Don't use global variables. Instead, use a function that returns the

proper value.

There are a few more spots where FIPS makes use of global variables.
This is problematic on some non-Unix platforms.  I will deal with them
later.

diff --git a/fips/fingerprint.sha1 b/fips/fingerprint.sha1
index 7c18824a10df477cee3eceb7c3e233ef6f2daec4..21ae776bb8b2e61cc41e3e30ea9578a97cc8cf66 100644 (file)
--- a/fips/fingerprint.sha1
+++ b/fips/fingerprint.sha1
@@ -1,4 +1,4 @@
-HMAC-SHA1(fips.c)= 694287eefbf2d0a4fe1e4abc6c4f485375598e3a
+HMAC-SHA1(fips.c)= 4e9bf09e312073c9bc11420cc000c1ddc6f7013c
 HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898
-HMAC-SHA1(fips.h)= aeab7ad3b7a84dc83cf5099cffdec07a3f995dea
+HMAC-SHA1(fips.h)= d6cd192b06fc002a2ca12296a4082de5f2ffa273
 HMAC-SHA1(fips_err.h)= f4203a47100a815c21cf3a97092f91a595938f7c

diff --git a/fips/fips.c b/fips/fips.c
index f802130ef70f878926409c6ffa90b4e70fb5e645..30bb5fba4849b94fd2a71bf333ab914e3fb4a9d2 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -156,8 +156,8 @@ int FIPS_mode_set(int onoff,const char *path)
            }
 
        /* now switch into FIPS mode */
-       FIPS_rand_check=&rand_fips_meth;
-       RAND_set_rand_method(&rand_fips_meth);
+       FIPS_rand_check=FIPS_rand_method();
+       RAND_set_rand_method(FIPS_rand_method());
        if(FIPS_selftest())
            FIPS_mode=1;
        else

diff --git a/fips/rand/fingerprint.sha1 b/fips/rand/fingerprint.sha1
index 4b9ab6cd5411c522e1334e3fab59fcfb34432d19..f87df9f65e8c8db40e27da27f9524b06c6d1367e 100644 (file)
--- a/fips/rand/fingerprint.sha1
+++ b/fips/rand/fingerprint.sha1
@@ -1,2 +1,2 @@
-HMAC-SHA1(fips_rand.c)= 26921aa3f66397c57791f7c015c053ce84532e54
-HMAC-SHA1(fips_rand.h)= 72cff1a7ca7f33fe9df6b9da30e6420874eeb623
+HMAC-SHA1(fips_rand.c)= ab4f589420935782c6bffc4499959ac532c02682
+HMAC-SHA1(fips_rand.h)= 889afc9a526fe59138326134950b733627a7e9cf

diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c
index 76c08af92c43b47295cfd03a3fa261e783e9b016..6348c95e536c301845bb1a4bf9cf3646aeeb727a 100644 (file)
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@@ -99,6 +99,11 @@ RAND_METHOD rand_fips_meth=
 
 static int second;
 
+RAND_METHOD *FIPS_rand_method(void)
+{
+  return &rand_fips_meth;
+}
+
 void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8])
     {
     memcpy(&key1,k1,sizeof key1);

diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h
index aa8961fdfcbd055d1b75f70f2428bd3e1799a45f..d50eaa8a5098c32851526c10054bb75295694532 100644 (file)
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -47,12 +47,27 @@
  *
  */
 
+#ifndef HEADER_FIPS_RAND_H
+#define HEADER_FIPS_RAND_H
+
 #include "des.h"
 
+#ifdef OPENSSL_FIPS
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]);
 void FIPS_test_mode(int test,const unsigned char faketime[8]);
 void FIPS_rand_seed(const void *buf, int num);
 /* NB: this returns true if _partially_ seeded */
 int FIPS_rand_seeded(void);
 
-extern RAND_METHOD rand_fips_meth;
+RAND_METHOD *FIPS_rand_method(void);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+#endif

diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c
index 3e2f58e16d99326fbd8952af7535e2269a722da8..ff9c91cd36a425522846343fa7b114478b16a769 100644 (file)
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@@ -218,7 +218,7 @@ int main()
        long d;
 
        ERR_load_crypto_strings();
-       RAND_set_rand_method(&rand_fips_meth);
+       RAND_set_rand_method(FIPS_rand_method());
 
        run_test(&t1);
        run_test(&t2);