ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strong 

For our purposes with RNG_WEAK this is fine, so accept a zero return value.
This commit is contained in:
Martin Willi 2013-07-04 11:09:54 +02:00
parent 1d728758ed
commit 324b90cc46
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/libstrongswan/plugins/openssl/openssl_rng.c
View File

@ -47,17 +47,14 @@ struct private_openssl_rng_t {
METHOD(rng_t, get_bytes, bool,
private_openssl_rng_t *this, size_t bytes, u_int8_t *buffer)
{
u_int32_t ret;
if (this->quality == RNG_STRONG)
if (this->quality == RNG_WEAK)
{
ret = RAND_bytes((char*)buffer, bytes);
/* RAND_pseudo_bytes() returns 1 if returned bytes are strong,
* 0 if of not. Both is acceptable for RNG_WEAK. */
return RAND_pseudo_bytes((char*)buffer, bytes) != -1;
}
else
{
ret = RAND_pseudo_bytes((char*)buffer, bytes);
}
return ret == 1;
/* A 0 return value is a failure for RAND_bytes() */
return RAND_bytes((char*)buffer, bytes) == 1;
}
METHOD(rng_t, allocate_bytes, bool,