From: Pauli <ppzgs1@gmail.com>
Date: Mon, 30 Jun 2025 03:08:23 +0000 (+1000)
Subject: fips: update FIPS indicator functions so non-locating flavours are available
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd266b442681201db5b50de669a592526412a1e9;p=thirdparty%2Fopenssl.git

fips: update FIPS indicator functions so non-locating flavours are available

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)
---

diff --git a/providers/fips/fipsindicator.c b/providers/fips/fipsindicator.c
index d514ca6ecd9..52ecc78759c 100644
--- a/providers/fips/fipsindicator.c
+++ b/providers/fips/fipsindicator.c
@@ -77,11 +77,9 @@ int ossl_FIPS_IND_on_unapproved(OSSL_FIPS_IND *ind, int id,
     return 0;
 }
 
-int ossl_FIPS_IND_set_ctx_param(OSSL_FIPS_IND *ind, int id,
-                                const OSSL_PARAM params[], const char *name)
+int ossl_FIPS_IND_set_ctx_param(OSSL_FIPS_IND *ind, int id, const OSSL_PARAM *p)
 {
     int in = 0;
-    const OSSL_PARAM *p = OSSL_PARAM_locate_const(params, name);
 
     if (p != NULL) {
         if (!OSSL_PARAM_get_int(p, &in))
@@ -91,13 +89,28 @@ int ossl_FIPS_IND_set_ctx_param(OSSL_FIPS_IND *ind, int id,
     return 1;
 }
 
-int ossl_FIPS_IND_get_ctx_param(const OSSL_FIPS_IND *ind, OSSL_PARAM params[])
+int ossl_FIPS_IND_set_ctx_param_locate(OSSL_FIPS_IND *ind, int id,
+                                       const OSSL_PARAM params[],
+                                       const char *name)
 {
-    OSSL_PARAM *p = OSSL_PARAM_locate(params, OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR);
+    const OSSL_PARAM *p = OSSL_PARAM_locate_const(params, name);
 
+    return ossl_FIPS_IND_set_ctx_param(ind, id, p);
+}
+
+int ossl_FIPS_IND_get_ctx_param(const OSSL_FIPS_IND *ind, OSSL_PARAM *p)
+{
     return p == NULL || OSSL_PARAM_set_int(p, ind->approved);
 }
 
+int ossl_FIPS_IND_get_ctx_param_locate(const OSSL_FIPS_IND *ind,
+                                       OSSL_PARAM params[])
+{
+    OSSL_PARAM *p = OSSL_PARAM_locate(params, OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR);
+
+    return p == NULL || ossl_FIPS_IND_get_ctx_param(ind, p);
+}
+
 /*
  * Can be used during application testing to log that an indicator was
  * triggered. The callback will return 1 if the application wants an error
diff --git a/providers/fips/include/fips/fipsindicator.h b/providers/fips/include/fips/fipsindicator.h
index 045d2108d54..0082c02f402 100644
--- a/providers/fips/include/fips/fipsindicator.h
+++ b/providers/fips/include/fips/fipsindicator.h
@@ -69,10 +69,14 @@ int ossl_FIPS_IND_get_settable(const OSSL_FIPS_IND *ind, int id);
 int ossl_FIPS_IND_on_unapproved(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx,
                                 const char *algname, const char *opname,
                                 OSSL_FIPS_IND_CHECK_CB *config_check_fn);
-int ossl_FIPS_IND_set_ctx_param(OSSL_FIPS_IND *ind, int id,
-                                const OSSL_PARAM params[], const char *name);
+int ossl_FIPS_IND_set_ctx_param(OSSL_FIPS_IND *ind, int id, const OSSL_PARAM *p);
+int ossl_FIPS_IND_set_ctx_param_locate(OSSL_FIPS_IND *ind, int id,
+                                       const OSSL_PARAM params[],
+                                       const char *name);
 int ossl_FIPS_IND_get_ctx_param(const OSSL_FIPS_IND *ind,
-                                      OSSL_PARAM params[]);
+                                OSSL_PARAM *p);
+int ossl_FIPS_IND_get_ctx_param_locate(const OSSL_FIPS_IND *ind,
+                                       OSSL_PARAM params[]);
 void ossl_FIPS_IND_copy(OSSL_FIPS_IND *dst, const OSSL_FIPS_IND *src);
 
 /* Place this in the algorithm ctx structure */
@@ -107,13 +111,19 @@ void ossl_FIPS_IND_copy(OSSL_FIPS_IND *dst, const OSSL_FIPS_IND *src);
  * The name must match the param used by OSSL_FIPS_IND_SETTABLE_CTX_PARAM
  */
 # define OSSL_FIPS_IND_SET_CTX_PARAM(ctx, id, params, name) \
-    ossl_FIPS_IND_set_ctx_param(&((ctx)->indicator), id, params, name)
+    ossl_FIPS_IND_set_ctx_param_locate(&((ctx)->indicator), id, params, name)
+
+# define OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, id, p) \
+    ossl_FIPS_IND_set_ctx_param(&((ctx)->indicator), id, p)
 
 # define OSSL_FIPS_IND_GETTABLE_CTX_PARAM() \
     OSSL_PARAM_int(OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR, NULL),
 
 # define OSSL_FIPS_IND_GET_CTX_PARAM(ctx, prms) \
-    ossl_FIPS_IND_get_ctx_param(&((ctx)->indicator), prms)
+    ossl_FIPS_IND_get_ctx_param_locate(&((ctx)->indicator), prms)
+
+# define OSSL_FIPS_IND_GET_CTX_FROM_PARAM(ctx, p) \
+    ossl_FIPS_IND_get_ctx_param(&((ctx)->indicator), p)
 
 # define OSSL_FIPS_IND_GET(ctx) (&((ctx)->indicator))
 
@@ -144,8 +154,10 @@ int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id,
 # define OSSL_FIPS_IND_ON_UNAPPROVED(ctx, id, libctx, algname, opname, configopt_fn)
 # define OSSL_FIPS_IND_SETTABLE_CTX_PARAM(name)
 # define OSSL_FIPS_IND_SET_CTX_PARAM(ctx, id, params, name) 1
+# define OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, id, p) 1
 # define OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
 # define OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params) 1
+# define OSSL_FIPS_IND_GET_CTX_FROM_PARAM(ctx, params) 1
 # define OSSL_FIPS_IND_COPY(dst, src)
 
 #endif