mirror of
https://github.com/openssl/openssl.git
synced 2025-03-01 19:28:10 +08:00
42a8ef844e
Once RNG is used, triggering FIPS on-demand self tests (via OSSL_PROVIDER_self_test() API) crashes the application. This happens because the RNG context is stored before self tests, and restored after their execution. In the meantime - before context restoration - RAND_set0_private() function is called, which decrements the stored RNG context reference counter and frees it. To resolve the issue, the stored RNG context refcount has been incremented via the EVP_RAND_CTX_up_ref() API to avoid its deallocation during the RNG context switch performed by the self test function. The provider_status_test test has been updated to reproduce the issue as a regression test. Signed-off-by: Karol Brzuskiewicz <kabr@arista.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24599) |
||
|---|---|---|
| .. | ||
| common | ||
| fips | ||
| implementations | ||
| baseprov.c | ||
| build.info | ||
| decoders.inc | ||
| defltprov.c | ||
| encoders.inc | ||
| fips-sources.checksums | ||
| fips.checksum | ||
| fips.module.sources | ||
| legacyprov.c | ||
| nullprov.c | ||
| prov_running.c | ||
| stores.inc | ||