Fix RAND_(pseudo_)?_bytes returns

Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return value checked correctly Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-02-26 16:28:59 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-25 12:41:28 +0000
commit: 8f8e4e4f5253085ab673bb74094c3e492c56af44 (patch)
tree: 1fb6e32d1f10e7ca77521df3a25f887bf083f7a8 /crypto/cms
parent: a20718fa2c0a45e6acb975cf6c0438c3ebd45b13 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 076b545789..b9c560d438 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -297,8 +297,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
         out[3] = in[2] ^ 0xFF;
         memcpy(out + 4, in, inlen);
         /* Add random padding to end */
-        if (olen > inlen + 4)
-            RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
+        if (olen > inlen + 4
+            && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
+            return 0;
         /* Encrypt twice */
         EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
         EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
author	Matt Caswell <matt@openssl.org>	2015-02-26 16:28:59 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-25 12:41:28 +0000
commit	8f8e4e4f5253085ab673bb74094c3e492c56af44 (patch)
tree	1fb6e32d1f10e7ca77521df3a25f887bf083f7a8 /crypto/cms
parent	a20718fa2c0a45e6acb975cf6c0438c3ebd45b13 (diff)