Declare FIPS option functions in their own header

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20521)
2025-04-06 20:20:50 +08:00 · 2023-03-24 09:24:23 +11:00 · 2023-03-24 09:24:23 +11:00 · 30ab774770
commit 30ab774770
parent 78bcbc1ea4
4 changed files with 20 additions and 5 deletions
--- a/providers/common/include/prov/fipscommon.h
+++ b/providers/common/include/prov/fipscommon.h
@ -0,0 +1,17 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef FIPS_MODULE
+# include <openssl/types.h>
+
+int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
+int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
+int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);
+
+#endif
--- a/providers/common/securitycheck_fips.c
+++ b/providers/common/securitycheck_fips.c
@ -18,9 +18,7 @@
 #include <openssl/core_names.h>
 #include <openssl/obj_mac.h>
 #include "prov/securitycheck.h"
-
-int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
-int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
+#include "prov/fipscommon.h"

 int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
 {
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@ -21,6 +21,7 @@
 #include "prov/providercommon.h"
 #include "prov/provider_util.h"
 #include "prov/seeding.h"
+#include "prov/fipscommon.h"
 #include "internal/nelem.h"
 #include "self_test.h"
 #include "crypto/context.h"
@ -932,7 +933,6 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...)
 }

 #define FIPS_FEATURE_CHECK(fname, field)                                    \
-    int fname(OSSL_LIB_CTX *libctx);                                        \
    int fname(OSSL_LIB_CTX *libctx)                                         \
    {                                                                       \
        FIPS_GLOBAL *fgbl =                                                 \
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@ -21,6 +21,7 @@
 #include "crypto/rand_pool.h"
 #include "prov/provider_ctx.h"
 #include "prov/providercommon.h"
+#include "prov/fipscommon.h"
 #include "crypto/context.h"

 /*
@ -934,7 +935,6 @@ int ossl_drbg_verify_digest(ossl_unused OSSL_LIB_CTX *libctx, const EVP_MD *md)
        "SHA3-256", "SHA3-512",     /* non-truncated SHA3 allowed */
    };
    size_t i;
-    extern int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);

    if (FIPS_restricted_drbg_digests_enabled(libctx)) {
        for (i = 0; i < OSSL_NELEM(allowed_digests); i++)