[svn] gcry - r1277 - in trunk: . cipher doc src
svn author wk
cvs at cvs.gnupg.org
Mon Dec 10 10:17:28 CET 2007
Author: wk
Date: 2007-12-10 10:17:25 +0100 (Mon, 10 Dec 2007)
New Revision: 1277
Modified:
trunk/ChangeLog
trunk/NEWS
trunk/README
trunk/TODO
trunk/autogen.sh
trunk/cipher/ChangeLog
trunk/cipher/rijndael.c
trunk/cipher/rndhw.c
trunk/configure.ac
trunk/doc/gcrypt.texi
trunk/src/ChangeLog
trunk/src/hwfeatures.c
trunk/src/secmem.c
Log:
Preparing 1.4.0.
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/ChangeLog 2007-12-10 09:17:25 UTC (rev 1277)
@@ -1,3 +1,13 @@
+2007-12-10 Werner Koch <wk at g10code.com>
+
+ Released 1.4.0.
+
+ * configure.ac: Set LT to C15/A4/R3.
+
+2007-12-05 Werner Koch <wk at g10code.com>
+
+ * configure.ac: Add option --disable-padlock-support.
+
2007-12-03 Werner Koch <wk at g10code.com>
Released 1.3.2.
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/NEWS 2007-12-10 09:17:25 UTC (rev 1277)
@@ -1,7 +1,10 @@
-Noteworthy changes in version 1.4.0
+Noteworthy changes in version 1.4.0 (2007-12-10)
------------------------------------------------
+ * New configure option --disable-padlock-support which is mostly
+ useful in case of build problems.
+
Noteworthy changes in version 1.3.2 (2007-12-03)
------------------------------------------------
Modified: trunk/README
===================================================================
--- trunk/README 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/README 2007-12-10 09:17:25 UTC (rev 1277)
@@ -1,11 +1,7 @@
libgcrypt - The GNU crypto library
------------------------------------
- Version 1.3.x
+ Version 1.4.0
- WARNING: This is the development branch of Libgcrypt. The stable
- version is 1.2.x.
-
-
Copyright 2000, 2002, 2003, 2004, 2007 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
@@ -22,16 +18,59 @@
--------
Libgcrypt is a general purpose crypto library based on the code
- used in GnuPG. We can't start with a new version number because
- libgcrypt was part of GnuPG 1.1 and some applications already used
- it and tested for the version number. We believe that the API can
- stay as it is, except that new functions may be added in the
- future.
+ used in GnuPG. Libgcrypt depends on the library `libgpg-error',
+ which must be installed correctly before Libgcrypt is to be built.
+ Libgcrypt is distributed under the LGPL, see the section "License"
+ below for details.
- Libgcrypt depends on the library `libgpg-error', which must be
- installed correctly before Libgcrypt is to be built.
+ Build Instructions
+ ------------------
+ The download canonical location for libgcrypt is:
+
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+
+ To build libgcrypt you need libgpg-error:
+
+ ftp://ftp.gnupg.org/gcrypt/libgpg-error/
+
+ You should get the latest versions of course.
+
+ After building and installing the libgpg-error package, you may
+ continue with Libgcrypt installation As with allmost all GNU
+ packages, you just have to do
+
+ ./configure
+ make
+ make check
+ make install
+
+ The "make check" is not required but a good idea to see whether
+ the library works as expected. The check takes some while and
+ prints some benchmarking results. Before doing "make install" you
+ probably need to become root.
+
+ To build libgcrypt for Microsoft Windows, you need to have the
+ mingw32 cross-building toolchain installed. Instead of running a
+ plain configure you use
+
+ ./autogen.sh --build-w32
+ make
+ make install
+
+ By default this command sequences expectsd a libgpg-error
+ installed below $HOME/w32root and installs libgcrypt to that
+ directory too. See the autogen.sh code for details.
+
+ The documentation is available as an Info file (gcrypt.info). To
+ build documentation in PDF, run this:
+
+ cd doc
+ make pdf
+
+
+
Mailing List
------------
@@ -41,32 +80,6 @@
list is available at http://lists.gnupg.org .
- License
- -------
-
- The library is distributed under the terms of the GNU Lesser
- General Public License (LGPL); see the file COPYING.LIB for the
- actual terms. The helper programs (gcryptrnd and getrandom) as
- well as the documentation are distributed under the terms of the
- GNU General Public License (GPL); see the file COPYING for teh
- actual terms.
-
- This library used to be available under the GPL - this was changed
- with version 1.1.7 with the rationale that there are now many free
- crypto libraries available and many of them come with capabilities
- similar to Libcrypt. We decided that to foster the use of
- cryptography in Free Software an LGPLed library would make more
- sense because it avoids problems due to license incompatibilities
- between some Free Software licenses and the GPL.
