Reputation: 33
What does "__fips_constseg" means in openssl
In openssl C code, (aes_core.c, set_key.c, spr.h and so on) there is "__fips_constseg".
I don't know "__fips_constseg" means.
What's the role of it? Is it assembly code?
the source code is below:
#include < openssl/crypto.h >
#include "des_locl.h"
OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0) /* defaults to false */
__fips_constseg
static const unsigned char odd_parity[256]={};
Upvotes: 1
Views: 257
Answers (1)
Reputation: 3295
From the OpenSSL source code:
#if defined(OPENSSL_FIPSCANISTER)
# include <openssl/fipssyms.h>
#else
# define __fips_constseg
#endif
#if defined(_MSC_VER)
# pragma const_seg("fipsro$b")
# pragma const_seg()
# define __fips_constseg __declspec(allocate("fipsro$b"))
#else
# define __fips_constseg
#endif
The __fips_constseg constant thus is only defined to a value, if
OPENSSL_FIPSCANISTERis defined and- the code is compiled using the Microsoft C compiler (which can be detected by the defined
_MSC_VERconstant).
Then, the code marked with that constant is placed in the constant data segment named fipsro$b (see the MSDN documentation on the allocate specifier for details).
If any of the conditions above is not met, __fips_constseg is defined to nothing and thus the variables marked with that constant are put in the data segment they would normally be located in.
Upvotes: 2
Related Questions
- How to check FIPS 140-2 support in OpenSSL?
- FIPS_mode_set() code not found in openssl package
- FIPS Capable OpenSSL and openssl/fips.h: No such file or directory
- Error: implicit declaration of function 'FIPS_crypto_set_id_callback'
- Building OpenSSL with FIPS on Mac OSX 10.11
- Consuming FIPS validated OpenSSL runtime
- openssl-1.0.0o: undefined symbol: FIPS_mode
- What does fipscanisterbuild do?
- OpenSSL 1.0.1e failed in FIPS mode
- No fips and --with-fipsdir arguments in OpenSSL 1.0.0l configure script