[git] GCRYPT - branch, OS2-BRANCH, updated. libgcrypt-1.5.0-35-g683d5d4
by Werner Koch
cvs at cvs.gnupg.org
Fri Jun 8 11:07:36 CEST 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, OS2-BRANCH has been updated
via 683d5d45e9bcd6f2ba4dca7ecb7c721170834787 (commit)
via bbee6f8543671cf27f5ef3c0986ae56a86bdc5e2 (commit)
via b75213fd60dabbc1b0a405789c984ec0ec4e566d (commit)
via c897deca8b30aca245222b2cabc131058eb024d4 (commit)
from 32dc49474e83140a6717903db3a8885ebaaaf6fb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 683d5d45e9bcd6f2ba4dca7ecb7c721170834787
Author: Werner Koch <wk at gnupg.org>
Date: Mon May 14 10:26:25 2012 +0200
Add curve aliases from RFC-5656.
* cipher/ecc.c (curve_aliases): Add "nistp???" entries.
diff --git a/cipher/ecc.c b/cipher/ecc.c
index bbff7ee..70431fe 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -96,19 +96,24 @@ static const struct
{ "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */
{ "NIST P-192", "prime192v1" }, /* X9.62 name. */
{ "NIST P-192", "secp192r1" }, /* SECP name. */
+ { "NIST P-192", "nistp192" }, /* rfc5656. */
{ "NIST P-224", "secp224r1" },
{ "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
+ { "NIST P-224", "nistp224" }, /* rfc5656. */
{ "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
{ "NIST P-256", "prime256v1" },
{ "NIST P-256", "secp256r1" },
+ { "NIST P-256", "nistp256" }, /* rfc5656. */
{ "NIST P-384", "secp384r1" },
{ "NIST P-384", "1.3.132.0.34" },
+ { "NIST P-384", "nistp384" }, /* rfc5656. */
{ "NIST P-521", "secp521r1" },
{ "NIST P-521", "1.3.132.0.35" },
+ { "NIST P-521", "nistp521" }, /* rfc5656. */
{ "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
{ "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
commit bbee6f8543671cf27f5ef3c0986ae56a86bdc5e2
Author: Werner Koch <wk at gnupg.org>
Date: Wed Apr 25 16:35:10 2012 +0200
Add authors with a DCO to AUTHORS.
--
diff --git a/AUTHORS b/AUTHORS
index 94c1213..c0231d6 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -37,7 +37,7 @@ Disclaims changes.
nh at df.lth.se
Weak key patches.
-GNUPG Rémi Guyomarch 1999-05-25
+GNUPG Rémi Guyomarch 1999-05-25
Assigns past and future changes. (g10/compress.c, g10/encr-data.c,
g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c)
rguyom at mail.dotcom.fr
@@ -96,12 +96,19 @@ Assigns Past and Future Changes
openpgp at brainhub.org
(cipher/ecc.c and related files)
-LIBGCRYPT Ulrich Müller 2012-02-15
+LIBGCRYPT Ulrich Müller 2012-02-15
Assigns Past and Future Changes
ulm at gentoo.org
(Changes to cipher/idea.c and related files)
+Authors with a DCO
+==================
+
+DCO:2012-04-16:Tomáš Mráz <tm at t8m.info>
+DCO:2012-04-20:Rafaël Carré <funman at videolan.org>
+
+
More credits
============
The ATH implementation (src/ath*) has been taken from GPGME and
commit b75213fd60dabbc1b0a405789c984ec0ec4e566d
Author: Werner Koch <wk at gnupg.org>
Date: Mon Apr 16 11:24:32 2012 +0200
State new contribution rules.
* doc/DCO: New.
