Actions
Bug #10053
closedOpenSSL: incorrect return value check of EGD functions
Description
https://www.openssl.org/docs/crypto/RAND_egd.html#RETURN_VALUE
diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c
index 270a4b7..a9188bc 100644
--- a/ext/openssl/ossl_rand.c
+++ b/ext/openssl/ossl_rand.c
@@ -135,7 +135,7 @@ ossl_rand_egd(VALUE self, VALUE filename)
{
SafeStringValue(filename);
- if(!RAND_egd(RSTRING_PTR(filename))) {
+ if (RAND_egd(RSTRING_PTR(filename)) == -1) {
ossl_raise(eRandomError, NULL);
}
return Qtrue;
@@ -153,7 +153,7 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
SafeStringValue(filename);
- if (!RAND_egd_bytes(RSTRING_PTR(filename), n)) {
+ if (RAND_egd_bytes(RSTRING_PTR(filename), n) == -1) {
ossl_raise(eRandomError, NULL);
}
return Qtrue;
Maybe an error message (e.g. "EGD connection failed or not enough data returned to fully seed the PRNG"
) should also be added.
Updated by PvpDJgHP (William Thomas NELSON) over 10 years ago
The Entropy Gathering Daemon was last updated twelve years ago.
Ruby should deprecate the use of egd functions and provide configuration options to use LibreSSL in place of OpenSSL, just like how the Editline Library can be used in place of GNU Readline.
Updated by hsbt (Hiroshi SHIBATA) over 10 years ago
- Status changed from Open to Assigned
- Assignee changed from 7150 to MartinBosslet (Martin Bosslet)
Updated by zzak (zzak _) almost 10 years ago
The first part sounds OK, I support deprecate of egd functions. The second part needs actionable tickets, and patches welcome.
Updated by zzak (zzak _) almost 10 years ago
- Assignee changed from MartinBosslet (Martin Bosslet) to 7150
Updated by Anonymous over 8 years ago
- Status changed from Assigned to Closed
Applied in changeset r55132.
openssl: fix incorrect return value check of RAND_* functions
- ext/openssl/ossl_rand.c (ossl_rand_egd, ossl_rand_egd_bytes):
RAND_egd{_bytes,}() return -1 on failure, not 0.
Patch by cremno phobia cremno@mail.ru
[ruby-core:63795] [Bug #10053]
(ossl_pseudo_bytes): Similar, RAND_pseudo_bytes() may return 0 or
-1 on failure.
Actions
Like0
Like0Like0Like0Like0Like0