check return value of RAND_pseudo_bytes; backport from the stable branch

[openssl.git] / ssl / s23_clnt.c

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 64ee4269ec1069828f7e7f03d29b7ed470956c54..3384fb765e3ef4d2951c6ee0d3cc6557fbda20b8 100644 (file)
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -235,7 +235,8 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
                p=s->s3->client_random;
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
+               if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
+                       return -1;
 
                /* Do the message type and length last */
                d= &(buf[2]);
@@ -296,7 +297,9 @@ static int ssl23_client_hello(SSL *s)
                        i=ch_len;
                s2n(i,d);
                memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-               RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+               if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
+                       return -1;
+
                memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
                p+=i;