lib: Free secure memory on process exit

There was a missing crypt_secure_malloc_fini() in the process
init/fini path.

Also fixes a 0 return from OpenSSL RAND_bytes() being interpreted as
succes instead of failure.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

2 files changed, 9 insertions, 4 deletions

diff --git a/src/lib/dev.c b/src/lib/dev.c
index 7e9b7329..6177e50b 100644
--- a/src/lib/dev.c
+++ b/src/lib/dev.c
@@ -873,7 +873,7 @@ static void init(int     argc,
 
         if (crypt_secure_malloc_init(PROC_SECMEM_MAX) < 0) {
                 fprintf(stderr, "FATAL: Could not init secure malloc.\n");
-                goto fail_timerwheel;
+                goto fail_secmem;
         }
 
 #if defined PROC_FLOW_STATS
@@ -889,7 +889,9 @@ static void init(int     argc,
 
 #if defined PROC_FLOW_STATS
  fail_rib_init:
+        crypt_secure_malloc_fini();
 #endif
+ fail_secmem:
         tw_fini();
  fail_timerwheel:
         ssm_flow_set_close(proc.fqset);
@@ -947,6 +949,8 @@ static void fini(void)
 #ifdef PROC_FLOW_STATS
         rib_fini();
 #endif
+        crypt_secure_malloc_fini();
+
         tw_fini();
 
         ssm_flow_set_close(proc.fqset);
diff --git a/src/lib/random.c b/src/lib/random.c
index 96315132..2c9a6c0d 100644
--- a/src/lib/random.c
+++ b/src/lib/random.c
@@ -47,8 +47,9 @@ int random_buffer(void * buf,
         gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
         return 0;
 #elif defined(HAVE_OPENSSL_RNG)
-        if (len > 0 && len < INT_MAX)
-                return RAND_bytes((unsigned char *) buf, (int) len);
-        return -1;
+        if (len == 0 || len >= INT_MAX)
+                return -1;
+
+        return RAND_bytes((unsigned char *) buf, (int) len) == 1 ? 0 : -1;
 #endif
 }