[svn] gcry - r1330 - in trunk: . doc
svn author wk
cvs at cvs.gnupg.org
Mon Sep 15 12:19:15 CEST 2008
Author: wk
Date: 2008-09-15 12:19:15 +0200 (Mon, 15 Sep 2008)
New Revision: 1330
Modified:
trunk/NEWS
trunk/doc/ChangeLog
trunk/doc/gcrypt.texi
trunk/doc/lgpl.texi
Log:
doc cleanups.
Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog 2008-09-12 19:11:10 UTC (rev 1329)
+++ trunk/doc/ChangeLog 2008-09-15 10:19:15 UTC (rev 1330)
@@ -1,3 +1,7 @@
+2008-09-15 Werner Koch <wk at g10code.com>
+
+ * gcrypt.texi: Fold the two FIPS appendices into one.
+
2008-09-11 Werner Koch <wk at g10code.com>
* gcrypt.texi (Public-Key Subsystem Architecture): Explain RSA
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2008-09-12 19:11:10 UTC (rev 1329)
+++ trunk/NEWS 2008-09-15 10:19:15 UTC (rev 1330)
@@ -1,7 +1,11 @@
Noteworthy changes in version 1.4.3
------------------------------------------------
+ * More self-tests.
+ * Documentation cleanups.
+
+
Noteworthy changes in version 1.4.2 (2008-09-08)
------------------------------------------------
Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi 2008-09-12 19:11:10 UTC (rev 1329)
+++ trunk/doc/gcrypt.texi 2008-09-15 10:19:15 UTC (rev 1330)
@@ -77,9 +77,8 @@
Appendices
-* Self-Tests:: Description of self-tests.
-* FIPS Restrictions:: Restrictions in FIPS mode.
-* FIPS Finite State Machine:: Description of the FIPS FSM.
+* Self-Tests:: Description of the self-tests.
+* FIPS Mode:: Description of the FIPS mode.
* Library Copying:: The GNU Lesser General Public License
says how you can copy and share Libgcrypt.
* Copying:: The GNU General Public License says how you
@@ -188,7 +187,7 @@
* Building sources using Automake:: How to build sources with the help of Automake.
* Initializing the library:: How to initialize the library.
* Multi-Threading:: How Libgcrypt can be used in a MT environment.
-* FIPS mode:: How to enable the FIPS mode.
+* Enabling FIPS mode:: How to enable the FIPS mode.
@end menu
@@ -392,8 +391,8 @@
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
@anchor{sample-use-resume-secmem}
- /* It is now okay to let Libgcrypt complain when there was/is a problem
- with the secure memory. */
+ /* It is now okay to let Libgcrypt complain when there was/is
+ a problem with the secure memory. */
gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
/* ... If required, other initialization goes here. */
@@ -489,25 +488,28 @@
@table @code
@item GCRY_THREAD_OPTION_PTH_IMPL
-This macro defines the following (static) symbols: gcry_pth_init,
-gcry_pth_mutex_init, gcry_pth_mutex_destroy, gcry_pth_mutex_lock,
-gcry_pth_mutex_unlock, gcry_pth_read, gcry_pth_write, gcry_pth_select,
-gcry_pth_waitpid, gcry_pth_accept, gcry_pth_connect, gcry_threads_pth.
+This macro defines the following (static) symbols:
+ at code{gcry_pth_init}, @code{gcry_pth_mutex_init},
+ at code{gcry_pth_mutex_destroy}, @code{gcry_pth_mutex_lock},
+ at code{gcry_pth_mutex_unlock}, @code{gcry_pth_read},
+ at code{gcry_pth_write}, @code{gcry_pth_select},
+ at code{gcry_pth_waitpid}, @code{gcry_pth_accept},
+ at code{gcry_pth_connect}, @code{gcry_threads_pth}.
-After including this macro, gcry_control() shall be used with a
-command of GCRYCTL_SET_THREAD_CBS in order to register the thread
-callback structure named ``gcry_threads_pth''.
+After including this macro, @code{gcry_control()} shall be used with a
+command of @code{GCRYCTL_SET_THREAD_CBS} in order to register the
+thread callback structure named ``gcry_threads_pth''.
@item GCRY_THREAD_OPTION_PTHREAD_IMPL
This macro defines the following (static) symbols:
-gcry_pthread_mutex_init, gcry_pthread_mutex_destroy,
-gcry_pthread_mutex_lock, gcry_pthread_mutex_unlock,
-gcry_threads_pthread.
+ at code{gcry_pthread_mutex_init}, @code{gcry_pthread_mutex_destroy},
+ at code{gcry_pthread_mutex_lock}, @code{gcry_pthread_mutex_unlock},
+ at code{gcry_threads_pthread}.
-After including this macro, gcry_control() shall be used with a
-command of GCRYCTL_SET_THREAD_CBS in order to register the thread
-callback structure named ``gcry_threads_pthread''.
+After including this macro, @code{gcry_control()} shall be used with a
+command of @code{GCRYCTL_SET_THREAD_CBS} in order to register the
+thread callback structure named ``gcry_threads_pthread''.
@end table
Note that these macros need to be terminated with a semicolon. Keep
@@ -515,10 +517,9 @@
programmers might have to wrap these macros in an ``extern C'' body.
