Preliminary WIN32 support for FIPS capable OpenSSL building.

[openssl.git] / crypto / crypto.h

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 776b434e16685a9f0456db5417b876844a1d8bc4..6aeda0a9ace31b4cec2d817745045eae0bc471b9 100644 (file)
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -545,8 +545,33 @@ void OpenSSLDie(const char *file,int line,const char *assertion);
 
 unsigned long *OPENSSL_ia32cap_loc(void);
 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-#ifdef OPENSSL_SYS_WIN32
 int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+
+#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+
+#ifdef OPENSSL_FIPS
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c) \
+       { \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+       return private_##alg##_Init(c); \
+       } \
+       int private_##alg##_Init(cx##_CTX *c)
+
+#define fips_cipher_abort(alg) \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
+#else
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c)
+#define fips_cipher_abort(alg) while(0)
 #endif
 
 /* BEGIN ERROR CODES */
@@ -564,11 +589,13 @@ void ERR_load_CRYPTO_strings(void);
 #define CRYPTO_F_CRYPTO_SET_EX_DATA                     102
 #define CRYPTO_F_DEF_ADD_INDEX                          104
 #define CRYPTO_F_DEF_GET_CLASS                          105
+#define CRYPTO_F_FIPS_MODE_SET                          109
 #define CRYPTO_F_INT_DUP_EX_DATA                        106
 #define CRYPTO_F_INT_FREE_EX_DATA                       107
 #define CRYPTO_F_INT_NEW_EX_DATA                        108
 
 /* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
 
 #ifdef  __cplusplus