Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts.

diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index 64e90237cc1e2757a16769d58227f7d1bb0fb6fa..380c5283b136d8ed1265d90d82f930bb69ae5870 100644 (file)
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -129,7 +129,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
        }
        pbe->salt->length = saltlen;
        if (salt) memcpy (pbe->salt->data, salt, saltlen);
        }
        pbe->salt->length = saltlen;
        if (salt) memcpy (pbe->salt->data, salt, saltlen);

-       else if (RAND_bytes (pbe->salt->data, saltlen) <= 0)
+       else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) <= 0)

                return NULL;
 
        if (!(astype = ASN1_TYPE_new())) {
                return NULL;
 
        if (!(astype = ASN1_TYPE_new())) {

diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 4ce06a94ab9d72dcc551f08a0c20de2c5857c849..648983e7f808f12a3456d0226eaa76a61022fd32 100644 (file)
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -212,7 +212,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if (!(osalt->data = Malloc (saltlen))) goto merr;
        osalt->length = saltlen;
        if (salt) memcpy (osalt->data, salt, saltlen);
        if (!(osalt->data = Malloc (saltlen))) goto merr;
        osalt->length = saltlen;
        if (salt) memcpy (osalt->data, salt, saltlen);

-       else if (RAND_bytes (osalt->data, saltlen) <= 0) goto merr;
+       else if (RAND_pseudo_bytes (osalt->data, saltlen) <= 0) goto merr;

 
        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
 
        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 072211ba0fe30df189c7bbff65beb9f6457c1a0c..b19ad2c8184ab2cb4c915699072278cdca7a7b11 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -373,7 +373,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                        kstr=(unsigned char *)buf;
                        }
                RAND_add(data,i,0);/* put in the RSA key. */
                        kstr=(unsigned char *)buf;
                        }
                RAND_add(data,i,0);/* put in the RSA key. */

-               if (RAND_bytes(iv,8) <= 0)      /* Generate a salt */
+               if (RAND_pseudo_bytes(iv,8) <= 0)       /* Generate a salt */

                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */

diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index f1094b3840edcbc90dbac6daf615bfd950416f68..4e0a7cbed86a7188a469c7d35d98a6e3f32e9584 100644 (file)
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -157,7 +157,7 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
                return 0;
        }
        if (!salt) {
                return 0;
        }
        if (!salt) {

-               if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0)
+               if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) <= 0)

                        return 0;
        }
        else memcpy (p12->mac->salt->data, salt, saltlen);
                        return 0;
        }
        else memcpy (p12->mac->salt->data, salt, saltlen);