* doc/HACKING: Document new rules.
diff --git a/doc/DCO b/doc/DCO
new file mode 100644
index 0000000..ee460f6
--- /dev/null
+++ b/doc/DCO
@@ -0,0 +1,29 @@
+Libgcrypt Developer's Certificate of Origin. Version 1.0
+=========================================================
+
+By making a contribution to the Libgcrypt project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the free software license
+ indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the
+ best of my knowledge, is covered under an appropriate free
+ software license and I have the right under that license to
+ submit that work with modifications, whether created in whole
+ or in part by me, under the same free software license
+ (unless I am permitted to submit under a different license),
+ as indicated in the file; or
+
+(c) The contribution was provided directly to me by some other
+ person who certified (a), (b) or (c) and I have not modified
+ it.
+
+(d) I understand and agree that this project and the contribution
+ are public and that a record of the contribution (including
+ all personal information I submit with it, including my
+ sign-off) is maintained indefinitely and may be redistributed
+ consistent with this project or the free software license(s)
+ involved.
+
+Signed-off-by: [Your name and mail address]
diff --git a/doc/HACKING b/doc/HACKING
index 4e0405d..0cb8d56 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -1,33 +1,86 @@
- Various hacking notes -*- text -*-
- =======================
+# HACKING -*- org -*-
+#+TITLE: Hacking notes for Libgcrypt
+#+STARTUP: showall
-No more ChangeLog files
------------------------
+* How to contribute
-Do not modify any of the ChangeLog files in Libgcrypt. Starting on
-December 1st, 2011 we put change information only in the GIT commit
-log, and generate a top-level ChangeLog file from logs at "make dist"
-time. As such, there are strict requirements on the form of the
-commit log messages. The old ChangeLog files have all be renamed to
-ChangeLog-2011
+ The following stuff explains some basic procedures you need to
+ follow if you want to contribute code or documentation.
+** No more ChangeLog files
-Commit log requirements
------------------------
+ Do not modify any of the ChangeLog files in Libgcrypt. Starting on
+ December 1st, 2011 we put change information only in the GIT commit
+ log, and generate a top-level ChangeLog file from logs at "make
+ dist" time. As such, there are strict requirements on the form of
+ the commit log messages. The old ChangeLog files have all be
+ renamed to ChangeLog-2011
-Your commit log should always start with a one-line summary, the second
-line should be blank, and the remaining lines are usually ChangeLog-style
-entries for all affected files. However, it's fine -- even recommended --
-to write a few lines of prose describing the change, when the summary
-and ChangeLog entries don't give enough of the big picture. Omit the
-leading TABs that you're used to seeing in a "real" ChangeLog file, but
-keep the maximum line length at 72 or smaller, so that the generated
-ChangeLog lines, each with its leading TAB, will not exceed 80 columns.
+** Commit log requirements
+ Your commit log should always start with a one-line summary, the
+ second line should be blank, and the remaining lines are usually
+ ChangeLog-style entries for all affected files. However, it's fine
+ -- even recommended -- to write a few lines of prose describing the
+ change, when the summary and ChangeLog entries don't give enough of
+ the big picture. Omit the leading TABs that you're used to seeing
+ in a "real" ChangeLog file, but keep the maximum line length at 72
+ or smaller, so that the generated ChangeLog lines, each with its
+ leading TAB, will not exceed 80 columns.
+** License policy
-Taking optimized MPI code out of GMP:
--------------------------------------
+ Libgcrypt is currently licensed under the LGPLv2+ with tools and the
+ manual being under the GPLv2+. We may eventually update to a newer
+ version of the licenses or a combination of them. It is thus
+ important, that all contributed code allows for an update of the
+ license; for example we can't accept code under the LGPLv2(only).
+
+ Libgcrypt used to have a strict policy of requiring copyright
+ assignments to the FSF. To avoid this major organizational overhead
+ and to allow inclusion of code, not copyrighted by the FSF, this
+ policy has been relaxed. It is now also possible to contribute code
+ by asserting that the contribution is in accordance to the
+ "Libgcrypt Developer's Certificate of Origin" as found in the file
+ "DCO". (Except for a slight wording change, this DCO is identical
+ to the one used by the Linux kernel.)
