fips: Explicitly allow only some PK flags.

* src/fips.c (_gcry_fips_indicator_pk_flags): New function for explicit FIPS indicator for public key algorithm flags. * src/g10lib.h (_gcry_fips_indicator_pk_flags): New. * src/gcrypt.h.in (GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS): New. * src/global.c (_gcry_vcontrol): Handle the new option. * doc/gcrypt.texi: Document new options. -- Signed-off-by: Jakub Jelen <jjelen@redhat.com>
author: Jakub Jelen <jjelen@redhat.com> 2023-03-06 15:57:40 +0100
committer: NIIBE Yutaka <gniibe@fsij.org> 2023-03-14 11:55:37 +0900
commit: 4c1c8a707f9652dbfad8f8b531d8b84556f655f1 (patch)
tree: 38a73ffd230a52733f4c6c8ce3293e750791320f /doc
parent: 0b7ad923978f708b41933d6b91d3159ffc7a84a1 (diff)
download: libgcrypt-4c1c8a707f9652dbfad8f8b531d8b84556f655f1.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 462c5931..750b6718 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1005,6 +1005,12 @@ Check if the given message digest algorithm is approved under the current
 FIPS 140-3 certification. If the algorithm is approved, this function returns
 @code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
 
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS; Arguments: const char *
+
+Check if the given public key operation flag is approved under the current
+FIPS 140-3 certification. If the flag is approved, this function returns
+@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+
 @end table
 
 @end deftypefun
author	Jakub Jelen <jjelen@redhat.com>	2023-03-06 15:57:40 +0100
committer	NIIBE Yutaka <gniibe@fsij.org>	2023-03-14 11:55:37 +0900
commit	4c1c8a707f9652dbfad8f8b531d8b84556f655f1 (patch)
tree	38a73ffd230a52733f4c6c8ce3293e750791320f /doc
parent	0b7ad923978f708b41933d6b91d3159ffc7a84a1 (diff)
download	libgcrypt-4c1c8a707f9652dbfad8f8b531d8b84556f655f1.tar.gz