From 98afa01f3e02fba18f9203b2451113df8f247f7c Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Thu, 18 Jul 2024 12:53:22 +1000
Subject: [PATCH] fips: correctly initialise FIPS indicator settables

The `memset(3)` just happened to work because 2s complement.
This is more robust.

Also reduced the size of the indicator structure.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24923)
---
 providers/common/include/prov/fipsindicator.h | 4 ++--
 providers/fips/fipsindicator.c                | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/providers/common/include/prov/fipsindicator.h b/providers/common/include/prov/fipsindicator.h
index 0b6c52ed8cb..a1f4f55e6eb 100644
--- a/providers/common/include/prov/fipsindicator.h
+++ b/providers/common/include/prov/fipsindicator.h
@@ -52,8 +52,8 @@
  * settable.
  */
 typedef struct ossl_fips_ind_st {
-    unsigned int approved;
-    int settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */
+    unsigned char approved;
+    signed char settable[OSSL_FIPS_IND_SETTABLE_MAX]; /* See OSSL_FIPS_IND_STATE */
 } OSSL_FIPS_IND;
 
 typedef int (OSSL_FIPS_IND_CHECK_CB)(OSSL_LIB_CTX *libctx);
diff --git a/providers/fips/fipsindicator.c b/providers/fips/fipsindicator.c
index 9956c19884b..a1deebdd724 100644
--- a/providers/fips/fipsindicator.c
+++ b/providers/fips/fipsindicator.c
@@ -15,8 +15,11 @@
 
 void ossl_FIPS_IND_init(OSSL_FIPS_IND *ind)
 {
+    int i;
+
     ossl_FIPS_IND_set_approved(ind); /* Assume we are approved by default */
-    memset(ind->settable, OSSL_FIPS_IND_STATE_UNKNOWN, sizeof(ind->settable));
+    for (i = 0; i < OSSL_FIPS_IND_SETTABLE_MAX; i++)
+        ind->settable[i] = OSSL_FIPS_IND_STATE_UNKNOWN;
 }
 
 void ossl_FIPS_IND_set_approved(OSSL_FIPS_IND *ind)
-- 
2.47.2