From a7ce99fa757b84d2157c25d04bd2bb97cd50b747 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 10 Dec 2007 09:17:25 +0000 Subject: Preparing 1.4.0. --- ChangeLog | 10 +++++ NEWS | 5 ++- README | 132 ++++++++++++++++++++++++++++++++++++++---------------- TODO | 15 +++---- autogen.sh | 3 +- cipher/ChangeLog | 3 ++ cipher/rijndael.c | 9 ++-- cipher/rndhw.c | 8 ++-- configure.ac | 44 ++++++++++++------ doc/gcrypt.texi | 30 ++++++++++--- src/ChangeLog | 4 ++ src/hwfeatures.c | 6 ++- src/secmem.c | 2 +- 13 files changed, 191 insertions(+), 80 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9cc150f8..daac12b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2007-12-10 Werner Koch + + Released 1.4.0. + + * configure.ac: Set LT to C15/A4/R3. + +2007-12-05 Werner Koch + + * configure.ac: Add option --disable-padlock-support. + 2007-12-03 Werner Koch Released 1.3.2. diff --git a/NEWS b/NEWS index 27d2b76a..848aa62d 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ -Noteworthy changes in version 1.4.0 +Noteworthy changes in version 1.4.0 (2007-12-10) ------------------------------------------------ + * New configure option --disable-padlock-support which is mostly + useful in case of build problems. + Noteworthy changes in version 1.3.2 (2007-12-03) ------------------------------------------------ diff --git a/README b/README index 9bad05a1..8e75e400 100644 --- a/README +++ b/README @@ -1,10 +1,6 @@ libgcrypt - The GNU crypto library ------------------------------------ - Version 1.3.x - - WARNING: This is the development branch of Libgcrypt. The stable - version is 1.2.x. - + Version 1.4.0 Copyright 2000, 2002, 2003, 2004, 2007 Free Software Foundation, Inc. @@ -22,14 +18,57 @@ -------- Libgcrypt is a general purpose crypto library based on the code - used in GnuPG. We can't start with a new version number because - libgcrypt was part of GnuPG 1.1 and some applications already used - it and tested for the version number. We believe that the API can - stay as it is, except that new functions may be added in the - future. + used in GnuPG. Libgcrypt depends on the library `libgpg-error', + which must be installed correctly before Libgcrypt is to be built. + Libgcrypt is distributed under the LGPL, see the section "License" + below for details. + + + Build Instructions + ------------------ + + The download canonical location for libgcrypt is: + + ftp://ftp.gnupg.org/gcrypt/libgcrypt/ + + To build libgcrypt you need libgpg-error: + + ftp://ftp.gnupg.org/gcrypt/libgpg-error/ + + You should get the latest versions of course. + + After building and installing the libgpg-error package, you may + continue with Libgcrypt installation As with allmost all GNU + packages, you just have to do + + ./configure + make + make check + make install + + The "make check" is not required but a good idea to see whether + the library works as expected. The check takes some while and + prints some benchmarking results. Before doing "make install" you + probably need to become root. + + To build libgcrypt for Microsoft Windows, you need to have the + mingw32 cross-building toolchain installed. Instead of running a + plain configure you use + + ./autogen.sh --build-w32 + make + make install + + By default this command sequences expectsd a libgpg-error + installed below $HOME/w32root and installs libgcrypt to that + directory too. See the autogen.sh code for details. + + The documentation is available as an Info file (gcrypt.info). To + build documentation in PDF, run this: + + cd doc + make pdf - Libgcrypt depends on the library `libgpg-error', which must be - installed correctly before Libgcrypt is to be built. Mailing List @@ -41,32 +80,6 @@ list is available at http://lists.gnupg.org . - License - ------- - - The library is distributed under the terms of the GNU Lesser - General Public License (LGPL); see the file COPYING.LIB for the - actual terms. The helper programs (gcryptrnd and getrandom) as - well as the documentation are distributed under the terms of the - GNU General Public License (GPL); see the file COPYING for teh - actual terms. - - This library used to be available under the GPL - this was changed - with version 1.1.7 with the rationale that there are now many free - crypto