From 266483d2f56b0764849797f31866bfd84f9c3aa8 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 26 Feb 2015 11:57:37 +0000
Subject: RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 demos/easy_tls/easy-tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'demos')

diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index 33303cc117..3475551d6a 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -760,7 +760,8 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
         if (tls_dhe1024 == NULL) {
             int i;
 
-            RAND_bytes((unsigned char *)&i, sizeof i);
+            if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0)
+                goto err_return;
             /*
              * make sure that i is non-negative -- pick one of the provided
              * seeds
-- 
cgit v1.2.3