Make crypto_seed_rng() and crypto_rand() less scary.

These functions must really never fail; so have crypto_rand() assert that it's working okay, and have crypto_seed_rng() demand that callers check its return value. Also have crypto_seed_rng() check RAND_status() before returning.
author: Nick Mathewson <nickm@torproject.org> 2015-11-25 10:30:58 -0500
committer: Nick Mathewson <nickm@torproject.org> 2015-11-25 22:29:59 -0500
commit: dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2 (patch)
tree: 92ddba2410a8a80aad28734be47c78c460bbd6e6 /src/common/compat.h
parent: 232ccc18c40f0d0302b2e21b0f67885c548f8e63 (diff)
download: tor-dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2.tar.gz
tor-dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/common/compat.h b/src/common/compat.h
index c7c468c754..c3d6abd07c 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -118,6 +118,7 @@
 #define ATTR_CONST __attribute__((const))
 #define ATTR_MALLOC __attribute__((malloc))
 #define ATTR_NORETURN __attribute__((noreturn))
+#define ATTR_WUR __attribute__((warn_unused_result))
 /* Alas, nonnull is not at present a good idea for us.  We'd like to get
  * warnings when we pass NULL where we shouldn't (which nonnull does, albeit
  * spottily), but we don't want to tell the compiler to make optimizations
@@ -153,6 +154,7 @@
 #define ATTR_NORETURN
 #define ATTR_NONNULL(x)
 #define ATTR_UNUSED
+#define ATTR_WUR
 #define PREDICT_LIKELY(exp) (exp)
 #define PREDICT_UNLIKELY(exp) (exp)
 #endif
author	Nick Mathewson <nickm@torproject.org>	2015-11-25 10:30:58 -0500
committer	Nick Mathewson <nickm@torproject.org>	2015-11-25 22:29:59 -0500
commit	dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2 (patch)
tree	92ddba2410a8a80aad28734be47c78c460bbd6e6 /src/common/compat.h
parent	232ccc18c40f0d0302b2e21b0f67885c548f8e63 (diff)
download	tor-dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2.tar.gz tor-dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2.zip