> [[email protected] - Sat Apr 07 15:39:00 2012]: > > This bug report applies to the OpenSSL FIPS 2.0 module. > > If dctx->get_entropy() fails and thus the tout is set to NULL we will > set the output entropy pointer to NULL + blocklen. This will later lead > to crash as we check for NULL entropy before calling > fips_cleanup_entropy() but it will be invalid non-NULL pointer in this > case. > > The attached patch prevents returning invalid non-NULL pointer from the > fips_get_entropy() function. > >
While that is valid changing the FIPS code at this late stage of the validation is problematical. Since the output entropy pointer is restored to its original value in fips_cleanup_entropy can't we just make sure that function treats a NULL parameter as a no-op instead? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
