From ae56e1eb97c4ae268b0ab40e8497c85d68b8175f Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 25 Jun 2012 16:06:59 +0200 Subject: Check rng return value when generating OCSP nonces --- src/libstrongswan/plugins/x509/x509_ocsp_request.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/libstrongswan/plugins/x509/x509_ocsp_request.c') diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index debf49086..adeae3043 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -199,15 +199,15 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this) rng_t *rng; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (rng) + if (!rng || !rng->allocate_bytes(rng, NONCE_LEN, &this->nonce)) { - rng->allocate_bytes(rng, NONCE_LEN, &this->nonce); - rng->destroy(rng); - return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid, - asn1_simple_object(ASN1_OCTET_STRING, this->nonce)); + DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found"); + DESTROY_IF(rng); + return chunk_empty; } - DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found"); - return chunk_empty; + rng->destroy(rng); + return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid, + asn1_simple_object(ASN1_OCTET_STRING, this->nonce)); } /** -- cgit v1.2.3