gcrypt initialization

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Oct 28 15:59:35 CET 2009


On 10/28/2009 09:35 AM, Werner Koch wrote:
> Okay, the docs are not clear.  I changed it to say "before
> gcry_check_version".

Thanks, Werner.

> Let me know if you find other unclear documentation.

line 523 of gcrypt.texi appears to claim that the full set of
functionality allowed before gcry_check_version is
GCRYCTL_SET_THREAD_CBS.  Maybe it should mention GCRYCTL_FORCE_FIPS_MODE
and GCRYCTL_ENABLE_M_GUARD and GCRYCTL_ANY_INITIALIZATION_P (and others?)

Alternately, if there really are valid phases of initialization, maybe
it'd be useful to define them (with more semantically-meaningful names
than my earlier "A,B,C"), and indicate which commands belong to which phase?

Another thing that might be useful to document is what the relationship
is between the other gcry_control() calls and
GCRYCTL_INITIALIZATION_FINISHED -- at the moment, it's unclear what the
consequences of GCRYCTL_INITIALIZATION_FINISHED are, other than
GCRYCTL_INITIALIZATION_FINISHED_P returning a different value, and the
library appears to work without that call.  So why should a user bother
to issue GCRYCTL_INITIALIZATION_FINISHED?

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091028/c9008f24/attachment.pgp>


More information about the Gcrypt-devel mailing list