From: Matt Caswell <matt@openssl.org>
Date: Wed, 19 Jun 2019 14:20:03 +0000 (+0100)
Subject: Add a dummy call to BN_rand_ex() in the FIPS provider
X-Git-Tag: openssl-3.0.0-alpha1~1821
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=eba3ebd7beaab865e92e4853881433aaa855392f;p=oweals%2Fopenssl.git

Add a dummy call to BN_rand_ex() in the FIPS provider

The previous commit made BIGNUM RAND operations available from within
the FIPS provider. We test this out by making a dummy call to check it
completes successfully.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
---

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index eb2a0c45c3..0f0a9624e7 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -120,6 +120,9 @@ static int dummy_evp_call(void *provctx)
     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
         goto err;
 
+    if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
+        goto err;
+
     ret = 1;
  err:
     BN_CTX_end(bnctx);