diff options
| author | Matt Caswell <matt@openssl.org> | 2015-02-26 11:57:37 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-25 12:38:07 +0000 |
| commit | 266483d2f56b0764849797f31866bfd84f9c3aa8 (patch) | |
| tree | 42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /ssl/d1_both.c | |
| parent | 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff) | |
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl/d1_both.c')
| -rw-r--r-- | ssl/d1_both.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 22626f1f0b..8d15f70a4f 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1396,7 +1396,10 @@ int dtls1_process_heartbeat(SSL *s) memcpy(bp, pl, payload); bp += payload; /* Random padding */ - RAND_pseudo_bytes(bp, padding); + if (RAND_bytes(bp, padding) <= 0) { + OPENSSL_free(buffer); + return -1; + } r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); @@ -1430,7 +1433,7 @@ int dtls1_process_heartbeat(SSL *s) int dtls1_heartbeat(SSL *s) { unsigned char *buf, *p; - int ret; + int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ @@ -1482,10 +1485,16 @@ int dtls1_heartbeat(SSL *s) /* Sequence number */ s2n(s->tlsext_hb_seq, p); /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); + if (RAND_bytes(p, 16) <= 0) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } p += 16; /* Random padding */ - RAND_pseudo_bytes(p, padding); + if (RAND_bytes(p, padding) <= 0) { + SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); if (ret >= 0) { @@ -1498,6 +1507,7 @@ int dtls1_heartbeat(SSL *s) s->tlsext_hb_pending = 1; } + err: OPENSSL_free(buf); return ret; |