diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-26 11:57:37 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-25 12:38:07 +0000 |
commit | 266483d2f56b0764849797f31866bfd84f9c3aa8 (patch) | |
tree | 42323d0c8b8cea8da4aff3dfdd4bc2251e34a0db /apps | |
parent | 8817e2e0c998757d3bd036d7f45fe8d0a49fbe2d (diff) | |
download | openssl-266483d2f56b0764849797f31866bfd84f9c3aa8.tar.gz |
RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/enc.c | 2 | ||||
-rw-r--r-- | apps/passwd.c | 4 | ||||
-rw-r--r-- | apps/s_cb.c | 2 | ||||
-rw-r--r-- | apps/s_server.c | 3 | ||||
-rw-r--r-- | apps/speed.c | 4 |
5 files changed, 8 insertions, 7 deletions
diff --git a/apps/enc.c b/apps/enc.c index 3bf4a6eb04..1739b7ec23 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -505,7 +505,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0) + } else if (RAND_bytes(salt, sizeof salt) <= 0) goto end; /* * If -P option then don't bother writing diff --git a/apps/passwd.c b/apps/passwd.c index 5ff53b5743..798a6d5936 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (*salt_malloc_p == NULL) goto err; } - if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0) + if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0) goto err; (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */ @@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (*salt_malloc_p == NULL) goto err; } - if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0) + if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0) goto err; for (i = 0; i < 8; i++) diff --git a/apps/s_cb.c b/apps/s_cb.c index 8bc4b81710..ea7d35c700 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -949,7 +949,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, /* Initialize a random secret */ if (!cookie_initialized) { - if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { + if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { BIO_printf(bio_err, "error setting random cookie secret\n"); return 0; } diff --git a/apps/s_server.c b/apps/s_server.c index 97aa23da19..c3884d26ab 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -3199,7 +3199,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, { unsigned int count = 0; do { - RAND_pseudo_bytes(id, *id_len); + if (RAND_bytes(id, *id_len) <= 0) + return 0; /* * Prefix the session_id with the required prefix. NB: If our prefix * is too long, clip it - but there will be worse effects anyway, eg. diff --git a/apps/speed.c b/apps/speed.c index b023f2877f..d2034a4898 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1967,7 +1967,7 @@ int MAIN(int argc, char **argv) } #ifndef OPENSSL_SYS_WIN32 #endif - RAND_pseudo_bytes(buf, 36); + RAND_bytes(buf, 36); #ifndef OPENSSL_NO_RSA for (j = 0; j < RSA_NUM; j++) { int ret; @@ -2039,7 +2039,7 @@ int MAIN(int argc, char **argv) } #endif - RAND_pseudo_bytes(buf, 20); + RAND_bytes(buf, 20); #ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); |