release needed - soon #36

Open
rofl0r opened this Issue Jan 29, 2014 · 15 comments

Projects

None yet

6 participants

@rofl0r
rofl0r commented Jan 29, 2014

it's been 3 years since this tomcrypt fork exists, and afaik there hasn't been any release.

i fear that if the development continues at this pace, libtomcrypt will be rendered obsolete soon.

from the outside it looks dead, so new software will probably not be written against it anymore, and chances that security researchers test a library that's not been updated since 4 years are little.

so if you really want to keep this project alive, you better start merging patches into master and pushing out releases soon.

@sjaeckel
Member

currently in the process of syncing up with the changes of @karel-m
hopefully the release will come this year ;-)

@karel-m
Member
karel-m commented Jan 30, 2014

My development related to libtomcrypt and libtommath mostly happens in my repo https://github.com/DCIT/perl-CryptX (perl crypto toolkit based on libtomcrypt). It is not a fork but a modified copy of libtomcrypt + libtommath.

The most significant changes/bugs/improvements I report to @sjaeckel via github issues.

The positive side effect of perl-CryptX is that it proves that "my" libtomcrypt + libtommath builds and passes many tests on many platforms http://matrix.cpantesters.org/?dist=CryptX+0.021 or http://matrix.cpantesters.org/?dist=CryptX+0.019

I have one important item on my todo list I want to finish - improving primality testing and making DSA/RSA keys generation closer to FIPS-186-4 requirements. After that I can help with preparing libtomcrypt release.

@rofl0r
rofl0r commented Jan 30, 2014

@karel-m maybe you could join the team here and help @sjaeckel to get a release ready ? according to the libtom homepage, volunteers are still wanted.

@sjaeckel
Member

still busy...

warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] all over the sources with actual gcc

also I found out that libtommath doesn't work in all configurations with some special compilers... namely cygwin's i686-pc-mingw32-gcc (GCC) 4.7.3 and gcc (GCC) 4.8.2 ... but cygwin's x86_64-w64-mingw32-gcc (GCC) 4.8.2 works fine...

😢 😓

@sjaeckel
Member

I've https://github.com/libtom/libtomcrypt/tree/feature/rmCincludes to propose... okay? any comments? feedback please @karel-m @rofl0r

well I've opened PR #37

@karel-m
Member
karel-m commented Feb 22, 2014

On 17.2.2014 18:46, Steffen Jaeckel wrote:

|warning: dereferencing type-punned pointer will break strict-aliasing
rules [-Wstrict-aliasing]| all over the sources with actual |gcc|

In my perl bindings I handle this by -fno-strict-aliasing (which means just
silencing the warning)

Karel

@rofl0r
rofl0r commented Feb 22, 2014

-fno-strict-aliasing does actually more than just silencing the warning, it turns off aliasing optimizations, so the code violating them will not invoke UB when this switch is passed.
of course it would be preferable to fix the aliasing violations in the code, but it's still much better than just silencing the warnings.

@sjaeckel
Member

PR #39 should handle this, any comments?

@sjaeckel sjaeckel modified the milestone: v1.18.0 Feb 25, 2014
@sjaeckel
Member

someone interested in adding documentation?

@sjaeckel
Member

btw I've already started in branch feature/doc

@sjaeckel
Member

@buggywhip would you mind adding the documentation part for the dynamic helpers please?

@buggywhip

On Aug 30, 2014, at 8:20 AM, Steffen Jaeckel notifications@github.com wrote:

@buggywhip would you mind adding the documentation part for the dynamic helpers please?

Sure, I'll prepare some changes to crypt.tex. Do you have a preference for adding them under "The Application Programming Interface (API)" as section 2.6 or under "Miscellaneous" as section 11.3?

@sjaeckel
Member

Cool, thanks.
I think the "Miscellaneous" section is good

Cheerz from the guy that is still searching a reference for the DSA private key format implemented by @nmav...

@silverkorn

I'm really happy to see that many old pending branches were now merged! 😃
This said, do you think we might see a stable release in the master/tag branch soon?

No pressure, just that I would like to integrate a stable and non-outdated version of this library in a project.

Thanks for all great work on keeping libtomcrypt alive and up-to-date!

@justinclift

The code seems reasonably stable at present.

Any chance of a 1.18 release with the current code base, if things aren't quite good enough for 2.0.0?

It'd make a positive difference for OSX users. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment