aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2013-07-04 11:09:54 +0200
committerMartin Willi <martin@revosec.ch>2013-07-04 11:09:54 +0200
commit324b90cc46e3af52731fa98eb947e412ab56a2f5 (patch)
tree834c1db7ac21bc4d3ba6ecbca5a608e050d2cd14
parent1d728758edc1ec38cdfa5d64fb578194de852685 (diff)
downloadstrongswan-324b90cc46e3af52731fa98eb947e412ab56a2f5.tar.bz2
strongswan-324b90cc46e3af52731fa98eb947e412ab56a2f5.tar.xz
openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strong
For our purposes with RNG_WEAK this is fine, so accept a zero return value.
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rng.c15
1 files changed, 6 insertions, 9 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c
index 10db6293a..815cf4f0c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rng.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rng.c
@@ -47,17 +47,14 @@ struct private_openssl_rng_t {
METHOD(rng_t, get_bytes, bool,
private_openssl_rng_t *this, size_t bytes, u_int8_t *buffer)
{
- u_int32_t ret;
-
- if (this->quality == RNG_STRONG)
- {
- ret = RAND_bytes((char*)buffer, bytes);
- }
- else
+ if (this->quality == RNG_WEAK)
{
- ret = RAND_pseudo_bytes((char*)buffer, bytes);
+ /* RAND_pseudo_bytes() returns 1 if returned bytes are strong,
+ * 0 if of not. Both is acceptable for RNG_WEAK. */
+ return RAND_pseudo_bytes((char*)buffer, bytes) != -1;
}
- return ret == 1;
+ /* A 0 return value is a failure for RAND_bytes() */
+ return RAND_bytes((char*)buffer, bytes) == 1;
}
METHOD(rng_t, allocate_bytes, bool,