commit c6e8f3ed08205aa7494d739d31bccf24dd9fa124
author Adam Langley <alangley@gmail.com> Fri Mar 18 11:13:24 2022 -0700
committer Adam Langley <agl@google.com> Mon Mar 21 19:31:37 2022 +0000
tree 68f0b30a1359940f0a38e386f81317bf80e15917
parent 7f4057ec106c5c2678866b364838cae72e55a9d7

Add a function to return a FIPS version.

We need a function that returns a version that links to a certificate.
Previously we have used the git hash as the version of our modules but
the source cannot contain its own hash. Thus this change defines a new
format for FIPS module versions which will be filled in once we're ready
to define a version.

Change-Id: Ie4641945119106bc47e8da94ed8a45a86abb6f92
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51986
Reviewed-by: David Benjamin <davidben@google.com>

include/openssl/crypto.h

diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index ce1e5ce..15db776 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -172,6 +172,14 @@
 // |BORINGSSL_FIPS| and zero otherwise.
 OPENSSL_EXPORT int FIPS_mode_set(int on);
 
+// FIPS_version returns the version of the FIPS module, or zero if the build
+// isn't exactly at a verified version. The version, expressed in base 10, will
+// be a date in the form yyyymmddXX where XX is often "00", but can be
+// incremented if multiple versions are defined on a single day.
+//
+// (This format exceeds a |uint32_t| in the year 4294.)
+OPENSSL_EXPORT uint32_t FIPS_version(void);
+
 // FIPS_query_algorithm_status returns one if |algorithm| is FIPS validated in
 // the current BoringSSL and zero otherwise.
 OPENSSL_EXPORT int FIPS_query_algorithm_status(const char *algorithm);