+
+ If your want to contribute code or documentation to Libgcrypt and
+ you didn't signed a copyright assignment with the FSF in the past,
+ you need to take these simple steps:
+
+ - Decide which mail address you want to use. Please have your real
+ name in the address and not a pseudonym. Anonymous contributions
+ can only be done if you find a proxy who certifies for you.
+
+ - If your employer or school might claim ownership of code written
+ by you; you need to talk to them to make sure that you have the
+ right to contribute under the DCO.
+
+ - Send an OpenPGP signed mail to the gcrypt-devel at gnupg.org mailing
+ list from your mail address. Include a copy of the DCO as found
+ in the official master branch. Insert your name and email address
+ into the DCO in the same way you want to use it later. Example:
+
+ Signed-off-by: Joe R. Hacker <joe at example.org>
+
+ (If you really need it, you may perform simple transformations of
+ the mail address: Replacing "@" by " at " or "." by " dot ".)
+
+ - That's it. From now on you only need to add a "Signed-off-by:"
+ line with your name and mail address to the commit message. It is
+ recommended to send the patches using a PGP/MIME signed mail.
+
+** Coding standards
+
+ Please follow the GNU coding standards. If you are in doubt consult
+ the existing code as an example. Do no re-indent code without a
+ need. If you really need to do it, use a separate commit for such a
+ change.
+
+
+* Porting hints
+** Taking optimized MPI code out of GMP:
I generated the pentium4/* files by glueing the existing assembler
prologues to the GMP 4.2.1 assembler files generated with the m4
@@ -42,8 +95,9 @@ Taking optimized MPI code out of GMP:
tedious work.
-Debugging math stuff:
----------------------
+* Debug hints
+
+** Debugging math stuff:
While debugging the ECC code in libgcrypt, I was in need for some
computer algebra system which would allow me to verify the numbers
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 451d42f..2cf556e 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -17,7 +17,7 @@
# License along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-EXTRA_DIST = README.apichanges HACKING \
+EXTRA_DIST = README.apichanges HACKING DCO \
libgcrypt-modules.eps fips-fsm.eps \
libgcrypt-modules.png fips-fsm.png \
libgcrypt-modules.pdf fips-fsm.pdf \
commit c897deca8b30aca245222b2cabc131058eb024d4
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed Apr 4 14:17:09 2012 +0200
Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command.
* doc/gcrypt.texi: Add documentation of the new command.
* src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode
only when fips mode is enabled.
(_gcry_set_enforced_fips_mode): New function.
* src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype.
* src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG.
* src/global.c (_gcry_vcontrol): Handle the new command.
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index b7817d9..3bd2686 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -595,8 +595,10 @@ initialization (i.e. before @code{gcry_check_version}).
In addition to the standard FIPS mode, Libgcrypt may also be put into
an Enforced FIPS mode by writing a non-zero value into the file
- at file{/etc/gcrypt/fips_enabled}. The Enforced FIPS mode helps to
-detect applications which don't fulfill all requirements for using
+ at file{/etc/gcrypt/fips_enabled} or by using the control command
+ at code{GCRYCTL_SET_ENFORCED_FIPS_FLAG} before any other calls to
+libgcrypt. The Enforced FIPS mode helps to detect applications
+which don't fulfill all requirements for using
Libgcrypt in FIPS mode (@pxref{FIPS Mode}).
Once Libgcrypt has been put into FIPS mode, it is not possible to
@@ -804,20 +806,20 @@ proper random device.
This command dumps information pertaining to the configuration of the
library to the given stream. If NULL is given for @var{stream}, the log
system is used. This command may be used before the intialization has
-been finished but not before a gcry_version_check.
+been finished but not before a @code{gcry_check_version}.
@item GCRYCTL_OPERATIONAL_P; Arguments: none
This command returns true if the library is in an operational state.
This information makes only sense in FIPS mode. In contrast to other
functions, this is a pure test function and won't put the library into
FIPS mode or change the internal state. This command may be used before
-the intialization has been finished but not before a gcry_version_check.
+the intialization has been finished but not before a @code{gcry_check_version}.
