[git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-12-gc3173bb

by Werner Koch cvs at cvs.gnupg.org
Wed Jun 15 09:20:22 CEST 2016

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc (commit)
       via  131b4f0634cee0e5c47d2250c59f51127b10f7b3 (commit)
      from  e13a6a1ba53127af602713d0c2aaa85c94b3cd7e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 15 09:18:31 2016 +0200

    doc: Describe envvars.
    * doc/gcrypt.texi: Add chapter Configuration.
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 0171cd6..c2c39ad 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -14,7 +14,7 @@ which is GNU's library of cryptographic building blocks.
 Copyright @copyright{} 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 Free Software Foundation, Inc. @*
-Copyright @copyright{} 2012, 2013 g10 Code GmbH
+Copyright @copyright{} 2012, 2013, 2016 g10 Code GmbH
 Permission is granted to copy, distribute and/or modify this document
@@ -94,7 +94,8 @@ section entitled ``GNU General Public License''.
 * MPI library::                  How to work with multi-precision-integers.
 * Prime numbers::                How to use the Prime number related functions.
 * Utilities::                    Utility functions.
-* Tools::                        Utility tools
+* Tools::                        Utility tools.
+* Configuration::                Configuration files and evironment variables.
 * Architecture::                 How Libgcrypt works internally.
@@ -497,6 +498,7 @@ Just like the function @code{gpg_strerror}, the function
 @cindex FIPS mode
 @cindex FIPS 140
+ at anchor{enabling fips mode}
 Libgcrypt may be used in a FIPS 140-2 mode.  Note, that this does not
 necessary mean that Libcgrypt is an appoved FIPS 140-2 module.  Check the
 NIST database at @url{http://csrc.nist.gov/groups/STM/cmvp/} to see what
@@ -545,6 +547,7 @@ If the logging verbosity level of Libgcrypt has been set to at least
 @section How to disable hardware features
 @cindex hardware features
+ at anchor{hardware features}
 Libgcrypt makes use of certain hardware features.  If the use of a
 feature is not desired it may be either be disabled by a program or
 globally using a configuration file.  The currently supported features
@@ -5306,6 +5309,82 @@ Print version of the program and exit.
 @c **********************************************************
+ at c ****************  Environment Variables  *****************
+ at c **********************************************************
+ at node Configuration
+ at chapter Configuration files and evironment variables
+This chapter describes which files and environment variables can be
+used to change the behaviour of Libgcrypt.
+ at noindent
+The environment variables considered by Libgcrypt are:
+ at table @code
+ at cindex GCRYPT_BARRETT
+By setting this variable to any value a different algorithm for
+modular reduction is used for ECC.
+These two environment variables are used to enable debug output for
+the rndunix entropy gatherer, which is used on systems lacking a
+/dev/random device.  The value of @code{GCRYPT_RNDUNIX_DBG} is a file
+name or @code{-} for stdout.  Debug output is the written to this
+file.  By setting @code{GCRYPT_RNDUNIX_DBGALL} to any value the debug
+output will be more verbose.
+ at cindex GCRYPT_RNDW32_NOPERF
+Setting this environment variable on Windows to any value disables
+the use of performance data (@code{HKEY_PERFORMANCE_DATA}) as source
+for entropy.  On some older Windows systems this could help to speed
+up the creation of random numbers but also decreases the amount of
+data used to init the random number generator.
+ at item HOME
+ at cindex HOME
+This is used to locate the socket to connect to the EGD random
+daemon.  The EGD can be used on system without a /dev/random to speed
+up the random number generator.  It is not needed on the majority of
+today's operating systems and support for EGD requires the use of a
+configure option at build time.
+ at end table
+ at noindent
+The files which Libgcrypt uses to retrieve system information and the
+files which can be created by the user to modify Libgcrypt's behavior
+ at table @file
+ at item /etc/gcrypt/hwf.deny
+ at cindex /etc/gcrypt/hwf.deny
+This file can be used to disable the use of hardware based
+optimizations, @pxref{hardware features}.
+ at item /etc/gcrypt/fips_enabled
+ at itemx /proc/sys/crypto/fips_enabled
+ at cindex /etc/gcrypt/fips_enabled
+ at cindex fips_enabled
+On Linux these files are used to enable FIPS mode, @pxref{enabling fips mode}.
+ at item /proc/cpuinfo
+ at itemx /proc/self/auxv
+ at cindex /proc/cpuinfo
+ at cindex /proc/self/auxv
+On Linux running on the ARM architecture, these files are used to read
+hardware capabilities of the CPU.
+ at end table
+ at c **********************************************************
 @c *****************  Architecure Overview  *****************
 @c **********************************************************
 @node Architecture

commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 15 09:17:44 2016 +0200

    random: Change names of debug envvars.
    * random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to
    * random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/random/rndunix.c b/random/rndunix.c
index 2e13298..e7238f4 100644
--- a/random/rndunix.c
+++ b/random/rndunix.c
@@ -714,7 +714,7 @@ start_gatherer( int pipefd )
     int dbgall;
-	const char *s = getenv("GNUPG_RNDUNIX_DBG");
+	const char *s = getenv("GCRYPT_RNDUNIX_DBG");
 	if( s ) {
 	    dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a");
 	    if( !dbgfp )
@@ -723,7 +723,7 @@ start_gatherer( int pipefd )
 		fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid());
-	dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
+	dbgall = !!getenv("GCRYPT_RNDUNIX_DBGALL");
     /* close all files but the ones we need */
     {	int nmax, n1, n2, i;
diff --git a/random/rndw32.c b/random/rndw32.c
index 1c0fc3d..de6e783 100644
--- a/random/rndw32.c
+++ b/random/rndw32.c
@@ -419,7 +419,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins),
      this can consume tens of MB of memory and huge amounts of CPU time
      while it gathers its data, and even running once can still consume
      about 1/2MB of memory */
-  if (getenv ("GNUPG_RNDW32_NOPERF"))
+  if (getenv ("GCRYPT_RNDW32_NOPERF"))
       static int shown;


Summary of changes:
 doc/gcrypt.texi  | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 random/rndunix.c |  4 +--
 random/rndw32.c  |  2 +-
 3 files changed, 84 insertions(+), 5 deletions(-)

The GNU crypto library

Gnupg-commits mailing list
Gnupg-commits at gnupg.org

More information about the Gcrypt-devel mailing list