From 1a0c0b3596a31c65f9059708b31b74227206f992 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Mon, 5 Aug 2019 00:10:53 +1200 Subject: [PATCH] util/genrand: don't ignore errors in random number generation In this case it is probably better to crash out. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103 Signed-off-by: Douglas Bagnall --- lib/util/genrand.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/util/genrand.c b/lib/util/genrand.c index 18ffa0d95e6..99c725de0a7 100644 --- a/lib/util/genrand.c +++ b/lib/util/genrand.c @@ -34,7 +34,10 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len) { /* Random number generator for temporary keys. */ - gnutls_rnd(GNUTLS_RND_RANDOM, out, len); + int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len); + if (ret != 0) { + smb_panic("GnuTLS could not generate a random buffer"); + } } _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) @@ -48,7 +51,10 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) * the limit for a re-seed. For its re-seed it mixes mixes data obtained * from the OS random device with the previous key. */ - gnutls_rnd(GNUTLS_RND_KEY, out, len); + int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len); + if (ret != 0) { + smb_panic("GnuTLS could not generate a random buffer"); + } } _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) @@ -60,5 +66,8 @@ _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) * bytes (typically few megabytes), or after few hours of operation * without reaching the limit has passed. */ - gnutls_rnd(GNUTLS_RND_NONCE, out, len); + int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len); + if (ret != 0) { + smb_panic("GnuTLS could not generate a random buffer"); + } } -- 2.30.2