From 815b90753f1dee48457029ec3bc7dbfc722f1d2f Mon Sep 17 00:00:00 2001
From: KongQun Yang <kqyang@google.com>
Date: Wed, 7 May 2014 17:34:11 -0700
Subject: [PATCH] Use OpenSSL RAND_bytes for random IV generation

base::RandBytes may not be cryptographically strong.

Bug: 13658504
Change-Id: Id5dcd4e512f05c2f06302654277f2fd11a53f2b7
---
 media/base/aes_encryptor.cc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/media/base/aes_encryptor.cc b/media/base/aes_encryptor.cc
index 32f1cda75e..86e0c54099 100644
--- a/media/base/aes_encryptor.cc
+++ b/media/base/aes_encryptor.cc
@@ -7,6 +7,8 @@
 #include "media/base/aes_encryptor.h"
 
 #include <openssl/aes.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
 
 #include "base/logging.h"
 #include "base/rand_util.h"
@@ -51,7 +53,11 @@ AesCtrEncryptor::~AesCtrEncryptor() {}
 bool AesCtrEncryptor::InitializeWithRandomIv(const std::vector<uint8>& key,
                                              uint8 iv_size) {
   std::vector<uint8> iv(iv_size, 0);
-  base::RandBytes(&iv[0], iv_size);
+  if (RAND_bytes(&iv[0], iv_size) != 1) {
+    LOG(ERROR) << "RAND_bytes failed with error: "
+               << ERR_error_string(ERR_get_error(), NULL);
+    return false;
+  }
   return InitializeWithIv(key, iv);
 }