| What's left to do -*- outline -*- |
| |
| * Next API break: |
| ** gcry_ac_io_t |
| Remove use of anonymous union. |
| ** gcry_ac |
| Consider to remove it. |
| |
| * udiv-qrnbd.o should get build as *.lo [HPUX] |
| |
| * Allow operation using RSA keys consisting of the OpenSSL keys. |
| This requires the introduction of a parameter names (say) U which |
| is calculated according to OpenSSL/PKCS#1 rules. |
| |
| * linker script test |
| Write an autoconf test to check whether the linker supports a |
| version script. |
| |
| * Add attributes to the MPI functions. |
| |
| * cipher/pubkey.c and pubkey implementaions. |
| Don't rely on the secure memory based wiping function but add an |
| extra wiping. |
| |
| * Use builtin bit functions of gcc 3.4 |
| |
| * Consider using a daemon to maintain the random pool |
| [Partly done] The down side of this is that we can't assume that the |
| random has has always been stored in "secure memory". And we rely |
| on that sniffing of Unix domain sockets is not possible. We can |
| implement this simply by detecting a special prefixed random seed |
| name and divert in this case to the daemon. There are several |
| benefits with such an approach: We keep the state of the RNG over |
| invocations of libgcrypt based applications, don't need time |
| consuming initialization of the pool and in case the entropy |
| collectros need to run that bunch of Unix utilities we don't waste |
| their precious results. |
| |
| * Add OAEP |
| |
| * gcryptrnd.c |
| Requires a test for pth [done] as well as some other tests. |
| |
| * secmem.c |
| Check whether the memory block is valid before releasing it and |
| print a diagnosic, like glibc does. |
| |
| * threads |
| ** We need to document fork problems |
| In particular that reinitialization is required in random.c |
| However, there is no code yet to do it. |
| |
| * Tests |
| We need a lot more tests. Lets keep an ever growing list here. |
| ** Write tests for the progress function |
| ** mpitests does no real checks yet. |
| ** pthreads |
| To catch simple errors like the one fixed on 2007-03-16. |
| ** C++ tests |
| We have some code to allow using libgcrypt from C++, so we also |
| should have a test case. |