From 05a9c9d1ba1db6c1cd160fba979e9ddf4700a0c0 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 8 Aug 2022 13:50:15 +0200
Subject: fips: Add function-name based FIPS indicator.

* doc/gcrypt.texi: Document the new function-based fips indicator
  GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION
* src/fips.c (_gcry_fips_indicator_function): New function indicating
  non-approved functions.
* src/gcrypt.h.in (enum gcry_ctl_cmds): New symbol
  GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION
* src/global.c (_gcry_vcontrol): Handle new FIPS indicator.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
 doc/gcrypt.texi | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'doc')

diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index f2c1cc94..b608dba2 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -995,6 +995,13 @@ certification. If the KDF is approved, this function returns
 @code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
 is returned.
 
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION; Arguments: const char *
+
+Check if the given function is approved under the current FIPS 140-3
+certification. If the function is approved, this function returns
+@code{GPG_ERR_NO_ERROR} (other restrictions might still apply).
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+
 @end table
 
 @end deftypefun
-- 
cgit v1.2.1