libraries available and many of them come with capabilities - similar to Libcrypt. We decided that to foster the use of - cryptography in Free Software an LGPLed library would make more - sense because it avoids problems due to license incompatibilities - between some Free Software licenses and the GPL. - - Please note that in many cases it is better for a library to be - licensed under the GPL, so that it provides an advantage for free - software projects. The Lesser GPL is so named because it does - less to protect the freedom of the users of the code that it - covers. See http://www.gnu.org/philosophy/why-not-lgpl.html for - more explanation. - - Configure options ----------------- Here is a list of configure options which are sometimes useful @@ -142,11 +155,54 @@ auto - Compile linux, egd and unix in and automagically select at runtime. + --disable-padlock-support + Disable support for the PadLock engine of VIA + processors. The default is to use PadLock if + available. Try this if you get problems with + assembler code. + + License + ------- + + The library is distributed under the terms of the GNU Lesser + General Public License (LGPL); see the file COPYING.LIB for the + actual terms. The helper programs (gcryptrnd and getrandom) as + well as the documentation are distributed under the terms of the + GNU General Public License (GPL); see the file COPYING for teh + actual terms. + + This library used to be available under the GPL - this was changed + with version 1.1.7 with the rationale that there are now many free + crypto libraries available and many of them come with capabilities + similar to Libcrypt. We decided that to foster the use of + cryptography in Free Software an LGPLed library would make more + sense because it avoids problems due to license incompatibilities + between some Free Software licenses and the GPL. + + Please note that in many cases it is better for a library to be + licensed under the GPL, so that it provides an advantage for free + software projects. The Lesser GPL is so named because it does + less to protect the freedom of the users of the code that it + covers. See http://www.gnu.org/philosophy/why-not-lgpl.html for + more explanation. + Contact ------- See the file AUTHORS. + Commercial grade support for Libgcrypt is available; please see + http://www.gnupg.org/service.html . + + + This file is Free Software; as a special exception the authors gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. For conditions + of the whole package, please see the file COPYING. This file is + distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY, to the extent permitted by law; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + diff --git a/TODO b/TODO index cdaa8e2d..6e83f99b 100644 --- a/TODO +++ b/TODO @@ -3,12 +3,14 @@ What's left to do -*- outline -*- * Next API break: ** gcry_ac_io_t Remove use of anonymous union. +** gcry_ac + Consider to remove it. * udiv-qrnbd.o should get build as *.lo [HPUX] -* Allow operation using RSA keys consisting of the OpenSSL list of - parameters and allow for a third form where the private Exponent - is not given (saves space). +* Allow operation using RSA keys consisting of the OpenSSL keys. + This requires the introduction of a parameter names (say) U which + is calculated according to OpenSSL/PKCS#1 rules. * Add a warning to the manual, to check that libgcrypt actually has been compiled with thread support when used by a threaded @@ -20,13 +22,6 @@ What's left to do -*- outline -*- * Add attributes to the MPI functions. -* In case the ac interface will be more popular than the pk interface, - the asymmetric ciphers could be changed for convenient interaction - with the ac interface (i.e. by using ac's `data sets') and the pk - interface could be changed to be a wrapper for the ac interface. - ==> It is unlikely that we will do that. The AC interafce turned - out to be more complicated than the regular one. - * cipher/pubkey.c and pubkey implementaions. Don't rely on the secure memory based wiping function but add an extra wiping. diff --git a/autogen.sh b/autogen.sh index 6bc47c4e..9b88ce44 100755 --- a/autogen.sh +++ b/autogen.sh @@ -77,7 +77,8 @@ if test "$1" = "--build-w32"; then ./configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} \ - --with-gpg-error-prefix=${w32root} + --with-gpg-error-prefix=${w32root} \ + --disable-padlock-support exit $? fi # ***** end W32 build script ******* diff --git a/cipher/ChangeLog b/cipher/ChangeLog index f81c5da0..e8cd0a1a 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,5 +1,8 @@ 2007-12-05 Werner Koch + * rijndael.c (USE_PADLOCK): Depend on ENABLE_PADLOCK_SUPPORT. + * rndhw.c (USE_PADLOCK): Ditto + * rsa.c (secret): Fixed condition test for using CRT. Reported by Dean Scarff. Fixes bug#864. (_gcry_rsa_check_secret_key): Return an erro if the optional diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 497d4bfa..a839fe9b 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -48,10 +48,11 @@ /* USE_PADLOCK indicates whether to compile the padlock specific code. */ #undef USE_PADLOCK -#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) -#define USE_PADLOCK -#endif - +#ifdef ENABLE_PADLOCK_SUPPORT +# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) +# define USE_PADLOCK +# endif +#endif /*ENABLE_PADLOCK_SUPPORT*/ static const char *selftest(void); diff --git a/cipher/rndhw.c b/cipher/rndhw.c index bbcd945c..577bd155 100644 --- a/cipher/rndhw.c +++ b/cipher/rndhw.c @@ -27,9 +27,11 @@ #include "rand-internal.h" #undef USE_PADLOCK -#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) -#define USE_PADLOCK -#endif +#ifdef ENABLE_PADLOCK_SUPPORT +# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) +# define USE_PADLOCK +# endif +#endif /*ENABLE_PADLOCK_SUPPORT*/ /* Keep track on whether the RNG has problems. */ static volatile int rng_failed; diff --git a/configure.ac b/configure.ac index 1f04e35d..c3459de6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # Configure.ac script for Libgcrypt -# Copyright (C) 1998, 1999, 2000, 2001, 2002 -# 2003, 2004, 2006 Free Software Foundation, Inc. +# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006, +# 2007 Free Software Foundation, Inc. # # This file is part of Libgcrypt. # @@ -27,8 +27,8 @@ min_automake_version="1.10" # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.3.3]) -m4_define([my_issvn], [yes]) +m4_define([my_version], [1.4.0]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) @@ -40,7 +40,7 @@ AC_INIT([libgcrypt], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]), # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=15 LIBGCRYPT_LT_AGE=4 -LIBGCRYPT_LT_REVISION=2 +LIBGCRYPT_LT_REVISION=3 # If the API is changed in an incompatible way: increment the next counter. @@ -281,7 +281,6 @@ else AC_DEFINE(DISABLED_ENDIAN_CHECK,1,[configure did not test for endianess]) fi - AC_CHECK_SIZEOF(unsigned short, 2) AC_CHECK_SIZEOF(unsigned int, 4) AC_CHECK_SIZEOF(unsigned long, 4) @@ -422,10 +421,10 @@ AM_CONDITIONAL(USE_RANDOM_DAEMON, test x$use_random_daemon = xyes) # Implementation of --disable-asm. -AC_MSG_CHECKING([whether assembler modules are requested]) +AC_MSG_CHECKING([whether MPI assembler modules are requested]) AC_ARG_ENABLE([asm], AC_HELP_STRING([--disable-asm], - [Disable assembler modules]), + [Disable MPI assembler modules]), [try_asm_modules=$enableval], [try_asm_modules=yes]) AC_MSG_RESULT($try_asm_modules) @@ -433,9 +432,10 @@ AC_MSG_RESULT($try_asm_modules) # Implementation of the --enable-m-guard switch. AC_MSG_CHECKING([whether memory guard is requested]) AC_ARG_ENABLE(m-guard, - [ --enable-m-guard enable memory guard facility], - use_m_guard=$enableval, use_m_guard=no) - AC_MSG_RESULT($use_m_guard) + AC_HELP_STRING([--enable-m-guard], + [Enable memory guard facility]), + [use_m_guard=$enableval], [use_m_guard=no]) +AC_MSG_RESULT($use_m_guard) if test "$use_m_guard" = yes ; then AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature]) fi @@ -444,10 +444,26 @@ fi # Check whether we want to use Linux capabilities AC_MSG_CHECKING([whether use of capabilities is requested]) AC_ARG_WITH(capabilities, - [ --with-capabilities use linux capabilities [default=no]], -[use_capabilities="$withval"],[use_capabilities=no]) + AC_HELP_STRING([--with-capabilities], + [Use linux capabilities [default=no]]), + [use_capabilities="$withval"],[use_capabilities=no]) AC_MSG_RESULT($use_capabilities) + +# Implementation of the --disable-padlock-support