-
- Please note that in many cases it is better for a library to be
- licensed under the GPL, so that it provides an advantage for free
- software projects. The Lesser GPL is so named because it does
- less to protect the freedom of the users of the code that it
- covers. See http://www.gnu.org/philosophy/why-not-lgpl.html for
- more explanation.
-
-
Configure options
-----------------
Here is a list of configure options which are sometimes useful
@@ -142,11 +155,54 @@
auto - Compile linux, egd and unix in and
automagically select at runtime.
+ --disable-padlock-support
+ Disable support for the PadLock engine of VIA
+ processors. The default is to use PadLock if
+ available. Try this if you get problems with
+ assembler code.
+ License
+ -------
+
+ The library is distributed under the terms of the GNU Lesser
+ General Public License (LGPL); see the file COPYING.LIB for the
+ actual terms. The helper programs (gcryptrnd and getrandom) as
+ well as the documentation are distributed under the terms of the
+ GNU General Public License (GPL); see the file COPYING for teh
+ actual terms.
+
+ This library used to be available under the GPL - this was changed
+ with version 1.1.7 with the rationale that there are now many free
+ crypto libraries available and many of them come with capabilities
+ similar to Libcrypt. We decided that to foster the use of
+ cryptography in Free Software an LGPLed library would make more
+ sense because it avoids problems due to license incompatibilities
+ between some Free Software licenses and the GPL.
+
+ Please note that in many cases it is better for a library to be
+ licensed under the GPL, so that it provides an advantage for free
+ software projects. The Lesser GPL is so named because it does
+ less to protect the freedom of the users of the code that it
+ covers. See http://www.gnu.org/philosophy/why-not-lgpl.html for
+ more explanation.
+
+
Contact
-------
See the file AUTHORS.
+ Commercial grade support for Libgcrypt is available; please see
+ http://www.gnupg.org/service.html .
+
+
+ This file is Free Software; as a special exception the authors gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved. For conditions
+ of the whole package, please see the file COPYING. This file is
+ distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY, to the extent permitted by law; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
Modified: trunk/TODO
===================================================================
--- trunk/TODO 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/TODO 2007-12-10 09:17:25 UTC (rev 1277)
@@ -3,12 +3,14 @@
* Next API break:
** gcry_ac_io_t
Remove use of anonymous union.
+** gcry_ac
+ Consider to remove it.
* udiv-qrnbd.o should get build as *.lo [HPUX]
-* Allow operation using RSA keys consisting of the OpenSSL list of
- parameters and allow for a third form where the private Exponent
- is not given (saves space).
+* Allow operation using RSA keys consisting of the OpenSSL keys.
+ This requires the introduction of a parameter names (say) U which
+ is calculated according to OpenSSL/PKCS#1 rules.
* Add a warning to the manual, to check that libgcrypt actually has
been compiled with thread support when used by a threaded
@@ -20,13 +22,6 @@
* Add attributes to the MPI functions.
-* In case the ac interface will be more popular than the pk interface,
- the asymmetric ciphers could be changed for convenient interaction
- with the ac interface (i.e. by using ac's `data sets') and the pk
- interface could be changed to be a wrapper for the ac interface.
- ==> It is unlikely that we will do that. The AC interafce turned
- out to be more complicated than the regular one.
-
* cipher/pubkey.c and pubkey implementaions.
Don't rely on the secure memory based wiping function but add an
extra wiping.
Modified: trunk/autogen.sh
===================================================================
--- trunk/autogen.sh 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/autogen.sh 2007-12-10 09:17:25 UTC (rev 1277)
@@ -77,7 +77,8 @@
./configure --enable-maintainer-mode --prefix=${w32root} \
--host=${host} --build=${build} \
- --with-gpg-error-prefix=${w32root}
+ --with-gpg-error-prefix=${w32root} \
+ --disable-padlock-support
exit $?
fi
# ***** end W32 build script *******
Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/cipher/ChangeLog 2007-12-10 09:17:25 UTC (rev 1277)
@@ -1,5 +1,8 @@
2007-12-05 Werner Koch <wk at g10code.com>
+ * rijndael.c (USE_PADLOCK): Depend on ENABLE_PADLOCK_SUPPORT.
+ * rndhw.c (USE_PADLOCK): Ditto
+
* rsa.c (secret): Fixed condition test for using CRT. Reported by
Dean Scarff. Fixes bug#864.
(_gcry_rsa_check_secret_key): Return an erro if the optional
Modified: trunk/cipher/rijndael.c
===================================================================
--- trunk/cipher/rijndael.c 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/cipher/rijndael.c 2007-12-10 09:17:25 UTC (rev 1277)
@@ -48,11 +48,12 @@
/* USE_PADLOCK indicates whether to compile the padlock specific
code. */
#undef USE_PADLOCK
-#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
-#define USE_PADLOCK
-#endif
+#ifdef ENABLE_PADLOCK_SUPPORT
+# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+# define USE_PADLOCK
+# endif
+#endif /*ENABLE_PADLOCK_SUPPORT*/
-
static const char *selftest(void);
typedef struct
Modified: trunk/cipher/rndhw.c
===================================================================
--- trunk/cipher/rndhw.c 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/cipher/rndhw.c 2007-12-10 09:17:25 UTC (rev 1277)
@@ -27,9 +27,11 @@
#include "rand-internal.h"
#undef USE_PADLOCK
-#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
-#define USE_PADLOCK
-#endif
+#ifdef ENABLE_PADLOCK_SUPPORT
+# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+# define USE_PADLOCK
+# endif
+#endif /*ENABLE_PADLOCK_SUPPORT*/
/* Keep track on whether the RNG has problems. */
static volatile int rng_failed;
Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/configure.ac 2007-12-10 09:17:25 UTC (rev 1277)
@@ -1,6 +1,6 @@
# Configure.ac script for Libgcrypt
-# Copyright (C) 1998, 1999, 2000, 2001, 2002
-# 2003, 2004, 2006 Free Software Foundation, Inc.
+# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006,
+# 2007 Free Software Foundation, Inc.
#
# This file is part of Libgcrypt.
#
@@ -27,8 +27,8 @@
# Remember to change the version number immediately *after* a release.
# Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [1.3.3])
-m4_define([my_issvn], [yes])
+m4_define([my_version], [1.4.0])
+m4_define([my_issvn], [no])
m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \
|| echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')]))
@@ -40,7 +40,7 @@
# (No interfaces changed: REVISION++)
LIBGCRYPT_LT_CURRENT=15
LIBGCRYPT_LT_AGE=4
-LIBGCRYPT_LT_REVISION=2
+LIBGCRYPT_LT_REVISION=3
# If the API is changed in an incompatible way: increment the next counter.
@@ -281,7 +281,6 @@
AC_DEFINE(DISABLED_ENDIAN_CHECK,1,[configure did not test for endianess])
fi
-
AC_CHECK_SIZEOF(unsigned short, 2)
AC_CHECK_SIZEOF(unsigned int, 4)
AC_CHECK_SIZEOF(unsigned long, 4)
@@ -422,10 +421,10 @@
# Implementation of --disable-asm.
-AC_MSG_CHECKING([whether assembler modules are requested])
+AC_MSG_CHECKING([whether MPI assembler modules are requested])
AC_ARG_ENABLE([asm],
AC_HELP_STRING([--disable-asm],
- [Disable assembler modules]),
+ [Disable MPI assembler modules]),
[try_asm_modules=$enableval],
[try_asm_modules=yes])
AC_MSG_RESULT($try_asm_modules)
@@ -433,9 +432,10 @@
# Implementation of the --enable-m-guard switch.
AC_MSG_CHECKING([whether memory guard is requested])
AC_ARG_ENABLE(m-guard,
- [ --enable-m-guard enable memory guard facility],
- use_m_guard=$enableval, use_m_guard=no)
- AC_MSG_RESULT($use_m_guard)
+ AC_HELP_STRING([--enable-m-guard],
+ [Enable memory guard facility]),
+ [use_m_guard=$enableval], [use_m_guard=no])
+AC_MSG_RESULT($use_m_guard)
if test "$use_m_guard" = yes ; then
AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature])
fi
@@ -444,10 +444,26 @@
# Check whether we want to use Linux capabilities
AC_MSG_CHECKING([whether use of capabilities is requested])
AC_ARG_WITH(capabilities,
- [ --with-capabilities use linux capabilities [default=no]],
-[use_capabilities="$withval"],[use_capabilities=no])
+ AC_HELP_STRING([--with-capabilities],
+ [Use linux capabilities [default=no]]),
+ [use_capabilities="$withval"],[use_capabilities=no])
AC_MSG_RESULT($use_capabilities)
+
+# Implementation of the --disable-padlock-support switch.
+AC_MSG_CHECKING([whether padlock support is requested])
+AC_ARG_ENABLE(padlock-support,
+ AC_HELP_STRING([--disable-padlock-support],
+ [Disable support for the PadLock Engine of VIA processors]),
+ padlocksupport=$enableval,padlocksupport=yes)
+AC_MSG_RESULT($padlocksupport)
+if test x"$padlocksupport" = xyes ; then
+ AC_DEFINE(ENABLE_PADLOCK_SUPPORT, 1,
+ [Enable support for the PadLock engine.])
