PR: 2786
authorDr. Stephen Henson <steve@openssl.org>
Wed, 22 Aug 2012 22:43:23 +0000 (22:43 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 22 Aug 2012 22:43:23 +0000 (22:43 +0000)
Reported by: Tomas Mraz <tmraz@redhat.com>

Treat a NULL value passed to drbg_free_entropy callback as non-op. This
can happen if the call to fips_get_entropy fails.

crypto/rand/rand_lib.c

index 8c28550..e8957db 100644 (file)
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
        {
-       OPENSSL_cleanse(out, olen);
-       OPENSSL_free(out);
+       if (out)
+               {
+               OPENSSL_cleanse(out, olen);
+               OPENSSL_free(out);
+               }
        }
 
 /* Set "additional input" when generating random data. This uses the