diff options
| -rw-r--r-- | apps/s_cb.c | 2 | ||||
| -rw-r--r-- | apps/s_server.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/asn_mime.c | 3 | ||||
| -rw-r--r-- | crypto/bio/bf_nbio.c | 6 | ||||
| -rw-r--r-- | crypto/bn/bn.h | 1 | ||||
| -rw-r--r-- | crypto/bn/bn_rand.c | 3 | ||||
| -rw-r--r-- | crypto/cms/cms_pwri.c | 5 | ||||
| -rw-r--r-- | crypto/des/des.c | 6 | ||||
| -rw-r--r-- | crypto/des/enc_writ.c | 4 | ||||
| -rw-r--r-- | crypto/dsa/dsa_gen.c | 3 | ||||
| -rw-r--r-- | crypto/ecdsa/ecdsatest.c | 4 | ||||
| -rw-r--r-- | crypto/evp/bio_ok.c | 3 | ||||
| -rw-r--r-- | crypto/evp/e_des3.c | 3 | ||||
| -rw-r--r-- | crypto/evp/p_seal.c | 5 | ||||
| -rw-r--r-- | crypto/ocsp/ocsp_ext.c | 4 | ||||
| -rw-r--r-- | crypto/srp/srp_vfy.c | 9 | ||||
| -rw-r--r-- | demos/easy_tls/easy-tls.c | 3 | ||||
| -rw-r--r-- | ssl/d1_both.c | 14 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 5 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 18 | ||||
| -rw-r--r-- | ssl/tls_srp.c | 3 |
21 files changed, 73 insertions, 34 deletions
diff --git a/apps/s_cb.c b/apps/s_cb.c index f6e6bcd765..36e22848f4 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1012,7 +1012,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, /* Initialize a random secret */ if (!cookie_initialized) { - if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { + if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { BIO_printf(bio_err, "error setting random cookie secret\n"); return 0; } diff --git a/apps/s_server.c b/apps/s_server.c index a8491acfdd..083cc4c553 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -3281,7 +3281,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, { unsigned int count = 0; do { - RAND_pseudo_bytes(id, *id_len); + if(RAND_pseudo_bytes(id, *id_len) < 0) + return 0; /* * Prefix the session_id with the required prefix. NB: If our prefix * is too long, clip it - but there will be worse effects anyway, eg. diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 7e2f28e6d5..fa4dd820b7 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, if ((flags & SMIME_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ - RAND_pseudo_bytes((unsigned char *)bound, 32); + if(RAND_pseudo_bytes((unsigned char *)bound, 32) < 0) + return 0; for (i = 0; i < 32; i++) { c = bound[i] & 0xf; if (c < 10) diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index da88a8a1bf..44d1029f28 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); #if 1 - RAND_pseudo_bytes(&n, 1); + if(RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 0x07); if (outl > num) @@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl) num = nt->lwn; nt->lwn = 0; } else { - RAND_pseudo_bytes(&n, 1); + if(RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 7); } diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 78709d3840..9996b4a3bb 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -779,6 +779,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ RAND_pseudo_bytes(&_tmp_char, 1); \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 7ac71ec8ed..48de9cb7ca 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -157,7 +157,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - RAND_pseudo_bytes(&c, 1); + if(RAND_pseudo_bytes(&c, 1) < 0) + goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; else if (c < 42) diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 076b545789..b9c560d438 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -297,8 +297,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, out[3] = in[2] ^ 0xFF; memcpy(out + 4, in, inlen); /* Add random padding to end */ - if (olen > inlen + 4) - RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); + if (olen > inlen + 4 + && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0) + return 0; /* Encrypt twice */ EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen); diff --git a/crypto/des/des.c b/crypto/des/des.c index 2bff281258..dcdb8dd658 100644 --- a/crypto/des/des.c +++ b/crypto/des/des.c @@ -455,8 +455,10 @@ void doencryption(void) rem = l % 8; len = l - rem; if (feof(DES_IN)) { - for (i = 7 - rem; i > 0; i--) - RAND_pseudo_bytes(buf + l++, 1); + for (i = 7 - rem; i > 0; i--) { + if(RAND_pseudo_bytes(buf + l++, 1) < 0) + goto problems; + } buf[l++] = rem; ex = 1; len += rem; diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c index b4eecc3812..0777b4f139 100644 --- a/crypto/des/enc_writ.c +++ b/crypto/des/enc_writ.c @@ -132,7 +132,9 @@ int DES_enc_write(int fd, const void *_buf, int len, if (len < 8) { cp = shortbuf; memcpy(shortbuf, buf, len); - RAND_pseudo_bytes(shortbuf + len, 8 - len); + if(RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) { + return -1; + } rnum = 8; } else { cp = buf; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 8920036939..4a6560dd68 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -204,7 +204,8 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, goto err; if (!seed_len) { - RAND_pseudo_bytes(seed, qsize); + if(RAND_pseudo_bytes(seed, qsize) < 0) + goto err; seed_is_random = 1; } else { seed_is_random = 0; diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index b2d78f3d55..0f301f86d9 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -296,8 +296,8 @@ int test_builtin(BIO *out) int nid, ret = 0; /* fill digest values with some random data */ - if (!RAND_pseudo_bytes(digest, 20) || - !RAND_pseudo_bytes(wrong_digest, 20)) { + if (RAND_pseudo_bytes(digest, 20) <= 0 || + RAND_pseudo_bytes(wrong_digest, 20) <= 0) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index a4550349be..859712fb74 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -491,7 +491,8 @@ static int sig_out(BIO *b) * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ - RAND_pseudo_bytes(md->md_data, md->digest->md_size); + if(RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0) + goto