]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
fips: correctly initialise FIPS indicator settables
authorPauli <ppzgs1@gmail.com>
Thu, 18 Jul 2024 02:53:22 +0000 (12:53 +1000)
committerTomas Mraz <tomas@openssl.org>
Fri, 19 Jul 2024 15:33:19 +0000 (17:33 +0200)
The `memset(3)` just happened to work because 2s complement.
This is more robust.

Also reduced the size of the indicator structure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24923)

providers/common/include/prov/fipsindicator.h
providers/fips/fipsindicator.c

index 0b6c52ed8cbfb1edc7cc9165bdfd48e0b787bbd3..a1f4f55e6ebd5db1166eae08b5f773f781c35ced 100644 (file)
@@ -52,8 +52,8 @@
  * settable.
  */
 typedef struct ossl_fips_ind_st {
-    unsigned int approved;
-    int settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */
+    unsigned char approved;
+    signed char settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */
 } OSSL_FIPS_IND;
 
 typedef int (OSSL_FIPS_IND_CHECK_CB)(OSSL_LIB_CTX *libctx);
index 9956c19884bec3f5aa5895ec458622e71b4c5385..a1deebdd7242edf947531b6668ed52796540928f 100644 (file)
 
 void ossl_FIPS_IND_init(OSSL_FIPS_IND *ind)
 {
+    int i;
+
     ossl_FIPS_IND_set_approved(ind); /* Assume we are approved by default */
-    memset(ind->settable, OSSL_FIPS_IND_STATE_UNKNOWN, sizeof(ind->settable));
+    for (i = 0; i < OSSL_FIPS_IND_SETTABLE_MAX; i++)
+        ind->settable[i] = OSSL_FIPS_IND_STATE_UNKNOWN;
 }
 
 void ossl_FIPS_IND_set_approved(OSSL_FIPS_IND *ind)