Add a dummy call to BN_rand_ex() in the FIPS provider
authorMatt Caswell <matt@openssl.org>
Wed, 19 Jun 2019 14:20:03 +0000 (15:20 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 2 Jul 2019 15:49:18 +0000 (16:49 +0100)
The previous commit made BIGNUM RAND operations available from within
the FIPS provider. We test this out by making a dummy call to check it
completes successfully.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)

providers/fips/fipsprov.c

index eb2a0c4..0f0a962 100644 (file)
@@ -120,6 +120,9 @@ static int dummy_evp_call(void *provctx)
     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
         goto err;
 
+    if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
+        goto err;
+
     ret = 1;
  err:
     BN_CTX_end(bnctx);