Consistently use RAND_bytes and check for failure.

RAND_pseudo_bytes just calls RAND_bytes now and only returns 0 or 1. Switch all callers within the library call the new one and use the simpler failure check. This fixes a few error checks that no longer work (< 0) and some missing ones. Change-Id: Id51c79deec80075949f73fa1fbd7b76aac5570c6 Reviewed-on: https://boringssl-review.googlesource.com/2621 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-12-16 15:48:10 +0300
committer: Adam Langley <agl@google.com> 2014-12-16 22:15:59 +0300
commit: a6d81018f8fd5647d88a49923633f29dd77c2365 (patch)
tree: a2182160a477558c1919642629a684046938c42b /crypto/bn/random.c
parent: 263eac02f5c27ad91c1514c93246b84980f73c97 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/bn/random.c b/crypto/bn/random.c
index 924aad71..85fd4475 100644
--- a/crypto/bn/random.c
+++ b/crypto/bn/random.c
@@ -136,9 +136,10 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
     goto err;
   }
 
-  /* make a random number and set the top and bottom bits */
-  if (RAND_pseudo_bytes(buf, bytes) <= 0)
+  /* Make a random number and set the top and bottom bits. */
+  if (!RAND_bytes(buf, bytes)) {
     goto err;
+  }
 
   if (top != -1) {
     if (top) {
@@ -286,7 +287,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
 
   for (attempt = 0;; attempt++) {
     for (done = 0; done < num_k_bytes;) {
-      if (RAND_pseudo_bytes(random_bytes, sizeof(random_bytes)) != 1) {
+      if (!RAND_bytes(random_bytes, sizeof(random_bytes))) {
         goto err;
       }
       SHA512_Init(&sha);
author	David Benjamin <davidben@chromium.org>	2014-12-16 15:48:10 +0300
committer	Adam Langley <agl@google.com>	2014-12-16 22:15:59 +0300
commit	a6d81018f8fd5647d88a49923633f29dd77c2365 (patch)
tree	a2182160a477558c1919642629a684046938c42b /crypto/bn/random.c
parent	263eac02f5c27ad91c1514c93246b84980f73c97 (diff)