[gnutls-dev] gnutls 1.0.20 and 1.1.17
Simon Josefsson
jas at extundo.com
Wed Aug 18 15:36:08 CEST 2004
Hello. Changes:
- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption,
reported by Robey Pointer <robey at danger.com>.
For 1.1, the changes also include:
- Generic crypto interface for secret key ciphers, hashes and randomness added.
See section "Experimental" within section "COMPILATION ISSUES" in README.
- Removed length limit on passwords read by 'certtool'.
- Documentation fixes.
Below is the information from README on the new generic crypto
interface. Note that Libgcrypt is still required (for things the
generic crypto interface doesn't support yet). If you want to write
crypto wrappers for your favorite crypto library, please go ahead.
If you specify --with-nettle, the copy of some files from Nettle that
are included in nettle/ will be used. It is used via the generic
crypto interface in crypto/, which would normally invoke Libgcrypt.
Currently the generic crypto interface only support secret key
ciphering, hashing and gathering of random data. Supporting
RSA/DSA/DH/SEXP/MPI in the generic crypto interface is pending.
As Nettle do not include a randomness gatherer, if --with-nettle is
specified, random data will be read from system device files (e.g.,
/dev/urandom) directly. The files used are printed when running
configure, you can override them using --enable-random-device,
--enable-pseudo-random-device, and --enable-nonce-device. Please let
us know if the defaults for some systems are wrong.
The goal here is to make GnuTLS build standalone, in case Libgcrypt is
not available, but also to allow easy use of other crypto libraries or
crypto hardware.
Happy hacking,
Simon
More information about the Gnutls-devel
mailing list