RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>

2 files changed, 4 insertions, 3 deletions

diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index ba22f3a125..a24ae7fdc9 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -168,7 +168,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
                          * wouldn't be constructed with top!=dmax. */ \
                         BN_ULONG *_not_const; \
                         memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-                        RAND_pseudo_bytes(&_tmp_char, 1); \
+                        RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
                         memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
                                 (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
                 } \
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 9488454c12..be58a5ab2f 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -142,7 +142,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
     RAND_add(&tim, sizeof(tim), 0.0);
 
     if (pseudorand) {
-        if (RAND_pseudo_bytes(buf, bytes) == -1)
+        if (RAND_bytes(buf, bytes) <= 0)
             goto err;
     } else {
         if (RAND_bytes(buf, bytes) <= 0)
@@ -157,7 +157,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
         unsigned char c;
 
         for (i = 0; i < bytes; i++) {
-            RAND_pseudo_bytes(&c, 1);
+            if (RAND_bytes(&c, 1) <= 0)
+                goto err;
             if (c >= 128 && i > 0)
                 buf[i] = buf[i - 1];
             else if (c < 42)