moved default RSA_METHOD declaration and used macro to prevent FIPS i…

…ntegrity failure

crypto/fipsmodule/rsa/internal.h

@@ -171,10 +171,6 @@ struct rsa_st {
 
 // Default implementations of RSA operations.
 
-// RSA_get_default_method returns a zero initialized |RSA_METHOD| object. The
-// wrapper functions will select the appropriate |rsa_default_*| implementation.
-const RSA_METHOD *RSA_get_default_method(void);
-
 size_t rsa_default_size(const RSA *rsa);
 int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
                          size_t max_out, const uint8_t *in, size_t in_len,

crypto/fipsmodule/rsa/rsa_impl.c

@@ -1277,12 +1277,9 @@ int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
   return ret;
 }
 
-static RSA_METHOD default_rsa_meth;
-
-const RSA_METHOD *RSA_get_default_method(void) {
+DEFINE_METHOD_FUNCTION(RSA_METHOD, RSA_get_default_method) {
   // All of the methods are NULL to make it easier for the compiler/linker to
   // drop unused functions. The wrapper functions will select the appropriate
   // |rsa_default_*| implementation.
-  OPENSSL_memset(&default_rsa_meth, 0, sizeof(RSA_METHOD));
-  return &default_rsa_meth;
+  OPENSSL_memset(out, 0, sizeof(RSA_METHOD));
 }

include/openssl/rsa.h

@@ -217,6 +217,10 @@ OPENSSL_EXPORT int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1,
 
 // RSA_METHOD functions
 
+// RSA_get_default_method returns a zero initialized |RSA_METHOD| object. The
+// wrapper functions will select the appropriate |rsa_default_*| implementation.
+OPENSSL_EXPORT const RSA_METHOD *RSA_get_default_method(void);
+
 // RSA_meth_new returns a zero-initialized |RSA_METHOD| object. It sets
 // |flags| on the object. The |name| parameter is currently ignored and
 // part of the function signature for OpenSSL compatibility.