Preliminary WIN32 support for FIPS capable OpenSSL building.

[openssl.git] / crypto / crypto.h

diff --git a/crypto/crypto.h b/crypto/crypto.h
index b0360cec5140cf5f44946983e7ed3a67604ac832..6aeda0a9ace31b4cec2d817745045eae0bc471b9 100644 (file)
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -547,6 +547,33 @@ unsigned long *OPENSSL_ia32cap_loc(void);
 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 int OPENSSL_isservice(void);
 
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+
+#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+
+#ifdef OPENSSL_FIPS
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c) \
+       { \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+       return private_##alg##_Init(c); \
+       } \
+       int private_##alg##_Init(cx##_CTX *c)
+
+#define fips_cipher_abort(alg) \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
+#else
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c)
+#define fips_cipher_abort(alg) while(0)
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -562,11 +589,13 @@ void ERR_load_CRYPTO_strings(void);
 #define CRYPTO_F_CRYPTO_SET_EX_DATA                     102
 #define CRYPTO_F_DEF_ADD_INDEX                          104
 #define CRYPTO_F_DEF_GET_CLASS                          105
+#define CRYPTO_F_FIPS_MODE_SET                          109
 #define CRYPTO_F_INT_DUP_EX_DATA                        106
 #define CRYPTO_F_INT_FREE_EX_DATA                       107
 #define CRYPTO_F_INT_NEW_EX_DATA                        108
 
 /* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
 
 #ifdef  __cplusplus