check return value of RAND_pseudo_bytes; backport from the stable branch

[openssl.git] / ssl / s2_srvr.c

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 6c43f720781db8616c9a161cad7d38964a1caa65..7cc160b1ad790b7df1c382620cf5279dca1ed183 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -498,7 +498,8 @@ static int get_client_master_key(SSL *s)
                        i=ek;
                else
                        i=EVP_CIPHER_key_length(c);
-               RAND_pseudo_bytes(p,i);
+               if (RAND_pseudo_bytes(p,i) <= 0)
+                       return 0;
                }
 #else
        if (i < 0)
@@ -804,7 +805,8 @@ static int server_hello(SSL *s)
                /* make and send conn_id */
                s2n(SSL2_CONNECTION_ID_LENGTH,p);       /* add conn_id length */
                s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
-               RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+               if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
+                       return -1;
                memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
                d+=SSL2_CONNECTION_ID_LENGTH;
 
@@ -950,7 +952,8 @@ static int request_certificate(SSL *s)
                p=(unsigned char *)s->init_buf->data;
                *(p++)=SSL2_MT_REQUEST_CERTIFICATE;
                *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-               RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+               if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
+                       return -1;
                memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
                s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;