diff options
Diffstat (limited to 'src/lib/libcrypto/crypto.h')
| -rw-r--r-- | src/lib/libcrypto/crypto.h | 61 |
1 files changed, 60 insertions, 1 deletions
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h index 273bc5e3f8..4d1dfac7f1 100644 --- a/src/lib/libcrypto/crypto.h +++ b/src/lib/libcrypto/crypto.h | |||
| @@ -128,7 +128,9 @@ extern "C" { | |||
| 128 | #define CRYPTO_LOCK_ENGINE 30 | 128 | #define CRYPTO_LOCK_ENGINE 30 |
| 129 | #define CRYPTO_LOCK_UI 31 | 129 | #define CRYPTO_LOCK_UI 31 |
| 130 | #define CRYPTO_LOCK_HWCRHK 32 /* This is a HACK which will disappear in 0.9.8 */ | 130 | #define CRYPTO_LOCK_HWCRHK 32 /* This is a HACK which will disappear in 0.9.8 */ |
| 131 | #define CRYPTO_NUM_LOCKS 33 | 131 | #define CRYPTO_LOCK_FIPS 33 |
| 132 | #define CRYPTO_LOCK_FIPS2 34 | ||
| 133 | #define CRYPTO_NUM_LOCKS 35 | ||
| 132 | 134 | ||
| 133 | #define CRYPTO_LOCK 1 | 135 | #define CRYPTO_LOCK 1 |
| 134 | #define CRYPTO_UNLOCK 2 | 136 | #define CRYPTO_UNLOCK 2 |
| @@ -434,6 +436,63 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); | |||
| 434 | void OpenSSLDie(const char *file,int line,const char *assertion); | 436 | void OpenSSLDie(const char *file,int line,const char *assertion); |
| 435 | #define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) | 437 | #define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) |
| 436 | 438 | ||
| 439 | #ifdef OPENSSL_FIPS | ||
| 440 | int FIPS_mode(void); | ||
| 441 | void *FIPS_rand_check(void); | ||
| 442 | |||
| 443 | #define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ | ||
| 444 | alg " previous FIPS forbidden algorithm error ignored"); | ||
| 445 | |||
| 446 | #define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ | ||
| 447 | #alg " Algorithm forbidden in FIPS mode"); | ||
| 448 | |||
| 449 | #ifdef OPENSSL_FIPS_STRICT | ||
| 450 | #define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) | ||
| 451 | #else | ||
| 452 | #define FIPS_BAD_ALGORITHM(alg) \ | ||
| 453 | { \ | ||
| 454 | FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ | ||
| 455 | ERR_add_error_data(2, "Algorithm=", #alg); \ | ||
| 456 | return 0; \ | ||
| 457 | } | ||
| 458 | #endif | ||
| 459 | |||
| 460 | /* Low level digest API blocking macro */ | ||
| 461 | |||
| 462 | #define FIPS_NON_FIPS_MD_Init(alg) \ | ||
| 463 | int alg##_Init(alg##_CTX *c) \ | ||
| 464 | { \ | ||
| 465 | if (FIPS_mode()) \ | ||
| 466 | FIPS_BAD_ALGORITHM(alg) \ | ||
| 467 | return private_##alg##_Init(c); \ | ||
| 468 | } \ | ||
| 469 | int private_##alg##_Init(alg##_CTX *c) | ||
| 470 | |||
| 471 | /* For ciphers the API often varies from cipher to cipher and each needs to | ||
| 472 | * be treated as a special case. Variable key length ciphers (Blowfish, RC4, | ||
| 473 | * CAST) however are very similar and can use a blocking macro. | ||
| 474 | */ | ||
| 475 | |||
| 476 | #define FIPS_NON_FIPS_VCIPHER_Init(alg) \ | ||
| 477 | void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ | ||
| 478 | { \ | ||
| 479 | if (FIPS_mode()) \ | ||
| 480 | FIPS_BAD_ABORT(alg) \ | ||
| 481 | private_##alg##_set_key(key, len, data); \ | ||
| 482 | } \ | ||
| 483 | void private_##alg##_set_key(alg##_KEY *key, int len, \ | ||
| 484 | const unsigned char *data) | ||
| 485 | |||
| 486 | #else | ||
| 487 | |||
| 488 | #define FIPS_NON_FIPS_VCIPHER_Init(alg) \ | ||
| 489 | void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) | ||
| 490 | |||
| 491 | #define FIPS_NON_FIPS_MD_Init(alg) \ | ||
| 492 | int alg##_Init(alg##_CTX *c) | ||
| 493 | |||
| 494 | #endif /* def OPENSSL_FIPS */ | ||
| 495 | |||
| 437 | /* BEGIN ERROR CODES */ | 496 | /* BEGIN ERROR CODES */ |
| 438 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 497 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 439 | * made after this point may be overwritten when the script is next run. | 498 | * made after this point may be overwritten when the script is next run. |