summaryrefslogtreecommitdiff
path: root/TODO
blob: 7aa4de1af65a6adc5be2b950a856043ff5a2ed5e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# What's left to do                                 -*- org -*-

* Next API break:
** gcry_ac_io_t
  Remove use of anonymous union.
** gcry_ac
  Consider to remove it.

* udiv-qrnbd.o should get build as *.lo [HPUX]

* Allow operation using RSA keys consisting of the OpenSSL keys.
  This requires the introduction of a parameter names (say) U which
  is calculated according to OpenSSL/PKCS#1 rules.

* linker script test
  Write an autoconf test to check whether the linker supports a
  version script. 

* Add attributes to the MPI functions.

* cipher/pubkey.c and pubkey implementations.
  Don't rely on the secure memory based wiping function but add an
  extra wiping.
  
* Use builtin bit functions of gcc 3.4

* Consider using a daemon to maintain the random pool
  [Partly done] The down side of this is that we can't assume that the
  random has has always been stored in "secure memory".  And we rely
  on that sniffing of Unix domain sockets is not possible.  We can
  implement this simply by detecting a special prefixed random seed
  name and divert in this case to the daemon.  There are several
  benefits with such an approach: We keep the state of the RNG over
  invocations of libgcrypt based applications, don't need time
  consuming initialization of the pool and in case the entropy
  collectros need to run that bunch of Unix utilities we don't waste
  their precious results.

* gcryptrnd.c
  Requires a test for pth [done] as well as some other tests.

* secmem.c
  Check whether the memory block is valid before releasing it and
  print a diagnosic, like glibc does.

* threads
** We need to document fork problems
  In particular that reinitialization is required in random.c
  However, there is no code yet to do it.

* Tests
  We need a lot more tests.  Lets keep an ever growing list here.
** Write tests for the progress function
** mpitests does no real checks yet.
** pthreads
  To catch simple errors like the one fixed on 2007-03-16.
** C++ tests
  We have some code to allow using libgcrypt from C++, so we also
  should have a test case.