|
Packit |
0680ba |
Libgcrypt - The GNU Crypto Library
|
|
Packit |
0680ba |
------------------------------------
|
|
Packit |
0680ba |
Version 1.6
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Copyright (C) 1989,1991-2015 Free Software Foundation, Inc.
|
|
Packit |
0680ba |
Copyright (C) 2012-2015 g10 Code GmbH
|
|
Packit |
0680ba |
Copyright (C) 2013-2015 Jussi Kivilinna
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Libgcrypt is free software. See the file AUTHORS for full copying
|
|
Packit |
0680ba |
notices, and LICENSES for notices about contributions that require
|
|
Packit |
0680ba |
these additional notices to be distributed.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Overview
|
|
Packit |
0680ba |
--------
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Libgcrypt is a general purpose crypto library based on the code
|
|
Packit |
0680ba |
used in GnuPG. Libgcrypt depends on the library `libgpg-error',
|
|
Packit |
0680ba |
which must be installed correctly before Libgcrypt is to be built.
|
|
Packit |
0680ba |
Libgcrypt is distributed under the LGPL, see the section "License"
|
|
Packit |
0680ba |
below for details.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Build Instructions
|
|
Packit |
0680ba |
------------------
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
The download canonical location for libgcrypt is:
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
ftp://ftp.gnupg.org/gcrypt/libgcrypt/
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
To build libgcrypt you need libgpg-error:
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
ftp://ftp.gnupg.org/gcrypt/libgpg-error/
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
You should get the latest versions of course.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
After building and installing the libgpg-error package, you may
|
|
Packit |
0680ba |
continue with Libgcrypt installation as with allmost all GNU
|
|
Packit |
0680ba |
packages, you just have to do
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
./configure
|
|
Packit |
0680ba |
make
|
|
Packit |
0680ba |
make check
|
|
Packit |
0680ba |
make install
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
The "make check" is not required but a good idea to see whether
|
|
Packit |
0680ba |
the library works as expected. The check takes some while and
|
|
Packit |
0680ba |
prints some benchmarking results. Before doing "make install" you
|
|
Packit |
0680ba |
probably need to become root.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
To build libgcrypt for Microsoft Windows, you need to have the
|
|
Packit |
0680ba |
mingw32 cross-building toolchain installed. Instead of running a
|
|
Packit |
0680ba |
plain configure you use
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
./autogen.sh --build-w32
|
|
Packit |
0680ba |
make
|
|
Packit |
0680ba |
make install
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
By default this command sequences expectsd a libgpg-error
|
|
Packit |
0680ba |
installed below $HOME/w32root and installs libgcrypt to that
|
|
Packit |
0680ba |
directory too. See the autogen.sh code for details.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
The documentation is available as an Info file (gcrypt.info). To
|
|
Packit |
0680ba |
build documentation in PDF, run this:
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
cd doc
|
|
Packit |
0680ba |
make pdf
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Mailing List
|
|
Packit |
0680ba |
------------
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
You may want to join the developer's mailing list
|
|
Packit |
0680ba |
gcrypt-devel@gnupg.org by sending mail with a subject of
|
|
Packit |
0680ba |
"subscribe" to gcrypt-devel-request@gnupg.org. An archive of this
|
|
Packit |
0680ba |
list is available at http://lists.gnupg.org .
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Configure options
|
|
Packit |
0680ba |
-----------------
|
|
Packit |
0680ba |
Here is a list of configure options which are sometimes useful
|
|
Packit |
0680ba |
for installation.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-large-data-tests
|
|
Packit |
0680ba |
With this option a "make check" will take really
|
|
Packit |
0680ba |
long due to extra checks for the hash algorithms.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-m-guard
|
|
Packit |
0680ba |
Enable the integrated malloc checking code. Please
|
|
Packit |
0680ba |
note that this feature does not work on all CPUs
|
|
Packit |
0680ba |
(e.g. SunOS 5.7 on UltraSparc-2) and might give
|
|
Packit |
0680ba |
you a bus error.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--disable-asm
|
|
Packit |
0680ba |
Do not use assembler modules. It is not possible
|
|
Packit |
0680ba |
to use this on some CPU types.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-ld-version-script
|
|
Packit |
0680ba |
Libgcrypt tries to build a library where internal
|
|
Packit |
0680ba |
symbols are not exported. This requires support
|
|
Packit |
0680ba |
from ld and is currently enabled for a few OSes.
|
|
Packit |
0680ba |
If you know that your ld supports the so called
|
|
Packit |
0680ba |
ELF version scripts, you can use this option to
|
|
Packit |
0680ba |
force its use. OTOH, if you get error message
|
|
Packit |
0680ba |
from the linker, you probably want to use this
|
|
Packit |
0680ba |
option to disable the use of version scripts.
