summaryrefslogtreecommitdiffstats
path: root/crypto/bio
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2016-04-25 17:06:56 +0100
committerMatt Caswell <matt@openssl.org>2016-06-27 15:00:08 +0100
commitad64a69e02f7dda422d0f4f53dce7b1278715380 (patch)
tree5c76fd6da6b731a05cbd8559db71e8c821b44f36 /crypto/bio
parentf3dbce6634dee43dcb0243544db05e101104fe6b (diff)
Change usage of RAND_pseudo_bytes to RAND_bytes
RAND_pseudo_bytes() allows random data to be returned even in low entropy conditions. Sometimes this is ok. Many times it is not. For the avoidance of any doubt, replace existing usage of RAND_pseudo_bytes() with RAND_bytes(). Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/bio')
-rw-r--r--crypto/bio/bf_nbio.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index a04f32a008..4842bb4c82 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -139,7 +139,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b);
#if 1
- if (RAND_pseudo_bytes(&n, 1) < 0)
+ if (RAND_bytes(&n, 1) <= 0)
return -1;
num = (n & 0x07);
@@ -179,7 +179,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn;
nt->lwn = 0;
} else {
- if (RAND_pseudo_bytes(&n, 1) < 0)
+ if (RAND_bytes(&n, 1) <= 0)
return -1;
num = (n & 7);
}