diff options
| author | jsing <> | 2014-10-18 16:13:16 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-18 16:13:16 +0000 |
| commit | c7ab256a26b40c83b42c202488c01636a208c01c (patch) | |
| tree | 0ec0407532b236ff11b9134f214f8db715d84e63 /src/lib/libssl/s3_clnt.c | |
| parent | dd127b6b5a62ebd88f0cbb2e6d7d749d20363a16 (diff) | |
| download | openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.gz openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.bz2 openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.zip | |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 9aa599a1c6..179e9400d4 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.91 2014/09/27 11:01:05 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.92 2014/10/18 16:13:16 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -151,7 +151,6 @@ | |||
| 151 | #include <stdio.h> | 151 | #include <stdio.h> |
| 152 | #include "ssl_locl.h" | 152 | #include "ssl_locl.h" |
| 153 | #include <openssl/buffer.h> | 153 | #include <openssl/buffer.h> |
| 154 | #include <openssl/rand.h> | ||
| 155 | #include <openssl/objects.h> | 154 | #include <openssl/objects.h> |
| 156 | #include <openssl/evp.h> | 155 | #include <openssl/evp.h> |
| 157 | #include <openssl/md5.h> | 156 | #include <openssl/md5.h> |
| @@ -657,8 +656,7 @@ ssl3_client_hello(SSL *s) | |||
| 657 | } | 656 | } |
| 658 | /* else use the pre-loaded session */ | 657 | /* else use the pre-loaded session */ |
| 659 | 658 | ||
| 660 | p = s->s3->client_random; | 659 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); |
| 661 | RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE); | ||
| 662 | 660 | ||
| 663 | /* Do the message type and length last */ | 661 | /* Do the message type and length last */ |
| 664 | d = p = &buf[4]; | 662 | d = p = &buf[4]; |
| @@ -1990,8 +1988,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 1990 | 1988 | ||
| 1991 | tmp_buf[0] = s->client_version >> 8; | 1989 | tmp_buf[0] = s->client_version >> 8; |
| 1992 | tmp_buf[1] = s->client_version & 0xff; | 1990 | tmp_buf[1] = s->client_version & 0xff; |
| 1993 | if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) | 1991 | arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2); |
| 1994 | goto err; | ||
| 1995 | 1992 | ||
| 1996 | s->session->master_key_length = sizeof tmp_buf; | 1993 | s->session->master_key_length = sizeof tmp_buf; |
| 1997 | 1994 | ||
| @@ -2303,7 +2300,7 @@ ssl3_send_client_key_exchange(SSL *s) | |||
| 2303 | 2300 | ||
| 2304 | EVP_PKEY_encrypt_init(pkey_ctx); | 2301 | EVP_PKEY_encrypt_init(pkey_ctx); |
| 2305 | /* Generate session key. */ | 2302 | /* Generate session key. */ |
| 2306 | RAND_bytes(premaster_secret, 32); | 2303 | arc4random_buf(premaster_secret, 32); |
| 2307 | /* | 2304 | /* |
| 2308 | * If we have client certificate, use its secret | 2305 | * If we have client certificate, use its secret |
| 2309 | * as peer key. | 2306 | * as peer key. |