+ at node Enabling FIPS mode
+ at section How to enable the FIPS mode
- at node FIPS mode
- at section FIPS Mode
-
Libgcrypt may be used in a FIPS 140-2 mode. Note, that this does not
necessary mean that Libcgrypt is an appoved FIPS 140-2 module. Check the
NIST database at @url{http://csrc.nist.gov/groups/STM/cmvp/} to see what
@@ -1168,7 +1169,8 @@
gcry_cipher_hd_t handle;
gcry_error_t err = 0;
- err = gcry_cipher_open (&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 0);
+ err = gcry_cipher_open (&handle, GCRY_CIPHER_AES,
+ GCRY_CIPHER_MODE_CBC, 0);
if (err)
@{
fprintf (stderr, "Failure: %s/%s\n",
@@ -1510,13 +1512,13 @@
@deftp {Data type} gcry_cipher_stencrypt_t
Type for the `stencrypt' function, defined as: gcry_err_code_t
-(*gcry_cipher_stencrypt_t) (void *c, const unsigned char *outbuf, const
+(*gcry_@/cipher_@/stencrypt_@/t) (void *c, const unsigned char *outbuf, const
unsigned char *, unsigned int n)
@end deftp
@deftp {Data type} gcry_cipher_stdecrypt_t
Type for the `stdecrypt' function, defined as: gcry_err_code_t
-(*gcry_cipher_stdecrypt_t) (void *c, const unsigned char *outbuf, const
+(*gcry_@/cipher_@/stdecrypt_@/t) (void *c, const unsigned char *outbuf, const
unsigned char *, unsigned int n)
@end deftp
@@ -3011,7 +3013,8 @@
err = gcry_ac_open (&handle, GCRY_AC_RSA, 0);
assert (! err);
- err = gcry_ac_key_pair_generate (handle, 1024, &rsa_spec, &key_pair, NULL);
+ err = gcry_ac_key_pair_generate (handle, 1024, &rsa_spec,
+ &key_pair, NULL);
assert (! err);
@}
@end example
@@ -4995,7 +4998,7 @@
@c ********************************************
@node Self-Tests
- at appendix Description of Self-Tests
+ at appendix Description of the Self-Tests
In addition to the build time regression test suite, Libgcrypt
implements self-tests to be performed at runtime. Which self-tests
@@ -5191,16 +5194,22 @@
@table @asis
@item RSA
-The test uses a random number 64 bits less the size of the modulus to
-test the encryption and decryption operation. A new random number of
-the same size is then generated to test the signing operation. The
-signature is then modified and then checked to test that a modified
-signature is correcty detected. (@code{cipher/@/dsa.c:@/test_keys})
+The test uses a random number 64 bits less the size of the modulus as
+plaintext and runs an encryption and decryption operation in turn. The
+encrypted value is checked to not match the plaintext and the result
+of the decryption is checked to match the plaintext.
+
+A new random number of the same size is generated, signed and verified
+to test the correctness of the signing operation. As a second signing
+test, the signature is modified by incrementing its value and then
+verified with the expected result that the verification fails.
+(@code{cipher/@/dsa.c:@/test_keys})
@item DSA
The test uses a random number of the size of the Q parameter to create
-a signature and then checked that the signature verifies. The data is
-then modified and then checked that the signature does not verify.
-(@code{cipher/@/dsa.c:@/test_keys})
+a signature and then checks that the signature verifies. As a second
+signing test, the data is modified by incrementing its value and then
+verified against the signature with the expected result that the
+verification fails. (@code{cipher/@/dsa.c:@/test_keys})
@end table
@@ -5327,9 +5336,17 @@
@c ********************************************
- at node FIPS Restrictions
- at appendix Restrictions in FIPS mode
+ at node FIPS Mode
+ at appendix Description of the FIPS Mode
+This appendix gives detailed information pertaining to the FIPS mode.
+In particular, the changes to the standard mode and the finite state
+machine are described. The self-tests required in this mode are
+described in the appendix on self-tests.
+
+ at c -------------------------------
+ at section Restrictions in FIPS Mode
+
@noindent
If Libgcrypt is used in FIPS mode these restrictions are effective:
@@ -5426,8 +5443,7 @@
@c ********************************************
- at node FIPS Finite State Machine
- at appendix FIPS Finite State Machine
+ at section FIPS Finite State Machine
The FIPS mode of libgcrypt implements a finite state machine (FSM) using
8 states (@pxref{tbl:fips-states}) and checks at runtime that only valid
Modified: trunk/doc/lgpl.texi
===================================================================
--- trunk/doc/lgpl.texi 2008-09-12 19:11:10 UTC (rev 1329)
+++ trunk/doc/lgpl.texi 2008-09-15 10:19:15 UTC (rev 1330)
@@ -1,7 +1,7 @@
@node Library Copying
- at unnumbered Lesser General Public License
+ at unnumbered GNU Lesser General Public License
- at cindex LGPL, Lesser General Public License
+ at cindex LGPL, GNU Lesser General Public License
@center Version 2.1, February 1999
@display
More information about the Gnupg-commits
mailing list