diff options
author | Martin Willi <martin@revosec.ch> | 2013-07-04 11:09:54 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2013-07-04 11:09:54 +0200 |
commit | 324b90cc46e3af52731fa98eb947e412ab56a2f5 (patch) | |
tree | 834c1db7ac21bc4d3ba6ecbca5a608e050d2cd14 | |
parent | 1d728758edc1ec38cdfa5d64fb578194de852685 (diff) | |
download | strongswan-324b90cc46e3af52731fa98eb947e412ab56a2f5.tar.bz2 strongswan-324b90cc46e3af52731fa98eb947e412ab56a2f5.tar.xz |
openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strong
For our purposes with RNG_WEAK this is fine, so accept a zero return value.
-rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rng.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c index 10db6293a..815cf4f0c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rng.c +++ b/src/libstrongswan/plugins/openssl/openssl_rng.c @@ -47,17 +47,14 @@ struct private_openssl_rng_t { METHOD(rng_t, get_bytes, bool, private_openssl_rng_t *this, size_t bytes, u_int8_t *buffer) { - u_int32_t ret; - - if (this->quality == RNG_STRONG) - { - ret = RAND_bytes((char*)buffer, bytes); - } - else + if (this->quality == RNG_WEAK) { - ret = RAND_pseudo_bytes((char*)buffer, bytes); + /* RAND_pseudo_bytes() returns 1 if returned bytes are strong, + * 0 if of not. Both is acceptable for RNG_WEAK. */ + return RAND_pseudo_bytes((char*)buffer, bytes) != -1; } - return ret == 1; + /* A 0 return value is a failure for RAND_bytes() */ + return RAND_bytes((char*)buffer, bytes) == 1; } METHOD(rng_t, allocate_bytes, bool, |