Fix bug in entropy gathering.

This only impacts FIPS mode or someone who has enabled the FIPS 140.2
4.9.2 Conditional Tests.  i.e. nobody currently.

Fix a significant issue in the entropy gathering for the continuous RNG
testing.  The impact is using an uninitialised buffer instead of the gathered
entropy.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8789)

diff --git a/crypto/rand/rand_crng_test.c b/crypto/rand/rand_crng_test.c
index 74a64ee53193ac89a50ac7353a553dc81d9338d1..87f4ee1f483aebdc4e3fc8466c68f025e52e60df 100644 (file)
--- a/crypto/rand/rand_crng_test.c
+++ b/crypto/rand/rand_crng_test.c
@@ -30,7 +30,7 @@ int rand_crngt_get_entropy_cb(unsigned char *buf)
     while ((n = rand_pool_acquire_entropy(crngt_pool)) != 0)
         if (n >= CRNGT_BUFSIZ) {
             p = rand_pool_detach(crngt_pool);
-            memcpy(crngt_prev, p, CRNGT_BUFSIZ);
+            memcpy(buf, p, CRNGT_BUFSIZ);
             rand_pool_reattach(crngt_pool, p);
             return 1;
         }