From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Jun 2012 14:03:53 +0000 (+0200)
Subject: Check rng return value when generating serial numbers in pki utility
X-Git-Tag: 5.0.1~340
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e93bb353d5b2750b3a89751a83086108e3d7c1ca;p=thirdparty%2Fstrongswan.git

Check rng return value when generating serial numbers in pki utility
---

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 0398c9dc94..4dbe2e0699 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -356,11 +356,11 @@ static int issue()
 			error = "no random number generator found";
 			goto end;
 		}
-		rng->allocate_bytes(rng, 8, &serial);
-		while (*serial.ptr == 0x00)
+		if (!rng_allocate_bytes_not_zero(rng, 8, &serial, FALSE))
 		{
-			/* we don't accept a serial number with leading zeroes */
-			rng->get_bytes(rng, 1, serial.ptr);
+			error = "failed to generate serial number";
+			rng->destroy(rng);
+			goto end;
 		}
 		rng->destroy(rng);
 	}
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 6813c98f75..e98f90f4e5 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -298,11 +298,11 @@ static int self()
 			error = "no random number generator found";
 			goto end;
 		}
-		rng->allocate_bytes(rng, 8, &serial);
-		while (*serial.ptr == 0x00)
+		if (!rng_allocate_bytes_not_zero(rng, 8, &serial, FALSE))
 		{
-			/* we don't accept a serial number with leading zeroes */
-			rng->get_bytes(rng, 1, serial.ptr);
+			error = "failed to generate serial number";
+			rng->destroy(rng);
+			goto end;
 		}
 		rng->destroy(rng);
 	}