From 30ab774770a7e8547b0d6363b63a73cc80f33a7b Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 24 Mar 2023 09:24:23 +1100 Subject: Declare FIPS option functions in their own header Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/20521) --- providers/common/include/prov/fipscommon.h | 17 +++++++++++++++++ providers/common/securitycheck_fips.c | 4 +--- providers/fips/fipsprov.c | 2 +- providers/implementations/rands/drbg.c | 2 +- 4 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 providers/common/include/prov/fipscommon.h (limited to 'providers') diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h new file mode 100644 index 0000000000..45ed248e99 --- /dev/null +++ b/providers/common/include/prov/fipscommon.h @@ -0,0 +1,17 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifdef FIPS_MODULE +# include + +int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); +int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); +int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); + +#endif diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c index 2bc8a59926..a6711b42c1 100644 --- a/providers/common/securitycheck_fips.c +++ b/providers/common/securitycheck_fips.c @@ -18,9 +18,7 @@ #include #include #include "prov/securitycheck.h" - -int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); -int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); +#include "prov/fipscommon.h" int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) { diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index d583bb9f2a..d56c40afda 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -21,6 +21,7 @@ #include "prov/providercommon.h" #include "prov/provider_util.h" #include "prov/seeding.h" +#include "prov/fipscommon.h" #include "internal/nelem.h" #include "self_test.h" #include "crypto/context.h" @@ -932,7 +933,6 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) } #define FIPS_FEATURE_CHECK(fname, field) \ - int fname(OSSL_LIB_CTX *libctx); \ int fname(OSSL_LIB_CTX *libctx) \ { \ FIPS_GLOBAL *fgbl = \ diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index cae7718b84..a41b994a05 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -21,6 +21,7 @@ #include "crypto/rand_pool.h" #include "prov/provider_ctx.h" #include "prov/providercommon.h" +#include "prov/fipscommon.h" #include "crypto/context.h" /* @@ -934,7 +935,6 @@ int ossl_drbg_verify_digest(ossl_unused OSSL_LIB_CTX *libctx, const EVP_MD *md) "SHA3-256", "SHA3-512", /* non-truncated SHA3 allowed */ }; size_t i; - extern int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); if (FIPS_restricted_drbg_digests_enabled(libctx)) { for (i = 0; i < OSSL_NELEM(allowed_digests); i++) -- cgit v1.2.1