diff options
author | Jakub Jelen <jjelen@redhat.com> | 2023-03-06 15:57:40 +0100 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-14 11:55:37 +0900 |
commit | 4c1c8a707f9652dbfad8f8b531d8b84556f655f1 (patch) | |
tree | 38a73ffd230a52733f4c6c8ce3293e750791320f /doc | |
parent | 0b7ad923978f708b41933d6b91d3159ffc7a84a1 (diff) | |
download | libgcrypt-4c1c8a707f9652dbfad8f8b531d8b84556f655f1.tar.gz |
fips: Explicitly allow only some PK flags.
* src/fips.c (_gcry_fips_indicator_pk_flags): New function for explicit
FIPS indicator for public key algorithm flags.
* src/g10lib.h (_gcry_fips_indicator_pk_flags): New.
* src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS): New.
* src/global.c (_gcry_vcontrol): Handle the new option.
* doc/gcrypt.texi: Document new options.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 462c5931..750b6718 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1005,6 +1005,12 @@ Check if the given message digest algorithm is approved under the current FIPS 140-3 certification. If the algorithm is approved, this function returns @code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned. +@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char * + +Check if the given public key operation flag is approved under the current +FIPS 140-3 certification. If the flag is approved, this function returns +@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned. + @end table @end deftypefun |