|
Packit Service |
aec53c |
# What's left to do -*- org -*-
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* Next API break:
|
|
Packit Service |
aec53c |
** gcry_ac_io_t
|
|
Packit Service |
aec53c |
Remove use of anonymous union.
|
|
Packit Service |
aec53c |
** gcry_ac
|
|
Packit Service |
aec53c |
Consider to remove it.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* udiv-qrnbd.o should get build as *.lo [HPUX]
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* Allow operation using RSA keys consisting of the OpenSSL keys.
|
|
Packit Service |
aec53c |
This requires the introduction of a parameter names (say) U which
|
|
Packit Service |
aec53c |
is calculated according to OpenSSL/PKCS#1 rules.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* linker script test
|
|
Packit Service |
aec53c |
Write an autoconf test to check whether the linker supports a
|
|
Packit Service |
aec53c |
version script.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* Add attributes to the MPI functions.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* cipher/pubkey.c and pubkey implementations.
|
|
Packit Service |
aec53c |
Don't rely on the secure memory based wiping function but add an
|
|
Packit Service |
aec53c |
extra wiping.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* Use builtin bit functions of gcc 3.4
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* Consider using a daemon to maintain the random pool
|
|
Packit Service |
aec53c |
[Partly done] The down side of this is that we can't assume that the
|
|
Packit Service |
aec53c |
random has has always been stored in "secure memory". And we rely
|
|
Packit Service |
aec53c |
on that sniffing of Unix domain sockets is not possible. We can
|
|
Packit Service |
aec53c |
implement this simply by detecting a special prefixed random seed
|
|
Packit Service |
aec53c |
name and divert in this case to the daemon. There are several
|
|
Packit Service |
aec53c |
benefits with such an approach: We keep the state of the RNG over
|
|
Packit Service |
aec53c |
invocations of libgcrypt based applications, don't need time
|
|
Packit Service |
aec53c |
consuming initialization of the pool and in case the entropy
|
|
Packit Service |
aec53c |
collectros need to run that bunch of Unix utilities we don't waste
|
|
Packit Service |
aec53c |
their precious results.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* gcryptrnd.c
|
|
Packit Service |
aec53c |
Requires a test for pth [done] as well as some other tests.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* secmem.c
|
|
Packit Service |
aec53c |
Check whether the memory block is valid before releasing it and
|
|
Packit Service |
aec53c |
print a diagnosic, like glibc does.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* threads
|
|
Packit Service |
aec53c |
** We need to document fork problems
|
|
Packit Service |
aec53c |
In particular that reinitialization is required in random.c
|
|
Packit Service |
aec53c |
However, there is no code yet to do it.
|
|
Packit Service |
aec53c |
|
|
Packit Service |
aec53c |
* Tests
|
|
Packit Service |
aec53c |
We need a lot more tests. Lets keep an ever growing list here.
|
|
Packit Service |
aec53c |
** Write tests for the progress function
|
|
Packit Service |
aec53c |
** mpitests does no real checks yet.
|
|
Packit Service |
aec53c |
** pthreads
|
|
Packit Service |
aec53c |
To catch simple errors like the one fixed on 2007-03-16.
|
|
Packit Service |
aec53c |
** C++ tests
|
|
Packit Service |
aec53c |
We have some code to allow using libgcrypt from C++, so we also
|
|
Packit Service |
aec53c |
should have a test case.
|