diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-26 11:57:37 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-25 12:38:07 +0000 |
commit | 266483d2f56b0764849797f31866bfd84f9c3aa8 (patch) | |
tree | 42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto/cms/cms_pwri.c | |
parent | 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff) |
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/cms/cms_pwri.c')
-rw-r--r-- | crypto/cms/cms_pwri.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index dd5f636145..83a65d2f59 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -131,7 +131,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ivlen = EVP_CIPHER_CTX_iv_length(&ctx); if (ivlen > 0) { - if (RAND_pseudo_bytes(iv, ivlen) <= 0) + if (RAND_bytes(iv, ivlen) <= 0) goto err; if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); @@ -299,8 +299,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, out[3] = in[2] ^ 0xFF; memcpy(out + 4, in, inlen); /* Add random padding to end */ - if (olen > inlen + 4) - RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); + if (olen > inlen + 4 + && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0) + return 0; /* Encrypt twice */ if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) |