Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.

It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).

ok beck@ deraadt@ miod@

1 files changed, 2 insertions, 4 deletions

diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 81683e5949..7967344e2a 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_clnt.c,v 1.32 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: s23_clnt.c,v 1.33 2014/10/18 16:13:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -112,7 +112,6 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 #include <openssl/buffer.h>
-#include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 
@@ -317,8 +316,7 @@ ssl23_client_hello(SSL *s)
 
         buf = (unsigned char *)s->init_buf->data;
         if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
-                p = s->s3->client_random;
-                RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE);
+                arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
 
                 if (version == TLS1_2_VERSION) {
                         version_major = TLS1_2_VERSION_MAJOR;