Provide better error message on failed RAND_bytes call

diff --git a/lib/isc/random.c b/lib/isc/random.c
index a9fca3f9e2b16ad6f81c23f35f52480131385a81..085081aa694702fdd8a4a464eaa74263a21705a6 100644 (file)
--- a/lib/isc/random.c
+++ b/lib/isc/random.c
@@ -36,6 +36,7 @@
 
 #ifdef OPENSSL
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #endif /* ifdef OPENSSL */
 
 #ifdef PKCS11CRYPTO
@@ -164,7 +165,9 @@ isc_random_buf(void *buf, size_t buflen)
 
 /* Use crypto library as fallback when no other CSPRNG is available */
 # if defined(OPENSSL)
-       RUNTIME_CHECK(RAND_bytes(buf, buflen) < 1);
+       if (RAND_bytes(buf, buflen) < 1) {
+               FATAL_ERROR(__FILE__, __LINE__, "FATAL: RAND_bytes(): %s\n", ERR_error_string(ERR_get_error(), NULL));
+       }
 # elif defined(PKCS11CRYPTO)
        RUNTIME_CHECK(pk11_rand_bytes(buf, buflen) == ISC_R_SUCCESS);
 # endif /* if defined(HAVE_ARC4RANDOM_BUF) */