Check rng return value when generating OCSP nonces

author Tobias Brunner <tobias@strongswan.org>

Mon, 25 Jun 2012 14:06:59 +0000 (16:06 +0200)

committer Martin Willi <martin@revosec.ch>

Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
author Tobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 14:06:59 +0000 (16:06 +0200)
committer Martin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c

index debf490..adeae30 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -199,15 +199,15 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
         rng_t *rng;
  
         rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (rng)
+       if (!rng || !rng->allocate_bytes(rng, NONCE_LEN, &this->nonce))
         {
-               rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
-               rng->destroy(rng);
-               return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-                                       asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+               DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
+               DESTROY_IF(rng);
+               return chunk_empty;
         }
-       DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
-       return chunk_empty;
+       rng->destroy(rng);
+       return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
+                               asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
  }
  
  /**
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 25 Jun 2012 14:06:59 +0000 (16:06 +0200)
committer	Martin Willi <martin@revosec.ch>
	Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)