+fi
+
+
+
AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
[A human readable text with the name of the OS])
@@ -655,7 +671,7 @@
&& test "$gcry_cv_gcc_has_f_visibility" = "yes"
then
AC_DEFINE(GCRY_USE_VISIBILITY, 1,
- [Define to use the GNU C visibility attribute])
+ [Define to use the GNU C visibility attribute.])
CFLAGS="$CFLAGS -fvisibility=hidden"
fi
Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/doc/gcrypt.texi 2007-12-10 09:17:25 UTC (rev 1277)
@@ -2256,13 +2256,31 @@
@item p-mpi
RSA secret prime @math{p}.
@item q-mpi
-RSA secret prime @math{q} with @math{q > p}.
+RSA secret prime @math{q} with @math{p < q}.
@item u-mpi
-multiplicative inverse @math{u = p^{-1} \bmod q}.
+Multiplicative inverse @math{u = p^{-1} \bmod q}.
@end table
+For signing and decryption the parameters @math{(p, q, u)} are optional
+but greatly improve the performance. Either all of these optional
+parameters must be given or none of them. They are mandatory for
+gcry_pk_testkey.
+Note that OpenSSL uses slighly different parameters: @math{q < p} and
+ @math{u = q^{-1} \bmod p}. To use these parameters you will need to
+swap the values and recompute @math{u}. Here is example code to do this:
+ at example
+ if (gcry_mpi_cmp (p, q) > 0)
+ @{
+ gcry_mpi_swap (p, q);
+ gcry_mpi_invm (u, p, q);
+ @}
+ at end example
+
+
+
+
@node DSA key parameters
@subsection DSA key parameters
@@ -2993,9 +3011,9 @@
former chapter, this one follows an open/use/close paradigm like other
building blocks of the library.
- at strong{This interface as some known problems; most noteworthy an
-inherent tendency to leak memory. It might even be removed in a some
-future version of Libgcrypt.}
+ at strong{This interface has a few known problems; most noteworthy an
+inherent tendency to leak memory. It might not be available in
+forthcoming versions Libgcrypt.}
@menu
@@ -3273,7 +3291,7 @@
In case non-standard settings are wanted, a pointer to a structure of
type @code{gcry_ac_key_spec_<algorithm>_t}, matching the selected
algorithm, can be given as @var{key_spec}. @var{misc_data} is not
-used yet. Such a structure does only exist for RSA. A descriptions
+used yet. Such a structure does only exist for RSA. A description
of the members of the supported structures follows.
@table @code
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/src/ChangeLog 2007-12-10 09:17:25 UTC (rev 1277)
@@ -1,3 +1,7 @@
+2007-12-05 Werner Koch <wk at g10code.com>
+
+ * hwfeatures.c (detect_ia32_gnuc): Depend on ENABLE_PADLOCK_SUPPORT.
+
2007-12-03 Werner Koch <wk at g10code.com>
* misc.c (_gcry_logv): Use abort for error levels fatal and bug as
Modified: trunk/src/hwfeatures.c
===================================================================
--- trunk/src/hwfeatures.c 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/src/hwfeatures.c 2007-12-10 09:17:25 UTC (rev 1277)
@@ -44,6 +44,9 @@
static void
detect_ia32_gnuc (void)
{
+#ifdef ENABLE_PADLOCK_SUPPORT
+ /* The code here is only useful for the PadLock engine thus we don't
+ build it if that support has been disabled. */
int has_cpuid = 0;
char vendor_id[12+1];
@@ -137,9 +140,8 @@
: "%eax", "%edx", "cc"
);
}
-
+#endif /*ENABLE_PADLOCK_SUPPORT*/
}
-
#endif /* __i386__ && SIZEOF_UNSIGNED_LONG == 4 && __GNUC__ */
Modified: trunk/src/secmem.c
===================================================================
--- trunk/src/secmem.c 2007-12-05 09:50:50 UTC (rev 1276)
+++ trunk/src/secmem.c 2007-12-10 09:17:25 UTC (rev 1277)
@@ -103,7 +103,7 @@
ptr_into_pool_p (const void *p)
{
/* We need to convert pointers to addresses. This is required by
- C-99 6.5.8 to avoid undefeined behavious. Using size_t is at
+ C-99 6.5.8 to avoid undefined behaviour. Using size_t is at
least only implementation defined. See also
http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html
*/
More information about the Gnupg-commits
mailing list