From a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Oct 2014 13:02:04 +0000
Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.

ok deraadt@
---
 src/lib/libcrypto/cms/cms_enc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/lib/libcrypto/cms/cms_enc.c')

diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
index efe19a3131..f97e4d5f34 100644
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_enc.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: cms_enc.c,v 1.6 2014/10/22 13:02:04 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -51,11 +51,12 @@
  * ====================================================================
  */
 
+#include <stdlib.h>
+
 #include <openssl/asn1t.h>
 #include <openssl/cms.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
-#include <openssl/rand.h>
 #include <openssl/x509v3.h>
 
 #include "cms_lcl.h"
@@ -119,8 +120,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 		/* Generate a random IV if we need one */
 		ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 		if (ivlen > 0) {
-			if (RAND_pseudo_bytes(iv, ivlen) <= 0)
-				goto err;
+			arc4random_buf(iv, ivlen);
 			piv = iv;
 		}
 	} else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
-- 
cgit v1.2.3-55-g6feb