/* Copyright (c) 2017, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef OPENSSL_HEADER_FIPSMODULE_DELOCATE_H #define OPENSSL_HEADER_FIPSMODULE_DELOCATE_H #include <openssl/base.h> #include "../internal.h" #if !defined(BORINGSSL_SHARED_LIBRARY) && defined(BORINGSSL_FIPS) && \ !defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN) #define DEFINE_BSS_GET … // For FIPS builds we require that CRYPTO_ONCE_INIT be zero. #define DEFINE_STATIC_ONCE … // For FIPS builds we require that CRYPTO_MUTEX_INIT be zero. #define DEFINE_STATIC_MUTEX … // For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero. #define DEFINE_STATIC_EX_DATA_CLASS … #else #define DEFINE_BSS_GET(type, name) … #define DEFINE_STATIC_ONCE(name) … #define DEFINE_STATIC_MUTEX(name) … #define DEFINE_STATIC_EX_DATA_CLASS(name) … #endif #define DEFINE_DATA(type, name, accessor_decorations) … // DEFINE_METHOD_FUNCTION defines a function named |name| which returns a // method table of type const |type|*. In FIPS mode, to avoid rel.ro data, it // is split into a CRYPTO_once_t-guarded initializer in the module and // unhashed, non-module accessor functions to space reserved in the BSS. The // method table is initialized by a caller-supplied function which takes a // parameter named |out| of type |type|*. The caller should follow the macro // invocation with the body of this function: // // DEFINE_METHOD_FUNCTION(EVP_MD, EVP_md4) { // out->type = NID_md4; // out->md_size = MD4_DIGEST_LENGTH; // out->flags = 0; // out->init = md4_init; // out->update = md4_update; // out->final = md4_final; // out->block_size = 64; // out->ctx_size = sizeof(MD4_CTX); // } // // This mechanism does not use a static initializer because their execution // order is undefined. See FIPS.md for more details. #define DEFINE_METHOD_FUNCTION(type, name) … #define DEFINE_LOCAL_DATA(type, name) … #endif // OPENSSL_HEADER_FIPSMODULE_DELOCATE_H