boringssl/crypto/fipsmodule/delocate.h

67 lines
2.9 KiB
C
Raw Normal View History

/* Copyright (c) 2017, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#ifndef OPENSSL_HEADER_FIPSMODULE_DELOCATE_H
#define OPENSSL_HEADER_FIPSMODULE_DELOCATE_H
#include <openssl/base.h>
#include "../internal.h"
#if defined(BORINGSSL_FIPS)
#define DEFINE_BSS_GET(type, name) \
static type name __attribute__((used)); \
type *name##_bss_get(void);
#else
#define DEFINE_BSS_GET(type, name) \
static type name; \
static type *name##_bss_get(void) { return &name; }
#endif
/* DEFINE_METHOD_FUNCTION defines a function named |name| which returns a
* method table of type const |type|*. In FIPS mode, to avoid rel.ro data, it
* is split into a CRYPTO_once_t-guarded initializer in the module and
* unhashed, non-module accessor functions to space reserved in the BSS. The
* method table is initialized by a caller-supplied function which takes a
* parameter named |out| of type |type|*. The caller should follow the macro
* invocation with the body of this function:
*
* DEFINE_METHOD_FUNCTION(EVP_MD, EVP_md4) {
* out->type = NID_md4;
* out->md_size = MD4_DIGEST_LENGTH;
* out->flags = 0;
* out->init = md4_init;
* out->update = md4_update;
* out->final = md4_final;
* out->block_size = 64;
* out->ctx_size = sizeof(MD4_CTX);
* }
*
* This mechanism does not use a static initializer because their execution
* order is undefined. See FIPS.md for more details. */
#define DEFINE_METHOD_FUNCTION(type, name) \
DEFINE_BSS_GET(type, name##_storage) \
DEFINE_BSS_GET(CRYPTO_once_t, name##_once) \
static void name##_do_init(type *out); \
static void name##_init(void) { name##_do_init(name##_storage_bss_get()); } \
const type *name(void) { \
CRYPTO_once(name##_once_bss_get(), name##_init); \
return name##_storage_bss_get(); \
} \
static void name##_do_init(type *out)
#endif /* OPENSSL_HEADER_FIPSMODULE_DELOCATE_H */