Implemented transient-key flag as requested by the GNUNet folks.

Documentation cleanups. Removed FIPS logging unless in double verbose state.
author: Werner Koch <wk@gnupg.org> 2008-08-26 11:13:57 +0000
committer: Werner Koch <wk@gnupg.org> 2008-08-26 11:13:57 +0000
commit: d1e87a8bf19a041e3fe6144213b081f6374ba06b (patch)
tree: 34c4d1fb30a94d07aa61092b15af2beff1291db4 /src
parent: 7b86a3aa51c48d332a2379c6471541168a4e532f (diff)
download: libgcrypt-d1e87a8bf19a041e3fe6144213b081f6374ba06b.tar.gz
6 files changed, 38 insertions, 8 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 7f54e745..26b304c0 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,13 @@
+2008-08-26  Werner Koch  <wk@g10code.com>
+
+	* fips.c (fips_new_state): Print state transitions only at
+	verbosity level of 2.
+	(reporter): Likewise.
+
+	* cipher-proto.h (pk_ext_generate_t): New.
+	(pk_extra_spec): Add member ext_generate.
+	* cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
+
 2008-08-22  Werner Koch  <wk@g10code.com>
 
 	* hmac256.c (_gcry_hmac256_file): New.
diff --git a/src/cipher-proto.h b/src/cipher-proto.h
index ae5492b4..4ca76b55 100644
--- a/src/cipher-proto.h
+++ b/src/cipher-proto.h
@@ -39,6 +39,16 @@ typedef gpg_err_code_t (*selftest_func_t)
      (int algo, selftest_report_func_t report);
 
 
+/* An extended type of the generate function.  */
+typedef gcry_err_code_t (*pk_ext_generate_t)
+     (int algo,
+      unsigned int nbits,
+      unsigned long use_e,
+      unsigned int keygen_flags, 
+      gcry_mpi_t *skey,
+      gcry_mpi_t **retfactors);
+
+
 /* Extra module specification structures.  These are used for internal
    modules which provide more functions than available through the
    public algorithm register APIs.  */
@@ -55,6 +65,7 @@ typedef struct md_extra_spec
 typedef struct pk_extra_spec
 {
   selftest_func_t selftest;
+  pk_ext_generate_t ext_generate;
 } pk_extra_spec_t;
 
 
diff --git a/src/cipher.h b/src/cipher.h
index 91b5831f..8a4c2de1 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -26,7 +26,8 @@
 
 #include "../random/random.h"
 
-#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
+#define PUBKEY_FLAG_NO_BLINDING    (1 << 0)
+#define PUBKEY_FLAG_TRANSIENT_KEY  (1 << 1)
 
 #include "cipher-proto.h"
 
diff --git a/src/fips.c b/src/fips.c
index 8f367977..3089f768 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -292,6 +292,9 @@ _gcry_fips_test_operational (void)
 static void
 reporter (const char *domain, int algo, const char *what, const char *errtxt)
 {
+  if (!errtxt && !_gcry_log_verbosity (2))
+    return;
+
   log_info ("libgcrypt selftest: %s %s%s (%d): %s%s%s%s\n",
             !strcmp (domain, "hmac")? "digest":domain,
             !strcmp (domain, "hmac")? "HMAC-":"",
@@ -625,9 +628,10 @@ fips_new_state (enum module_states new_state)
 
   unlock_fsm ();
 
-  log_info ("libgcrypt state transition %s => %s %s\n",
-            state2str (last_state), state2str (new_state),
-            ok? "granted":"denied");
+  if (!ok || _gcry_log_verbosity (2))
+    log_info ("libgcrypt state transition %s => %s %s\n",
+              state2str (last_state), state2str (new_state),
+              ok? "granted":"denied");
   
   if (!ok)
     {
diff --git a/src/g10lib.h b/src/g10lib.h
index 8670de4d..668dc30e 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -155,13 +155,16 @@ const char *_gcry_mpi_get_hw_config (void);
 
 /*-- primegen.c --*/
 gcry_mpi_t _gcry_generate_secret_prime (unsigned int nbits,
+                                 gcry_random_level_t random_level,
                                  int (*extra_check)(void*, gcry_mpi_t),
                                  void *extra_check_arg);
 gcry_mpi_t _gcry_generate_public_prime (unsigned int nbits,
+                                 gcry_random_level_t random_level,
                                  int (*extra_check)(void*, gcry_mpi_t),
                                  void *extra_check_arg);
-gcry_mpi_t _gcry_generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
-					   gcry_mpi_t g, gcry_mpi_t **factors );
+gcry_mpi_t _gcry_generate_elg_prime (int mode, 
+                                     unsigned int pbits, unsigned int qbits,
+                                     gcry_mpi_t g, gcry_mpi_t **factors);
 
 
 /* replacements of missing functions (missing-string.c)*/
diff --git a/src/global.c b/src/global.c
index 2b7f0bcc..894146e9 100644
--- a/src/global.c
+++ b/src/global.c
@@ -455,8 +455,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
 
     case GCRYCTL_FORCE_FIPS_MODE:
       /* Performing this command puts the library into fips mode.  If
-         the library has already been initialized or is already in
-         fips mode, a selftest is triggered.  */
+         the library has already been initialized into fips mode, a
+         selftest is triggered.  it is not possible to put the libraty
+         into fips mode after having passed the initialization. */
       if (!any_init_done)
         {
           /* Not yet intialized at all.  Set a flag so that we are put
author	Werner Koch <wk@gnupg.org>	2008-08-26 11:13:57 +0000
committer	Werner Koch <wk@gnupg.org>	2008-08-26 11:13:57 +0000
commit	d1e87a8bf19a041e3fe6144213b081f6374ba06b (patch)
tree	34c4d1fb30a94d07aa61092b15af2beff1291db4 /src
parent	7b86a3aa51c48d332a2379c6471541168a4e532f (diff)
download	libgcrypt-d1e87a8bf19a041e3fe6144213b081f6374ba06b.tar.gz