generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid multiple lock using FIPS DRBG.

Browse Source 
Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode.

PR#3176
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson
2014-07-30 15:13:08 +01:00
parent 789b12599d
commit a3efe1b6e9
3 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/rand/rand_lib.c
View File

@@ -68,6 +68,7 @@
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "rand_lcl.h"
#endif
#ifndef OPENSSL_NO_ENGINE
@@ -199,7 +200,7 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
*pout = OPENSSL_malloc(min_len);
if (!*pout)
return 0;
if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
if (md_rand_bytes_lock(*pout, min_len, 0, 0) <= 0)
{
OPENSSL_free(*pout);
*pout = NULL;