gcrypt initialization
Werner Koch
wk at gnupg.org
Wed Oct 28 14:35:12 CET 2009
On Mon, 26 Oct 2009 23:14, dkg at fifthhorseman.net said:
> A) gcry_control(GCRYCTL_SET_THREAD_CBS or GCRYCTL_FORCE_FIPS_MODE)
The first is merely a handmade constructor and as such pretty special.
The second is:
@item GCRYCTL_FORCE_FIPS_MODE; Arguments: none
Running this command puts the library into FIPS mode. If the library is
already in FIPS mode, a self-test is triggered and thus the library will
be put into operational state. This command may be used before a call
to gcry_check_version and that is actually the recommended way to let an
[...]
and states that it may be used before gcry_check_version (between A and
B) to force gcrypt into fips mode.
> When a gcry_control command says that it can "only be used during
> initialization time" (e.g. GCRYCTL_ENABLE_M_GUARD), i believe that
Okay, the docs are not clear. I changed it to say "before
gcry_check_version".
Let me know if you find other unclear documentation.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list