From fa457604779ff38b511fdfdae3c6a78664281c22 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Oct 2014 13:02:04 +0000
Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.

ok deraadt@
---
 src/lib/libcrypto/rsa/rsa_oaep.c |  7 +++----
 src/lib/libcrypto/rsa/rsa_pk1.c  | 13 +++++--------
 src/lib/libcrypto/rsa/rsa_pss.c  |  7 +++----
 src/lib/libcrypto/rsa/rsa_ssl.c  | 13 +++++--------
 4 files changed, 16 insertions(+), 24 deletions(-)

(limited to 'src/lib/libcrypto/rsa')

diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 9be0f9be31..8585d7c3aa 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.23 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.24 2014/10/22 13:02:04 jsing Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
 
@@ -19,6 +19,7 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/opensslconf.h>
@@ -28,7 +29,6 @@
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
 
@@ -65,8 +65,7 @@ RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
 	    emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
 	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
 	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, flen);
-	if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
-		return 0;
+	arc4random_buf(seed, SHA_DIGEST_LENGTH);
 
 	dbmask = malloc(emlen - SHA_DIGEST_LENGTH);
 	if (dbmask == NULL) {
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
index 4f82bf6768..6c3e7fb846 100644
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pk1.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_pk1.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -57,12 +57,12 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/rsa.h>
-#include <openssl/rand.h>
 
 int
 RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
@@ -167,13 +167,10 @@ RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
 	/* pad out with non-zero random data */
 	j = tlen - 3 - flen;
 
-	if (RAND_bytes(p, j) <= 0)
-		return 0;
+	arc4random_buf(p, j);
 	for (i = 0; i < j; i++) {
-		while (*p == '\0') {
-			if (RAND_bytes(p, 1) <= 0)
-				return 0;
-		}
+		while (*p == '\0')
+			arc4random_buf(p, 1);
 		p++;
 	}
 
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index f841b2f8a3..5e137a3090 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.10 2014/07/13 12:53:46 miod Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.11 2014/10/22 13:02:04 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -57,12 +57,12 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
 
@@ -243,8 +243,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 			    ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
-		if (RAND_bytes(salt, sLen) <= 0)
-			goto err;
+		arc4random_buf(salt, sLen);
 	}
 	maskedDBLen = emLen - hLen - 1;
 	H = EM + maskedDBLen;
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index a5fe5004b1..73262f29c1 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ssl.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: rsa_ssl.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/bn.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
 #include <openssl/rsa.h>
 
 int
@@ -85,13 +85,10 @@ RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
 	/* pad out with non-zero random data */
 	j = tlen - 3 - 8 - flen;
 
-	if (RAND_bytes(p, j) <= 0)
-		return 0;
+	arc4random_buf(p, j);
 	for (i = 0; i < j; i++) {
-		while (*p == '\0') {
-			if (RAND_bytes(p, 1) <= 0)
-				return 0;
-		}
+		while (*p == '\0')
+			arc4random_buf(p, 1);
 		p++;
 	}
 
-- 
cgit v1.2.3-55-g6feb