From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 22 Aug 2012 22:43:23 +0000 (+0000)
Subject: PR: 2786
X-Git-Tag: master-pre-reformat~1671
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0db17852cd47a183fffb33574c98baf53dbabb66;p=openssl

PR: 2786
Reported by: Tomas Mraz <tmraz@redhat.com>

Treat a NULL value passed to drbg_free_entropy callback as non-op. This
can happen if the call to fips_get_entropy fails.
---

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 8c28550a76..e8957dbb30 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
 	{
-	OPENSSL_cleanse(out, olen);
-	OPENSSL_free(out);
+	if (out)
+		{
+		OPENSSL_cleanse(out, olen);
+		OPENSSL_free(out);
+		}
 	}
 
 /* Set "additional input" when generating random data. This uses the