libgcrypt/libgcrypt-doc-Add-about-GCRYCTL_FIPS_SERVICE_INDICATOR.patch

From 636f40cb78587635ef663bfc3430937cf140f245 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 13 Mar 2025 15:02:58 +0900
Subject: [PATCH 13/14] doc: Add about GCRYCTL_FIPS_SERVICE_INDICATOR.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* doc/gcrypt.texi (GCRYCTL_FIPS_SERVICE_INDICATOR): Add a description.
(GCRYCTL_FIPS_REJECT_NON_FIPS): Likewise.

--

GnuPG-bug-id: 7338
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
---
 doc/gcrypt.texi | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 5d428738..6e82a41b 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1052,6 +1052,38 @@ is responsible to check also the internal members.  For example:
   /* ok */
 @end example
 
+@item GCRYCTL_FIPS_SERVICE_INDICATOR; Arguments: none
+This commands provides ``dynamic'' service indicator.
+
+After a function call (of the use of security services), this command
+can be used to check if the call is valid or not.  If the computation
+is done in an approved way, it returns @code{GPG_ERR_NO_ERROR}.
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+
+An application may use this command directly or use the convenience
+macro below.
+
+@deftypefun gcry_error_t gcry_get_fips_service_indicator (void)
+
+Returns @code{GPG_ERR_NO_ERROR} if a preceeding function call is
+valid.  Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
+@end deftypefun
+
+@item GCRYCTL_FIPS_REJECT_NON_FIPS; Arguments: unsigned int flags
+In Libgcrypt 1.10, static implicit indicator is used; For an approved
+function (which can be checked by
+GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION command) with an approved
+algo/operation (which can be checked GCRYCTL_FIPS_SERVICE_INDICATOR_*
+command), success of the function call means that it's valid and error
+return (rejection) means it's invalid.  This command controls thread
+specific behavior of the rejection.
+
+When using ``dynamic'' service indicator, this command with FLAGS=0
+disables all rejections.
+@example
+  gcry_control (GCRYCTL_FIPS_REJECT_NON_FIPS, 0);
+@endexample
+
 @end table
 
 @end deftypefun
-- 
2.49.0
- Security fix [bsc#1221107, CVE-2024-2236] * Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193 2025-06-10 07:06:49 +00:00			`From 636f40cb78587635ef663bfc3430937cf140f245 Mon Sep 17 00:00:00 2001`
			`From: NIIBE Yutaka <gniibe@fsij.org>`
			`Date: Thu, 13 Mar 2025 15:02:58 +0900`
			`Subject: [PATCH 13/14] doc: Add about GCRYCTL_FIPS_SERVICE_INDICATOR.`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`* doc/gcrypt.texi (GCRYCTL_FIPS_SERVICE_INDICATOR): Add a description.`
			`(GCRYCTL_FIPS_REJECT_NON_FIPS): Likewise.`

			`--`

			`GnuPG-bug-id: 7338`
			`Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>`
			`Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>`
			`---`
			`doc/gcrypt.texi \| 32 ++++++++++++++++++++++++++++++++`
			`1 file changed, 32 insertions(+)`

			`diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi`
			`index 5d428738..6e82a41b 100644`
			`--- a/doc/gcrypt.texi`
			`+++ b/doc/gcrypt.texi`
			`@@ -1052,6 +1052,38 @@ is responsible to check also the internal members. For example:`
			`/* ok */`
			`@end example`

			`+@item GCRYCTL_FIPS_SERVICE_INDICATOR; Arguments: none`
			+This commands provides ``dynamic'' service indicator.
			`+`
			`+After a function call (of the use of security services), this command`
			`+can be used to check if the call is valid or not. If the computation`
			`+is done in an approved way, it returns @code{GPG_ERR_NO_ERROR}.`
			`+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.`
			`+`
			`+An application may use this command directly or use the convenience`
			`+macro below.`
			`+`
			`+@deftypefun gcry_error_t gcry_get_fips_service_indicator (void)`
			`+`
			`+Returns @code{GPG_ERR_NO_ERROR} if a preceeding function call is`
			`+valid. Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.`
			`+@end deftypefun`
			`+`
			`+@item GCRYCTL_FIPS_REJECT_NON_FIPS; Arguments: unsigned int flags`
			`+In Libgcrypt 1.10, static implicit indicator is used; For an approved`
			`+function (which can be checked by`
			`+GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION command) with an approved`
			`+algo/operation (which can be checked GCRYCTL_FIPS_SERVICE_INDICATOR_*`
			`+command), success of the function call means that it's valid and error`
			`+return (rejection) means it's invalid. This command controls thread`
			`+specific behavior of the rejection.`
			`+`
			+When using ``dynamic'' service indicator, this command with FLAGS=0
			`+disables all rejections.`
			`+@example`
			`+ gcry_control (GCRYCTL_FIPS_REJECT_NON_FIPS, 0);`
			`+@endexample`
			`+`
			`@end table`

			`@end deftypefun`
			`--`
			`2.49.0`