Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.

It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).

ok beck@ deraadt@ miod@

1 files changed, 2 insertions, 3 deletions

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 7b0d67bf15..6f3ee26217 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.34 2014/08/07 20:02:23 miod Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.35 2014/10/18 16:13:16 jsing Exp $ */
 /* 
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -119,7 +119,6 @@
 #include "ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
-#include <openssl/rand.h>
 
 #include "pqueue.h"
 
@@ -1380,7 +1379,7 @@ do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
         /* ssl3_enc can only have an error on read */
         if (bs) /* bs != 0 in case of CBC */
         {
-                RAND_pseudo_bytes(p, bs);
+                arc4random_buf(p, bs);
                 /* master IV and last CBC residue stand for
                  * the rest of randomness */
                 wr->length += bs;