RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-02-26 11:57:37 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-25 12:38:07 +0000
commit: 266483d2f56b0764849797f31866bfd84f9c3aa8 (patch)
tree: 42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto/cms/cms_pwri.c
parent: 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index dd5f636145..83a65d2f59 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -131,7 +131,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
 
     if (ivlen > 0) {
-        if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+        if (RAND_bytes(iv, ivlen) <= 0)
             goto err;
         if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
             CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
@@ -299,8 +299,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
         out[3] = in[2] ^ 0xFF;
         memcpy(out + 4, in, inlen);
         /* Add random padding to end */
-        if (olen > inlen + 4)
-            RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
+        if (olen > inlen + 4
+            && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+            return 0;
         /* Encrypt twice */
         if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
             || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
author	Matt Caswell <matt@openssl.org>	2015-02-26 11:57:37 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-25 12:38:07 +0000
commit	266483d2f56b0764849797f31866bfd84f9c3aa8 (patch)
tree	42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto/cms/cms_pwri.c
parent	8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff)