From 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Sun, 29 May 2016 14:11:44 -0400
Subject: [PATCH] Fix some RAND bugs

RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 CHANGES               |  5 +++++
 apps/rand.c           | 16 ++++++++++------
 crypto/rand/md_rand.c |  6 +++---
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index 541efc390c..c64d677582 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.2h and 1.1.0  [xx XXX 2016]
 
+  *) Windows RAND implementation was simplified to only get entropy by
+     calling CryptGenRandom(). Various other RAND-related tickets
+     were also closed.
+     [Joseph Wylie Yandle, Rich Salz]
+
   *) The stack and lhash API's were renamed to start with OPENSSL_SK_
      and OPENSSL_LH_, respectively.  The old names are available
      with API compatibility.  They new names are now completely documented.
diff --git a/apps/rand.c b/apps/rand.c
index 89a23a293a..d60f1ecf86 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -105,22 +105,26 @@ int rand_main(int argc, char **argv)
         r = RAND_bytes(buf, chunk);
         if (r <= 0)
             goto end;
-        if (format != FORMAT_TEXT) /* hex */
-            BIO_write(out, buf, chunk);
-        else {
+        if (format != FORMAT_TEXT) {
+            if (BIO_write(out, buf, chunk) != chunk)
+                goto end;
+        } else {
             for (i = 0; i < chunk; i++)
-                BIO_printf(out, "%02x", buf[i]);
+                if (BIO_printf(out, "%02x", buf[i]) != 2)
+                    goto end;
         }
         num -= chunk;
     }
     if (format == FORMAT_TEXT)
         BIO_puts(out, "\n");
-    (void)BIO_flush(out);
+    if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
+        goto end;
 
-    app_RAND_write_file(NULL);
     ret = 0;
 
  end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
     BIO_free_all(out);
     return (ret);
 }
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 4b874e3bed..137851f596 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -38,7 +38,7 @@
 /* #define PREDICT      1 */
 
 #define STATE_SIZE      1023
-static int state_num = 0, state_index = 0;
+static size_t state_num = 0, state_index = 0;
 static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
 static long md_count[2] = { 0, 0 };
@@ -268,8 +268,8 @@ static int rand_seed(const void *buf, int num)
 static int rand_bytes(unsigned char *buf, int num, int pseudo)
 {
     static volatile int stirred_pool = 0;
-    int i, j, k, st_num, st_idx;
-    int num_ceil;
+    int i, j, k;
+    size_t num_ceil, st_idx, st_num;
     int ok;
     long md_c[2];
     unsigned char local_md[MD_DIGEST_LENGTH];
-- 
2.25.1