From cbf7f953a49a98adfc4803340475ffeccefbe9fb Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Sat, 16 May 2026 15:27:14 +0200
Subject: lib: Free secure memory on process exit

There was a missing crypt_secure_malloc_fini() in the process
init/fini path.

Also fixes a 0 return from OpenSSL RAND_bytes() being interpreted as
succes instead of failure.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/lib/random.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/lib/random.c')

diff --git a/src/lib/random.c b/src/lib/random.c
index 96315132..2c9a6c0d 100644
--- a/src/lib/random.c
+++ b/src/lib/random.c
@@ -47,8 +47,9 @@ int random_buffer(void * buf,
         gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
         return 0;
 #elif defined(HAVE_OPENSSL_RNG)
-        if (len > 0 && len < INT_MAX)
-                return RAND_bytes((unsigned char *) buf, (int) len);
-        return -1;
+        if (len == 0 || len >= INT_MAX)
+                return -1;
+
+        return RAND_bytes((unsigned char *) buf, (int) len) == 1 ? 0 : -1;
 #endif
 }
-- 
cgit v1.2.3