From fa457604779ff38b511fdfdae3c6a78664281c22 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Oct 2014 13:02:04 +0000
Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.

ok deraadt@
---
 src/lib/libcrypto/evp/e_aes.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'src/lib/libcrypto/evp/e_aes.c')

diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index f96a15f19c..bb3b420a3b 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes.c,v 1.25 2014/07/12 19:31:03 miod Exp $ */
+/* $OpenBSD: e_aes.c,v 1.26 2014/10/22 13:02:04 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -50,6 +50,7 @@
  */
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/opensslconf.h>
@@ -58,7 +59,6 @@
 #include <openssl/aes.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 
 #include "evp_locl.h"
 #include "modes_lcl.h"
@@ -769,9 +769,8 @@ aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 			return 0;
 		if (arg)
 			memcpy(gctx->iv, ptr, arg);
-		if (c->encrypt &&
-		    RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
-			return 0;
+		if (c->encrypt)
+			arc4random_buf(gctx->iv + arg, gctx->ivlen - arg);
 		gctx->iv_gen = 1;
 		return 1;
 
-- 
cgit v1.2.3-55-g6feb