berr; memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); ctx->buf_len += md->digest->md_size; diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 301d93e13d..6aa4d09987 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -447,7 +447,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(out + inl + 8, sha1tmp, 8); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ - RAND_bytes(ctx->iv, 8); + if(RAND_bytes(ctx->iv, 8) <= 0) + return -1; memcpy(out, ctx->iv, 8); /* Encrypt everything after IV in place */ des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index caabbf406f..ba9dfff215 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 1; if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; - if (EVP_CIPHER_CTX_iv_length(ctx)) - RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); + if (EVP_CIPHER_CTX_iv_length(ctx) + && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) + return 0; if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) return 0; diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 849cb2f762..fdfddf9fc1 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -361,8 +361,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); if (val) memcpy(tmpval, val, len); - else - RAND_pseudo_bytes(tmpval, len); + else if(RAND_pseudo_bytes(tmpval, len) < 0) + goto err; if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, &os, 0, X509V3_ADD_REPLACE)) goto err; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 701b5cd011..902df1013b 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -497,7 +497,8 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) if (!SRP_user_pwd_set_ids(user, username, NULL)) goto err; - RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH); + if(RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH) < 0) + goto err; EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); @@ -549,7 +550,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, } if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if(RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) + goto err; s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } else { @@ -609,7 +611,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, srp_bn_print(g); if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if(RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) + goto err; *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index acc688aaf4..df6ae6cf37 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -761,7 +761,8 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) if (tls_dhe1024 == NULL) { int i; - RAND_bytes((unsigned char *)&i, sizeof i); + if(RAND_bytes((unsigned char *)&i, sizeof i) <= 0) + goto err_return; /* * make sure that i is non-negative -- pick one of the provided * seeds diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 21048003bc..d4150cb58d 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1420,7 +1420,10 @@ int dtls1_process_heartbeat(SSL *s) memcpy(bp, pl, payload); bp += payload; /* Random padding */ - RAND_pseudo_bytes(bp, padding); + if(RAND_pseudo_bytes(bp, padding) < 0) { + OPENSSL_free(buffer); + return -1; + } r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); @@ -1454,7 +1457,7 @@ int dtls1_process_heartbeat(SSL *s) int dtls1_heartbeat(SSL *s) { unsigned char *buf, *p; - int ret; + int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ @@ -1502,10 +1505,12 @@ int dtls1_heartbeat(SSL *s) /* Sequence number */ s2n(s->tlsext_hb_seq, p); /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); + if(RAND_pseudo_bytes(p, 16) < 0) + goto err; p += 16; /* Random padding */ - RAND_pseudo_bytes(p, padding); + if(RAND_pseudo_bytes(p, padding) < 0) + goto err; ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); if (ret >= 0) { @@ -1518,6 +1523,7 @@ int dtls1_heartbeat(SSL *s) s->tlsext_hb_pending = 1; } +err: OPENSSL_free(buf); return ret; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 91053d59ea..c7f3f1d3cc 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2847,7 +2847,10 @@ int ssl3_send_client_key_exchange(SSL *s) EVP_PKEY_encrypt_init(pkey_ctx); /* Generate session key */ - RAND_bytes(premaster_secret, 32); + if(RAND_bytes(premaster_secret, 32) <= 0) { + EVP_PKEY_CTX_free(pkey_ctx); + goto err; + } /* * If we have client certificate, use its secret as peer key */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3e01b6af6a..5568df660c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3849,7 +3849,10 @@ int tls1_process_heartbeat(SSL *s) memcpy(bp, pl, payload); bp += payload; /* Random padding */ - RAND_pseudo_bytes(bp, padding); + if(RAND_pseudo_bytes(bp, padding) < 0) { + OPENSSL_free(buffer); + return -1; + } r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); @@ -3884,7 +3887,7 @@ int tls1_process_heartbeat(SSL *s) int tls1_heartbeat(SSL *s) { unsigned char *buf, *p; - int ret; + int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ @@ -3932,10 +3935,16 @@ int tls1_heartbeat(SSL *s) /* Sequence number */ s2n(s->tlsext_hb_seq, p); /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); + if(RAND_pseudo_bytes(p, 16) < 0) { + SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } p += 16; /* Random padding */ - RAND_pseudo_bytes(p, padding); + if(RAND_pseudo_bytes(p, padding) < 0) { + SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); if (ret >= 0) { @@ -3947,6 +3956,7 @@ int tls1_heartbeat(SSL *s) s->tlsext_hb_pending = 1; } +err: OPENSSL_free(buf); return ret; diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index d36cfa0a5c..6bdf7f32f8 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -454,7 +454,8 @@ int SRP_Calc_A_param(SSL *s) { unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; - RAND_bytes(rnd, sizeof(rnd)); + if(RAND_bytes(rnd, sizeof(rnd)) <= 0) + return -1; s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); OPENSSL_cleanse(rnd, sizeof(rnd)); |