From c876a4b7b119faa80add62d7a04b46eda8b7bf99 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 14 Feb 2011 17:05:42 +0000 Subject: [PATCH] Include support for an add_lock callback to tiny FIPS locking API. --- crypto/lock.c | 4 ++-- fips/fips.h | 7 +++++-- fips/utl/fips_lck.c | 18 ++++++++++++++++-- util/libeay.num | 2 +- 4 files changed, 24 insertions(+), 7 deletions(-) diff --git a/crypto/lock.c b/crypto/lock.c index bbce52addb..6f6681d54f 100644 --- a/crypto/lock.c +++ b/crypto/lock.c @@ -384,7 +384,7 @@ void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)) { #ifdef OPENSSL_FIPS - FIPS_set_locking_callback(CRYPTO_lock); + FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); #endif dynlock_lock_callback=func; } @@ -412,7 +412,7 @@ void CRYPTO_set_locking_callback(void (*func)(int mode,int type, const char *file,int line)) { #ifdef OPENSSL_FIPS - FIPS_set_locking_callback(CRYPTO_lock); + FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); #endif locking_callback=func; } diff --git a/fips/fips.h b/fips/fips.h index facdbc725c..97fab1d06e 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -109,14 +109,17 @@ int fips_cipher_test(struct evp_cipher_ctx_st *ctx, void fips_set_selftest_fail(void); int fips_check_rsa(struct rsa_st *rsa); -void FIPS_set_locking_callback(void (*func)(int mode, int type, - const char *file,int line)); +void FIPS_set_locking_callbacks(void (*func)(int mode, int type, + const char *file,int line), + int (*add_cb)(int *pointer, int amount, + int type, const char *file, int line)); /* Where necessary redirect standard OpenSSL APIs to FIPS versions */ #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI) #define CRYPTO_lock FIPS_lock +#define CRYPTO_add_lock FIPS_add_lock #define CRYPTO_malloc FIPS_malloc #define CRYPTO_free FIPS_free diff --git a/fips/utl/fips_lck.c b/fips/utl/fips_lck.c index 32a44431c2..7cb10bc0d2 100644 --- a/fips/utl/fips_lck.c +++ b/fips/utl/fips_lck.c @@ -59,6 +59,8 @@ /* FIPS locking callbacks */ static void (*fips_lck_cb)(int mode, int type,const char *file,int line) = 0; +static int (*fips_add_cb)(int *pointer, int amount, int type, const char *file, + int line); void FIPS_lock(int mode, int type,const char *file,int line) { @@ -66,8 +68,20 @@ void FIPS_lock(int mode, int type,const char *file,int line) fips_lck_cb(mode, type, file, line); } -void FIPS_set_locking_callback (void (*func)(int mode, int type, - const char *file,int line)) +void FIPS_set_locking_callbacks(void (*func)(int mode, int type, + const char *file,int line), + int (*add_cb)(int *pointer, int amount, + int type, const char *file, int line)) { fips_lck_cb = func; + fips_add_cb = add_cb; + } + +int FIPS_add_lock(int *pointer, int amount, int type, const char *file, + int line) + { + if (fips_add_cb) + return fips_add_cb(pointer, amount, type, file, line); + *pointer += amount; + return *pointer; } diff --git a/util/libeay.num b/util/libeay.num index 1aa599f228..531b50f32b 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4251,7 +4251,7 @@ ASN1_SCTX_new 4621 EXIST::FUNCTION: EC_GFp_nistp224_method 4622 EXIST:!WIN32:FUNCTION:EC FIPS_rsa_verify_ctx 4623 EXIST:OPENSSL_FIPS:FUNCTION:RSA FIPS_selftest 4624 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_set_locking_callback 4625 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_set_locking_callbacks 4625 EXIST:OPENSSL_FIPS:FUNCTION: fips_set_selftest_fail 4626 EXIST:OPENSSL_FIPS:FUNCTION: fips_check_rsa 4627 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_check_incore_fingerprint 4628 EXIST:OPENSSL_FIPS:FUNCTION: -- 2.25.1