summaryrefslogtreecommitdiff
path: root/lib/libcrypto/pem
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libcrypto/pem')
-rw-r--r--lib/libcrypto/pem/pem_lib.c7
-rw-r--r--lib/libcrypto/pem/pvkfmt.c7
2 files changed, 6 insertions, 8 deletions
diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index 26b1876f368..1ebae53e74f 100644
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.34 2014/07/23 20:43:56 miod Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.35 2014/10/22 13:02:04 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -58,6 +58,7 @@
#include <ctype.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
@@ -67,7 +68,6 @@
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
-#include <openssl/rand.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_DES
@@ -390,8 +390,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
kstr = (unsigned char *)buf;
}
OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
- if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
- goto err;
+ arc4random_buf(iv, enc->iv_len); /* Generate a salt */
/* The 'iv' is used as the iv and as a salt. It is
* NOT taken from the BytesToKey function */
if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1,
diff --git a/lib/libcrypto/pem/pvkfmt.c b/lib/libcrypto/pem/pvkfmt.c
index ca7e908c294..2009c9db801 100644
--- a/lib/libcrypto/pem/pvkfmt.c
+++ b/lib/libcrypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pvkfmt.c,v 1.11 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: pvkfmt.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
@@ -60,6 +60,7 @@
* and PRIVATEKEYBLOB).
*/
+#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
@@ -67,7 +68,6 @@
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pem.h>
-#include <openssl/rand.h>
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
#include <openssl/dsa.h>
@@ -869,8 +869,7 @@ i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
write_ledword(&p, pklen);
if (enclevel) {
- if (RAND_bytes(p, PVK_SALTLEN) <= 0)
- goto error;
+ arc4random_buf(p, PVK_SALTLEN);
salt = p;
p += PVK_SALTLEN;
}