From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 12 Sep 2011 12:56:20 +0000 (+0000)
Subject: Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
X-Git-Tag: OpenSSL-fips-2_0-rc1~152
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e56c99e1adda3717eace86f9baae423e4d58196;p=thirdparty%2Fopenssl.git

Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
don't set type in FIPS_drbg_new().
---

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 114f78e6ab3..ddbb99df663 100644
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -115,8 +115,14 @@ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
 		FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
 		return NULL;
 		}
+
 	if (type == 0)
+		{
+		memset(dctx, 0, sizeof(DRBG_CTX));
+		dctx->type = 0;
+		dctx->status = DRBG_STATUS_UNINITIALISED;
 		return dctx;
+		}
 
 	if (FIPS_drbg_init(dctx, type, flags) <= 0)
 		{
diff --git a/fips/rand/fips_drbgvs.c b/fips/rand/fips_drbgvs.c
index db05d404845..4d84884e361 100644
--- a/fips/rand/fips_drbgvs.c
+++ b/fips/rand/fips_drbgvs.c
@@ -314,6 +314,11 @@ int main(int argc,char **argv)
 		if (!strcmp(keyword, "PersonalizationString"))
 			{
 			pers = hex2bin_m(value, &perslen);
+			if (nid == 0)
+				{
+				fprintf(stderr, "DRBG type not recognised!\n");
+				exit (1);
+				}
 			dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
 			if (!dctx)
 				exit (1);