|
|
Packit |
0680ba |
Note, that you should never ever use an
|
|
Packit |
0680ba |
undocumented symbol or one which is prefixed with
|
|
Packit |
0680ba |
an underscore.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-ciphers=list
|
|
Packit |
0680ba |
--enable-pubkey-ciphers=list
|
|
Packit |
0680ba |
--enable-digests=list
|
|
Packit |
0680ba |
If not otherwise specified, all algorithms
|
|
Packit |
0680ba |
included in the libgcrypt source tree are built.
|
|
Packit |
0680ba |
An exception are algorithms, which depend on
|
|
Packit |
0680ba |
features not provided by the system, like 64bit
|
|
Packit |
0680ba |
data types. With these switches it is possible
|
|
Packit |
0680ba |
to select exactly those algorithm modules, which
|
|
Packit |
0680ba |
should be built. The algorithms are to be
|
|
Packit |
0680ba |
separated by spaces, commas or colons. To view
|
|
Packit |
0680ba |
the list used with the current build the program
|
|
Packit |
0680ba |
tests/version may be used.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--disable-endian-check
|
|
Packit |
0680ba |
Don't let configure test for the endianness but
|
|
Packit |
0680ba |
try to use the OS provided macros at compile
|
|
Packit |
0680ba |
time. This is helpful to create OS X fat binaries.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-random-daemon
|
|
Packit |
0680ba |
Include support for a global random daemon and
|
|
Packit |
0680ba |
build the daemon. This is an experimental feature.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-mpi-path=EXTRA_PATH
|
|
Packit |
0680ba |
Prepend EXTRA_PATH to list of CPU specific
|
|
Packit |
0680ba |
optimizations. For example, if you want to add
|
|
Packit |
0680ba |
optimizations forn a Intel Pentium 4 compatible
|
|
Packit |
0680ba |
CPU, you may use
|
|
Packit |
0680ba |
--enable-mpi-path=pentium4/sse2:pentium4/mmx
|
|
Packit |
0680ba |
Take care: The generated library may crash on
|
|
Packit |
0680ba |
non-compatible CPUs.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-random=NAME
|
|
Packit |
0680ba |
Force the use of the random gathering module
|
|
Packit |
0680ba |
NAME. Default is either to use /dev/random or
|
|
Packit |
0680ba |
the auto mode. Possible values for NAME are:
|
|
Packit |
0680ba |
egd - Use the module which accesses the
|
|
Packit |
0680ba |
Entropy Gathering Daemon. See the webpages
|
|
Packit |
0680ba |
for more information about it.
|
|
Packit |
0680ba |
unix - Use the standard Unix module which does not
|
|
Packit |
0680ba |
have a very good performance.
|
|
Packit |
0680ba |
linux - Use the module which accesses /dev/random.
|
|
Packit |
0680ba |
This is the first choice and the default one
|
|
Packit |
0680ba |
for GNU/Linux or *BSD.
|
|
Packit |
0680ba |
auto - Compile linux, egd and unix in and
|
|
Packit |
0680ba |
automagically select at runtime.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--enable-hmac-binary-check
|
|
Packit |
0680ba |
Include support to check the binary at runtime
|
|
Packit |
0680ba |
against a HMAC checksum. This works only in FIPS
|
|
Packit |
0680ba |
mode and on systems providing the dladdr function.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--disable-padlock-support
|
|
Packit |
0680ba |
Disable support for the PadLock engine of VIA
|
|
Packit |
0680ba |
processors. The default is to use PadLock if
|
|
Packit |
0680ba |
available. Try this if you get problems with
|
|
Packit |
0680ba |
assembler code.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--disable-aesni-support
|
|
Packit |
0680ba |
Disable support for the AES-NI instructions of
|
|
Packit |
0680ba |
newer Intel CPUs. The default is to use AES-NI
|
|
Packit |
0680ba |
if available. Try this if you get problems with
|
|
Packit |
0680ba |
assembler code.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
--disable-O-flag-munging
|
|
Packit |
0680ba |
Some code is too complex for some compilers while
|
|
Packit |
0680ba |
in higher optimization modes, thus the compiler
|
|
Packit |
0680ba |
invocation is modified to use a lower
|
|
Packit |
0680ba |
optimization level. Usually this works very well
|
|
Packit |
0680ba |
but on some platforms these rules break the
|
|
Packit |
0680ba |
invocation. This option may be used to disable
|
|
Packit |
0680ba |
the feature under the assumption that either good
|
|
Packit |
0680ba |
CFLAGS are given or the compiler can grok the code.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Build Problems
|
|
Packit |
0680ba |
--------------
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
We can't check all assembler files, so if you have problems
|
|
Packit |
0680ba |
assembling them (or the program crashes) use --disable-asm with
|
|
Packit |
0680ba |
./configure. If you opt to delete individual replacement files in
|
|
Packit |
0680ba |
hopes of using the remaining ones, be aware that the configure
|
|
Packit |
0680ba |
scripts may consider several subdirectories to get all available
|
|
Packit |
0680ba |
assembler files; be sure to delete the correct ones. Never delete
|
|
Packit |
0680ba |
udiv-qrnnd.S in any CPU directory, because there may be no C
|
|
Packit |
0680ba |
substitute (in mpi/genereic). Don't forget to delete
|
|
Packit |
