Check error returns.

ssl/s23_clnt.c

@@ -235,7 +235,8 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
 		p=s->s3->client_random;
-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
+		if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0)
+		    return -1;
 
 		/* Do the message type and length last */
 		d= &(buf[2]);
@@ -296,7 +297,9 @@ static int ssl23_client_hello(SSL *s)
 			i=ch_len;
 		s2n(i,d);
 		memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-		RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+		if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
+			return -1;
+
 		memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 		p+=i;
 

ssl/s2_clnt.c

@@ -612,7 +612,8 @@ static int client_hello(SSL *s)
 		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
 		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */
 		/*challenge id data*/
-		RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+		if(RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
+			return -1;
 		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		d+=SSL2_CHALLENGE_LENGTH;
 
@@ -660,7 +661,9 @@ static int client_master_key(SSL *s)
 			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
 			return -1;
 			}
-		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
+		if (i > 0)
+			if(RAND_pseudo_bytes(sess->key_arg,i) <= 0)
+				return -1;
 
 		/* make a master key */
 		i=EVP_CIPHER_key_length(c);

ssl/s2_srvr.c

@@ -498,7 +498,8 @@ static int get_client_master_key(SSL *s)
 			i=ek;
 		else
 			i=EVP_CIPHER_key_length(c);
-		RAND_pseudo_bytes(p,i);
+		if(RAND_pseudo_bytes(p,i) <= 0)
+		    return 0;
 		}
 #else
 	if (i < 0)
@@ -804,7 +805,8 @@ static int server_hello(SSL *s)
 		/* make and send conn_id */
 		s2n(SSL2_CONNECTION_ID_LENGTH,p);	/* add conn_id length */
 		s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
-		RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+		if(RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
+		    return -1;
 		memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
 		d+=SSL2_CONNECTION_ID_LENGTH;
 
@@ -949,7 +951,8 @@ static int request_certificate(SSL *s)
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
 		*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-		RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+		if(RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
+			return -1;
 		memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
 		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;

ssl/s3_clnt.c

@@ -535,7 +535,8 @@ static int ssl3_client_hello(SSL *s)
 		p=s->s3->client_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)) <= 0)
+		    goto err;
 
 		/* Do the message type and length last */
 		d=p= &(buf[4]);

ssl/s3_srvr.c

@@ -956,7 +956,8 @@ static int ssl3_send_server_hello(SSL *s)
 		p=s->s3->server_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)) <= 0)
+			return -1;
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
@@ -1500,7 +1501,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
 			i = SSL_MAX_MASTER_KEY_LENGTH;
 			p[0] = s->client_version >> 8;
 			p[1] = s->client_version & 0xff;
-			RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
+			if(RAND_pseudo_bytes(p+2, i-2) <= 0)  /* should be RAND_bytes, but we cannot work around a failure */
+				goto err;
 			}
 	
 		s->session->master_key_length=

ssl/ssl_sess.c

@@ -141,7 +141,8 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
 {
 	unsigned int retry = 0;
 	do
-		RAND_pseudo_bytes(id, *id_len);
+		if(RAND_pseudo_bytes(id, *id_len) <= 0)
+			return 0;
 	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
 		(++retry < MAX_SESS_ID_ATTEMPTS));
 	if(retry < MAX_SESS_ID_ATTEMPTS)