PR: 2786

[openssl.git] / crypto / rand / rand_lib.c

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 0e8201316307dc940565e8e0a51d8f0c0d7adca2..e8957dbb306cc6dbc7d673f7fa0bcfa787559d1a 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -78,10 +78,6 @@ static const RAND_METHOD *default_RAND_meth = NULL;
 
 int RAND_set_rand_method(const RAND_METHOD *meth)
        {
-#ifdef OPENSSL_FIPS
-       if (!FIPS_rand_set_method(meth))
-               return 0;
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if(funct_ref)
                {
@@ -198,6 +194,8 @@ int RAND_status(void)
 static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
                                 int entropy, size_t min_len, size_t max_len)
         {
+       /* Round up request to multiple of block size */
+       min_len = ((min_len + 19) / 20) * 20;
        *pout = OPENSSL_malloc(min_len);
        if (!*pout)
                return 0;
@@ -212,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
        {
-       OPENSSL_cleanse(out, olen);
-       OPENSSL_free(out);
+       if (out)
+               {
+               OPENSSL_cleanse(out, olen);
+               OPENSSL_free(out);
+               }
        }
 
 /* Set "additional input" when generating random data. This uses the