diff options
-rw-r--r-- | crypto/bn/random.c | 7 | ||||
-rw-r--r-- | crypto/cipher/e_aes.c | 3 | ||||
-rw-r--r-- | crypto/dsa/dsa_impl.c | 4 | ||||
-rw-r--r-- | crypto/ecdsa/ecdsa_test.c | 2 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 2 | ||||
-rw-r--r-- | crypto/pkcs8/p5_pbe.c | 2 | ||||
-rw-r--r-- | crypto/pkcs8/p5_pbev2.c | 4 | ||||
-rw-r--r-- | crypto/rsa/padding.c | 8 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 4 | ||||
-rw-r--r-- | ssl/s3_pkt.c | 8 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 10 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 6 | ||||
-rw-r--r-- | ssl/ssl_sess.c | 4 | ||||
-rw-r--r-- | ssl/t1_enc.c | 2 |
14 files changed, 32 insertions, 34 deletions
diff --git a/crypto/bn/random.c b/crypto/bn/random.c index 924aad71..85fd4475 100644 --- a/crypto/bn/random.c +++ b/crypto/bn/random.c @@ -136,9 +136,10 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { goto err; } - /* make a random number and set the top and bottom bits */ - if (RAND_pseudo_bytes(buf, bytes) <= 0) + /* Make a random number and set the top and bottom bits. */ + if (!RAND_bytes(buf, bytes)) { goto err; + } if (top != -1) { if (top) { @@ -286,7 +287,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, for (attempt = 0;; attempt++) { for (done = 0; done < num_k_bytes;) { - if (RAND_pseudo_bytes(random_bytes, sizeof(random_bytes)) != 1) { + if (!RAND_bytes(random_bytes, sizeof(random_bytes))) { goto err; } SHA512_Init(&sha); diff --git a/crypto/cipher/e_aes.c b/crypto/cipher/e_aes.c index 64a0ee8a..e4d3b8a0 100644 --- a/crypto/cipher/e_aes.c +++ b/crypto/cipher/e_aes.c @@ -448,8 +448,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { if (arg) { memcpy(gctx->iv, ptr, arg); } - if (c->encrypt && - RAND_pseudo_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) { + if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) { return 0; } gctx->iv_gen = 1; diff --git a/crypto/dsa/dsa_impl.c b/crypto/dsa/dsa_impl.c index 27232bb8..d7463d50 100644 --- a/crypto/dsa/dsa_impl.c +++ b/crypto/dsa/dsa_impl.c @@ -530,7 +530,9 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, goto err; if (!seed_len) { - RAND_pseudo_bytes(seed, qsize); + if (!RAND_bytes(seed, qsize)) { + goto err; + } seed_is_random = 1; } else { seed_is_random = 0; diff --git a/crypto/ecdsa/ecdsa_test.c b/crypto/ecdsa/ecdsa_test.c index 127d76f9..d48f9c3d 100644 --- a/crypto/ecdsa/ecdsa_test.c +++ b/crypto/ecdsa/ecdsa_test.c @@ -77,7 +77,7 @@ int test_builtin(BIO *out) { int nid, ret = 0; /* fill digest values with some random data */ - if (!RAND_pseudo_bytes(digest, 20) || !RAND_pseudo_bytes(wrong_digest, 20)) { + if (!RAND_bytes(digest, 20) || !RAND_bytes(wrong_digest, 20)) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index e16256eb..08760081 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -340,7 +340,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, kstr=(unsigned char *)buf; } assert(iv_len <= (int)sizeof(iv)); - if (RAND_pseudo_bytes(iv,iv_len) < 0) /* Generate a salt */ + if (!RAND_bytes(iv, iv_len)) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ diff --git a/crypto/pkcs8/p5_pbe.c b/crypto/pkcs8/p5_pbe.c index 9cdff4c4..7b18b6f8 100644 --- a/crypto/pkcs8/p5_pbe.c +++ b/crypto/pkcs8/p5_pbe.c @@ -104,7 +104,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, sstr = ASN1_STRING_data(pbe->salt); if (salt) memcpy(sstr, salt, saltlen); - else if (RAND_pseudo_bytes(sstr, saltlen) < 0) + else if (!RAND_bytes(sstr, saltlen)) goto err; if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.c index 85170a44..1af2af22 100644 --- a/crypto/pkcs8/p5_pbev2.c +++ b/crypto/pkcs8/p5_pbev2.c @@ -141,7 +141,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, { if (aiv) memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) + else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher))) goto err; } @@ -243,7 +243,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, if (salt) memcpy (osalt->data, salt, saltlen); - else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) + else if (!RAND_bytes(osalt->data, saltlen)) goto merr; if(iter <= 0) diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c