diff options
| author | Matt Caswell <matt@openssl.org> | 2015-02-26 16:28:59 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-25 12:41:28 +0000 |
| commit | 8f8e4e4f5253085ab673bb74094c3e492c56af44 (patch) | |
| tree | 1fb6e32d1f10e7ca77521df3a25f887bf083f7a8 /crypto/bn | |
| parent | a20718fa2c0a45e6acb975cf6c0438c3ebd45b13 (diff) | |
Fix RAND_(pseudo_)?_bytes returns
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/bn')
| -rw-r--r-- | crypto/bn/bn.h | 1 | ||||
| -rw-r--r-- | crypto/bn/bn_rand.c | 3 |
2 files changed, 3 insertions, 1 deletions
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 78709d3840..9996b4a3bb 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -779,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ RAND_pseudo_bytes(&_tmp_char, 1); \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 7ac71ec8ed..48de9cb7ca 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -157,7 +157,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - RAND_pseudo_bytes(&c, 1); + if(RAND_pseudo_bytes(&c, 1) < 0) + goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; else if (c < 42) |