diff --git a/lib/crypto_backend/crypto_backend.h b/lib/crypto_backend/crypto_backend.h index ef373a7f..ea1ba3ec 100644 --- a/lib/crypto_backend/crypto_backend.h +++ b/lib/crypto_backend/crypto_backend.h @@ -30,7 +30,7 @@ struct crypt_hmac; struct crypt_cipher; struct crypt_storage; -int crypt_backend_init(bool fips); +int crypt_backend_init(void); void crypt_backend_destroy(void); #define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */ diff --git a/lib/crypto_backend/crypto_gcrypt.c b/lib/crypto_backend/crypto_gcrypt.c index a50cb455..8e214d43 100644 --- a/lib/crypto_backend/crypto_gcrypt.c +++ b/lib/crypto_backend/crypto_gcrypt.c @@ -80,7 +80,7 @@ static void crypt_hash_test_whirlpool_bug(void) crypto_backend_whirlpool_bug = 1; } -int crypt_backend_init(bool fips __attribute__((unused))) +int crypt_backend_init(void) { int r; @@ -684,7 +684,7 @@ bool crypt_fips_mode(void) if (fips_checked) return fips_mode; - if (crypt_backend_init(false /* ignored */)) + if (crypt_backend_init()) return false; fips_mode = gcry_fips_mode_active(); diff --git a/lib/crypto_backend/crypto_kernel.c b/lib/crypto_backend/crypto_kernel.c index 9f76c582..43a4f256 100644 --- a/lib/crypto_backend/crypto_kernel.c +++ b/lib/crypto_backend/crypto_kernel.c @@ -103,7 +103,7 @@ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *op return 0; } -int crypt_backend_init(bool fips __attribute__((unused))) +int crypt_backend_init(void) { struct utsname uts; struct sockaddr_alg sa = { diff --git a/lib/crypto_backend/crypto_mbedtls.c b/lib/crypto_backend/crypto_mbedtls.c index 09d7e16c..6672fc0a 100644 --- a/lib/crypto_backend/crypto_mbedtls.c +++ b/lib/crypto_backend/crypto_mbedtls.c @@ -69,16 +69,13 @@ static const mbedtls_md_info_t *crypt_get_hash(const char *name) return NULL; } -int crypt_backend_init(bool fips) +int crypt_backend_init(void) { int ret; if (g_initialized) return 0; - if (fips) - return -ENOTSUP; - mbedtls_version_get_string_full(g_backend_version); mbedtls_entropy_init(&g_entropy); diff --git a/lib/crypto_backend/crypto_nettle.c b/lib/crypto_backend/crypto_nettle.c index 3ce239a9..e1f12dd6 100644 --- a/lib/crypto_backend/crypto_nettle.c +++ b/lib/crypto_backend/crypto_nettle.c @@ -200,7 +200,7 @@ static struct hash_alg *_get_alg(const char *name) return NULL; } -int crypt_backend_init(bool fips __attribute__((unused))) +int crypt_backend_init(void) { return 0; } diff --git a/lib/crypto_backend/crypto_nss.c b/lib/crypto_backend/crypto_nss.c index bbf6533a..ca989d62 100644 --- a/lib/crypto_backend/crypto_nss.c +++ b/lib/crypto_backend/crypto_nss.c @@ -62,7 +62,7 @@ static struct hash_alg *_get_alg(const char *name) return NULL; } -int crypt_backend_init(bool fips __attribute__((unused))) +int crypt_backend_init(void) { int r; diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c index 762cd717..660a6225 100644 --- a/lib/crypto_backend/crypto_openssl.c +++ b/lib/crypto_backend/crypto_openssl.c @@ -205,12 +205,12 @@ static const char *openssl_backend_version(void) } #endif -int crypt_backend_init(bool fips) +int crypt_backend_init(void) { if (crypto_backend_initialised) return 0; - if (openssl_backend_init(fips)) + if (openssl_backend_init(crypt_fips_mode())) return -EINVAL; crypto_backend_initialised = 1; diff --git a/lib/setup.c b/lib/setup.c index 48b67ce6..61245c40 100644 --- a/lib/setup.c +++ b/lib/setup.c @@ -267,7 +267,7 @@ int init_crypto(struct crypt_device *ctx) return r; } - r = crypt_backend_init(crypt_fips_mode()); + r = crypt_backend_init(); if (r < 0) log_err(ctx, _("Cannot initialize crypto backend.")); diff --git a/tests/crypto-check.c b/tests/crypto-check.c index eef619b8..04725c4f 100644 --- a/tests/crypto-check.c +++ b/tests/crypto-check.c @@ -68,7 +68,7 @@ int main(int argc, char *argv[]) if (!strcmp(argv[1], "fips_mode_kernel")) return crypt_fips_mode_kernel() ? EXIT_SUCCESS : EXIT_FAILURE; - if (crypt_backend_init(crypt_fips_mode())) { + if (crypt_backend_init()) { printf("Crypto backend init error."); return EXIT_FAILURE; } diff --git a/tests/crypto-vectors.c b/tests/crypto-vectors.c index 43ea6881..6e94fbf0 100644 --- a/tests/crypto-vectors.c +++ b/tests/crypto-vectors.c @@ -1582,7 +1582,7 @@ int main(__attribute__ ((unused)) int argc, __attribute__ ((unused))char *argv[] fips_active = fips_mode(); - if (crypt_backend_init(fips_active)) + if (crypt_backend_init()) exit_test("Crypto backend init error.", EXIT_FAILURE); printf("Test vectors using %s crypto backend.\n", crypt_backend_version());