Declare FIPS option functions in their own header

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20521)

(cherry picked from commit 30ab774770a7e8547b0d6363b63a73cc80f33a7b)

diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h
new file mode 100644 (file)
index 0000000..45ed248
--- /dev/null
+++ b/providers/common/include/prov/fipscommon.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef FIPS_MODULE
+# include <openssl/types.h>
+
+int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
+int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
+int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);
+
+#endif

diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c
index 41ba523bf37c7b526139684d4552fa52c6346ef0..d1262d8795387b9c98763c99e7d68ed2204ee909 100644 (file)
--- a/providers/common/securitycheck_fips.c
+++ b/providers/common/securitycheck_fips.c
@@ -18,9 +18,7 @@
 #include <openssl/core_names.h>
 #include <openssl/obj_mac.h>
 #include "prov/securitycheck.h"
-
-int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
-int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
+#include "prov/fipscommon.h"
 
 int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
 {

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 37bc5525630f429d6e75e7d8446d7ddd62df479b..518226dfc6e7d16e2ed151227217a0184982ba9d 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -21,6 +21,7 @@
 #include "prov/providercommon.h"
 #include "prov/provider_util.h"
 #include "prov/seeding.h"
+#include "prov/fipscommon.h"
 #include "internal/nelem.h"
 #include "self_test.h"
 #include "crypto/context.h"
@@ -932,7 +933,6 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
 }
 
 #define FIPS_FEATURE_CHECK(fname, field)                                    \
-    int fname(OSSL_LIB_CTX *libctx);                                        \
     int fname(OSSL_LIB_CTX *libctx)                                         \
     {                                                                       \
         FIPS_GLOBAL *fgbl =                                                 \

diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 54627b4707e71cc7fd0db15dadb2c46bcd9f3711..f51d06332b75771560a2f09b3af41dcc6b094cbb 100644 (file)
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -21,6 +21,7 @@
 #include "crypto/rand_pool.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
+#include "prov/fipscommon.h"
 #include "crypto/context.h"
 
 /*
@@ -938,7 +939,6 @@ int ossl_drbg_verify_digest(ossl_unused OSSL_LIB_CTX *libctx, const EVP_MD *md)
         "SHA3-256", "SHA3-512",     /* non-truncated SHA3 allowed */
     };
     size_t i;
-    extern int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);
 
     if (FIPS_restricted_drbg_digests_enabled(libctx)) {
         for (i = 0; i < OSSL_NELEM(allowed_digests); i++)