Check rng return value when generating nonces in eap-sim plugin

2 files changed, 8 insertions, 2 deletions

diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
index 479fb95fc..ff96e9279 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
@@ -242,7 +242,10 @@ static status_t process_start(private_eap_sim_peer_t *this,
 	/* generate AT_NONCE_MT value */
 	rng = this->crypto->get_rng(this->crypto);
 	free(this->nonce.ptr);
-	rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
+	if (!rng->allocate_bytes(rng, NONCE_LEN, &this->nonce))
+	{
+		return FAILED;
+	}
 
 	message = simaka_message_create(FALSE, this->identifier, EAP_SIM,
 									SIM_START, this->crypto);
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index fd4f4c02b..334e2df1d 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
@@ -174,7 +174,10 @@ static status_t reauthenticate(private_eap_sim_server_t *this,
 	DBG1(DBG_IKE, "initiating EAP-SIM reauthentication");
 
 	rng = this->crypto->get_rng(this->crypto);
-	rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
+	if (!rng->allocate_bytes(rng, NONCE_LEN, &this->nonce))
+	{
+		return FAILED;
+	}
 
 	mkc = chunk_create(mk, HASH_SIZE_SHA1);
 	counter = htons(counter);