diff options
| author | jsing <> | 2014-10-18 16:13:16 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-18 16:13:16 +0000 |
| commit | c7ab256a26b40c83b42c202488c01636a208c01c (patch) | |
| tree | 0ec0407532b236ff11b9134f214f8db715d84e63 /src/lib/libssl/d1_srvr.c | |
| parent | dd127b6b5a62ebd88f0cbb2e6d7d749d20363a16 (diff) | |
| download | openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.gz openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.bz2 openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.zip | |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 68441fa63a..a85715753c 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.39 2014/09/27 11:03:43 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.40 2014/10/18 16:13:16 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -116,7 +116,6 @@ | |||
| 116 | #include <stdio.h> | 116 | #include <stdio.h> |
| 117 | #include "ssl_locl.h" | 117 | #include "ssl_locl.h" |
| 118 | #include <openssl/buffer.h> | 118 | #include <openssl/buffer.h> |
| 119 | #include <openssl/rand.h> | ||
| 120 | #include <openssl/objects.h> | 119 | #include <openssl/objects.h> |
| 121 | #include <openssl/evp.h> | 120 | #include <openssl/evp.h> |
| 122 | #include <openssl/x509.h> | 121 | #include <openssl/x509.h> |
| @@ -902,8 +901,7 @@ dtls1_send_server_hello(SSL *s) | |||
| 902 | 901 | ||
| 903 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { | 902 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { |
| 904 | buf = (unsigned char *)s->init_buf->data; | 903 | buf = (unsigned char *)s->init_buf->data; |
| 905 | p = s->s3->server_random; | 904 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); |
| 906 | RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE); | ||
| 907 | 905 | ||
| 908 | /* Do the message type and length last */ | 906 | /* Do the message type and length last */ |
| 909 | d = p= &(buf[DTLS1_HM_HEADER_LENGTH]); | 907 | d = p= &(buf[DTLS1_HM_HEADER_LENGTH]); |
| @@ -1513,7 +1511,7 @@ dtls1_send_newsession_ticket(SSL *s) | |||
| 1513 | return -1; | 1511 | return -1; |
| 1514 | } | 1512 | } |
| 1515 | } else { | 1513 | } else { |
| 1516 | RAND_pseudo_bytes(iv, 16); | 1514 | arc4random_buf(iv, 16); |
| 1517 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | 1515 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, |
| 1518 | tctx->tlsext_tick_aes_key, iv); | 1516 | tctx->tlsext_tick_aes_key, iv); |
| 1519 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | 1517 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, |