-What's left to do -*- outline -*-
+# What's left to do -*- org -*-
* Next API break:
** gcry_ac_io_t
Remove use of anonymous union.
+** gcry_ac
+ Consider to remove it.
* udiv-qrnbd.o should get build as *.lo [HPUX]
-* Allow operation using RSA keys consisting of the OpenSSL list of
- parameters and allow for a third form where the private Exponent
- is not given (saves space).
-
-* Add a warning to the manual, to check that libgcrypt actually has
- been compiled with thread support when used by a threaded
- application.
+* Allow operation using RSA keys consisting of the OpenSSL keys.
+ This requires the introduction of a parameter names (say) U which
+ is calculated according to OpenSSL/PKCS#1 rules.
* linker script test
Write an autoconf test to check whether the linker supports a
version script.
-* Make use of the forthcoming visibility attribute.
-
* Add attributes to the MPI functions.
-* In case the ac interface will be more popular than the pk interface,
- the asymmetric ciphers could be changed for convenient interaction
- with the ac interface (i.e. by using ac's `data sets') and the pk
- interface could be changed to be a wrapper for the ac interface.
- ==> It is unlikely that we will do that. The AC interafce turned
- out to be more complicated than the regular one.
-
* cipher/pubkey.c and pubkey implementaions.
Don't rely on the secure memory based wiping function but add an
extra wiping.
-* update/improve documentation
-** it's outdated for e.g. gcry_pk_algo_info.
-** document algorithm capabilities
-** Init requirements for random
- The documentation says in "Controlling the library" that some
- functions can only be used at initialization time, but it does not
- explain what that means. Initialization is a multi-step procedure:
- First the thread callbacks have to be set up (optional), then the
- gcry_check_version() function must be called (mandatory), then
- further functions can be used.
-
- The manual also says that something happens when the seed file is
- registered berfore the PRNG is initialized, but it does not say how
- one can guarantee to call it early enough.
-
- Suggested fix: Specify initialization time as the time after
- gcry_check_version and before calling any other function except
- gcry_control().
-
- All functions which modify global state without a lock must be
- documented as "can only be called during initialization time" (but
- see item 1). Then the extraneous calls to _gcry_random_initialize
- in gcry_control() can be removed, and the comments "not thread
- safe" in various initialization-time-only functions like
- _gcry_use_random_daemon become superfluous.
-
* Use builtin bit functions of gcc 3.4
* Consider using a daemon to maintain the random pool
collectros need to run that bunch of Unix utilities we don't waste
their precious results.
-* Out of memory handler for secure memory should do proper logging
-
- There is no shortage of standard memory, so logging is most likely
- possible.
-
-* mpi_print does not use secure memory
- for internal variables.
-
-* gcry_mpi_lshift is missing
-
-* Add internal versions of mpi functions
- Or make use of the visibility attribute.
-
-* Add OAEP
-
* gcryptrnd.c
Requires a test for pth [done] as well as some other tests.
** C++ tests
We have some code to allow using libgcrypt from C++, so we also
should have a test case.
-
-* /dev/urandom and Solaris
- Make the configure check similar to GnuPG.
projects / libgcrypt.git / blobdiff