From fa457604779ff38b511fdfdae3c6a78664281c22 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Oct 2014 13:02:04 +0000
Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.

ok deraadt@
---
 src/lib/libcrypto/bn/bn.h      | 17 ++++++-----------
 src/lib/libcrypto/bn/bn_rand.c | 15 ++++-----------
 2 files changed, 10 insertions(+), 22 deletions(-)

(limited to 'src/lib/libcrypto/bn')

diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 155adf4fe0..10414dc339 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn.h,v 1.24 2014/06/27 06:07:35 deraadt Exp $ */
+/* $OpenBSD: bn.h,v 1.25 2014/10/22 13:02:04 jsing Exp $ */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,9 +125,11 @@
 #ifndef HEADER_BN_H
 #define HEADER_BN_H
 
+#include <stdio.h>
+#include <stdlib.h>
+
 #include <openssl/opensslconf.h>
 
-#include <stdio.h> /* FILE */
 #include <openssl/ossl_typ.h>
 #include <openssl/crypto.h>
 
@@ -673,11 +675,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
 #include <assert.h>
 
 #ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf, int num);
-#define BN_DEBUG_TRIX
-#endif
 #define bn_pollute(a) \
 	do { \
 		const BIGNUM *_bnum1 = (a); \
@@ -688,17 +685,15 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
 			 * wouldn't be constructed with top!=dmax. */ \
 			BN_ULONG *_not_const; \
 			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-			RAND_pseudo_bytes(&_tmp_char, 1); \
+			arc4random_buf(&_tmp_char, 1); \
 			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
 				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
 		} \
 	} while(0)
-#ifdef BN_DEBUG_TRIX
-#undef RAND_pseudo_bytes
-#endif
 #else
 #define bn_pollute(a)
 #endif
+
 #define bn_check_top(a) \
 	do { \
 		const BIGNUM *_bnum2 = (a); \
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index acb17882ef..334c65dd57 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_rand.c,v 1.15 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: bn_rand.c,v 1.16 2014/10/22 13:02:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -110,10 +110,10 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <time.h>
 
 #include <openssl/err.h>
-#include <openssl/rand.h>
 
 #include "bn_lcl.h"
 
@@ -139,14 +139,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 	}
 
 	/* make a random number and set the top and bottom bits */
-
-	if (pseudorand) {
-		if (RAND_pseudo_bytes(buf, bytes) == -1)
-			goto err;
-	} else {
-		if (RAND_bytes(buf, bytes) <= 0)
-			goto err;
-	}
+	arc4random_buf(buf, bytes);
 
 #if 1
 	if (pseudorand == 2) {
@@ -156,7 +149,7 @@ bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 		unsigned char c;
 
 		for (i = 0; i < bytes; i++) {
-			RAND_pseudo_bytes(&c, 1);
+			arc4random_buf(&c, 1);
 			if (c >= 128 && i > 0)
 				buf[i] = buf[i - 1];
 			else if (c < 42)
-- 
cgit v1.2.3-55-g6feb