Check rng return value when generating OCSP nonces
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 14:06:59 +0000 (16:06 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/libstrongswan/plugins/x509/x509_ocsp_request.c

index debf490..adeae30 100644 (file)
@@ -199,15 +199,15 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
        rng_t *rng;
 
        rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (rng)
+       if (!rng || !rng->allocate_bytes(rng, NONCE_LEN, &this->nonce))
        {
-               rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
-               rng->destroy(rng);
-               return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-                                       asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+               DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
+               DESTROY_IF(rng);
+               return chunk_empty;
        }
-       DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
-       return chunk_empty;
+       rng->destroy(rng);
+       return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
+                               asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
 }
 
 /**