Add 'fips-securitychecks' option and plumb this into the actual fips checks

[openssl.git] / providers / common / include / prov / securitycheck.h

diff --git a/providers/common/include/prov/check.h b/providers/common/include/prov/securitycheck.h
similarity index 86%
rename from providers/common/include/prov/check.h
rename to providers/common/include/prov/securitycheck.h
index 30425840b5740eeb5ce367a899c0b0b1d238fb1e..0d3b9e8bac7d62c34478605131e878c314170f0b 100644 (file)
--- a/providers/common/include/prov/check.h
+++ b/providers/common/include/prov/securitycheck.h
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
  * https://www.openssl.org/source/license.html
  */
 

-/* Functions that have different implementations for the FIPS_MODULE */
+/* Functions that are common */

 int rsa_check_key(const RSA *rsa, int protect);
 int ec_check_key(const EC_KEY *ec, int protect);
 int dsa_check_key(const DSA *dsa, int sign);
 int rsa_check_key(const RSA *rsa, int protect);
 int ec_check_key(const EC_KEY *ec, int protect);
 int dsa_check_key(const DSA *dsa, int sign);


@@ -15,8 +15,11 @@ int dh_check_key(const DH *dh);
 
 int digest_is_allowed(const EVP_MD *md);
 int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed);
 
 int digest_is_allowed(const EVP_MD *md);
 int digest_get_approved_nid_with_sha1(const EVP_MD *md, int sha1_allowed);

-int digest_rsa_sign_get_md_nid(const EVP_MD *md, ossl_unused int sha1_allowed);

 
 /* Functions that are common */
 int digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len);
 int digest_get_approved_nid(const EVP_MD *md);
 
 /* Functions that are common */
 int digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len);
 int digest_get_approved_nid(const EVP_MD *md);

+
+/* Functions that have different implementations for the FIPS_MODULE */
+int digest_rsa_sign_get_md_nid(const EVP_MD *md, int sha1_allowed);
+int securitycheck_enabled(void);