Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

author: miod <miod@openbsd.org> 2014-04-13 15:25:20 +0000
committer: miod <miod@openbsd.org> 2014-04-13 15:25:20 +0000
commit: 97222edd40cad3a6e51530425068b83c51d308b1 (patch)
tree: 50438b2fbea63f81d6ac96e9bf4aa302b9538333 /lib/libcrypto/rand/rand_lib.c
parent: Import OpenSSL 1.0.1g (diff)
download: wireguard-openbsd-97222edd40cad3a6e51530425068b83c51d308b1.tar.xz
wireguard-openbsd-97222edd40cad3a6e51530425068b83c51d308b1.zip
1 files changed, 13 insertions, 2 deletions
diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c
index daf1dab9739..5ac0e14caf0 100644
--- a/lib/libcrypto/rand/rand_lib.c
+++ b/lib/libcrypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
 	{
-	OPENSSL_cleanse(out, olen);
-	OPENSSL_free(out);
+	if (out)
+		{
+		OPENSSL_cleanse(out, olen);
+		OPENSSL_free(out);
+		}
 	}
 
 /* Set "additional input" when generating random data. This uses the
@@ -266,6 +269,14 @@ int RAND_init_fips(void)
 	DRBG_CTX *dctx;
 	size_t plen;
 	unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+	if (fips_drbg_type >> 16)
+		{
+		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+		return 0;
+		}
+#endif
+		
 	dctx = FIPS_get_default_drbg();
         if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
 		{
author	miod <miod@openbsd.org>	2014-04-13 15:25:20 +0000
committer	miod <miod@openbsd.org>	2014-04-13 15:25:20 +0000
commit	97222edd40cad3a6e51530425068b83c51d308b1 (patch)
tree	50438b2fbea63f81d6ac96e9bf4aa302b9538333 /lib/libcrypto/rand/rand_lib.c
parent	Import OpenSSL 1.0.1g (diff)
download	wireguard-openbsd-97222edd40cad3a6e51530425068b83c51d308b1.tar.xz wireguard-openbsd-97222edd40cad3a6e51530425068b83c51d308b1.zip