diff options
author | NIIBE Yutaka <[email protected]> | 2022-01-17 14:48:10 +0900 |
---|---|---|
committer | NIIBE Yutaka <[email protected]> | 2022-01-17 14:48:10 +0900 |
commit | d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f (patch) | |
tree | 51266cf040f7f7f65e87b797c5dd534e37956ada | |
parent | e023e10ee89baf5d5909de4d8c13ba6dfbc8ed99 (diff) | |
download | libgcrypt-d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f.tar.gz libgcrypt-d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f.tar.bz2 libgcrypt-d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f.zip |
fips: Remove GCRYCTL_FIPS_SERVICE_INDICATOR and renumber the enum.
* src/gcrypt.h.in (enum gcry_ctl_cmds): Remove
GCRYCTL_FIPS_SERVICE_INDICATOR.
* src/fips.c (_gcry_fips_indicator_cipher): Use gcry_kdf_algos.
* tests/basic.c: Use GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER.
--
GnuPG-bug-id: 5512
Signed-off-by: NIIBE Yutaka <[email protected]>
-rw-r--r-- | doc/gcrypt.texi | 1 | ||||
-rw-r--r-- | src/fips.c | 2 | ||||
-rw-r--r-- | src/gcrypt.h.in | 5 | ||||
-rw-r--r-- | tests/basic.c | 10 |
4 files changed, 9 insertions, 9 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index ce0a7175..4436367c 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -6557,6 +6557,7 @@ reference encyrpted message. The encrypted result is then decrypted and checked that it matches the original random value. (@code{cipher/@/rsa.c:@/selftest_encr_2048}) @end enumerate [email protected] table @subsection Integrity Power-Up Tests @@ -377,7 +377,7 @@ _gcry_fips_indicator_cipher (va_list arg_ptr) int _gcry_fips_indicator_kdf (va_list arg_ptr) { - enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos); + enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos); switch (alg) { diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 4a5a671b..6376b446 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -327,10 +327,9 @@ enum gcry_ctl_cmds GCRYCTL_AUTO_EXPAND_SECMEM = 78, GCRYCTL_SET_ALLOW_WEAK_KEY = 79, GCRYCTL_SET_DECRYPTION_TAG = 80, - GCRYCTL_FIPS_SERVICE_INDICATOR = 81, GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81, - GCRYCTL_NO_FIPS_MODE = 82, - GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 83 + GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82, + GCRYCTL_NO_FIPS_MODE = 83 }; /* Perform various operations defined by CMD. */ diff --git a/tests/basic.c b/tests/basic.c index 9e0444f6..ab9a4733 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -7964,7 +7964,7 @@ do_check_ocb_cipher (int inplace) /* Verify the FIPS indicator marks this as non-approved */ if (in_fips_mode) { - err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR, + err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER, tv[tidx].algo, GCRY_CIPHER_MODE_OCB); if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED) fail ("cipher-ocb, gcry_control did not fail as expected (tv %d): %s\n", @@ -8249,7 +8249,7 @@ check_ocb_cipher_largebuf_split (int algo, int keylen, const char *tagexpect, /* Verify the FIPS indicator marks this as non-approved */ if (in_fips_mode) { - err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR, + err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER, algo, GCRY_CIPHER_MODE_OCB); if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED) fail ("cipher-ocb, gcry_control did not fail as expected (large, algo %d): %s\n", @@ -8471,7 +8471,7 @@ check_ocb_cipher_checksum (int algo, int keylen) /* Verify the FIPS indicator marks this as non-approved */ if (in_fips_mode) { - err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR, + err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER, algo, GCRY_CIPHER_MODE_OCB); if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED) fail ("cipher-ocb, gcry_control did not fail as expected (checksum, algo %d): %s\n", @@ -8749,7 +8749,7 @@ check_ocb_cipher_splitaad (void) /* Verify the FIPS indicator marks this as non-approved */ if (in_fips_mode) { - err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR, + err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OCB); if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED) fail ("cipher-ocb-splitaad, gcry_control did not fail as expected: %s\n", @@ -10742,7 +10742,7 @@ check_bulk_cipher_modes (void) /* Verify the FIPS indicator marks approved cipher/modes combinations */ if (in_fips_mode) { - err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR, + err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER, tv[i].algo, tv[i].mode); if (gpg_err_code (err) != GPG_ERR_NO_ERROR) fail ("gcry_control unexpectedly failed for algo = %s, mode = %d : %s\n", |