3 files changed, 7 insertions, 4 deletions

diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index b097a4d57b..ffdde6cf79 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -491,7 +491,8 @@ static int sig_out(BIO *b)
      * FIXME: there's absolutely no guarantee this makes any sense at all,
      * particularly now EVP_MD_CTX has been restructured.
      */
-    RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+    if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
+        goto berr;
     memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
     longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
     ctx->buf_len += md->digest->md_size;
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 73d792304f..c720242af7 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -439,7 +439,8 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
     memcpy(out + inl + 8, sha1tmp, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     /* Generate random IV */
-    RAND_bytes(ctx->iv, 8);
+    if (RAND_bytes(ctx->iv, 8) <= 0)
+        return -1;
     memcpy(out, ctx->iv, 8);
     /* Encrypt everything after IV in place */
     des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index caabbf406f..ba9dfff215 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
         return 1;
     if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
         return 0;
-    if (EVP_CIPHER_CTX_iv_length(ctx))
-        RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx));
+    if (EVP_CIPHER_CTX_iv_length(ctx)
+        && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+        return 0;
 
     if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
         return 0;