From fa457604779ff38b511fdfdae3c6a78664281c22 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Oct 2014 13:02:04 +0000
Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.

ok deraadt@
---
 src/lib/libcrypto/pkcs7/pk7_doit.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'src/lib/libcrypto/pkcs7')

diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 8f1e393635..d69aff8f41 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_doit.c,v 1.29 2014/07/25 06:05:32 doug Exp $ */
+/* $OpenBSD: pk7_doit.c,v 1.30 2014/10/22 13:02:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/err.h>
 #include <openssl/objects.h>
-#include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
@@ -324,8 +324,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 		ivlen = EVP_CIPHER_iv_length(evp_cipher);
 		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
 		if (ivlen > 0)
-			if (RAND_pseudo_bytes(iv, ivlen) <= 0)
-				goto err;
+			arc4random_buf(iv, ivlen);
 		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL,
 		    NULL, 1) <= 0)
 			goto err;
-- 
cgit v1.2.3-55-g6feb