#include <stdio.h>
#endif
+/* Get FIPS renames if needed */
+#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
+#include <openssl/fips.h>
+#endif
+
#include <openssl/stack.h>
#include <openssl/safestack.h>
#include <openssl/opensslv.h>
one way or another */
#include <openssl/symhacks.h>
+/* For FIPS mode rename all OpenSSL symbols to avoid clashes with a
+ * non-FIPS OpenSSL.
+ */
+
+#if defined(OPENSSL_FIPSCANISTER)
+# include <openssl/fipssyms.h>
+#else
+# define __fips_constseg
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
#define CRYPTO_LOCK_EC_PRE_COMP 36
#define CRYPTO_LOCK_STORE 37
#define CRYPTO_LOCK_COMP 38
-#define CRYPTO_NUM_LOCKS 39
+#define CRYPTO_LOCK_FIPS 39
+#define CRYPTO_LOCK_FIPS2 40
+#define CRYPTO_NUM_LOCKS 41
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
struct crypto_ex_data_st
{
- STACK *sk;
+ STACK_OF(void) *sk;
int dummy; /* gcc is screwing up this data structure :-( */
};
+DECLARE_STACK_OF(void)
/* This stuff is basically class callback functions
* The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-/* This structure is exposed to allow it to be used without dynamic allocation,
- * however it exists to encapsulate the different ways of representing "thread
- * ID"s (given that applications provide the thread implementation via
- * callbacks). So treat this type as opaque if you don't want your code to fall
- * apart when someone decides to extend this in some way. */
-typedef struct crypto_threadid
- {
- void *ptr;
- unsigned long ulong;
- } CRYPTO_THREADID;
-
/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
* entry.
*/
#define is_MemCheck_on() CRYPTO_is_mem_check_on()
#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
#define OPENSSL_realloc(addr,num) \
CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
#define OPENSSL_realloc_clean(addr,old_num,num) \
const char *file, int line));
int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
const char *file,int line);
-/* Implement "thread ID" via callback, choose the prototype that matches your
- * thread implementation. */
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-void CRYPTO_set_idptr_callback(void *(*func)(void));
-/* Records the thread ID of the currently executing thread */
-void CRYPTO_THREADID_set(CRYPTO_THREADID *id);
-/* Compares two thread IDs. If the underlying notion of thread ID is linear,
- * this returns -1, 0, or +1 to imply strict-ordering (as other ***_cmp()
- * functions do). Otherwise, zero means equal, non-zero means not equal. */
-int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *id1, const CRYPTO_THREADID *id2);
-/* When you need "a number", eg. for hashing, use this. */
+
+/* Don't use this structure directly. */
+typedef struct crypto_threadid_st
+ {
+ void *ptr;
+ unsigned long val;
+ } CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
+void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
+int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
+void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
+void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
+int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
+void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-/* Copy a threadid */
-void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dst, const CRYPTO_THREADID *src);
#ifndef OPENSSL_NO_DEPRECATED
-/* Deprecated interfaces - these presume you know exactly what's going on under
- * the covers. Better to migrate to the CRYPTO_THREADID_***() form. */
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
unsigned long (*CRYPTO_get_id_callback(void))(void);
unsigned long CRYPTO_thread_id(void);
#endif
long (**go)(void));
void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
void *CRYPTO_malloc(int num, const char *file, int line);
-void CRYPTO_free(void *);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+void CRYPTO_free(void *ptr);
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
int line);
void OpenSSLDie(const char *file,int line,const char *assertion);
#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-unsigned long *OPENSSL_ia32cap_loc(void);
-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+unsigned int *OPENSSL_ia32cap_loc(void);
+#define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
+int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+
+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
+ * takes an amount of time dependent on |len|, but independent of the contents
+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
+ * defined order as the return value when a != b is undefined, other than to be
+ * non-zero. */
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
#define CRYPTO_F_CRYPTO_SET_EX_DATA 102
#define CRYPTO_F_DEF_ADD_INDEX 104
#define CRYPTO_F_DEF_GET_CLASS 105
+#define CRYPTO_F_FIPS_MODE_SET 109
#define CRYPTO_F_INT_DUP_EX_DATA 106
#define CRYPTO_F_INT_FREE_EX_DATA 107
#define CRYPTO_F_INT_NEW_EX_DATA 108
/* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101
#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
#ifdef __cplusplus
projects / openssl.git / blobdiff