From ee34ac3d6125b7d1f41afa82c7e30f0a7205546c Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri, 10 May 2013 20:55:52 +0200
Subject: [PATCH] Add a few more checks and warnings in the crypto functions.

---
 src/openssl/crypto.c   |  6 ++++++
 src/openssl/digest.c   |  5 ++++-
 src/openssl/ecdsagen.c | 12 ++++++++----
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index ece7f059..6c5cbc88 100644
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -31,7 +31,13 @@ void crypto_init(void) {
 	ENGINE_load_builtin_engines();
 	ENGINE_register_all_complete();
 
+	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
+
+	if(!RAND_status()) {
+		fprintf(stderr, "Not enough entropy for the PRNG!\n");
+		abort();
+	}
 }
 
 void crypto_exit(void) {
diff --git a/src/openssl/digest.c b/src/openssl/digest.c
index 9699d37b..8d97e3bf 100644
--- a/src/openssl/digest.c
+++ b/src/openssl/digest.c
@@ -88,7 +88,10 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out
 	unsigned char tmpdata[len];
 
 	if(digest->key) {
-		HMAC(digest->digest, digest->key, digest->keylength, indata, inlen, tmpdata, NULL);
+		if(!HMAC(digest->digest, digest->key, digest->keylength, indata, inlen, tmpdata, NULL)) {
+			logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
 	} else {
 		EVP_MD_CTX ctx;
 
diff --git a/src/openssl/ecdsagen.c b/src/openssl/ecdsagen.c
index 35795f39..31e58470 100644
--- a/src/openssl/ecdsagen.c
+++ b/src/openssl/ecdsagen.c
@@ -51,16 +51,20 @@ ecdsa_t *ecdsa_generate(void) {
 
 bool ecdsa_write_pem_public_key(ecdsa_t *ecdsa, FILE *fp) {
 	BIO *out = BIO_new(BIO_s_file());
+	if(!out)
+		return false;
 	BIO_set_fp(out, fp, BIO_NOCLOSE);
-	PEM_write_bio_EC_PUBKEY(out, ecdsa);
+	bool result = PEM_write_bio_EC_PUBKEY(out, ecdsa);
 	BIO_free(out);
-	return true;
+	return result;
 }
 
 bool ecdsa_write_pem_private_key(ecdsa_t *ecdsa, FILE *fp) {
 	BIO *out = BIO_new(BIO_s_file());
+	if(!out)
+		return false;
 	BIO_set_fp(out, fp, BIO_NOCLOSE);
-	PEM_write_bio_ECPrivateKey(out, ecdsa, NULL, NULL, 0, NULL, NULL);
+	bool result = PEM_write_bio_ECPrivateKey(out, ecdsa, NULL, NULL, 0, NULL, NULL);
 	BIO_free(out);
-	return true;
+	return result;
 }
-- 
2.20.1