Libgcrypt - The GNU Crypto Library ------------------------------------ Version 1.11 Copyright (C) 1989,1991-2018 Free Software Foundation, Inc. Copyright (C) 2012-2024 g10 Code GmbH Copyright (C) 2013-2024 Jussi Kivilinna Libgcrypt is free software. See the file AUTHORS for full copying notices, and LICENSES for notices about contributions that require these additional notices to be distributed. Overview -------- Libgcrypt is a general purpose crypto library based on the code used in GnuPG. Libgcrypt depends on the library `libgpg-error', which must be installed correctly before Libgcrypt is to be built. Libgcrypt is distributed under the LGPL, see the section "License" below for details. Build Instructions ------------------ The download canonical location for libgcrypt is: https://gnupg.org/ftp/gcrypt/libgcrypt/ To build libgcrypt you need libgpg-error: https://gnupg.org/ftp/gcrypt/libgpg-error/ You should get the latest versions of course. After building and installing the libgpg-error package, you may continue with Libgcrypt installation as with allmost all GNU packages, you just have to do ./configure make make check make install The "make check" is not required but a good idea to see whether the library works as expected. The check takes some while and prints some benchmarking results. Before doing "make install" you probably need to become root. To build libgcrypt for Microsoft Windows, you need to have the mingw32 cross-building toolchain installed. Instead of running a plain configure you use ./autogen.sh --build-w32 make make install By default this command sequences expectsd a libgpg-error installed below $HOME/w32root and installs libgcrypt to that directory too. See the autogen.sh code for details. The documentation is available as an Info file (gcrypt.info). To build documentation in PDF, run this: cd doc make pdf Mailing List ------------ You may want to join the developer's mailing list gcrypt-devel@gnupg.org by sending mail with a subject of "subscribe" to gcrypt-devel-request@gnupg.org. An archive of this list is available at https://lists.gnupg.org . Configure options ----------------- Here is a list of configure options which are sometimes useful for installation. --enable-large-data-tests With this option a "make check" will take really long due to extra checks for the hash algorithms. --disable-asm Do not use assembler modules. It is not possible to use this on some CPU types. --enable-ld-version-script Libgcrypt tries to build a library where internal symbols are not exported. This requires support from ld and is currently enabled for a few OSes. If you know that your ld supports the so called ELF version scripts, you can use this option to force its use. OTOH, if you get error message from the linker, you probably want to use this option to disable the use of version scripts. Note, that you should never ever use an undocumented symbol or one which is prefixed with an underscore. --enable-ciphers=list --enable-pubkey-ciphers=list --enable-digests=list If not otherwise specified, all algorithms included in the libgcrypt source tree are built. An exception are algorithms, which depend on features not provided by the system, like 64bit data types. With these switches it is possible to select exactly those algorithm modules, which should be built. The algorithms are to be separated by spaces, commas or colons. To view the list used with the current build the program tests/version may be used. --disable-endian-check Don't let configure test for the endianness but try to use the OS provided macros at compile time. This is helpful to create OS X fat binaries. --enable-random-daemon Include support for a global random daemon and build the daemon. This is an experimental feature. --enable-mpi-path=EXTRA_PATH Prepend EXTRA_PATH to list of CPU specific optimizations. For example, if you want to add optimizations forn a Intel Pentium 4 compatible CPU, you may use --enable-mpi-path=pentium4/sse2:pentium4/mmx Take care: The generated library may crash on non-compatible CPUs. --enable-random=NAME Force the use of the random gathering module NAME. Default is either to use /dev/random or the auto mode. Possible values for NAME are: egd - Use the module which accesses the Entropy Gathering Daemon. See the webpages for more information about it. unix - Use the standard Unix module which does not have a very good performance. linux - Use the module which accesses /dev/random. This is the first choice and the default one for GNU/Linux or *BSD. auto - Compile linux, egd and unix in and automagically select at runtime. --enable-hmac-binary-check Include support to check the binary at runtime against a HMAC checksum. This works only in FIPS mode on systems providing the dladdr function and using the ELF binary format. --with-fips-module-version=version Specify a string used as a module version for FIPS certification purposes. --disable-padlock-support Disable support for the PadLock engine of VIA processors. The default is to use PadLock if available. Try this if you get problems with assembler code. --disable-aesni-support Disable support for the AES-NI instructions of newer Intel CPUs. The default is to use AES-NI if available. Try this if you get problems with assembler code. --disable-O-flag-munging Some code is too complex for some compilers while in higher optimization modes, thus the compiler invocation is modified to use a lower optimization level. Usually this works very well but on some platforms these rules break the invocation. This option may be used to disable the feature under the assumption that either good CFLAGS are given or the compiler can grok the code. Build Problems -------------- If you have a problem with a a certain release, please first check the Release-info URL given in the NEWS file. We can't check all assembler files, so if you have problems assembling them (or the program crashes) use --disable-asm with ./configure. If you opt to delete individual replacement files in hopes of using the remaining ones, be aware that the configure scripts may consider several subdirectories to get all available assembler files; be sure to delete the correct ones. Never delete udiv-qrnnd.S in any CPU directory, because there may be no C substitute (in mpi/genereic). Don't forget to delete "config.cache" and run "./config.status --recheck". We got a few reports about problems using versions of gcc earlier than 2.96 along with a non-GNU assembler (as). If this applies to your platform, you can either upgrade gcc to a more recent version, or use the GNU assembler. Some make tools are broken - the best solution is to use GNU's make. Try gmake or grab the sources from a GNU archive and install them. Specific problems on some machines: * AArch64 (GCC 11.1 and 11.2) Because of the bug in GCC (fixed in 11.3), with the option -O3, vectorization results wrong code for the function buf_eq_const. Please use -O2 or -fno-tree-loop-vectorize. * IBM RS/6000 running AIX Due to a change in gcc (since version 2.8) the MPI stuff may not build. In this case try to run configure using: CFLAGS="-g -O2 -mcpu=powerpc" ./configure * SVR4.2 (ESIX V4.2 cc) Due to problems with the ESIX as(1), you probably want to do: CFLAGS="-O -K pentium" ./configure --disable-asm * SunOS 4.1.4 ./configure ac_cv_sys_symbol_underscore=yes * Sparc64 CPUs We have reports about failures in the AES module when compiling using gcc (e.g. version 4.1.2) and the option -O3; using -O2 solves the problem. License ------- The library is distributed under the terms of the GNU Lesser General Public License (LGPL); see the file COPYING.LIB for the actual terms. The helper programs as well as the documentation are distributed under the terms of the GNU General Public License (GPL); see the file COPYING for the actual terms. The file LICENSES has notices about contributions that require that these additional notices are distributed. Contact ------- See the file AUTHORS. Commercial grade support for Libgcrypt is available; for a listing of offers see https://www.gnupg.org/service.html . Since 2001 maintenance and development of Libgcrypt is done by g10 Code GmbH and was mostly financed by donations; since 2022 a raise in revenues from support contracts allows to fully finance the development without resorting to donations. Many thanks to our paid developers for their work and also a big thank you to Jussi Kivilinna for all of his performance work. This file is Free Software; as a special exception the authors gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. For conditions of the whole package, please see the file COPYING. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.