From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Jun 2012 14:06:59 +0000 (+0200)
Subject: Check rng return value when generating OCSP nonces
X-Git-Tag: 5.0.1~343
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ae56e1eb97c4ae268b0ab40e8497c85d68b8175f;p=thirdparty%2Fstrongswan.git

Check rng return value when generating OCSP nonces
---

diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index debf49086c..adeae30435 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -199,15 +199,15 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
 	rng_t *rng;
 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-	if (rng)
+	if (!rng || !rng->allocate_bytes(rng, NONCE_LEN, &this->nonce))
 	{
-		rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
-		rng->destroy(rng);
-		return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-					asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+		DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
+		DESTROY_IF(rng);
+		return chunk_empty;
 	}
-	DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
-	return chunk_empty;
+	rng->destroy(rng);
+	return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
+				asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
 }
 
 /**