From a2960bc2e14b4c5f7d8f78d2a69ebb537ca4afa8 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Oct 2014 13:02:04 +0000
Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.

ok deraadt@
---
 src/lib/libcrypto/ocsp/ocsp_ext.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/libcrypto/ocsp/ocsp_ext.c')

diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index c7b9d817ac..6318e1718b 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_ext.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: ocsp_ext.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -62,11 +62,11 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/objects.h>
 #include <openssl/ocsp.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -389,7 +389,7 @@ ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
 	if (val)
 		memcpy(tmpval, val, len);
 	else
-		RAND_pseudo_bytes(tmpval, len);
+		arc4random_buf(tmpval, len);
 	if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, &os, 0,
 	    X509V3_ADD_REPLACE))
 		goto err;
-- 
cgit v1.2.3-55-g6feb