1 /* Copyright (c) 2017, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #ifndef OPENSSL_HEADER_FIPSMODULE_DELOCATE_H 16 #define OPENSSL_HEADER_FIPSMODULE_DELOCATE_H 17 18 #include <openssl/base.h> 19 20 #include "../internal.h" 21 22 23 #if defined(BORINGSSL_FIPS) && !defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN) 24 #define DEFINE_BSS_GET(type, name) \ 25 static type name __attribute__((used)); \ 26 type *name##_bss_get(void); 27 /* For FIPS builds we require that CRYPTO_ONCE_INIT be zero. */ 28 #define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name) 29 /* For FIPS builds we require that CRYPTO_STATIC_MUTEX_INIT be zero. */ 30 #define DEFINE_STATIC_MUTEX(name) \ 31 DEFINE_BSS_GET(struct CRYPTO_STATIC_MUTEX, name) 32 /* For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero. */ 33 #define DEFINE_STATIC_EX_DATA_CLASS(name) \ 34 DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name) 35 #else 36 #define DEFINE_BSS_GET(type, name) \ 37 static type name; \ 38 static type *name##_bss_get(void) { return &name; } 39 #define DEFINE_STATIC_ONCE(name) \ 40 static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \ 41 static CRYPTO_once_t *name##_bss_get(void) { return &name; } 42 #define DEFINE_STATIC_MUTEX(name) \ 43 static struct CRYPTO_STATIC_MUTEX name = CRYPTO_STATIC_MUTEX_INIT; \ 44 static struct CRYPTO_STATIC_MUTEX *name##_bss_get(void) { return &name; } 45 #define DEFINE_STATIC_EX_DATA_CLASS(name) \ 46 static CRYPTO_EX_DATA_CLASS name = CRYPTO_EX_DATA_CLASS_INIT; \ 47 static CRYPTO_EX_DATA_CLASS *name##_bss_get(void) { return &name; } 48 #endif 49 50 #define DEFINE_DATA(type, name, accessor_decorations) \ 51 DEFINE_BSS_GET(type, name##_storage) \ 52 DEFINE_STATIC_ONCE(name##_once) \ 53 static void name##_do_init(type *out); \ 54 static void name##_init(void) { name##_do_init(name##_storage_bss_get()); } \ 55 accessor_decorations type *name(void) { \ 56 CRYPTO_once(name##_once_bss_get(), name##_init); \ 57 /* See http://c-faq.com/ansi/constmismatch.html for why the following \ 58 * cast is needed. */ \ 59 return (const type *)name##_storage_bss_get(); \ 60 } \ 61 static void name##_do_init(type *out) 62 63 /* DEFINE_METHOD_FUNCTION defines a function named |name| which returns a 64 * method table of type const |type|*. In FIPS mode, to avoid rel.ro data, it 65 * is split into a CRYPTO_once_t-guarded initializer in the module and 66 * unhashed, non-module accessor functions to space reserved in the BSS. The 67 * method table is initialized by a caller-supplied function which takes a 68 * parameter named |out| of type |type|*. The caller should follow the macro 69 * invocation with the body of this function: 70 * 71 * DEFINE_METHOD_FUNCTION(EVP_MD, EVP_md4) { 72 * out->type = NID_md4; 73 * out->md_size = MD4_DIGEST_LENGTH; 74 * out->flags = 0; 75 * out->init = md4_init; 76 * out->update = md4_update; 77 * out->final = md4_final; 78 * out->block_size = 64; 79 * out->ctx_size = sizeof(MD4_CTX); 80 * } 81 * 82 * This mechanism does not use a static initializer because their execution 83 * order is undefined. See FIPS.md for more details. */ 84 #define DEFINE_METHOD_FUNCTION(type, name) DEFINE_DATA(type, name, const) 85 86 #define DEFINE_LOCAL_DATA(type, name) DEFINE_DATA(type, name, static const) 87 88 #endif /* OPENSSL_HEADER_FIPSMODULE_DELOCATE_H */ 89
