From fa457604779ff38b511fdfdae3c6a78664281c22 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Oct 2014 13:02:04 +0000
Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.

ok deraadt@
---
 src/lib/libcrypto/des/enc_writ.c | 7 +++----
 src/lib/libcrypto/des/rand_key.c | 8 ++++----
 2 files changed, 7 insertions(+), 8 deletions(-)

(limited to 'src/lib/libcrypto/des')

diff --git a/src/lib/libcrypto/des/enc_writ.c b/src/lib/libcrypto/des/enc_writ.c
index a7049ff44e..0130c2c6d9 100644
--- a/src/lib/libcrypto/des/enc_writ.c
+++ b/src/lib/libcrypto/des/enc_writ.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: enc_writ.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: enc_writ.c,v 1.13 2014/10/22 13:02:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,12 +58,11 @@
 
 #include <errno.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <time.h>
 
 #include <openssl/opensslconf.h>
 
-#include <openssl/rand.h>
-
 #include "des_locl.h"
 
 /*
@@ -136,7 +135,7 @@ int DES_enc_write(int fd, const void *_buf, int len,
 		{
 		cp=shortbuf;
 		memcpy(shortbuf,buf,len);
-		RAND_pseudo_bytes(shortbuf+len, 8-len);
+		arc4random_buf(shortbuf+len, 8-len);
 		rnum=8;
 		}
 	else
diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c
index 727d36f488..7abb811df4 100644
--- a/src/lib/libcrypto/des/rand_key.c
+++ b/src/lib/libcrypto/des/rand_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand_key.c,v 1.7 2014/07/22 18:09:20 miod Exp $ */
+/* $OpenBSD: rand_key.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
@@ -53,15 +53,15 @@
  *
  */
 
+#include <stdlib.h>
+
 #include <openssl/des.h>
-#include <openssl/rand.h>
 
 int
 DES_random_key(DES_cblock *ret)
 {
 	do {
-		if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
-			return (0);
+		arc4random_buf(ret, sizeof(DES_cblock));
 		DES_set_odd_parity(ret);
 	} while (DES_is_weak_key(ret));
 	return (1);
-- 
cgit v1.2.3-55-g6feb