From 88631dad8ffcf4e3a9428b8a0518b5e1a80e55d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Tue, 22 May 2018 12:00:00 +0200
Subject: [PATCH] Provide better error message on failed RAND_bytes call

---
 lib/isc/random.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/isc/random.c b/lib/isc/random.c
index a9fca3f9e2..085081aa69 100644
--- a/lib/isc/random.c
+++ b/lib/isc/random.c
@@ -36,6 +36,7 @@
 
 #ifdef OPENSSL
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #endif /* ifdef OPENSSL */
 
 #ifdef PKCS11CRYPTO
@@ -164,7 +165,9 @@ isc_random_buf(void *buf, size_t buflen)
 
 /* Use crypto library as fallback when no other CSPRNG is available */
 # if defined(OPENSSL)
-	RUNTIME_CHECK(RAND_bytes(buf, buflen) < 1);
+	if (RAND_bytes(buf, buflen) < 1) {
+		FATAL_ERROR(__FILE__, __LINE__, "FATAL: RAND_bytes(): %s\n", ERR_error_string(ERR_get_error(), NULL));
+	}
 # elif defined(PKCS11CRYPTO)
 	RUNTIME_CHECK(pk11_rand_bytes(buf, buflen) == ISC_R_SUCCESS);
 # endif /* if defined(HAVE_ARC4RANDOM_BUF) */