Don't use global variables. Instead, use a function that returns the

proper value. There are a few more spots where FIPS makes use of global variables. This is problematic on some non-Unix platforms. I will deal with them later.
2004-04-16 09:52:50 +00:00 · 2004-04-16 09:52:50 +00:00 · 9e9f48f0b1
commit 9e9f48f0b1
parent 0cd83fa586
6 changed files with 28 additions and 8 deletions
--- a/fips/fingerprint.sha1
+++ b/fips/fingerprint.sha1
@ -1,4 +1,4 @@
-HMAC-SHA1(fips.c)= 694287eefbf2d0a4fe1e4abc6c4f485375598e3a
+HMAC-SHA1(fips.c)= 4e9bf09e312073c9bc11420cc000c1ddc6f7013c
 HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898
-HMAC-SHA1(fips.h)= aeab7ad3b7a84dc83cf5099cffdec07a3f995dea
+HMAC-SHA1(fips.h)= d6cd192b06fc002a2ca12296a4082de5f2ffa273
 HMAC-SHA1(fips_err.h)= f4203a47100a815c21cf3a97092f91a595938f7c
--- a/fips/fips.c
+++ b/fips/fips.c
@ -156,8 +156,8 @@ int FIPS_mode_set(int onoff,const char *path)
 	    }

 	/* now switch into FIPS mode */
-	FIPS_rand_check=&rand_fips_meth;
-	RAND_set_rand_method(&rand_fips_meth);
+	FIPS_rand_check=FIPS_rand_method();
+	RAND_set_rand_method(FIPS_rand_method());
 	if(FIPS_selftest())
 	    FIPS_mode=1;
 	else
--- a/fips/rand/fingerprint.sha1
+++ b/fips/rand/fingerprint.sha1
@ -1,2 +1,2 @@
-HMAC-SHA1(fips_rand.c)= 26921aa3f66397c57791f7c015c053ce84532e54
-HMAC-SHA1(fips_rand.h)= 72cff1a7ca7f33fe9df6b9da30e6420874eeb623
+HMAC-SHA1(fips_rand.c)= ab4f589420935782c6bffc4499959ac532c02682
+HMAC-SHA1(fips_rand.h)= 889afc9a526fe59138326134950b733627a7e9cf
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@ -99,6 +99,11 @@ RAND_METHOD rand_fips_meth=

 static int second;

+RAND_METHOD *FIPS_rand_method(void)
+{
+  return &rand_fips_meth;
+}
+
 void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8])
    {
    memcpy(&key1,k1,sizeof key1);
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@ -47,12 +47,27 @@
 *
 */

+#ifndef HEADER_FIPS_RAND_H
+#define HEADER_FIPS_RAND_H
+
 #include "des.h"

+#ifdef OPENSSL_FIPS
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]);
 void FIPS_test_mode(int test,const unsigned char faketime[8]);
 void FIPS_rand_seed(const void *buf, int num);
 /* NB: this returns true if _partially_ seeded */
 int FIPS_rand_seeded(void);

-extern RAND_METHOD rand_fips_meth;
+RAND_METHOD *FIPS_rand_method(void);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+#endif
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@ -218,7 +218,7 @@ int main()
 	long d;

 	ERR_load_crypto_strings();
-	RAND_set_rand_method(&rand_fips_meth);
+	RAND_set_rand_method(FIPS_rand_method());

 	run_test(&t1);
 	run_test(&t2);