[git] GCRYPT - branch, master, updated. libgcrypt-1.7.0-12-gc3173bb
by Werner Koch
cvs at cvs.gnupg.org
Wed Jun 15 09:20:22 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc (commit)
via 131b4f0634cee0e5c47d2250c59f51127b10f7b3 (commit)
from e13a6a1ba53127af602713d0c2aaa85c94b3cd7e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c3173bbe3f1a9c73f81a538dd49ccfa0447bfcdc
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 15 09:18:31 2016 +0200
doc: Describe envvars.
* doc/gcrypt.texi: Add chapter Configuration.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 0171cd6..c2c39ad 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -14,7 +14,7 @@ which is GNU's library of cryptographic building blocks.
@noindent
Copyright @copyright{} 2000, 2002, 2003, 2004, 2006, 2007, 2008, 2009, 2011, 2012 Free Software Foundation, Inc. @*
-Copyright @copyright{} 2012, 2013 g10 Code GmbH
+Copyright @copyright{} 2012, 2013, 2016 g10 Code GmbH
@quotation
Permission is granted to copy, distribute and/or modify this document
@@ -94,7 +94,8 @@ section entitled ``GNU General Public License''.
* MPI library:: How to work with multi-precision-integers.
* Prime numbers:: How to use the Prime number related functions.
* Utilities:: Utility functions.
-* Tools:: Utility tools
+* Tools:: Utility tools.
+* Configuration:: Configuration files and evironment variables.
* Architecture:: How Libgcrypt works internally.
Appendices
@@ -497,6 +498,7 @@ Just like the function @code{gpg_strerror}, the function
@cindex FIPS mode
@cindex FIPS 140
+ at anchor{enabling fips mode}
Libgcrypt may be used in a FIPS 140-2 mode. Note, that this does not
necessary mean that Libcgrypt is an appoved FIPS 140-2 module. Check the
NIST database at @url{http://csrc.nist.gov/groups/STM/cmvp/} to see what
@@ -545,6 +547,7 @@ If the logging verbosity level of Libgcrypt has been set to at least
@section How to disable hardware features
@cindex hardware features
+ at anchor{hardware features}
Libgcrypt makes use of certain hardware features. If the use of a
feature is not desired it may be either be disabled by a program or
globally using a configuration file. The currently supported features
@@ -5306,6 +5309,82 @@ Print version of the program and exit.
@manpause
@c **********************************************************
+ at c **************** Environment Variables *****************
+ at c **********************************************************
+ at node Configuration
+ at chapter Configuration files and evironment variables
+
+This chapter describes which files and environment variables can be
+used to change the behaviour of Libgcrypt.
+
+ at noindent
+The environment variables considered by Libgcrypt are:
+
+ at table @code
+
+ at item GCRYPT_BARRETT
+ at cindex GCRYPT_BARRETT
+By setting this variable to any value a different algorithm for
+modular reduction is used for ECC.
+
+ at item GCRYPT_RNDUNIX_DBG
+ at item GCRYPT_RNDUNIX_DBGALL
+ at cindex GCRYPT_RNDUNIX_DBG
+ at cindex GCRYPT_RNDUNIX_DBGALL
+These two environment variables are used to enable debug output for
+the rndunix entropy gatherer, which is used on systems lacking a
+/dev/random device. The value of @code{GCRYPT_RNDUNIX_DBG} is a file
+name or @code{-} for stdout. Debug output is the written to this
+file. By setting @code{GCRYPT_RNDUNIX_DBGALL} to any value the debug
+output will be more verbose.
+
+ at item GCRYPT_RNDW32_NOPERF
+ at cindex GCRYPT_RNDW32_NOPERF
+Setting this environment variable on Windows to any value disables
+the use of performance data (@code{HKEY_PERFORMANCE_DATA}) as source
+for entropy. On some older Windows systems this could help to speed
+up the creation of random numbers but also decreases the amount of
+data used to init the random number generator.
+
+ at item HOME
+ at cindex HOME
+This is used to locate the socket to connect to the EGD random
+daemon. The EGD can be used on system without a /dev/random to speed
+up the random number generator. It is not needed on the majority of
+today's operating systems and support for EGD requires the use of a
+configure option at build time.
+
+ at end table
+
+ at noindent
+The files which Libgcrypt uses to retrieve system information and the
+files which can be created by the user to modify Libgcrypt's behavior
+are:
+
+ at table @file
+
+ at item /etc/gcrypt/hwf.deny
+ at cindex /etc/gcrypt/hwf.deny
+This file can be used to disable the use of hardware based
+optimizations, @pxref{hardware features}.
+
+ at item /etc/gcrypt/fips_enabled
+ at itemx /proc/sys/crypto/fips_enabled
+ at cindex /etc/gcrypt/fips_enabled
+ at cindex fips_enabled
+On Linux these files are used to enable FIPS mode, @pxref{enabling fips mode}.
+
+ at item /proc/cpuinfo
+ at itemx /proc/self/auxv
+ at cindex /proc/cpuinfo
+ at cindex /proc/self/auxv
+On Linux running on the ARM architecture, these files are used to read
+hardware capabilities of the CPU.
+
+ at end table
+
+
+ at c **********************************************************
@c ***************** Architecure Overview *****************
@c **********************************************************
@node Architecture
commit 131b4f0634cee0e5c47d2250c59f51127b10f7b3
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 15 09:17:44 2016 +0200
random: Change names of debug envvars.
* random/rndunix.c (start_gatherer): Change GNUPG_RNDUNIX_DBG to
GCRYPT_RNDUNIX_DBG, change GNUPG_RNDUNIX_DBG to GCRYPT_RNDUNIX_DBG.
* random/rndw32.c (registry_poll): Change GNUPG_RNDW32_NOPERF to
GCRYPT_RNDW32_NOPERF.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/random/rndunix.c b/random/rndunix.c
index 2e13298..e7238f4 100644
--- a/random/rndunix.c
+++ b/random/rndunix.c
@@ -714,7 +714,7 @@ start_gatherer( int pipefd )
int dbgall;
{
- const char *s = getenv("GNUPG_RNDUNIX_DBG");
+ const char *s = getenv("GCRYPT_RNDUNIX_DBG");
if( s ) {
dbgfp = (*s=='-' && !s[1])? stdout : fopen(s, "a");
if( !dbgfp )
@@ -723,7 +723,7 @@ start_gatherer( int pipefd )
else
fprintf(dbgfp,"\nSTART RNDUNIX DEBUG pid=%d\n", (int)getpid());
}
- dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
+ dbgall = !!getenv("GCRYPT_RNDUNIX_DBGALL");
}
/* close all files but the ones we need */
{ int nmax, n1, n2, i;
diff --git a/random/rndw32.c b/random/rndw32.c
index 1c0fc3d..de6e783 100644
--- a/random/rndw32.c
+++ b/random/rndw32.c
@@ -419,7 +419,7 @@ registry_poll (void (*add)(const void*, size_t, enum random_origins),
this can consume tens of MB of memory and huge amounts of CPU time
while it gathers its data, and even running once can still consume
about 1/2MB of memory */
- if (getenv ("GNUPG_RNDW32_NOPERF"))
+ if (getenv ("GCRYPT_RNDW32_NOPERF"))
{
static int shown;
-----------------------------------------------------------------------
Summary of changes:
doc/gcrypt.texi | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
random/rndunix.c | 4 +--
random/rndw32.c | 2 +-
3 files changed, 84 insertions(+), 5 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits
More information about the Gcrypt-devel
mailing list