Commit 266483d2 authored by Matt Caswell's avatar Matt Caswell
Browse files

RAND_bytes updates 



Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 8817e2e0

apps/enc.c

+1 −1
Original line number Diff line number Diff line
@@ -505,7 +505,7 @@ int MAIN(int argc, char **argv) 
                            BIO_printf(bio_err, "invalid hex salt value\n");

                            goto end;

                        }

                    } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)

                    } else if (RAND_bytes(salt, sizeof salt) <= 0)

                        goto end;

                    /*

                     * If -P option then don't bother writing

apps/passwd.c

+2 −2
Original line number Diff line number Diff line
@@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 
                if (*salt_malloc_p == NULL)

                    goto err;

            }

            if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)

            if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)

                goto err;

            (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */

            (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, 
                if (*salt_malloc_p == NULL)

                    goto err;

            }

            if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)

            if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)

                goto err;



            for (i = 0; i < 8; i++)

apps/s_cb.c

+1 −1
Original line number Diff line number Diff line
@@ -949,7 +949,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, 


    /* Initialize a random secret */

    if (!cookie_initialized) {

        if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {

        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {

            BIO_printf(bio_err, "error setting random cookie secret\n");

            return 0;

        }

apps/s_server.c

+2 −1
Original line number Diff line number Diff line
@@ -3199,7 +3199,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, 
{

    unsigned int count = 0;

    do {

        RAND_pseudo_bytes(id, *id_len);

        if (RAND_bytes(id, *id_len) <= 0)

            return 0;

        /*

         * Prefix the session_id with the required prefix. NB: If our prefix

         * is too long, clip it - but there will be worse effects anyway, eg.

apps/speed.c

+2 −2
Original line number Diff line number Diff line
@@ -1967,7 +1967,7 @@ int MAIN(int argc, char **argv) 
    }

#ifndef OPENSSL_SYS_WIN32

#endif

    RAND_pseudo_bytes(buf, 36);

    RAND_bytes(buf, 36);

#ifndef OPENSSL_NO_RSA

    for (j = 0; j < RSA_NUM; j++) {

        int ret;
@@ -2039,7 +2039,7 @@ int MAIN(int argc, char **argv) 
    }

#endif



    RAND_pseudo_bytes(buf, 20);

    RAND_bytes(buf, 20);

#ifndef OPENSSL_NO_DSA

    if (RAND_status() != 1) {

        RAND_seed(rnd_seed, sizeof rnd_seed);