0680ba |
"config.cache" and run "./config.status --recheck". We got a few
|
|
Packit |
0680ba |
reports about problems using versions of gcc earlier than 2.96
|
|
Packit |
0680ba |
along with a non-GNU assembler (as). If this applies to your
|
|
Packit |
0680ba |
platform, you can either upgrade gcc to a more recent version, or
|
|
Packit |
0680ba |
use the GNU assembler.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Some make tools are broken - the best solution is to use GNU's
|
|
Packit |
0680ba |
make. Try gmake or grab the sources from a GNU archive and
|
|
Packit |
0680ba |
install them.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Specific problems on some machines:
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
* IBM RS/6000 running AIX
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Due to a change in gcc (since version 2.8) the MPI stuff may
|
|
Packit |
0680ba |
not build. In this case try to run configure using:
|
|
Packit |
0680ba |
CFLAGS="-g -O2 -mcpu=powerpc" ./configure
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
* SVR4.2 (ESIX V4.2 cc)
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Due to problems with the ESIX as(1), you probably want to do:
|
|
Packit |
0680ba |
CFLAGS="-O -K pentium" ./configure --disable-asm
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
* SunOS 4.1.4
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
./configure ac_cv_sys_symbol_underscore=yes
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
* Sparc64 CPUs
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
We have reports about failures in the AES module when
|
|
Packit |
0680ba |
compiling using gcc (e.g. version 4.1.2) and the option -O3;
|
|
Packit |
0680ba |
using -O2 solves the problem.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
License
|
|
Packit |
0680ba |
-------
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
The library is distributed under the terms of the GNU Lesser
|
|
Packit |
0680ba |
General Public License (LGPL); see the file COPYING.LIB for the
|
|
Packit |
0680ba |
actual terms. The helper programs (e.g. gcryptrnd and getrandom)
|
|
Packit |
0680ba |
as well as the documentation are distributed under the terms of
|
|
Packit |
0680ba |
the GNU General Public License (GPL); see the file COPYING for the
|
|
Packit |
0680ba |
actual terms. The file LICENSES has notices about contributions
|
|
Packit |
0680ba |
that require these additional notices are distributed.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
This library used to be available under the GPL - this was changed
|
|
Packit |
0680ba |
with version 1.1.7 with the rationale that there are now many free
|
|
Packit |
0680ba |
crypto libraries available and many of them come with capabilities
|
|
Packit |
0680ba |
similar to Libcrypt. We decided that to foster the use of
|
|
Packit |
0680ba |
cryptography in Free Software an LGPLed library would make more
|
|
Packit |
0680ba |
sense because it avoids problems due to license incompatibilities
|
|
Packit |
0680ba |
between some Free Software licenses and the GPL.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Please note that in many cases it is better for a library to be
|
|
Packit |
0680ba |
licensed under the GPL, so that it provides an advantage for free
|
|
Packit |
0680ba |
software projects. The Lesser GPL is so named because it does
|
|
Packit |
0680ba |
less to protect the freedom of the users of the code that it
|
|
Packit |
0680ba |
covers. See http://www.gnu.org/philosophy/why-not-lgpl.html for
|
|
Packit |
0680ba |
more explanation.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Contact
|
|
Packit |
0680ba |
-------
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
See the file AUTHORS.
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Commercial grade support for Libgcrypt is available; please see
|
|
Packit |
0680ba |
http://www.gnupg.org/service.html .
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
Commercial grade support for Libgcrypt is available; for a listing
|
|
Packit |
0680ba |
of offers see http://www.gnupg.org/service.html . The driving
|
|
Packit |
0680ba |
force behind the development of Libgcrypt is the company of its
|
|
Packit |
0680ba |
principal author, Werner Koch. Maintenance and improvement of
|
|
Packit |
0680ba |
Libgcrypt takes up a lot resources. To allow him to continue his
|
|
Packit |
0680ba |
work, he asks to either purchase a support contract, engage them
|
|
Packit |
0680ba |
for custom enhancements, or to donate money. See http://g10code.com .
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
|
|
Packit |
0680ba |
This file is Free Software; as a special exception the authors gives
|
|
Packit |
0680ba |
unlimited permission to copy and/or distribute it, with or without
|
|
Packit |
0680ba |
modifications, as long as this notice is preserved. For conditions
|
|
Packit |
0680ba |
of the whole package, please see the file COPYING. This file is
|
|
Packit |
0680ba |
distributed in the hope that it will be useful, but WITHOUT ANY
|
|
Packit |
0680ba |
WARRANTY, to the extent permitted by law; without even the implied
|
|
Packit |
0680ba |
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|