Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2014-10-18 16:13:16 +0000
committer	jsing <>	2014-10-18 16:13:16 +0000
commit	e5f7da89ad91edc7b49a86c9e81df055d649d6da (patch)
tree	0ec0407532b236ff11b9134f214f8db715d84e63 /src/lib/libcrypto/dsa/dsa_ossl.c
parent	4c6f8c571ce55eaa0d8cf775bcc329734429e32d (diff)
download	openbsd-e5f7da89ad91edc7b49a86c9e81df055d649d6da.tar.gz openbsd-e5f7da89ad91edc7b49a86c9e81df055d649d6da.tar.bz2 openbsd-e5f7da89ad91edc7b49a86c9e81df055d649d6da.zip

Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_ossl.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: