|
@@ -1396,7 +1396,10 @@ int dtls1_process_heartbeat(SSL *s)
|
|
|
memcpy(bp, pl, payload);
|
|
|
bp += payload;
|
|
|
/* Random padding */
|
|
|
- RAND_pseudo_bytes(bp, padding);
|
|
|
+ if (RAND_bytes(bp, padding) <= 0) {
|
|
|
+ OPENSSL_free(buffer);
|
|
|
+ return -1;
|
|
|
+ }
|
|
|
|
|
|
r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
|
|
|
|
|
@@ -1430,7 +1433,7 @@ int dtls1_process_heartbeat(SSL *s)
|
|
|
int dtls1_heartbeat(SSL *s)
|
|
|
{
|
|
|
unsigned char *buf, *p;
|
|
|
- int ret;
|
|
|
+ int ret = -1;
|
|
|
unsigned int payload = 18; /* Sequence number + random bytes */
|
|
|
unsigned int padding = 16; /* Use minimum padding */
|
|
|
|
|
@@ -1482,10 +1485,16 @@ int dtls1_heartbeat(SSL *s)
|
|
|
/* Sequence number */
|
|
|
s2n(s->tlsext_hb_seq, p);
|
|
|
/* 16 random bytes */
|
|
|
- RAND_pseudo_bytes(p, 16);
|
|
|
+ if (RAND_bytes(p, 16) <= 0) {
|
|
|
+ SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
|
|
|
+ goto err;
|
|
|
+ }
|
|
|
p += 16;
|
|
|
/* Random padding */
|
|
|
- RAND_pseudo_bytes(p, padding);
|
|
|
+ if (RAND_bytes(p, padding) <= 0) {
|
|
|
+ SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
|
|
|
+ goto err;
|
|
|
+ }
|
|
|
|
|
|
ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
|
|
|
if (ret >= 0) {
|
|
@@ -1498,6 +1507,7 @@ int dtls1_heartbeat(SSL *s)
|
|
|
s->tlsext_hb_pending = 1;
|
|
|
}
|
|
|
|
|
|
+ err:
|
|
|
OPENSSL_free(buf);
|
|
|
|
|
|
return ret;
|