summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_mutl.c
diff options
context:
space:
mode:
authorjsing <>2014-10-22 13:02:04 +0000
committerjsing <>2014-10-22 13:02:04 +0000
commita2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8 (patch)
tree32d920c77e1ecf12be5fad632b9ae71343194a7c /src/lib/libcrypto/pkcs12/p12_mutl.c
parent5a6d7fd5a10b0ad084948463b25822d91091b325 (diff)
downloadopenbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.tar.gz
openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.tar.bz2
openbsd-a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8.zip
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting that a number of the replaced function calls were already missing return value checks. ok deraadt@
Diffstat (limited to 'src/lib/libcrypto/pkcs12/p12_mutl.c')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index 453d30d65f..0c49bf96fd 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_mutl.c,v 1.17 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: p12_mutl.c,v 1.18 2014/10/22 13:02:04 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -57,6 +57,7 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <stdlib.h>
60#include <string.h> 61#include <string.h>
61 62
62#include <openssl/opensslconf.h> 63#include <openssl/opensslconf.h>
@@ -66,7 +67,6 @@
66#include <openssl/err.h> 67#include <openssl/err.h>
67#include <openssl/hmac.h> 68#include <openssl/hmac.h>
68#include <openssl/pkcs12.h> 69#include <openssl/pkcs12.h>
69#include <openssl/rand.h>
70 70
71/* Generate a MAC */ 71/* Generate a MAC */
72int 72int
@@ -193,10 +193,9 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
193 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); 193 PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
194 return 0; 194 return 0;
195 } 195 }
196 if (!salt) { 196 if (!salt)
197 if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0) 197 arc4random_buf(p12->mac->salt->data, saltlen);
198 return 0; 198 else
199 } else
200 memcpy (p12->mac->salt->data, salt, saltlen); 199 memcpy (p12->mac->salt->data, salt, saltlen);
201 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); 200 p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
202 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { 201 if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-16 10:24:26 +0000