switch. +AC_MSG_CHECKING([whether padlock support is requested]) +AC_ARG_ENABLE(padlock-support, + AC_HELP_STRING([--disable-padlock-support], + [Disable support for the PadLock Engine of VIA processors]), + padlocksupport=$enableval,padlocksupport=yes) +AC_MSG_RESULT($padlocksupport) +if test x"$padlocksupport" = xyes ; then + AC_DEFINE(ENABLE_PADLOCK_SUPPORT, 1, + [Enable support for the PadLock engine.]) +fi + + + AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", [A human readable text with the name of the OS]) @@ -655,7 +671,7 @@ if test "$gcry_cv_visibility_attribute" = "yes" \ && test "$gcry_cv_gcc_has_f_visibility" = "yes" then AC_DEFINE(GCRY_USE_VISIBILITY, 1, - [Define to use the GNU C visibility attribute]) + [Define to use the GNU C visibility attribute.]) CFLAGS="$CFLAGS -fvisibility=hidden" fi diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index ad745f36..0cb78750 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2256,11 +2256,29 @@ RSA secret exponent @math{d = e^{-1} \bmod (p-1)(q-1)}. @item p-mpi RSA secret prime @math{p}. @item q-mpi -RSA secret prime @math{q} with @math{q > p}. +RSA secret prime @math{q} with @math{p < q}. @item u-mpi -multiplicative inverse @math{u = p^{-1} \bmod q}. +Multiplicative inverse @math{u = p^{-1} \bmod q}. @end table +For signing and decryption the parameters @math{(p, q, u)} are optional +but greatly improve the performance. Either all of these optional +parameters must be given or none of them. They are mandatory for +gcry_pk_testkey. + +Note that OpenSSL uses slighly different parameters: @math{q < p} and + @math{u = q^{-1} \bmod p}. To use these parameters you will need to +swap the values and recompute @math{u}. Here is example code to do this: + +@example + if (gcry_mpi_cmp (p, q) > 0) + @{ + gcry_mpi_swap (p, q); + gcry_mpi_invm (u, p, q); + @} +@end example + + @node DSA key parameters @@ -2993,9 +3011,9 @@ data structures. As opposed to the pk interface described in the former chapter, this one follows an open/use/close paradigm like other building blocks of the library. -@strong{This interface as some known problems; most noteworthy an -inherent tendency to leak memory. It might even be removed in a some -future version of Libgcrypt.} +@strong{This interface has a few known problems; most noteworthy an +inherent tendency to leak memory. It might not be available in +forthcoming versions Libgcrypt.} @menu @@ -3273,7 +3291,7 @@ bits and stores it in @var{key_pair}. In case non-standard settings are wanted, a pointer to a structure of type @code{gcry_ac_key_spec__t}, matching the selected algorithm, can be given as @var{key_spec}. @var{misc_data} is not -used yet. Such a structure does only exist for RSA. A descriptions +used yet. Such a structure does only exist for RSA. A description of the members of the supported structures follows. @table @code diff --git a/src/ChangeLog b/src/ChangeLog index 0fd0dd2e..c047ecf2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2007-12-05 Werner Koch + + * hwfeatures.c (detect_ia32_gnuc): Depend on ENABLE_PADLOCK_SUPPORT. + 2007-12-03 Werner Koch * misc.c (_gcry_logv): Use abort for error levels fatal and bug as diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 6908c587..200da2c2 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -44,6 +44,9 @@ _gcry_get_hw_features (void) static void detect_ia32_gnuc (void) { +#ifdef ENABLE_PADLOCK_SUPPORT + /* The code here is only useful for the PadLock engine thus we don't + build it if that support has been disabled. */ int has_cpuid = 0; char vendor_id[12+1]; @@ -137,9 +140,8 @@ detect_ia32_gnuc (void) : "%eax", "%edx", "cc" ); } - +#endif /*ENABLE_PADLOCK_SUPPORT*/ } - #endif /* __i386__ && SIZEOF_UNSIGNED_LONG == 4 && __GNUC__ */ diff --git a/src/secmem.c b/src/secmem.c index 1bcfa044..08f6ca53 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -103,7 +103,7 @@ static int ptr_into_pool_p (const void *p) { /* We need to convert pointers to addresses. This is required by - C-99 6.5.8 to avoid undefeined behavious. Using size_t is at + C-99 6.5.8 to avoid undefined behaviour. Using size_t is at least only implementation defined. See also http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html */ -- cgit v1.2.1