diff options
| author | Pauli <pauli@openssl.org> | 2023-03-24 09:24:23 +1100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-03-29 09:25:58 +1100 |
| commit | 30ab774770a7e8547b0d6363b63a73cc80f33a7b (patch) | |
| tree | 8ae12b5b52ac0d61487927e6f4bedf741c06902e /providers | |
| parent | 78bcbc1ea440feac3e9a3292dba4b055b81ca29e (diff) | |
| download | openssl-new-30ab774770a7e8547b0d6363b63a73cc80f33a7b.tar.gz | |
Declare FIPS option functions in their own header
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20521)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/common/include/prov/fipscommon.h | 17 | ||||
| -rw-r--r-- | providers/common/securitycheck_fips.c | 4 | ||||
| -rw-r--r-- | providers/fips/fipsprov.c | 2 | ||||
| -rw-r--r-- | providers/implementations/rands/drbg.c | 2 |
4 files changed, 20 insertions, 5 deletions
diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h new file mode 100644 index 0000000000..45ed248e99 --- /dev/null +++ b/providers/common/include/prov/fipscommon.h @@ -0,0 +1,17 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef FIPS_MODULE +# include <openssl/types.h> + +int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); +int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); +int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); + +#endif diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c index 2bc8a59926..a6711b42c1 100644 --- a/providers/common/securitycheck_fips.c +++ b/providers/common/securitycheck_fips.c @@ -18,9 +18,7 @@ #include <openssl/core_names.h> #include <openssl/obj_mac.h> #include "prov/securitycheck.h" - -int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); -int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); +#include "prov/fipscommon.h" int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) { diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index d583bb9f2a..d56c40afda 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -21,6 +21,7 @@ #include "prov/providercommon.h" #include "prov/provider_util.h" #include "prov/seeding.h" +#include "prov/fipscommon.h" #include "internal/nelem.h" #include "self_test.h" #include "crypto/context.h" @@ -932,7 +933,6 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) } #define FIPS_FEATURE_CHECK(fname, field) \ - int fname(OSSL_LIB_CTX *libctx); \ int fname(OSSL_LIB_CTX *libctx) \ { \ FIPS_GLOBAL *fgbl = \ diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index cae7718b84..a41b994a05 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -21,6 +21,7 @@ #include "crypto/rand_pool.h" #include "prov/provider_ctx.h" #include "prov/providercommon.h" +#include "prov/fipscommon.h" #include "crypto/context.h" /* @@ -934,7 +935,6 @@ int ossl_drbg_verify_digest(ossl_unused OSSL_LIB_CTX *libctx, const EVP_MD *md) "SHA3-256", "SHA3-512", /* non-truncated SHA3 allowed */ }; size_t i; - extern int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); if (FIPS_restricted_drbg_digests_enabled(libctx)) { for (i = 0; i < OSSL_NELEM(allowed_digests); i++) |