[gnutls-dev] gnutls 1.0.20 and 1.1.17

Simon Josefsson jas at extundo.com
Wed Aug 18 15:36:08 CEST 2004


Hello.  Changes:
- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption,
  reported by Robey Pointer <robey at danger.com>.

For 1.1, the changes also include:
- Generic crypto interface for secret key ciphers, hashes and randomness added.
  See section "Experimental" within section "COMPILATION ISSUES" in README.
- Removed length limit on passwords read by 'certtool'.
- Documentation fixes.

Below is the information from README on the new generic crypto
interface.  Note that Libgcrypt is still required (for things the
generic crypto interface doesn't support yet).  If you want to write
crypto wrappers for your favorite crypto library, please go ahead.

  If you specify --with-nettle, the copy of some files from Nettle that
  are included in nettle/ will be used.  It is used via the generic
  crypto interface in crypto/, which would normally invoke Libgcrypt.

  Currently the generic crypto interface only support secret key
  ciphering, hashing and gathering of random data.  Supporting
  RSA/DSA/DH/SEXP/MPI in the generic crypto interface is pending.

  As Nettle do not include a randomness gatherer, if --with-nettle is
  specified, random data will be read from system device files (e.g.,
  /dev/urandom) directly.  The files used are printed when running
  configure, you can override them using --enable-random-device,
  --enable-pseudo-random-device, and --enable-nonce-device.  Please let
  us know if the defaults for some systems are wrong.

  The goal here is to make GnuTLS build standalone, in case Libgcrypt is
  not available, but also to allow easy use of other crypto libraries or
  crypto hardware.

Happy hacking,
Simon





More information about the Gnutls-devel mailing list