From f61f62ea13470a00ae8be691d62abec97f94f0ee Mon Sep 17 00:00:00 2001
From: "Dr. Matthias St. Pierre" <Matthias.St.Pierre@ncp-e.com>
Date: Sat, 3 Feb 2018 22:33:19 +0100
Subject: [PATCH] Use RAND_DRBG_bytes() for RAND_bytes() and RAND_priv_bytes()

The functions RAND_bytes() and RAND_priv_bytes() are now both based
on a common implementation using RAND_DRBG_bytes() (if the default
OpenSSL rand method is active). This not only simplifies the code
but also has the advantage that additional input from a high precision
timer is added on every generate call if the timer is available.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5251)
---
 crypto/rand/drbg_lib.c | 16 +++-------------
 crypto/rand/rand_lib.c |  4 ++--
 2 files changed, 5 insertions(+), 15 deletions(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index c0c0b91cfd..4404e4f720 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -776,26 +776,16 @@ void rand_drbg_cleanup_int(void)
 /* Implements the default OpenSSL RAND_bytes() method */
 static int drbg_bytes(unsigned char *out, int count)
 {
-    int ret = 0;
-    size_t chunk;
+    int ret;
     RAND_DRBG *drbg = RAND_DRBG_get0_public();
 
     if (drbg == NULL)
         return 0;
 
     CRYPTO_THREAD_write_lock(drbg->lock);
-    for ( ; count > 0; count -= chunk, out += chunk) {
-        chunk = count;
-        if (chunk > drbg->max_request)
-            chunk = drbg->max_request;
-        ret = RAND_DRBG_generate(drbg, out, chunk, 0, NULL, 0);
-        if (!ret)
-            goto err;
-    }
-    ret = 1;
-
-err:
+    ret = RAND_DRBG_bytes(drbg, out, count);
     CRYPTO_THREAD_unlock(drbg->lock);
+
     return ret;
 }
 
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 20ac5839e6..e82a63e599 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -719,7 +719,7 @@ int RAND_priv_bytes(unsigned char *buf, int num)
 
     /* We have to lock the DRBG before generating bits from it. */
     CRYPTO_THREAD_write_lock(drbg->lock);
-    ret = RAND_DRBG_generate(drbg, buf, num, 0, NULL, 0);
+    ret = RAND_DRBG_bytes(drbg, buf, num);
     CRYPTO_THREAD_unlock(drbg->lock);
     return ret;
 }
-- 
2.34.1