generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

To protect FIPS-related global variables, add locking mechanisms

Browse Source 
around them.

NOTE: because two new locks are added, this adds potential binary
incompatibility with earlier versions in the 0.9.7 series.  However,
those locks will only ever be touched when FIPS_mode_set() is called
and after, thanks to a variable that's only changed from 0 to 1 once
(when FIPS_mode_set() is called).  So basically, as long as FIPS mode
hasn't been engaged explicitely by the calling application, the new
locks are treated as if they didn't exist at all, thus not becoming a
problem.  Applications that are built or rebuilt to use FIPS
functionality will need to be recompiled in any case, thus not being a
problem either.
This commit is contained in:
Richard Levitte
2004-07-30 14:38:02 +00:00
parent 86022a79a5
commit 7f9c37457a
31 changed files with 261 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/rand/rand_lib.c
View File

@@ -88,7 +88,8 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
const RAND_METHOD *RAND_get_rand_method(void)
{
#ifdef OPENSSL_FIPS
if(FIPS_mode && default_RAND_meth != FIPS_rand_check)
if(FIPS_mode()
&& default_RAND_meth != FIPS_rand_check())
{
RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
return 0;