Content - 34ead2bd3f1e1c7c7d8c41a562cda4d44c887880 - c2cf0b7/doc/man3/OSSL_INDICATOR_set_callback.pod – ENEA Mirror of the Software Heritage archive

OSSL_INDICATOR_set_callback.pod
=pod

=head1 NAME

OSSL_INDICATOR_set_callback,
OSSL_INDICATOR_get_callback - specify a callback for FIPS indicators

=head1 SYNOPSIS

 #include <openssl/indicator.h>

typedef int (OSSL_INDICATOR_CALLBACK)(const char *type, const char *desc,
                                      const OSSL_PARAM params[]);

 void OSSL_INDICATOR_set_callback(OSSL_LIB_CTX *libctx,
                                  OSSL_INDICATOR_CALLBACK *cb);
 void OSSL_INDICATOR_get_callback(OSSL_LIB_CTX *libctx,
                                  OSSL_INDICATOR_CALLBACK **cb);

=head1 DESCRIPTION

OSSL_INDICATOR_set_callback() sets a user callback I<cb> associated with a
I<libctx> that will be called when a non approved FIPS operation is detected.

The user's callback may be triggered multiple times during an algorithm operation
to indicate different approved mode checks have failed.

Non approved operations may only occur if the user has deliberately chosen to do
so (either by setting a global FIPS configuration option or via an option in an
algorithm's operation context).

The user's callback B<OSSL_INDICATOR_CALLBACK> I<type> and I<desc>
contain the algorithm type and operation that is not approved.
I<params> is not currently used.

If the user callback returns 0, an error will occur in the caller. This can be
used for testing purposes.

=head1 RETURN VALUES

OSSL_INDICATOR_get_callback() returns the callback that has been set via
OSSL_INDICATOR_set_callback() for the given library context I<libctx>, or NULL
if no callback is currently set.

=head1 EXAMPLES

A simple indicator callback to log non approved FIPS operations

 static int indicator_cb(const char *type, const char *desc,
                         const OSSL_PARAM params[])
 {
     if (type != NULL && desc != NULL)
         fprintf(stdout, "%s %s is not approved\n", type, desc);
end:
     /* For Testing purposes you could return 0 here to cause an error */
     return 1;
 }

 OSSL_INDICATOR_set_callback(libctx, indicator_cb);


=head1 SEE ALSO

L<openssl-core.h(7)>,
L<OSSL_PROVIDER-FIPS(7)>
L<OSSL_LIB_CTX(3)>

=head1 HISTORY

The functions described here were added in OpenSSL 3.4.

=head1 COPYRIGHT

Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut