diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-22 13:02:05 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-22 13:02:05 +0000 |
| commit | 80fb32c087ebd4e7c3ef9467cca1392931be5034 (patch) | |
| tree | bc399a065fb5876e02859b77f4bb5d2d0fa7f0e6 /lib/libcrypto/rsa/rsa_pss.c | |
| parent | bcad82539542acc3528c59c25491ef55b8130f7a (diff) | |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
Diffstat (limited to 'lib/libcrypto/rsa/rsa_pss.c')
| -rw-r--r-- | lib/libcrypto/rsa/rsa_pss.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/lib/libcrypto/rsa/rsa_pss.c b/lib/libcrypto/rsa/rsa_pss.c index f841b2f8a31..5e137a30901 100644 --- a/lib/libcrypto/rsa/rsa_pss.c +++ b/lib/libcrypto/rsa/rsa_pss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pss.c,v 1.10 2014/07/13 12:53:46 miod Exp $ */ +/* $OpenBSD: rsa_pss.c,v 1.11 2014/10/22 13:02:04 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -57,12 +57,12 @@ */ #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <openssl/bn.h> #include <openssl/err.h> #include <openssl/evp.h> -#include <openssl/rand.h> #include <openssl/rsa.h> #include <openssl/sha.h> @@ -243,8 +243,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ERR_R_MALLOC_FAILURE); goto err; } - if (RAND_bytes(salt, sLen) <= 0) - goto err; + arc4random_buf(salt, sLen); } maskedDBLen = emLen - hLen - 1; H = EM + maskedDBLen; |