Merge changes Icdc56a50,I63d5dc28,Ia7d0c5d8,I47406533

* changes:
  Handle RDRAND failures.
  dsa_pub_encode: Write out DSA parameters (p, q, g) in addition to key.
  Fix for CVE-2015-1789.
  Fixes for CVE-2015-1791.

1 files changed, 19 insertions, 11 deletions

diff --git a/src/crypto/rand/hwrand.c b/src/crypto/rand/hwrand.c
index 73d3de7..5f81f09 100644
--- a/src/crypto/rand/hwrand.c
+++ b/src/crypto/rand/hwrand.c
@@ -14,6 +14,7 @@
 
 #include <openssl/rand.h>
 
+#include <assert.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -26,21 +27,28 @@ int CRYPTO_have_hwrand(void) {
   return (OPENSSL_ia32cap_P[1] & (1u << 30)) != 0;
 }
 
-/* CRYPTO_rdrand is defined in asm/rdrand-x86_64.pl */
-extern uint64_t CRYPTO_rdrand(void);
+/* These functions are defined in asm/rdrand-x86_64.pl */
+extern int CRYPTO_rdrand(uint8_t out[8]);
+extern int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len);
 
-void CRYPTO_hwrand(uint8_t *buf, size_t len) {
-  while (len >= 8) {
-    uint64_t rand = CRYPTO_rdrand();
-    memcpy(buf, &rand, sizeof(rand));
-    len -= sizeof(rand);
-    buf += sizeof(rand);
+int CRYPTO_hwrand(uint8_t *buf, size_t len) {
+  const size_t len_multiple8 = len & ~7;
+  if (!CRYPTO_rdrand_multiple8_buf(buf, len_multiple8)) {
+    return 0;
   }
+  len -= len_multiple8;
+
+  if (len != 0) {
+    assert(len < 8);
 
-  if (len > 0) {
-    uint64_t rand = CRYPTO_rdrand();
-    memcpy(buf, &rand, len);
+    uint8_t rand_buf[8];
+    if (!CRYPTO_rdrand(rand_buf)) {
+      return 0;
+    }
+    memcpy(buf + len_multiple8, rand_buf, len);
   }
+
+  return 1;
 }
 
 #else