From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Mar 2021 19:04:06 +0000 (+0100)
Subject: Remove the RAND_get0_public() from fips provider initialization
X-Git-Tag: openssl-3.0.0-alpha14~295
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=061ae2f6a2f6c59eae6fd5cbc501f916a49f48b2;p=thirdparty%2Fopenssl.git

Remove the RAND_get0_public() from fips provider initialization

It is not needed anymore and it causes leaks because
it is called when the FIPS provider libctx is not yet
properly set up.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14497)
---

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 90491b0e5f7..70826181e53 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -632,9 +632,6 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         goto err;
     }
 
-    /* TODO(3.0): Tests will hang if this is removed */
-    (void)RAND_get0_public(libctx);
-
     *out = fips_dispatch_table;
     return 1;
  err: