aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNIIBE Yutaka <[email protected]>2022-01-17 14:48:10 +0900
committerNIIBE Yutaka <[email protected]>2022-01-17 14:48:10 +0900
commitd0db6a5abf7b8cc5637de5a080a7ed986e3ff63f (patch)
tree51266cf040f7f7f65e87b797c5dd534e37956ada
parente023e10ee89baf5d5909de4d8c13ba6dfbc8ed99 (diff)
downloadlibgcrypt-d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f.tar.gz
libgcrypt-d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f.tar.bz2
libgcrypt-d0db6a5abf7b8cc5637de5a080a7ed986e3ff63f.zip
fips: Remove GCRYCTL_FIPS_SERVICE_INDICATOR and renumber the enum.
* src/gcrypt.h.in (enum gcry_ctl_cmds): Remove GCRYCTL_FIPS_SERVICE_INDICATOR. * src/fips.c (_gcry_fips_indicator_cipher): Use gcry_kdf_algos. * tests/basic.c: Use GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER. -- GnuPG-bug-id: 5512 Signed-off-by: NIIBE Yutaka <[email protected]>
-rw-r--r--doc/gcrypt.texi1
-rw-r--r--src/fips.c2
-rw-r--r--src/gcrypt.h.in5
-rw-r--r--tests/basic.c10
4 files changed, 9 insertions, 9 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index ce0a7175..4436367c 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -6557,6 +6557,7 @@ reference encyrpted message. The encrypted result is then
decrypted and checked that it matches the original random value.
(@code{cipher/@/rsa.c:@/selftest_encr_2048})
@end enumerate
@subsection Integrity Power-Up Tests
diff --git a/src/fips.c b/src/fips.c
index c82c2875..6d777a7b 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -377,7 +377,7 @@ _gcry_fips_indicator_cipher (va_list arg_ptr)
int
_gcry_fips_indicator_kdf (va_list arg_ptr)
{
- enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
+ enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
switch (alg)
{
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 4a5a671b..6376b446 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -327,10 +327,9 @@ enum gcry_ctl_cmds
GCRYCTL_AUTO_EXPAND_SECMEM = 78,
GCRYCTL_SET_ALLOW_WEAK_KEY = 79,
GCRYCTL_SET_DECRYPTION_TAG = 80,
- GCRYCTL_FIPS_SERVICE_INDICATOR = 81,
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
- GCRYCTL_NO_FIPS_MODE = 82,
- GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 83
+ GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82,
+ GCRYCTL_NO_FIPS_MODE = 83
};
/* Perform various operations defined by CMD. */
diff --git a/tests/basic.c b/tests/basic.c
index 9e0444f6..ab9a4733 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -7964,7 +7964,7 @@ do_check_ocb_cipher (int inplace)
/* Verify the FIPS indicator marks this as non-approved */
if (in_fips_mode)
{
- err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR,
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
tv[tidx].algo, GCRY_CIPHER_MODE_OCB);
if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
fail ("cipher-ocb, gcry_control did not fail as expected (tv %d): %s\n",
@@ -8249,7 +8249,7 @@ check_ocb_cipher_largebuf_split (int algo, int keylen, const char *tagexpect,
/* Verify the FIPS indicator marks this as non-approved */
if (in_fips_mode)
{
- err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR,
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
algo, GCRY_CIPHER_MODE_OCB);
if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
fail ("cipher-ocb, gcry_control did not fail as expected (large, algo %d): %s\n",
@@ -8471,7 +8471,7 @@ check_ocb_cipher_checksum (int algo, int keylen)
/* Verify the FIPS indicator marks this as non-approved */
if (in_fips_mode)
{
- err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR,
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
algo, GCRY_CIPHER_MODE_OCB);
if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
fail ("cipher-ocb, gcry_control did not fail as expected (checksum, algo %d): %s\n",
@@ -8749,7 +8749,7 @@ check_ocb_cipher_splitaad (void)
/* Verify the FIPS indicator marks this as non-approved */
if (in_fips_mode)
{
- err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR,
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OCB);
if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
fail ("cipher-ocb-splitaad, gcry_control did not fail as expected: %s\n",
@@ -10742,7 +10742,7 @@ check_bulk_cipher_modes (void)
/* Verify the FIPS indicator marks approved cipher/modes combinations */
if (in_fips_mode)
{
- err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR,
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
tv[i].algo, tv[i].mode);
if (gpg_err_code (err) != GPG_ERR_NO_ERROR)
fail ("gcry_control unexpectedly failed for algo = %s, mode = %d : %s\n",