From 856c1c0a86af7ea7305e898bb2c2d625a9475e6b Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Wed, 1 Sep 2010 21:00:07 -0700 Subject: [PATCH] accept >= 0 and valid return codes from RAND_bytes due to broken engine from the isc bind implementation, reported by Sam Liddicott --- lib/krb5/crypto.c | 2 +- lib/krb5/generate_seq_number.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 4674af976..9d5368049 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -3991,7 +3991,7 @@ krb5_generate_random_block(void *buf, size_t len) rng_initialized = 1; } HEIMDAL_MUTEX_unlock(&crypto_mutex); - if (RAND_bytes(buf, len) != 1) + if (RAND_bytes(buf, len) <= 0) krb5_abortx(NULL, "Failed to generate random block"); } diff --git a/lib/krb5/generate_seq_number.c b/lib/krb5/generate_seq_number.c index 575f842d8..6001d6926 100644 --- a/lib/krb5/generate_seq_number.c +++ b/lib/krb5/generate_seq_number.c @@ -38,7 +38,7 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, uint32_t *seqno) { - if (RAND_bytes((void *)seqno, sizeof(*seqno)) != 1) + if (RAND_bytes((void *)seqno, sizeof(*seqno)) <= 0) krb5_abortx(context, "Failed to generate random block"); /* MIT used signed numbers, lets not stomp into that space directly */ *seqno &= 0x3fffffff;