Fix RAND_(pseudo_)?_bytes returns

Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return value checked correctly Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 8f8e4e4f5253085ab673bb74094c3e492c56af44) Conflicts: crypto/evp/e_des3.c
author: Matt Caswell <matt@openssl.org> 2015-02-26 16:28:59 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-25 12:45:17 +0000
commit: 750190567a43d827fa16c58e79ae3ec6ff6c91d3 (patch)
tree: 0fdc59036c721536c5968cf78cfb9e7dbbe31156 /ssl
parent: 23a9b24aa100cc1c5c7d2c95252f2520680d2e58 (diff)
4 files changed, 30 insertions, 10 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index c18ec03bd1..5cb30a52ee 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1540,7 +1540,10 @@ int dtls1_process_heartbeat(SSL *s)
         memcpy(bp, pl, payload);
         bp += payload;
         /* Random padding */
-        RAND_pseudo_bytes(bp, padding);
+        if(RAND_pseudo_bytes(bp, padding) < 0) {
+            OPENSSL_free(buffer);
+            return -1;
+        }
 
         r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
 
@@ -1574,7 +1577,7 @@ int dtls1_process_heartbeat(SSL *s)
 int dtls1_heartbeat(SSL *s)
 {
     unsigned char *buf, *p;
-    int ret;
+    int ret = -1;
     unsigned int payload = 18;  /* Sequence number + random bytes */
     unsigned int padding = 16;  /* Use minimum padding */
 
@@ -1622,10 +1625,12 @@ int dtls1_heartbeat(SSL *s)
     /* Sequence number */
     s2n(s->tlsext_hb_seq, p);
     /* 16 random bytes */
-    RAND_pseudo_bytes(p, 16);
+    if(RAND_pseudo_bytes(p, 16) < 0)
+        goto err;
     p += 16;
     /* Random padding */
-    RAND_pseudo_bytes(p, padding);
+    if(RAND_pseudo_bytes(p, padding) < 0)
+        goto err;
 
     ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
     if (ret >= 0) {
@@ -1638,6 +1643,7 @@ int dtls1_heartbeat(SSL *s)
         s->tlsext_hb_pending = 1;
     }
 
+err:
     OPENSSL_free(buf);
 
     return ret;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0e5acecabb..30ca11afb3 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2729,7 +2729,10 @@ int ssl3_send_client_key_exchange(SSL *s)
 
             EVP_PKEY_encrypt_init(pkey_ctx);
             /* Generate session key */
-            RAND_bytes(premaster_secret, 32);
+            if(RAND_bytes(premaster_secret, 32) <= 0) {
+                EVP_PKEY_CTX_free(pkey_ctx);
+                goto err;
+            }
             /*
              * If we have client certificate, use its secret as peer key
              */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 243a70f7a6..f0112486cb 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2612,7 +2612,10 @@ int tls1_process_heartbeat(SSL *s)
         memcpy(bp, pl, payload);
         bp += payload;
         /* Random padding */
-        RAND_pseudo_bytes(bp, padding);
+        if(RAND_pseudo_bytes(bp, padding) < 0) {
+            OPENSSL_free(buffer);
+            return -1;
+        }
 
         r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
                              3 + payload + padding);
@@ -2647,7 +2650,7 @@ int tls1_process_heartbeat(SSL *s)
 int tls1_heartbeat(SSL *s)
 {
     unsigned char *buf, *p;
-    int ret;
+    int ret = -1;
     unsigned int payload = 18;  /* Sequence number + random bytes */
     unsigned int padding = 16;  /* Use minimum padding */
 
@@ -2695,10 +2698,16 @@ int tls1_heartbeat(SSL *s)
     /* Sequence number */
     s2n(s->tlsext_hb_seq, p);
     /* 16 random bytes */
-    RAND_pseudo_bytes(p, 16);
+    if(RAND_pseudo_bytes(p, 16) < 0) {
+        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     p += 16;
     /* Random padding */
-    RAND_pseudo_bytes(p, padding);
+    if(RAND_pseudo_bytes(p, padding) < 0) {
+        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
 
     ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
     if (ret >= 0) {
@@ -2710,6 +2719,7 @@ int tls1_heartbeat(SSL *s)
         s->tlsext_hb_pending = 1;
     }
 
+err:
     OPENSSL_free(buf);
 
     return ret;
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index d36cfa0a5c..6bdf7f32f8 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -454,7 +454,8 @@ int SRP_Calc_A_param(SSL *s)
 {
     unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
 
-    RAND_bytes(rnd, sizeof(rnd));
+    if(RAND_bytes(rnd, sizeof(rnd)) <= 0)
+        return -1;
     s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
     OPENSSL_cleanse(rnd, sizeof(rnd));
author	Matt Caswell <matt@openssl.org>	2015-02-26 16:28:59 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-25 12:45:17 +0000
commit	750190567a43d827fa16c58e79ae3ec6ff6c91d3 (patch)
tree	0fdc59036c721536c5968cf78cfb9e7dbbe31156 /ssl
parent	23a9b24aa100cc1c5c7d2c95252f2520680d2e58 (diff)