File libgcrypt-FIPS-SLI-Introduce-GCRYCTL_FIPS_SERVICE_INDICATOR-and-the-macro.patch of Package libgcrypt.38414
From f51f4e98930e6b2175e85fe8a95b8b6a15ad5efa Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 5 Dec 2024 11:34:32 +0900
Subject: [PATCH 02/24] fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the
macro.
* src/fips.c (_gcry_fips_indicator): New.
* src/g10lib.h (_gcry_fips_indicator): New.
* src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR): New.
(gcry_get_fips_service_indicator): New.
* src/global.c (_gcry_vcontrol): Handle GCRYCTL_FIPS_SERVICE_INDICATOR.
--
GnuPG-bug-id: 7338
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
src/fips.c | 11 +++++++++++
src/g10lib.h | 2 ++
src/gcrypt.h.in | 6 +++++-
src/global.c | 4 ++++
4 files changed, 22 insertions(+), 1 deletion(-)
Index: libgcrypt-1.10.3/src/fips.c
===================================================================
--- libgcrypt-1.10.3.orig/src/fips.c
+++ libgcrypt-1.10.3/src/fips.c
@@ -363,6 +363,17 @@ _gcry_fips_test_operational (void)
return result;
}
+gpg_err_code_t
+_gcry_fips_indicator (void)
+{
+ /* If anything recorded, it means that the operation is not
+ supported under FIPS mode. */
+ if (_gcry_thread_context_get_fsi ())
+ return GPG_ERR_NOT_SUPPORTED;
+
+ return 0;
+}
+
int
_gcry_fips_indicator_cipher (va_list arg_ptr)
{
Index: libgcrypt-1.10.3/src/g10lib.h
===================================================================
--- libgcrypt-1.10.3.orig/src/g10lib.h
+++ libgcrypt-1.10.3/src/g10lib.h
@@ -455,6 +455,8 @@ void _gcry_fips_signal_error (const char
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
#endif
+gpg_err_code_t _gcry_fips_indicator (void);
+
int _gcry_fips_indicator_cipher (va_list arg_ptr);
int _gcry_fips_indicator_mac (va_list arg_ptr);
int _gcry_fips_indicator_md (va_list arg_ptr);
Index: libgcrypt-1.10.3/src/gcrypt.h.in
===================================================================
--- libgcrypt-1.10.3.orig/src/gcrypt.h.in
+++ libgcrypt-1.10.3/src/gcrypt.h.in
@@ -334,7 +334,9 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
+ GCRYCTL_MD_CUSTOMIZE = 88,
+ GCRYCTL_FIPS_SERVICE_INDICATOR = 89
};
/* Perform various operations defined by CMD. */
@@ -1790,6 +1792,9 @@ void gcry_log_debugsxp (const char *text
char *gcry_get_config (int mode, const char *what);
+/* Convinience macro to access the FIPS service indicator. */
+#define gcry_get_fips_service_indicator() gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR)
+
/* Log levels used by the internal logging facility. */
enum gcry_log_levels
{
Index: libgcrypt-1.10.3/src/global.c
===================================================================
--- libgcrypt-1.10.3.orig/src/global.c
+++ libgcrypt-1.10.3/src/global.c
@@ -784,6 +784,10 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
rc = _gcry_fips_run_selftests (1);
break;
+ case GCRYCTL_FIPS_SERVICE_INDICATOR:
+ rc = _gcry_fips_indicator ();
+ break;
+
case GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER:
/* Get FIPS Service Indicator for a given symmetric algorithm and
* optional mode. Returns GPG_ERR_NO_ERROR if algorithm is allowed or
