diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-26 12:57:37 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-25 13:38:07 +0100 |
commit | 266483d2f56b0764849797f31866bfd84f9c3aa8 (patch) | |
tree | 42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto/cms | |
parent | Fix return checks in GOST engine (diff) | |
download | openssl-266483d2f56b0764849797f31866bfd84f9c3aa8.tar.xz openssl-266483d2f56b0764849797f31866bfd84f9c3aa8.zip |
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_enc.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_ess.c | 3 | ||||
-rw-r--r-- | crypto/cms/cms_pwri.c | 7 |
3 files changed, 6 insertions, 6 deletions
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 85ae928a49..ffa85fc0dd 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_pseudo_bytes(iv, ivlen) <= 0) + if (RAND_bytes(iv, ivlen) <= 0) goto err; piv = iv; } diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 8631a2eb2b..8212560628 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -107,8 +107,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, else { if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) goto merr; - if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) - <= 0) + if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0) goto err; } diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index dd5f636145..83a65d2f59 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -131,7 +131,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ivlen = EVP_CIPHER_CTX_iv_length(&ctx); if (ivlen > 0) { - if (RAND_pseudo_bytes(iv, ivlen) <= 0) + if (RAND_bytes(iv, ivlen) <= 0) goto err; if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); @@ -299,8 +299,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, out[3] = in[2] ^ 0xFF; memcpy(out + 4, in, inlen); /* Add random padding to end */ - if (olen > inlen + 4) - RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); + if (olen > inlen + 4 + && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0) + return 0; /* Encrypt twice */ if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) |