That's bad. The condition should remain, but the RAND_ call should be replaced with an abort(). I doubt crappy randomness is much of an issue for RSA blinding, but it's a dealbreaker for other crypto operations.
RAND_status() can never return 0 in the new OpenBSD code. All of the OpenSSL PRNG has been removed, and arc4random_buf() is used instead.
This means that this particular piece of code could NEVER be hit because there is never a time that RAND_status() is going to return 0! i.e. This is unreachable code.
On top of that RAND_add() is a no-op that won't do anything, since there is no way to add "seed" to the PRNG ...
This means that this particular piece of code could NEVER be hit because there is never a time that RAND_status() is going to return 0! i.e. This is unreachable code.
On top of that RAND_add() is a no-op that won't do anything, since there is no way to add "seed" to the PRNG ...
See this commit: http://freshbsd.org/commit/openbsd/58777eed1cff7c5b34cbc0262...