• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (c) 2017, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #ifndef OPENSSL_HEADER_FIPSMODULE_DELOCATE_H
16 #define OPENSSL_HEADER_FIPSMODULE_DELOCATE_H
17 
18 #include <openssl/base.h>
19 
20 #include "../internal.h"
21 
22 
23 #if !defined(BORINGSSL_SHARED_LIBRARY) && defined(BORINGSSL_FIPS) && \
24     !defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN)
25 #define DEFINE_BSS_GET(type, name, init_value)         \
26   static type name __attribute__((used)) = init_value; \
27   extern "C" {                                         \
28   type *name##_bss_get(void) __attribute__((const));   \
29   }
30 // For FIPS builds we require that CRYPTO_ONCE_INIT be zero.
31 #define DEFINE_STATIC_ONCE(name) \
32   DEFINE_BSS_GET(CRYPTO_once_t, name, CRYPTO_ONCE_INIT)
33 // For FIPS builds we require that CRYPTO_MUTEX_INIT be zero.
34 #define DEFINE_STATIC_MUTEX(name) \
35   DEFINE_BSS_GET(CRYPTO_MUTEX, name, CRYPTO_MUTEX_INIT)
36 // For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero.
37 #define DEFINE_STATIC_EX_DATA_CLASS(name) \
38   DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name, CRYPTO_EX_DATA_CLASS_INIT)
39 #else
40 #define DEFINE_BSS_GET(type, name, init_value) \
41   static type name = init_value;               \
42   static type *name##_bss_get(void) { return &name; }
43 #define DEFINE_STATIC_ONCE(name)                \
44   static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \
45   static CRYPTO_once_t *name##_bss_get(void) { return &name; }
46 #define DEFINE_STATIC_MUTEX(name)               \
47   static CRYPTO_MUTEX name = CRYPTO_MUTEX_INIT; \
48   static CRYPTO_MUTEX *name##_bss_get(void) { return &name; }
49 #define DEFINE_STATIC_EX_DATA_CLASS(name)                       \
50   static CRYPTO_EX_DATA_CLASS name = CRYPTO_EX_DATA_CLASS_INIT; \
51   static CRYPTO_EX_DATA_CLASS *name##_bss_get(void) { return &name; }
52 #endif
53 
54 #define DEFINE_DATA(type, name, accessor_decorations)                         \
55   DEFINE_BSS_GET(type, name##_storage, {})                                    \
56   DEFINE_STATIC_ONCE(name##_once)                                             \
57   static void name##_do_init(type *out);                                      \
58   static void name##_init(void) { name##_do_init(name##_storage_bss_get()); } \
59   accessor_decorations type *name(void) {                                     \
60     CRYPTO_once(name##_once_bss_get(), name##_init);                          \
61     /* See http://c-faq.com/ansi/constmismatch.html for why the following     \
62      * cast is needed. */                                                     \
63     return (const type *)name##_storage_bss_get();                            \
64   }                                                                           \
65   static void name##_do_init(type *out)
66 
67 // DEFINE_METHOD_FUNCTION defines a function named |name| which returns a
68 // method table of type const |type|*. In FIPS mode, to avoid rel.ro data, it
69 // is split into a CRYPTO_once_t-guarded initializer in the module and
70 // unhashed, non-module accessor functions to space reserved in the BSS. The
71 // method table is initialized by a caller-supplied function which takes a
72 // parameter named |out| of type |type|*. The caller should follow the macro
73 // invocation with the body of this function:
74 //
75 //     DEFINE_METHOD_FUNCTION(EVP_MD, EVP_md4) {
76 //       out->type = NID_md4;
77 //       out->md_size = MD4_DIGEST_LENGTH;
78 //       out->flags = 0;
79 //       out->init = md4_init;
80 //       out->update = md4_update;
81 //       out->final = md4_final;
82 //       out->block_size = 64;
83 //       out->ctx_size = sizeof(MD4_CTX);
84 //     }
85 //
86 // This mechanism does not use a static initializer because their execution
87 // order is undefined. See FIPS.md for more details.
88 #define DEFINE_METHOD_FUNCTION(type, name) DEFINE_DATA(type, name, const)
89 
90 #define DEFINE_LOCAL_DATA(type, name) DEFINE_DATA(type, name, static const)
91 
92 #endif  // OPENSSL_HEADER_FIPSMODULE_DELOCATE_H
93