[svn] gcry - r1341 - in trunk: . doc src tests

svn author wk cvs at cvs.gnupg.org
Thu Sep 18 17:25:50 CEST 2008 

Author: wk
Date: 2008-09-18 17:25:49 +0200 (Thu, 18 Sep 2008)
New Revision: 1341

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/README
   trunk/TODO
   trunk/configure.ac
   trunk/doc/ChangeLog
   trunk/doc/announce.txt
   trunk/doc/gcrypt.texi
   trunk/src/ChangeLog
   trunk/src/gcrypt.h.in
   trunk/tests/basic.c
Log:
Preparing a release


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/ChangeLog	2008-09-18 15:25:49 UTC (rev 1341)
@@ -1,3 +1,9 @@
+2008-09-18  Werner Koch  <wk at g10code.com>
+
+	Release 1.4.3.
+
+	* configure.ac: Bump LT version to C16/A5/R1.
+
 2008-09-15  Werner Koch  <wk at g10code.com>
 
 	* configure.ac: Cehck for syslog.

Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/doc/ChangeLog	2008-09-18 15:25:49 UTC (rev 1341)
@@ -2,6 +2,7 @@
 
 	* gcrypt.texi: Add a couple of index items.
 	(FIPS Mode): Reflect recent changes. 
+	(Controlling the library): Describe gcry_fips_mode_active.
 
 2008-09-16  Werner Koch  <wk at g10code.com>
 

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/src/ChangeLog	2008-09-18 15:25:49 UTC (rev 1341)
@@ -1,5 +1,7 @@
 2008-09-18  Werner Koch  <wk at g10code.com>
 
+	* gcrypt.h.in (gcry_fips_mode_active): New.
+
 	* secmem.c (_gcry_secmem_init): Factor most code out to ..
 	(secmem_init): .. new.
 	(DEFAULT_POOL_SIZE): Rename to MINIMUM_POOL_SIZE.

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/NEWS	2008-09-18 15:25:49 UTC (rev 1341)
@@ -1,4 +1,4 @@
-Noteworthy changes in version 1.4.3
+Noteworthy changes in version 1.4.3 (2008-09-18)
 ------------------------------------------------
 
  * Try to auto-initialize Libgcrypt to minimize the effect of
@@ -8,13 +8,15 @@
    cases.  Folks, please read the manual to learn how to properly
    initialize Libgcrypt!
 
- * Log fatal errors via syslog.
-
  * Auto-initialize the secure memory to 32k instead of aborting the
    process.
 
+ * Log fatal errors via syslog.
+
  * Changed the name and the semantics of the fips mode config file.
 
+ * Add convenience macro gcry_fips_mode_active.
+
  * More self-tests.
 
  * Documentation cleanups.

Modified: trunk/README
===================================================================
--- trunk/README	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/README	2008-09-18 15:25:49 UTC (rev 1341)
@@ -1,6 +1,6 @@
 		    Libgcrypt - The GNU Crypto Library
 		   ------------------------------------
-                            Version 1.4.2
+                            Version 1.4.4
  
 
     Copyright 2000, 2002, 2003, 2004, 2007,

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/TODO	2008-09-18 15:25:49 UTC (rev 1341)
@@ -36,11 +36,6 @@
   collectros need to run that bunch of Unix utilities we don't waste
   their precious results.
 
-* Out of memory handler for secure memory should do proper logging
-
-  There is no shortage of standard memory, so logging is most likely
-  possible.
-
 * mpi_print does not use secure memory
   for internal variables.
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/configure.ac	2008-09-18 15:25:49 UTC (rev 1341)
@@ -27,7 +27,7 @@
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
 m4_define([my_version], [1.4.3])
-m4_define([my_issvn], [yes])
+m4_define([my_issvn], [no])
 
 m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
           | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
@@ -40,7 +40,7 @@
 #   (No interfaces changed:                   REVISION++)
 LIBGCRYPT_LT_CURRENT=16
 LIBGCRYPT_LT_AGE=5
-LIBGCRYPT_LT_REVISION=0
+LIBGCRYPT_LT_REVISION=1
 
 
 # If the API is changed in an incompatible way: increment the next counter.

Modified: trunk/doc/announce.txt
===================================================================
--- trunk/doc/announce.txt	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/doc/announce.txt	2008-09-18 15:25:49 UTC (rev 1341)
@@ -5,68 +5,56 @@
 Hello! 
 
 The GNU project is pleased to announce the availability of Libgcrypt
-version 1.4.2.
+version 1.4.3.
 
 Libgcrypt is a general purpose library of cryptographic building
 blocks.  It is originally based on code used by GnuPG.  It does not
 provide any implementation of OpenPGP or other protocols.  Thorough
 understanding of applied cryptography is required to use Libgcrypt.
 
-Noteworthy changes in version 1.4.2:
+Noteworthy changes in version 1.4.3:
 
- * The long missing gcry_mpi_lshift function has been added.
+ * Try to auto-initialize Libgcrypt to minimize the effect of
+   applications not doing that correctly.  This is not a perfect
+   solution but given that many applicationion would totally fail
+   without such a hack, we try to help at least with the most common
+   cases.  Folks, please read the manual to learn how to properly
+   initialize Libgcrypt!
 
- * RSA key generation now supports a "transient-key" flag.
+ * Auto-initialize the secure memory to 32k instead of aborting the
+   process.
 
- * The keygrip computation for ECDSA has been implemented thus ECDSA
-   is now fully supported.
+ * Log fatal errors via syslog.
 
- * A few macros have been replaced by functions for better type
-   checking.
+ * Changed the name and the semantics of the fips mode config file.
 
- * The thread initialization structure now carries version
-   information.
+ * Add convenience macro gcry_fips_mode_active.
 
- * The manual describes more clearly how to initialize Libgcrypt.
+ * More self-tests.
 
- * The library may now be switched into a FIPS mode.
+ * Documentation cleanups.
 
- * Interface changes relative to the 1.3.0 release:
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- GCRYCTL_OPERATIONAL_P   NEW.
- GCRYCTL_FIPS_MODE_P     NEW.
- GCRYCTL_FORCE_FIPS_MODE NEW.
- gcry_cipher_setkey      NEW: Replaces macro.
- gcry_cipher_setiv       NEW: Replaces macro.
- gcry_cipher_setctr      NEW: Replaces macro.
- gcry_mpi_lshift         NEW.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-
 Source code is hosted at the GnuPG FTP server and its mirrors as
 listed at http://www.gnupg.org/download/mirrors.html .  On the primary
 server the source file and its digital signatures is:
 
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2.tar.bz2 (1049k)
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2.tar.bz2.sig
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2 (k)
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.bz2.sig
 
 This file is bzip2 compressed.  A gzip compressed version is also
 available:
 
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.1.tar.gz (1301k)
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.1.tar.gz.sig
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz (k)
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.3.tar.gz.sig
 
-Alternativley you may upgrade version 1.4.1 using this patch file:
+Alternativley you may upgrade version 1.4.2 using this patch file:
 
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.1-1.4.2.diff.bz2 (171k)
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.2-1.4.3.diff.bz2 (k)
 
 The SHA-1 checksums are:
 
-f4eda0d4a63905aef3bcdf24bb3dad787ef4b918  libgcrypt-1.4.2.tar.gz
-e9c65688e3191c4cad2910bda2f6c69fc05997a2  libgcrypt-1.4.2.tar.bz2
-e0e5e4192f144ae0fc093d08aff50b725f46c0f9  libgcrypt-1.4.1-1.4.2.diff.bz2
 
-
 For help on developing with Libgcrypt you should read the included
 manual and optional ask on the gcrypt-devel mailing list [1].
 

Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/doc/gcrypt.texi	2008-09-18 15:25:49 UTC (rev 1341)
@@ -626,8 +626,8 @@
 
 @item GCRYCTL_DISABLE_SECMEM; Arguments: none
 This command disables the use of secure memory.  If this command is
-used in FIPS mode, FIPS mode will be disabled and the command
- at code{GCRYCTL_FIPS_MODE_P} returns false.  However, in Enforced FIPS
+used in FIPS mode, FIPS mode will be disabled and the fucntion
+ at code{gcry_fips_mode_active} returns false.  However, in Enforced FIPS
 mode this command has no effect at all.
 
 Many applications do not require secure memory, so they should disable
@@ -776,9 +776,18 @@
 This command returns true if the library is in FIPS mode.  Note, that
 this is no indication about the current state of the library.  This
 command may be used before the intialization has been finished but not
-before a gcry_version_check.  An application may use this function to
-check whether FIPS mode is still active.
+before a gcry_version_check.  An application may use this command or
+the convenience macro below to check whether FIPS mode is actually
+active.
 
+ at deftypefun int gcry_fips_mode_active (void)
+
+Returns true if the FIPS mode is active.  Note that this is
+implemented as a macro.
+ at end deftypefun
+
+
+
 @item GCRYCTL_FORCE_FIPS_MODE; Arguments: none
 Running this command puts the library into FIPS mode.  If the library is
 already in FIPS mode, a self-test is triggered and thus the library will
@@ -5499,8 +5508,8 @@
 @end itemize
 
 Note that when we speak about disabling FIPS mode, it merely means
-that the command @code{GCRYCTL_FIPS_MODE_P} returns false; it does not
-mean that any non FIPS algorithms are allowed.
+that the fucntion @code{gcry_fips_mode_active} returns false; it does
+not mean that any non FIPS algorithms are allowed.
 
 
 @c ********************************************

Modified: trunk/src/gcrypt.h.in
===================================================================
--- trunk/src/gcrypt.h.in	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/src/gcrypt.h.in	2008-09-18 15:25:49 UTC (rev 1341)
@@ -1815,6 +1815,10 @@
 /* Return true if A is allocated in "secure" memory. */
 int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE;
 
+/* Return true if Libgcrypt is in FIPS mode.  */
+#define gcry_fips_mode_active()  !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
+
+
 /* Include support for Libgcrypt modules.  */
 #include <gcrypt-module.h>
 

Modified: trunk/tests/basic.c
===================================================================
--- trunk/tests/basic.c	2008-09-18 12:35:06 UTC (rev 1340)
+++ trunk/tests/basic.c	2008-09-18 15:25:49 UTC (rev 1341)
@@ -2089,7 +2089,7 @@
   if (!gcry_check_version (GCRYPT_VERSION))
     die ("version mismatch\n");
 
-  if ( gcry_control (GCRYCTL_FIPS_MODE_P, 0) )
+  if ( gcry_fips_mode_active () )
     in_fips_mode = 1;
 
   if (!in_fips_mode)

More information about the Gnupg-commits mailing list