Check rng return value when generating serial numbers in pki utility
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 14:03:53 +0000 (16:03 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/pki/commands/issue.c
src/pki/commands/self.c

index 0398c9d..4dbe2e0 100644 (file)
@@ -356,11 +356,11 @@ static int issue()
                        error = "no random number generator found";
                        goto end;
                }
-               rng->allocate_bytes(rng, 8, &serial);
-               while (*serial.ptr == 0x00)
+               if (!rng_allocate_bytes_not_zero(rng, 8, &serial, FALSE))
                {
-                       /* we don't accept a serial number with leading zeroes */
-                       rng->get_bytes(rng, 1, serial.ptr);
+                       error = "failed to generate serial number";
+                       rng->destroy(rng);
+                       goto end;
                }
                rng->destroy(rng);
        }
index 6813c98..e98f90f 100644 (file)
@@ -298,11 +298,11 @@ static int self()
                        error = "no random number generator found";
                        goto end;
                }
-               rng->allocate_bytes(rng, 8, &serial);
-               while (*serial.ptr == 0x00)
+               if (!rng_allocate_bytes_not_zero(rng, 8, &serial, FALSE))
                {
-                       /* we don't accept a serial number with leading zeroes */
-                       rng->get_bytes(rng, 1, serial.ptr);
+                       error = "failed to generate serial number";
+                       rng->destroy(rng);
+                       goto end;
                }
                rng->destroy(rng);
        }