From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Jun 2012 14:10:46 +0000 (+0200)
Subject: Check rng return value when generating DH secret in gcrypt plugin
X-Git-Tag: 5.0.1~338
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f5291b1ce86cd86fb23136e713949aead9154b7;p=thirdparty%2Fstrongswan.git

Check rng return value when generating DH secret in gcrypt plugin
---

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index 6c4665da2d..0efd3ba16d 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -208,9 +208,8 @@ gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
 	}
 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
-	if (rng)
+	if (rng && rng->allocate_bytes(rng, exp_len, &random))
 	{	/* prefer external randomizer */
-		rng->allocate_bytes(rng, exp_len, &random);
 		rng->destroy(rng);
 		err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG,
 							random.ptr, random.len, NULL);
@@ -226,6 +225,7 @@ gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
 	}
 	else
 	{	/* fallback to gcrypt internal randomizer, shouldn't ever happen */
+		DESTROY_IF(rng);
 		this->xa = gcry_mpi_new(exp_len * 8);
 		gcry_mpi_randomize(this->xa, exp_len * 8, GCRY_STRONG_RANDOM);
 	}