From eba3ebd7beaab865e92e4853881433aaa855392f Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 19 Jun 2019 15:20:03 +0100
Subject: [PATCH] Add a dummy call to BN_rand_ex() in the FIPS provider

The previous commit made BIGNUM RAND operations available from within
the FIPS provider. We test this out by making a dummy call to check it
completes successfully.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
---
 providers/fips/fipsprov.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index eb2a0c45c3..0f0a9624e7 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -120,6 +120,9 @@ static int dummy_evp_call(void *provctx)
     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
         goto err;
 
+    if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
+        goto err;
+
     ret = 1;
  err:
     BN_CTX_end(bnctx);
-- 
2.40.0