mirror of
https://github.com/openssl/openssl.git
synced 2025-01-06 13:26:43 +08:00
42a8ef844e
Once RNG is used, triggering FIPS on-demand self tests (via OSSL_PROVIDER_self_test() API) crashes the application. This happens because the RNG context is stored before self tests, and restored after their execution. In the meantime - before context restoration - RAND_set0_private() function is called, which decrements the stored RNG context reference counter and frees it. To resolve the issue, the stored RNG context refcount has been incremented via the EVP_RAND_CTX_up_ref() API to avoid its deallocation during the RNG context switch performed by the self test function. The provider_status_test test has been updated to reproduce the issue as a regression test. Signed-off-by: Karol Brzuskiewicz <kabr@arista.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24599) |
||
|---|---|---|
| .. | ||
| build.info | ||
| fips_entry.c | ||
| fipsprov.c | ||
| self_test_data.inc | ||
| self_test_kats.c | ||
| self_test.c | ||
| self_test.h | ||