Libgcrypt - The GNU Crypto Library
------------------------------------
Version 1.9
Copyright (C) 1989,1991-2018 Free Software Foundation, Inc.
Copyright (C) 2012-2021 g10 Code GmbH
Copyright (C) 2013-2021 Jussi Kivilinna
Libgcrypt is free software. See the file AUTHORS for full copying
notices, and LICENSES for notices about contributions that require
these additional notices to be distributed.
Overview
--------
Libgcrypt is a general purpose crypto library based on the code
used in GnuPG. Libgcrypt depends on the library `libgpg-error',
which must be installed correctly before Libgcrypt is to be built.
Libgcrypt is distributed under the LGPL, see the section "License"
below for details.
Build Instructions
------------------
The download canonical location for libgcrypt is:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/
or
https://gnupg.org/ftp/gcrypt/libgcrypt/
To build libgcrypt you need libgpg-error:
ftp://ftp.gnupg.org/gcrypt/libgpg-error/
or
https://gnupg.org/ftp/gcrypt/libgpg-error/
You should get the latest versions of course.
After building and installing the libgpg-error package, you may
continue with Libgcrypt installation as with allmost all GNU
packages, you just have to do
./configure
make
make check
make install
The "make check" is not required but a good idea to see whether
the library works as expected. The check takes some while and
prints some benchmarking results. Before doing "make install" you
probably need to become root.
To build libgcrypt for Microsoft Windows, you need to have the
mingw32 cross-building toolchain installed. Instead of running a
plain configure you use
./autogen.sh --build-w32
make
make install
By default this command sequences expectsd a libgpg-error
installed below $HOME/w32root and installs libgcrypt to that
directory too. See the autogen.sh code for details.
The documentation is available as an Info file (gcrypt.info). To
build documentation in PDF, run this:
cd doc
make pdf
Mailing List
------------
You may want to join the developer's mailing list
gcrypt-devel@gnupg.org by sending mail with a subject of
"subscribe" to gcrypt-devel-request@gnupg.org. An archive of this
list is available at https://lists.gnupg.org .
Configure options
-----------------
Here is a list of configure options which are sometimes useful
for installation.
--enable-large-data-tests
With this option a "make check" will take really
long due to extra checks for the hash algorithms.
--disable-asm
Do not use assembler modules. It is not possible
to use this on some CPU types.
--enable-ld-version-script
Libgcrypt tries to build a library where internal
symbols are not exported. This requires support
from ld and is currently enabled for a few OSes.
If you know that your ld supports the so called
ELF version scripts, you can use this option to
force its use. OTOH, if you get error message
from the linker, you probably want to use this
option to disable the use of version scripts.
Note, that you should never ever use an
undocumented symbol or one which is prefixed with
an underscore.
--enable-ciphers=list
--enable-pubkey-ciphers=list
--enable-digests=list
If not otherwise specified, all algorithms
included in the libgcrypt source tree are built.
An exception are algorithms, which depend on
features not provided by the system, like 64bit
data types. With these switches it is possible
to select exactly those algorithm modules, which
should be built. The algorithms are to be
separated by spaces, commas or colons. To view
the list used with the current build the program
tests/version may be used.
--disable-endian-check
Don't let configure test for the endianness but
try to use the OS provided macros at compile
time. This is helpful to create OS X fat binaries.
--enable-random-daemon
Include support for a global random daemon and
build the daemon. This is an experimental feature.
--enable-mpi-path=EXTRA_PATH
Prepend EXTRA_PATH to list of CPU specific
optimizations. For example, if you want to add
optimizations forn a Intel Pentium 4 compatible
CPU, you may use
--enable-mpi-path=pentium4/sse2:pentium4/mmx
Take care: The generated library may crash on
non-compatible CPUs.
