1*e7be843bSPierre Pronchery=pod 2*e7be843bSPierre Pronchery 3*e7be843bSPierre Pronchery=head1 NAME 4*e7be843bSPierre Pronchery 5*e7be843bSPierre ProncheryOSSL_INDICATOR_set_callback, 6*e7be843bSPierre ProncheryOSSL_INDICATOR_get_callback - specify a callback for FIPS indicators 7*e7be843bSPierre Pronchery 8*e7be843bSPierre Pronchery=head1 SYNOPSIS 9*e7be843bSPierre Pronchery 10*e7be843bSPierre Pronchery #include <openssl/indicator.h> 11*e7be843bSPierre Pronchery 12*e7be843bSPierre Proncherytypedef int (OSSL_INDICATOR_CALLBACK)(const char *type, const char *desc, 13*e7be843bSPierre Pronchery const OSSL_PARAM params[]); 14*e7be843bSPierre Pronchery 15*e7be843bSPierre Pronchery void OSSL_INDICATOR_set_callback(OSSL_LIB_CTX *libctx, 16*e7be843bSPierre Pronchery OSSL_INDICATOR_CALLBACK *cb); 17*e7be843bSPierre Pronchery void OSSL_INDICATOR_get_callback(OSSL_LIB_CTX *libctx, 18*e7be843bSPierre Pronchery OSSL_INDICATOR_CALLBACK **cb); 19*e7be843bSPierre Pronchery 20*e7be843bSPierre Pronchery=head1 DESCRIPTION 21*e7be843bSPierre Pronchery 22*e7be843bSPierre ProncheryOSSL_INDICATOR_set_callback() sets a user callback I<cb> associated with a 23*e7be843bSPierre ProncheryI<libctx> that will be called when a non approved FIPS operation is detected. 24*e7be843bSPierre Pronchery 25*e7be843bSPierre ProncheryThe user's callback may be triggered multiple times during an algorithm operation 26*e7be843bSPierre Proncheryto indicate different approved mode checks have failed. 27*e7be843bSPierre Pronchery 28*e7be843bSPierre ProncheryNon approved operations may only occur if the user has deliberately chosen to do 29*e7be843bSPierre Proncheryso (either by setting a global FIPS configuration option or via an option in an 30*e7be843bSPierre Proncheryalgorithm's operation context). 31*e7be843bSPierre Pronchery 32*e7be843bSPierre ProncheryThe user's callback B<OSSL_INDICATOR_CALLBACK> I<type> and I<desc> 33*e7be843bSPierre Proncherycontain the algorithm type and operation that is not approved. 34*e7be843bSPierre ProncheryI<params> is not currently used. 35*e7be843bSPierre Pronchery 36*e7be843bSPierre ProncheryIf the user callback returns 0, an error will occur in the caller. This can be 37*e7be843bSPierre Proncheryused for testing purposes. 38*e7be843bSPierre Pronchery 39*e7be843bSPierre Pronchery=head1 RETURN VALUES 40*e7be843bSPierre Pronchery 41*e7be843bSPierre ProncheryOSSL_INDICATOR_get_callback() returns the callback that has been set via 42*e7be843bSPierre ProncheryOSSL_INDICATOR_set_callback() for the given library context I<libctx>, or NULL 43*e7be843bSPierre Proncheryif no callback is currently set. 44*e7be843bSPierre Pronchery 45*e7be843bSPierre Pronchery=head1 EXAMPLES 46*e7be843bSPierre Pronchery 47*e7be843bSPierre ProncheryA simple indicator callback to log non approved FIPS operations 48*e7be843bSPierre Pronchery 49*e7be843bSPierre Pronchery static int indicator_cb(const char *type, const char *desc, 50*e7be843bSPierre Pronchery const OSSL_PARAM params[]) 51*e7be843bSPierre Pronchery { 52*e7be843bSPierre Pronchery if (type != NULL && desc != NULL) 53*e7be843bSPierre Pronchery fprintf(stdout, "%s %s is not approved\n", type, desc); 54*e7be843bSPierre Proncheryend: 55*e7be843bSPierre Pronchery /* For Testing purposes you could return 0 here to cause an error */ 56*e7be843bSPierre Pronchery return 1; 57*e7be843bSPierre Pronchery } 58*e7be843bSPierre Pronchery 59*e7be843bSPierre Pronchery OSSL_INDICATOR_set_callback(libctx, indicator_cb); 60*e7be843bSPierre Pronchery 61*e7be843bSPierre Pronchery 62*e7be843bSPierre Pronchery=head1 SEE ALSO 63*e7be843bSPierre Pronchery 64*e7be843bSPierre ProncheryL<openssl-core.h(7)>, 65*e7be843bSPierre ProncheryL<OSSL_PROVIDER-FIPS(7)> 66*e7be843bSPierre ProncheryL<OSSL_LIB_CTX(3)> 67*e7be843bSPierre Pronchery 68*e7be843bSPierre Pronchery=head1 HISTORY 69*e7be843bSPierre Pronchery 70*e7be843bSPierre ProncheryThe functions described here were added in OpenSSL 3.4. 71*e7be843bSPierre Pronchery 72*e7be843bSPierre Pronchery=head1 COPYRIGHT 73*e7be843bSPierre Pronchery 74*e7be843bSPierre ProncheryCopyright 2024 The OpenSSL Project Authors. All Rights Reserved. 75*e7be843bSPierre Pronchery 76*e7be843bSPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 77*e7be843bSPierre Proncherythis file except in compliance with the License. You can obtain a copy 78*e7be843bSPierre Proncheryin the file LICENSE in the source distribution or at 79*e7be843bSPierre ProncheryL<https://www.openssl.org/source/license.html>. 80*e7be843bSPierre Pronchery 81*e7be843bSPierre Pronchery=cut 82