simon at josefsson.org
Thu Dec 3 14:59:12 CET 2009
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> On Tue, Dec 1, 2009 at 2:47 PM, Simon Josefsson <simon at josefsson.org> wrote:
>> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>>> Simon Josefsson wrote:
>>>> Nikos, did you forget to commit some file?
>>>> cryptodev.c:29:30: error: crypto/cryptodev.h: No such file or directory
>>> It was including this file unconditionally. Now it should be ok (only
>>> included if --enable-cryptodev is specified). If you have a cpu with
>>> crypto accelerator that is supported by linux (via and some amd geode
>>> cpus have), and you use cryptodev you should get quite a difference. For
>>> some reason I get big difference by using the kernel aes implementation.
>> Any links to the cryptodev.h stuff? Any pointers on how to enable it on
>> Debian would be useful, I can't seem to find anything.
> The cryptodev for linux module is at:
> (note that it may not install the crypto/cryptodev.h correctly, thus you might
> need to copy it by yourself).
Thanks! My debian kernel doesn't have /dev/crytpo, so I'll think I'll
defer testing this for a while...
>> I see you made changes to the public header files, several of those
>> changes appears backwards incompatible -- that will break ABI
>> compatibility, which isn't a good idea. Are these changes necessary?
>> If they are, and we really want to deprecate the old interfaces, we need
>> compatibility functions defined somewhere, and prototypes for them in
>> gnutls/compat.h. Please also write a NEWS blurb for these API changes.
> I will but I need more time to finish this. I might change more stuff.
> ABI compatibility on the crypto.h is not really an issue- the new code
> can know whether the old abi is used an return an error.
ABI compatibility is always an issue, we cannot remove any existing
interfaces unless we bump the ABI version (and that will cause a
significant amount of pain for packagers so let's not). So please add
compatibility hooks for everything that was removed.
Maybe the cryptodev stuff should be developed on a branch until your new
crypto.h ABI has stabilized, if you are thinking of changing more
things? I was thinking of making a GnuTLS 2.10.x release with official
stable support for TLS 1.2 soon, and the 2.9.x branch was relatively
stable before these changes.
>> Building fails for me right now:
>> crq.c: In function 'rsadsa_crq_get_key_id':
>> crq.c:2333: error: implicit declaration of function '_gnutls_hash' [-Wimplicit-function-declaration]
>> crq.c:2333: error: nested extern declaration of '_gnutls_hash' [-Wnested-externs]
> I will check it later, probably some header is missing.
That was fixed, but git trunk still doesn't build for me:
compat.c:35: error: no previous prototype for 'gnutls_crypto_single_mac_register2' [-Wmissing-prototypes]
compat.c:40: error: no previous prototype for 'gnutls_crypto_mac_register2' [-Wmissing-prototypes]
More information about the Gnutls-devel