--enable-random=NAME
Force the use of the random gathering module
NAME. Default is either to use /dev/random or
the auto mode. Possible values for NAME are:
egd - Use the module which accesses the
Entropy Gathering Daemon. See the webpages
for more information about it.
unix - Use the standard Unix module which does not
have a very good performance.
linux - Use the module which accesses /dev/random.
This is the first choice and the default one
for GNU/Linux or *BSD.
auto - Compile linux, egd and unix in and
automagically select at runtime.
--enable-hmac-binary-check
Include support to check the binary at runtime
against a HMAC checksum. This works only in FIPS
mode on systems providing the dladdr function and using
the ELF binary format.
--with-fips-module-version=version
Specify a string used as a module version for FIPS
certification purposes.
--disable-padlock-support
Disable support for the PadLock engine of VIA
processors. The default is to use PadLock if
available. Try this if you get problems with
assembler code.
--disable-aesni-support
Disable support for the AES-NI instructions of
newer Intel CPUs. The default is to use AES-NI
if available. Try this if you get problems with
assembler code.
--disable-O-flag-munging
Some code is too complex for some compilers while
in higher optimization modes, thus the compiler
invocation is modified to use a lower
optimization level. Usually this works very well
but on some platforms these rules break the
invocation. This option may be used to disable
the feature under the assumption that either good
CFLAGS are given or the compiler can grok the code.
Build Problems
--------------
If you have a problem with a a certain release, please first check
the Release-info URL given in the NEWS file.
We can't check all assembler files, so if you have problems
assembling them (or the program crashes) use --disable-asm with
./configure. If you opt to delete individual replacement files in
hopes of using the remaining ones, be aware that the configure
scripts may consider several subdirectories to get all available
assembler files; be sure to delete the correct ones. Never delete
udiv-qrnnd.S in any CPU directory, because there may be no C
substitute (in mpi/genereic). Don't forget to delete
"config.cache" and run "./config.status --recheck". We got a few
reports about problems using versions of gcc earlier than 2.96
along with a non-GNU assembler (as). If this applies to your
platform, you can either upgrade gcc to a more recent version, or
use the GNU assembler.
Some make tools are broken - the best solution is to use GNU's
make. Try gmake or grab the sources from a GNU archive and
install them.
Specific problems on some machines:
* AArch64 (GCC 11.1 and 11.2)
Because of the bug in GCC (fixed in 11.3), with the option
-O3, vectorization results wrong code for the function
buf_eq_const. Please use -O2 or -fno-tree-loop-vectorize.
* IBM RS/6000 running AIX
Due to a change in gcc (since version 2.8) the MPI stuff may
not build. In this case try to run configure using:
CFLAGS="-g -O2 -mcpu=powerpc" ./configure
* SVR4.2 (ESIX V4.2 cc)
Due to problems with the ESIX as(1), you probably want to do:
CFLAGS="-O -K pentium" ./configure --disable-asm
* SunOS 4.1.4
./configure ac_cv_sys_symbol_underscore=yes
* Sparc64 CPUs
We have reports about failures in the AES module when
compiling using gcc (e.g. version 4.1.2) and the option -O3;
using -O2 solves the problem.
License
-------
The library is distributed under the terms of the GNU Lesser
General Public License (LGPL); see the file COPYING.LIB for the
actual terms.
The helper programs as well as the documentation are distributed
under the terms of the GNU General Public License (GPL); see the
file COPYING for the actual terms.
The file LICENSES has notices about contributions that require
that these additional notices are distributed.
Contact
-------
See the file AUTHORS.
Commercial grade support for Libgcrypt is available; for a listing
of offers see https://www.gnupg.org/service.html .
Since 2001 maintenance and development of Libgcrypt is done by g10
Code GmbH and mostly financed by donations. g10 Code currently
employs 3 full-time developers and two contractors. They all work
on GnuPG and closely related software like Libgcrypt. Please
visit https://gnupg.org/donate/ to see how you can help.
This file is Free Software; as a special exception the authors gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. For conditions of the whole package, please see the file COPYING. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.