@item GCRYCTL_FIPS_MODE_P; Arguments: none
This command returns true if the library is in FIPS mode. Note, that
this is no indication about the current state of the library. This
command may be used before the intialization has been finished but not
-before a gcry_version_check. An application may use this command or
+before a @code{gcry_check_version}. An application may use this command or
the convenience macro below to check whether FIPS mode is actually
active.
@@ -833,10 +835,19 @@ implemented as a macro.
Running this command puts the library into FIPS mode. If the library is
already in FIPS mode, a self-test is triggered and thus the library will
be put into operational state. This command may be used before a call
-to gcry_check_version and that is actually the recommended way to let an
+to @code{gcry_check_version} and that is actually the recommended way to let an
application switch the library into FIPS mode. Note that Libgcrypt will
reject an attempt to switch to fips mode during or after the intialization.
+ at item GCRYCTL_SET_ENFORCED_FIPS_FLAG; Arguments: none
+Running this command sets the internal flag that puts the library into
+the enforced FIPS mode during the FIPS mode initialization. This command
+does not affect the library if the library is not put into the FIPS mode and
+it must be used before any other libgcrypt library calls that initialize
+the library such as @code{gcry_check_version}. Note that Libgcrypt will
+reject an attempt to switch to the enforced fips mode during or after
+the intialization.
+
@item GCRYCTL_SELFTEST; Arguments: none
This may be used at anytime to have the library run all implemented
self-tests. It works in standard and in FIPS mode. Returns 0 on
diff --git a/src/fips.c b/src/fips.c
index a3445eb..e45baba 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -274,9 +274,17 @@ _gcry_fips_mode (void)
int
_gcry_enforced_fips_mode (void)
{
+ if (!_gcry_fips_mode ())
+ return 0;
return enforced_fips_mode;
}
+/* Set a flag telling whether we are in the enforced fips mode. */
+void
+_gcry_set_enforced_fips_mode (void)
+{
+ enforced_fips_mode = 1;
+}
/* If we do not want to enforce the fips mode, we can set a flag so
that the application may check whether it is still in fips mode.
diff --git a/src/g10lib.h b/src/g10lib.h
index 46d5229..ec86c97 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -327,6 +327,8 @@ int _gcry_fips_mode (void);
int _gcry_enforced_fips_mode (void);
+void _gcry_set_enforced_fips_mode (void);
+
void _gcry_inactivate_fips_mode (const char *text);
int _gcry_is_fips_mode_inactive (void);
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 8e23ec4..1e9d11d 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -285,7 +285,8 @@ enum gcry_ctl_cmds
GCRYCTL_FORCE_FIPS_MODE = 56,
GCRYCTL_SELFTEST = 57,
/* Note: 58 .. 62 are used internally. */
- GCRYCTL_DISABLE_HWF = 63
+ GCRYCTL_DISABLE_HWF = 63,
+ GCRYCTL_SET_ENFORCED_FIPS_FLAG = 64
};
/* Perform various operations defined by CMD. */
diff --git a/src/global.c b/src/global.c
index bde8791..4ce869a 100644
--- a/src/global.c
+++ b/src/global.c
@@ -599,6 +599,16 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
}
break;
+ case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
+ if (!any_init_done)
+ {
+ /* Not yet intialized at all. Set the enforced fips mode flag */
+ _gcry_set_enforced_fips_mode ();
+ }
+ else
+ err = GPG_ERR_GENERAL;
+ break;
+
default:
/* A call to make sure that the dummy code is linked in. */
_gcry_compat_identification ();
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 11 +++++-
cipher/ecc.c | 5 +++
doc/DCO | 29 +++++++++++++++
doc/HACKING | 102 ++++++++++++++++++++++++++++++++++++++++++-------------
doc/Makefile.am | 2 +-
doc/gcrypt.texi | 23 +++++++++---
src/fips.c | 8 ++++
src/g10lib.h | 2 +
src/gcrypt.h.in | 3 +-
src/global.c | 10 +++++
10 files changed, 161 insertions(+), 34 deletions(-)
create mode 100644 doc/DCO
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list