RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-02-26 11:57:37 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-25 12:38:07 +0000
commit: 266483d2f56b0764849797f31866bfd84f9c3aa8 (patch)
tree: 42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto/ocsp
parent: 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 4c6edb1f2c..b564259134 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -319,8 +319,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
     ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
     if (val)
         memcpy(tmpval, val, len);
-    else
-        RAND_pseudo_bytes(tmpval, len);
+    else if (RAND_bytes(tmpval, len) <= 0)
+        goto err;
     if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
                          &os, 0, X509V3_ADD_REPLACE))
         goto err;
author	Matt Caswell <matt@openssl.org>	2015-02-26 11:57:37 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-25 12:38:07 +0000
commit	266483d2f56b0764849797f31866bfd84f9c3aa8 (patch)
tree	42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /crypto/ocsp
parent	8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff)