1 files changed, 13 insertions, 2 deletions

diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index daf1dab973..5ac0e14caf 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
         {
-        OPENSSL_cleanse(out, olen);
-        OPENSSL_free(out);
+        if (out)
+                {
+                OPENSSL_cleanse(out, olen);
+                OPENSSL_free(out);
+                }
         }
 
 /* Set "additional input" when generating random data. This uses the
@@ -266,6 +269,14 @@ int RAND_init_fips(void)
         DRBG_CTX *dctx;
         size_t plen;
         unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+        if (fips_drbg_type >> 16)
+                {
+                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+                return 0;
+                }
+#endif
+                
         dctx = FIPS_get_default_drbg();
         if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
                 {