diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-24 13:12:56 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2023-03-24 13:12:56 +0900 |
commit | 1c916b8c99ea0e30f1d81d606fd63b0c45657186 (patch) | |
tree | ba0be58906c74290c1f5952c1305276cfe74c175 /src | |
parent | 0af15f1fa0ca277fba17b365519f710b41a5b78f (diff) | |
download | libgcrypt-1c916b8c99ea0e30f1d81d606fd63b0c45657186.tar.gz |
fips: More elaborate way of getting FIPS pk flags indicators.
* src/fips.c (_gcry_fips_indicator_pk_flags): List more allowed string
in the S-expression.
* doc/gcrypt.texi: Add document for the FIPS service indicator
GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS with example.
--
GnuPG-bug-id: 6417
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/fips.c | 41 |
1 files changed, 37 insertions, 4 deletions
@@ -457,16 +457,49 @@ _gcry_fips_indicator_function (va_list arg_ptr) return GPG_ERR_NO_ERROR; } +/* Note: the array should be sorted. */ +static const char *valid_string_in_sexp[] = { + "curve", + "d", + "data", + "e", + "ecdsa", + "flags", + "genkey", + "hash", + "n", + "nbits", + "pkcs1", + "private-key", + "pss", + "public-key", + "q", + "r", + "raw", + "rsa", + "rsa-use-e", + "s", + "salt-length", + "sig-val", + "value" +}; + +static int +compare_string (const void *v1, const void *v2) +{ + const char * const *p_str1 = v1; + const char * const *p_str2 = v2; + + return strcmp (*p_str1, *p_str2); +} int _gcry_fips_indicator_pk_flags (va_list arg_ptr) { const char *flag = va_arg (arg_ptr, const char *); - if (strcmp (flag, "param") == 0 || - strcmp (flag, "raw") == 0 || - strcmp (flag, "no-blinding") == 0 || - strcmp (flag, "pss") == 0) + if (bsearch (&flag, valid_string_in_sexp, DIM (valid_string_in_sexp), + sizeof (char *), compare_string)) return GPG_ERR_NO_ERROR; return GPG_ERR_NOT_SUPPORTED; |