projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Precautions against using the PRNG uninitialized: RAND_bytes() now
[openssl.git] / crypto / rsa / rsa_ssl.c
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 1050844f8d2bb4a4188435ed8bb44853b6b43395..83dfc80c1d77cb309316830c6a305ff046904b9f 100644 (file)
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -82,12 +82,14 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
        /* pad out with non-zero random data */
        j=tlen-3-8-flen;
 
-       RAND_bytes(p,j);
+       if (RAND_bytes(p,j) <= 0)
+               return(0);
        for (i=0; i<j; i++)
                {
                if (*p == '\0')
                        do      {
-                               RAND_bytes(p,1);
+                               if (RAND_bytes(p,1) <= 0)
+                                       return(0);
                                } while (*p == '\0');
                p++;
                }
Unnamed repository; edit this file 'description' to name the repository.