Check rng return value when generating SCEP sender nonce
authorTobias Brunner <tobias@strongswan.org>
Fri, 6 Jul 2012 08:49:46 +0000 (10:49 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/scepclient/scep.c

index 6b68a47..d6cf5f2 100644 (file)
@@ -183,7 +183,7 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
 /**
  * Adds a senderNonce attribute to the given pkcs9 attribute list
  */
-static void add_senderNonce_attribute(pkcs9_t *pkcs9)
+static bool add_senderNonce_attribute(pkcs9_t *pkcs9)
 {
        const size_t nonce_len = 16;
        u_char nonce_buf[nonce_len];
@@ -191,10 +191,15 @@ static void add_senderNonce_attribute(pkcs9_t *pkcs9)
        rng_t *rng;
 
        rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       rng->get_bytes(rng, nonce_len, nonce_buf);
+       if (!rng || !rng->get_bytes(rng, nonce_len, nonce_buf))
+       {
+               DESTROY_IF(rng);
+               return FALSE;
+       }
        rng->destroy(rng);
 
        pkcs9->set_attribute(pkcs9, OID_PKI_SENDER_NONCE, senderNonce);
+       return TRUE;
 }
 
 /**
@@ -222,7 +227,12 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
        pkcs9 = pkcs9_create();
        pkcs9->set_attribute(pkcs9, OID_PKI_TRANS_ID, transID);
        pkcs9->set_attribute(pkcs9, OID_PKI_MESSAGE_TYPE, msgType);
-       add_senderNonce_attribute(pkcs9);
+       if (!add_senderNonce_attribute(pkcs9))
+       {
+               pkcs9->destroy(pkcs9);
+               pkcs7->destroy(pkcs7);
+               return chunk_empty;
+       }
 
        pkcs7->set_attributes(pkcs7, pkcs9);
        pkcs7->set_certificate(pkcs7, signer_cert->get_ref(signer_cert));