Implement FIPS_mode and FIPS_mode_set

[openssl.git] / crypto / crypto.h

diff --git a/crypto/crypto.h b/crypto/crypto.h
index bcc8ca4ad3bca1ab3d59ec0d4bf5393f3ec22ca9..8fd2fe2ea95cca828556fe75452dd745af78ee2c 100644 (file)
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -125,6 +125,11 @@
 #include <stdio.h>
 #endif
 
+/* Get FIPS renames if needed */
+#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
+#include <openssl/fips.h>
+#endif
+
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 #include <openssl/opensslv.h>
@@ -138,6 +143,14 @@
    one way or another */
 #include <openssl/symhacks.h>
 
+/* For FIPS mode rename all OpenSSL symbols to avoid clashes with a
+ * non-FIPS OpenSSL.
+ */
+
+#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSSYMS)
+#include <openssl/fipssyms.h>
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -219,7 +232,9 @@ typedef struct openssl_item_st
 #define CRYPTO_LOCK_EC_PRE_COMP                36
 #define CRYPTO_LOCK_STORE              37
 #define CRYPTO_LOCK_COMP               38
-#define CRYPTO_NUM_LOCKS               39
+#define CRYPTO_LOCK_FIPS               39
+#define CRYPTO_LOCK_FIPS2              40
+#define CRYPTO_NUM_LOCKS               41
 
 #define CRYPTO_LOCK            1
 #define CRYPTO_UNLOCK          2
@@ -364,6 +379,7 @@ int CRYPTO_is_mem_check_on(void);
 #define is_MemCheck_on() CRYPTO_is_mem_check_on()
 
 #define OPENSSL_malloc(num)    CRYPTO_malloc((int)num,__FILE__,__LINE__)
+#define OPENSSL_strdup(str)    CRYPTO_strdup((str),__FILE__,__LINE__)
 #define OPENSSL_realloc(addr,num) \
        CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
 #define OPENSSL_realloc_clean(addr,old_num,num) \
@@ -487,6 +503,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
 void CRYPTO_free_locked(void *);
 void *CRYPTO_malloc(int num, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
 void CRYPTO_free(void *);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
@@ -539,8 +556,12 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 void OpenSSLDie(const char *file,int line,const char *assertion);
 #define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
 
-unsigned long *OPENSSL_ia32cap_loc(void);
-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+unsigned int *OPENSSL_ia32cap_loc(void);
+#define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
+int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -557,11 +578,13 @@ void ERR_load_CRYPTO_strings(void);
 #define CRYPTO_F_CRYPTO_SET_EX_DATA                     102
 #define CRYPTO_F_DEF_ADD_INDEX                          104
 #define CRYPTO_F_DEF_GET_CLASS                          105
+#define CRYPTO_F_FIPS_MODE_SET                          109
 #define CRYPTO_F_INT_DUP_EX_DATA                        106
 #define CRYPTO_F_INT_FREE_EX_DATA                       107
 #define CRYPTO_F_INT_NEW_EX_DATA                        108
 
 /* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
 
 #ifdef  __cplusplus