mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

fips: correctly initialise FIPS indicator settables

Browse Source 
The `memset(3)` just happened to work because 2s complement.
This is more robust.

Also reduced the size of the indicator structure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24923)
This commit is contained in:
Pauli 2024-07-18 12:53:22 +10:00 committed by Tomas Mraz
parent 8a79f5bc18
commit 98afa01f3e
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
providers/common/include/prov/fipsindicator.h
View File

@ -52,8 +52,8 @@
* settable.
*/
typedef struct ossl_fips_ind_st {
unsigned int approved;
int settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */
unsigned char approved;
signed char settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */
} OSSL_FIPS_IND;
typedef int (OSSL_FIPS_IND_CHECK_CB)(OSSL_LIB_CTX *libctx);

5
providers/fips/fipsindicator.c
View File

@ -15,8 +15,11 @@
void ossl_FIPS_IND_init(OSSL_FIPS_IND *ind)
{
int i;
ossl_FIPS_IND_set_approved(ind); /* Assume we are approved by default */
memset(ind->settable, OSSL_FIPS_IND_STATE_UNKNOWN, sizeof(ind->settable));
for (i = 0; i < OSSL_FIPS_IND_SETTABLE_MAX; i++)
ind->settable[i] = OSSL_FIPS_IND_STATE_UNKNOWN;
}
void ossl_FIPS_IND_set_approved(OSSL_FIPS_IND *ind)