From ea15d5dde359663775123fca5ac2fbe44dd52c88 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Mon, 5 Aug 2019 00:10:53 +1200
Subject: [PATCH] util/genrand: don't ignore errors in random number generation

In this case it is probably better to crash out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
 lib/util/genrand.c     | 27 ++++++++++++++++++++++++---
 lib/util/wscript_build |  2 +-
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index 18ffa0d95e6..352889a1cde 100644
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -20,6 +20,7 @@
 */
 
 #include "replace.h"
+#include "lib/util/fault.h"
 #include "lib/util/genrand.h"
 
 #include <gnutls/gnutls.h>
@@ -31,10 +32,24 @@
  * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
  */
 
+
+ _NORETURN_ static void genrand_panic(int err)
+{
+	char buf[200];
+	snprintf(buf, sizeof(buf),
+		 "GnuTLS could not generate a random buffer: %s [%d]\n",
+		 gnutls_strerror_name(err), err);
+	smb_panic(buf);
+}
+
+
 _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
 {
 	/* Random number generator for temporary keys. */
-	gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
+	int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
+	if (ret != 0) {
+		genrand_panic(ret);
+	}
 }
 
 _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
@@ -48,7 +63,10 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
 	 * the limit for a re-seed. For its re-seed it mixes mixes data obtained
 	 * from the OS random device with the previous key.
 	 */
-	gnutls_rnd(GNUTLS_RND_KEY, out, len);
+	int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len);
+	if (ret != 0) {
+		genrand_panic(ret);
+	}
 }
 
 _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
@@ -60,5 +78,8 @@ _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
 	 * bytes (typically few megabytes), or after few hours of operation
 	 * without reaching the limit has passed.
 	 */
-	gnutls_rnd(GNUTLS_RND_NONCE, out, len);
+	int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len);
+	if (ret != 0) {
+		genrand_panic(ret);
+	}
 }
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index e2194e68e3e..fbdc749512a 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -143,7 +143,7 @@ bld.SAMBA_LIBRARY('msghdr',
 
 bld.SAMBA_LIBRARY('genrand',
                   source='genrand.c',
-                  deps='replace gnutls',
+                  deps='replace gnutls smb-panic',
                   local_include=False,
                   private_library=True)
 
-- 
2.30.2