RC4, MD5, SHA1
   (the last one with a hilarious bug that produces incorrect results 
for certain lengths of input that is retained for compatibility)
   (see include/rtl/cipher.h include/rtl/digest.h)

- some joke algorithms required for importing MS Office files
   (iirc one of which is literally XOR)

- some external libraries may contain their own implementation of 
algorithms, for example this one:
   workdir/UnpackedTarball/redland/src/rdf_digest_md5.c
   (probably impossible to find all of these)

the following are missing which we don't ship but use from the OS:

- Windows: STunnel TLS implementation (used by libcurl)
- Miklos already mentioned MS-CAPI
- Apple platforms: Darwin TLS implementation (used by libcurl)
- the bundled Wiki Publisher extension (might not be shipped in app 
store builds?) uses the Java runtime environment's TLS implementation