rand: instantiate the DRBGs upon first use.

[openssl.git] / crypto / rand / rand_lib.c

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 89277e93c50fffcfbb15772b825baa4196a84746..a37a575e5bb86ddf6a92c54da041e3e88bbaa6cc 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -246,7 +246,7 @@ int RAND_status(void)
         return meth->status != NULL ? meth->status() : 0;
 
     if ((rand = RAND_get0_primary(NULL)) == NULL)
-        return EVP_RAND_STATE_UNINITIALISED;
+        return 0;
     return EVP_RAND_state(rand) == EVP_RAND_STATE_READY;
 }
 #else  /* !FIPS_MODULE */
@@ -467,7 +467,12 @@ static EVP_RAND_CTX *rand_new_drbg(OPENSSL_CTX *libctx, EVP_RAND_CTX *parent,
     if (!EVP_RAND_set_ctx_params(ctx, params)) {
         RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG);
         EVP_RAND_CTX_free(ctx);
-        ctx = NULL;
+        return NULL;
+    }
+    if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0)) {
+        RANDerr(0, RAND_R_ERROR_INSTANTIATING_DRBG);
+        EVP_RAND_CTX_free(ctx);
+        return NULL;
     }
     return ctx;
 }