PR: 2786

Reported by: Tomas Mraz <tmraz@redhat.com> Treat a NULL value passed to drbg_free_entropy callback as non-op. This can happen if the call to fips_get_entropy fails.
author: Dr. Stephen Henson <steve@openssl.org> 2012-08-22 22:42:04 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-08-22 22:42:04 +0000
commit: 7a217076d902d1717d1ab9b851c6c5ad6d7a444c (patch)
tree: eb660eec9aafbc5ce88a5d70eb33a4c0a08fdbe2 /crypto/rand
parent: 0720bf7df1b022c838a3dfd6810673db48c18d26 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index daf1dab973..476a0cd187 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
 	{
-	OPENSSL_cleanse(out, olen);
-	OPENSSL_free(out);
+	if (out)
+		{
+		OPENSSL_cleanse(out, olen);
+		OPENSSL_free(out);
+		}
 	}
 
 /* Set "additional input" when generating random data. This uses the
author	Dr. Stephen Henson <steve@openssl.org>	2012-08-22 22:42:04 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-08-22 22:42:04 +0000
commit	7a217076d902d1717d1ab9b851c6c5ad6d7a444c (patch)
tree	eb660eec9aafbc5ce88a5d70eb33a4c0a08fdbe2 /crypto/rand
parent	0720bf7df1b022c838a3dfd6810673db48c18d26 (diff)