Remove fips argument from crypt_backend_init()

It is really not needed, as it is detected automagically.
2025-12-05 16:00:05 +01:00 · 2025-11-13 21:29:51 +01:00
parent e609c47916
commit e4c498d15b
10 changed files with 12 additions and 15 deletions
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -30,7 +30,7 @@ struct crypt_hmac;
 struct crypt_cipher;
 struct crypt_storage;

-int crypt_backend_init(bool fips);
+int crypt_backend_init(void);
 void crypt_backend_destroy(void);

 #define CRYPT_BACKEND_KERNEL     (1 << 0) /* Crypto uses kernel part, for benchmark */
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -80,7 +80,7 @@ static void crypt_hash_test_whirlpool_bug(void)
 		crypto_backend_whirlpool_bug = 1;
 }

-int crypt_backend_init(bool fips __attribute__((unused)))
+int crypt_backend_init(void)
 {
 	int r;

@@ -684,7 +684,7 @@ bool crypt_fips_mode(void)
 	if (fips_checked)
 		return fips_mode;

-	if (crypt_backend_init(false /* ignored */))
+	if (crypt_backend_init())
 		return false;

 	fips_mode = gcry_fips_mode_active();
--- a/lib/crypto_backend/crypto_kernel.c
+++ b/lib/crypto_backend/crypto_kernel.c
@@ -103,7 +103,7 @@ static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *op
 	return 0;
 }

-int crypt_backend_init(bool fips __attribute__((unused)))
+int crypt_backend_init(void)
 {
 	struct utsname uts;
 	struct sockaddr_alg sa = {
--- a/lib/crypto_backend/crypto_mbedtls.c
+++ b/lib/crypto_backend/crypto_mbedtls.c
@@ -69,16 +69,13 @@ static const mbedtls_md_info_t *crypt_get_hash(const char *name)
 	return NULL;
 }

-int crypt_backend_init(bool fips)
+int crypt_backend_init(void)
 {
 	int ret;

 	if (g_initialized)
 		return 0;

-	if (fips)
-		return -ENOTSUP;
-
 	mbedtls_version_get_string_full(g_backend_version);

 	mbedtls_entropy_init(&g_entropy);
--- a/lib/crypto_backend/crypto_nettle.c
+++ b/lib/crypto_backend/crypto_nettle.c
@@ -200,7 +200,7 @@ static struct hash_alg *_get_alg(const char *name)
 	return NULL;
 }

-int crypt_backend_init(bool fips __attribute__((unused)))
+int crypt_backend_init(void)
 {
 	return 0;
 }
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -62,7 +62,7 @@ static struct hash_alg *_get_alg(const char *name)
 	return NULL;
 }

-int crypt_backend_init(bool fips __attribute__((unused)))
+int crypt_backend_init(void)
 {
 	int r;

--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -205,12 +205,12 @@ static const char *openssl_backend_version(void)
 }
 #endif

-int crypt_backend_init(bool fips)
+int crypt_backend_init(void)
 {
 	if (crypto_backend_initialised)
 		return 0;

-	if (openssl_backend_init(fips))
+	if (openssl_backend_init(crypt_fips_mode()))
 		return -EINVAL;

 	crypto_backend_initialised = 1;
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -267,7 +267,7 @@ int init_crypto(struct crypt_device *ctx)
 		return r;
 	}

-	r = crypt_backend_init(crypt_fips_mode());
+	r = crypt_backend_init();
 	if (r < 0)
 		log_err(ctx, _("Cannot initialize crypto backend."));

--- a/tests/crypto-check.c
+++ b/tests/crypto-check.c
@@ -68,7 +68,7 @@ int main(int argc, char *argv[])
 	if (!strcmp(argv[1], "fips_mode_kernel"))
 		return crypt_fips_mode_kernel() ? EXIT_SUCCESS : EXIT_FAILURE;

-	if (crypt_backend_init(crypt_fips_mode())) {
+	if (crypt_backend_init()) {
 		printf("Crypto backend init error.");
 		return EXIT_FAILURE;
 	}
--- a/tests/crypto-vectors.c
+++ b/tests/crypto-vectors.c
@@ -1582,7 +1582,7 @@ int main(__attribute__ ((unused)) int argc, __attribute__ ((unused))char *argv[]

 	fips_active = fips_mode();

-	if (crypt_backend_init(fips_active))
+	if (crypt_backend_init())
 		exit_test("Crypto backend init error.", EXIT_FAILURE);

 	printf("Test vectors using %s crypto backend.\n", crypt_backend_version());