From: Ondřej Surý <ondrej@sury.org>
Date: Tue, 22 May 2018 10:00:00 +0000 (+0200)
Subject: Provide better error message on failed RAND_bytes call
X-Git-Tag: v9.13.0~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88631dad8ffcf4e3a9428b8a0518b5e1a80e55d0;p=thirdparty%2Fbind9.git

Provide better error message on failed RAND_bytes call
---

diff --git a/lib/isc/random.c b/lib/isc/random.c
index a9fca3f9e2b..085081aa694 100644
--- a/lib/isc/random.c
+++ b/lib/isc/random.c
@@ -36,6 +36,7 @@
 
 #ifdef OPENSSL
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #endif /* ifdef OPENSSL */
 
 #ifdef PKCS11CRYPTO
@@ -164,7 +165,9 @@ isc_random_buf(void *buf, size_t buflen)
 
 /* Use crypto library as fallback when no other CSPRNG is available */
 # if defined(OPENSSL)
-	RUNTIME_CHECK(RAND_bytes(buf, buflen) < 1);
+	if (RAND_bytes(buf, buflen) < 1) {
+		FATAL_ERROR(__FILE__, __LINE__, "FATAL: RAND_bytes(): %s\n", ERR_error_string(ERR_get_error(), NULL));
+	}
 # elif defined(PKCS11CRYPTO)
 	RUNTIME_CHECK(pk11_rand_bytes(buf, buflen) == ISC_R_SUCCESS);
 # endif /* if defined(HAVE_ARC4RANDOM_BUF) */