From 73a7816209b98b60e458e2975460de46215d27cf Mon Sep 17 00:00:00 2001
From: miod <>
Date: Sun, 9 Nov 2014 19:24:30 +0000
Subject: Replace RAND_bytes() usage with arc4random_buf().

---
 src/lib/libcrypto/gost/gost.h              | 3 +--
 src/lib/libcrypto/gost/gost_err.c          | 1 -
 src/lib/libcrypto/gost/gostr341001_pmeth.c | 9 ++-------
 3 files changed, 3 insertions(+), 10 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/gost/gost.h b/src/lib/libcrypto/gost/gost.h
index 5296e7b9c2..516c1b41fc 100644
--- a/src/lib/libcrypto/gost/gost.h
+++ b/src/lib/libcrypto/gost/gost.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: gost.h,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/* $OpenBSD: gost.h,v 1.2 2014/11/09 19:24:30 miod Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -251,7 +251,6 @@ void ERR_load_GOST_strings(void);
 #define GOST_R_NO_PEER_KEY				 116
 #define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR	 117
 #define GOST_R_PUBLIC_KEY_UNDEFINED			 118
-#define GOST_R_RANDOM_GENERATOR_FAILURE			 119
 #define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED		 120
 #define GOST_R_SIGNATURE_MISMATCH			 121
 #define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q		 122
diff --git a/src/lib/libcrypto/gost/gost_err.c b/src/lib/libcrypto/gost/gost_err.c
index a52fe4cd5a..b4e061f985 100644
--- a/src/lib/libcrypto/gost/gost_err.c
+++ b/src/lib/libcrypto/gost/gost_err.c
@@ -120,7 +120,6 @@ static ERR_STRING_DATA GOST_str_reasons[]=
 {ERR_REASON(GOST_R_NO_PEER_KEY)          ,"no peer key"},
 {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"},
 {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"},
-{ERR_REASON(GOST_R_RANDOM_GENERATOR_FAILURE),"random generator failure"},
 {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"},
 {ERR_REASON(GOST_R_SIGNATURE_MISMATCH)   ,"signature mismatch"},
 {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"},
diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c
index 0f82e88a9d..910c0b9c45 100644
--- a/src/lib/libcrypto/gost/gostr341001_pmeth.c
+++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_pmeth.c,v 1.1 2014/11/09 19:17:13 miod Exp $ */
+/* $OpenBSD: gostr341001_pmeth.c,v 1.2 2014/11/09 19:24:30 miod Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -60,7 +60,6 @@
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/x509.h>
-#include <openssl/rand.h> /* for RAND_bytes */
 
 #include "evp_locl.h"
 #include "gost_locl.h"
@@ -454,11 +453,7 @@ int pkey_gost01_encrypt(EVP_PKEY_CTX * pctx, unsigned char *out,
 	if (data->shared_ukm) {
 		memcpy(ukm, data->shared_ukm, 8);
 	} else if (out) {
-		if (RAND_bytes(ukm, 8) <= 0) {
-			GOSTerr(GOST_F_PKEY_GOST01_ENCRYPT,
-				GOST_R_RANDOM_GENERATOR_FAILURE);
-			return 0;
-		}
+		arc4random_buf(ukm, 8);
 	}
 	/* Check for private key in the peer_key of context */
 	if (sec_key) {
-- 
cgit v1.2.3-55-g6feb