[GNU Crypto] GNU Crypto 2.1.0 RC1

[Casey Marshall]

I've put a release candidate for GNU Crypto 2.1.0 here:

  http://syzygy.metastatic.org/gnu-crypto/

This will, if it works out okay, become the GNU Crypto 2.1.0 release.  
If you have a moment, please download it and try it out! Binary as  
well as source releases are available.

However, please don't download this if you are merely interested in  
using it in a project of yours; I'm more interested in getting some  
feedback about how this release works, and if all goes well the final  
release will appear (on GNU mirrors) this weekend.

I'm releasing this version now because it has been a long time since  
a new GNU Crypto release has come out, and a lot of neat things have  
been added. I had been waiting until the more interesting things were  
more complete than they are now, but given my lack of time to devote  
to the project, I doubt I'll complete them anytime soon, and that  
shouldn't keep the new features only in CVS.

What follows is an incomplete draft of some release notes for 2.1.0:

GNU Crypto 2.1.0 represents, in the same tradition as the Linux  
kernel, an "odd-numbered" major release, and is meant for active  
development. This means that things in between 2.1 micro releases may  
change wildly, in the spirit of developing the code further, to  
eventually produce release 2.2, which will remain stable. 2.1.0 will  
not depart that far from what was made available in 2.0, but a lot  
has been added, so we don't expect existing applications using GNU  
Crypto to need much revision.

There are some significant changes in this release, however:

  * Building with GCJ, including producing native shared libraries,  
is not currently supported. For bytecode generation, we need a  
compiler that understands `-sourcepath.' Recent releases of GCJ  
should be able to compile GNU Crypto's Jar file to native code, however.
  * Many new algorithms have been added, including password-based  
encryption, SSL and TLS padding schemes, the OMAC message  
authentication code, the EAX encryption mode, the Fortuna and CSPRNG  
pseudo-random number generators, and various key transform algorithms  
for JCE support.
  * A replacement for the `keytool' program is in development. A  
version with some basic functions in place is included.
  * The clean-room JCE, JAAS, JGSS, and SASL API's have been  
removed, and are now required as a part of the system you are  
targeting, meaning you will need a recent developer snapshot of GNU  
Classpath, or will need a runtime that supports the 1.4 security  
features, and has the SASL API introduced in 1.5.
  * A partial implementation of NIST's PKITS X.509 test suite (there  
is also an implementation of X.509 certificates, but in free runtimes  
we suggest using the implementation included in GNU Classpath instead).

Happy hacking!