openssl: RAND_pseudo_bytes() returns 0 if bytes are not cryptographically strong
For our purposes with RNG_WEAK this is fine, so accept a zero return value.
This commit is contained in:
parent
1d728758ed
commit
324b90cc46
|
@ -47,17 +47,14 @@ struct private_openssl_rng_t {
|
|||
METHOD(rng_t, get_bytes, bool,
|
||||
private_openssl_rng_t *this, size_t bytes, u_int8_t *buffer)
|
||||
{
|
||||
u_int32_t ret;
|
||||
|
||||
if (this->quality == RNG_STRONG)
|
||||
if (this->quality == RNG_WEAK)
|
||||
{
|
||||
ret = RAND_bytes((char*)buffer, bytes);
|
||||
/* RAND_pseudo_bytes() returns 1 if returned bytes are strong,
|
||||
* 0 if of not. Both is acceptable for RNG_WEAK. */
|
||||
return RAND_pseudo_bytes((char*)buffer, bytes) != -1;
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = RAND_pseudo_bytes((char*)buffer, bytes);
|
||||
}
|
||||
return ret == 1;
|
||||
/* A 0 return value is a failure for RAND_bytes() */
|
||||
return RAND_bytes((char*)buffer, bytes) == 1;
|
||||
}
|
||||
|
||||
METHOD(rng_t, allocate_bytes, bool,
|
||||
|
|
Loading…
Reference in New Issue