From 8e1a02b0b1470213ac669256827ac9f393aaa8a7 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 11 Aug 2019 10:54:11 +0000 Subject: Use arc4random_buf() instead of RAND_bytes(). This also removes return checks since arc4random_buf() does not fail. --- src/lib/libcrypto/cms/cms_enc.c | 5 ++--- src/lib/libcrypto/cms/cms_ess.c | 5 ++--- src/lib/libcrypto/cms/cms_pwri.c | 10 ++++------ 3 files changed, 8 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c index 09a0d155b4..cce6e95b5e 100644 --- a/src/lib/libcrypto/cms/cms_enc.c +++ b/src/lib/libcrypto/cms/cms_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_enc.c,v 1.18 2019/08/11 10:50:23 jsing Exp $ */ +/* $OpenBSD: cms_enc.c,v 1.19 2019/08/11 10:54:11 jsing Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -119,8 +119,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_bytes(iv, ivlen) <= 0) - goto err; + arc4random_buf(iv, ivlen); piv = iv; } } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) { diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c index c460ba86e2..223612ca43 100644 --- a/src/lib/libcrypto/cms/cms_ess.c +++ b/src/lib/libcrypto/cms/cms_ess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_ess.c,v 1.18 2019/08/11 10:50:23 jsing Exp $ */ +/* $OpenBSD: cms_ess.c,v 1.19 2019/08/11 10:54:11 jsing Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -129,8 +129,7 @@ CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, else { if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) goto merr; - if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0) - goto err; + arc4random_buf(rr->signedContentIdentifier->data, 32); } sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free); diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c index 6120cee4c9..6423ddeaf9 100644 --- a/src/lib/libcrypto/cms/cms_pwri.c +++ b/src/lib/libcrypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.23 2019/08/11 10:50:23 jsing Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.24 2019/08/11 10:54:11 jsing Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -136,8 +136,7 @@ CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid, ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_bytes(iv, ivlen) <= 0) - goto err; + arc4random_buf(iv, ivlen); if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) { CMSerror(ERR_R_EVP_LIB); goto err; @@ -305,9 +304,8 @@ kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, out[3] = in[2] ^ 0xFF; memcpy(out + 4, in, inlen); /* Add random padding to end */ - if (olen > inlen + 4 && - RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0) - return 0; + if (olen > inlen + 4) + arc4random_buf(out + 4 + inlen, olen - 4 - inlen); /* Encrypt twice */ if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) -- cgit v1.2.3-55-g6feb