index 4d29b07e..70dafb2a 100644 --- a/crypto/rsa/padding.c +++ b/crypto/rsa/padding.c @@ -181,13 +181,13 @@ int RSA_padding_add_PKCS1_type_2(uint8_t *to, unsigned tlen, /* pad out with non-zero random data */ j = tlen - 3 - flen; - if (RAND_pseudo_bytes(p, j) <= 0) { + if (!RAND_bytes(p, j)) { return 0; } for (i = 0; i < j; i++) { while (*p == 0) { - if (RAND_pseudo_bytes(p, 1) <= 0) { + if (!RAND_bytes(p, 1)) { return 0; } } @@ -411,7 +411,7 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen, memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1); db[emlen - flen - mdlen - 1] = 0x01; memcpy(db + emlen - flen - mdlen, from, flen); - if (RAND_pseudo_bytes(seed, mdlen) <= 0) { + if (!RAND_bytes(seed, mdlen)) { return 0; } @@ -718,7 +718,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ERR_R_MALLOC_FAILURE); goto err; } - if (RAND_pseudo_bytes(salt, sLen) <= 0) { + if (!RAND_bytes(salt, sLen)) { goto err; } } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c2000843..c2f22916 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1826,8 +1826,8 @@ int ssl3_send_client_key_exchange(SSL *s) pms[0]=s->client_version>>8; pms[1]=s->client_version&0xff; - if (RAND_bytes(&pms[2],SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) - goto err; + if (!RAND_bytes(&pms[2], SSL_MAX_MASTER_KEY_LENGTH - 2)) + goto err; s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index e980cdc8..d675fe67 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -797,13 +797,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, wr->input=p; wr->data=p; - - if (eivlen) - { - /* if (RAND_pseudo_bytes(p, eivlen) <= 0) - goto err; */ - wr->length += eivlen; - } + wr->length += eivlen; if (s->enc_method->enc(s, 1) < 1) goto err; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c45cf713..170777b5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2057,8 +2057,8 @@ int ssl3_get_client_key_exchange(SSL *s) * the TLS RFC and generates a random premaster secret for the * case that the decrypt fails. See * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ - if (RAND_pseudo_bytes(rand_premaster_secret, - sizeof(rand_premaster_secret)) <= 0) + if (!RAND_bytes(rand_premaster_secret, + sizeof(rand_premaster_secret))) goto err; /* Allocate a buffer large enough for an RSA decryption. */ @@ -2737,9 +2737,9 @@ int ssl3_send_new_session_ticket(SSL *s) } else { - RAND_pseudo_bytes(iv, 16); - if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv) || - !HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL)) + if (!RAND_bytes(iv, 16) || + !EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv) || + !HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL)) { OPENSSL_free(session); EVP_CIPHER_CTX_cleanup(&ctx); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 47c91fcd..877b874e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1922,9 +1922,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_servername_callback = 0; ret->tlsext_servername_arg = NULL; /* Setup RFC4507 ticket keys */ - if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) - || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) + if (!RAND_bytes(ret->tlsext_tick_key_name, 16) || + !RAND_bytes(ret->tlsext_tick_hmac_key, 16) || + !RAND_bytes(ret->tlsext_tick_aes_key, 16)) ret->options |= SSL_OP_NO_TICKET; ret->tlsext_status_cb = 0; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index fd340d99..cbfdb9aa 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -237,8 +237,10 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, { unsigned int retry = 0; do - if (RAND_pseudo_bytes(id, *id_len) <= 0) + { + if (!RAND_bytes(id, *id_len)) return 0; + } while(SSL_has_matching_session_id(ssl, id, *id_len) && (++retry < MAX_SESS_ID_ATTEMPTS)); if(retry < MAX_SESS_ID_ATTEMPTS) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index f5a4b9f6..28405b70 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -895,7 +895,7 @@ int tls1_enc(SSL *s, int send) fprintf(stderr, "%s:%d: rec->data != rec->input\n", __FILE__, __LINE__); - else if (RAND_bytes(rec->input, ivlen) <= 0) + else if (!RAND_bytes(rec->input, ivlen)) return -1; } } |