Check rng return value when generating OCSP nonces

author: Tobias Brunner <tobias@strongswan.org> 2012-06-25 16:06:59 +0200
committer: Martin Willi <martin@revosec.ch> 2012-07-16 14:53:35 +0200
commit: ae56e1eb97c4ae268b0ab40e8497c85d68b8175f (patch)
tree: edb45d9afeea53ee2df0d690301acd357eb55dba /src
parent: 3c739111745b6a07f937efcba8a41eff617aa828 (diff)
download: strongswan-ae56e1eb97c4ae268b0ab40e8497c85d68b8175f.tar.bz2
strongswan-ae56e1eb97c4ae268b0ab40e8497c85d68b8175f.tar.xz
1 files changed, 7 insertions, 7 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index debf49086..adeae3043 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -199,15 +199,15 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
 	rng_t *rng;
 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-	if (rng)
+	if (!rng || !rng->allocate_bytes(rng, NONCE_LEN, &this->nonce))
 	{
-		rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
-		rng->destroy(rng);
-		return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-					asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+		DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
+		DESTROY_IF(rng);
+		return chunk_empty;
 	}
-	DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
-	return chunk_empty;
+	rng->destroy(rng);
+	return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
+				asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
 }
 
 /**
author	Tobias Brunner <tobias@strongswan.org>	2012-06-25 16:06:59 +0200
committer	Martin Willi <martin@revosec.ch>	2012-07-16 14:53:35 +0200
commit	ae56e1eb97c4ae268b0ab40e8497c85d68b8175f (patch)
tree	edb45d9afeea53ee2df0d690301acd357eb55dba /src
parent	3c739111745b6a07f937efcba8a41eff617aa828 (diff)
download	strongswan-ae56e1eb97c4ae268b0ab40e8497c85d68b8175f.tar.bz2 strongswan-ae56e1eb97c4ae268b0ab40e8497c85d68b8175f.tar.xz