gcrypt initialization

Werner Koch wk at gnupg.org
Wed Oct 28 14:35:12 CET 2009


On Mon, 26 Oct 2009 23:14, dkg at fifthhorseman.net said:

> A) gcry_control(GCRYCTL_SET_THREAD_CBS or GCRYCTL_FORCE_FIPS_MODE)

The first is merely a handmade constructor and as such pretty special.

The second is:

  @item GCRYCTL_FORCE_FIPS_MODE; Arguments: none
  Running this command puts the library into FIPS mode.  If the library is
  already in FIPS mode, a self-test is triggered and thus the library will
  be put into operational state.  This command may be used before a call
  to gcry_check_version and that is actually the recommended way to let an
  [...]

and states that it may be used before gcry_check_version (between A and
B) to force gcrypt into fips mode.

> When a gcry_control command says that it can "only be used during
> initialization time" (e.g. GCRYCTL_ENABLE_M_GUARD),  i believe that

Okay, the docs are not clear.  I changed it to say "before
gcry_check_version".

Let me know if you find other unclear documentation.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gcrypt-devel mailing list