Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@
author: jsing <> 2014-10-18 16:13:16 +0000
committer: jsing <> 2014-10-18 16:13:16 +0000
commit: c7ab256a26b40c83b42c202488c01636a208c01c (patch)
tree: 0ec0407532b236ff11b9134f214f8db715d84e63 /src/lib/libssl/s3_srvr.c
parent: dd127b6b5a62ebd88f0cbb2e6d7d749d20363a16 (diff)
download: openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.gz
openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.bz2
openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.zip
1 files changed, 4 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c4a8442a3e..719b4c56c1 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.86 2014/10/03 13:58:18 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -154,7 +154,6 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 #include <openssl/buffer.h>
-#include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
@@ -1106,11 +1105,7 @@ ssl3_get_client_hello(SSL *s)
         * server_random before calling tls_session_secret_cb in order to allow
         * SessionTicket processing to use it in key derivation.
         */
-        {
+        arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
-                unsigned char *pos;
-                pos = s->s3->server_random;
-                RAND_pseudo_bytes(pos, SSL3_RANDOM_SIZE);
-        }
        if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
                SSL_CIPHER *pref_cipher = NULL;
@@ -1961,7 +1956,7 @@ ssl3_get_client_key_exchange(SSL *s)
                        i = SSL_MAX_MASTER_KEY_LENGTH;
                        p[0] = s->client_version >> 8;
                        p[1] = s->client_version & 0xff;
-                        RAND_bytes(p+2, i-2);
+                        arc4random_buf(p + 2, i - 2);
                }
                s->session->master_key_length =
@@ -2774,7 +2769,7 @@ ssl3_send_newsession_ticket(SSL *s)
                                return (-1);
                        }
                } else {
-                        RAND_pseudo_bytes(iv, 16);
+                        arc4random_buf(iv, 16);
                        EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
                            tctx->tlsext_tick_aes_key, iv);
                        HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
author	jsing <>	2014-10-18 16:13:16 +0000
committer	jsing <>	2014-10-18 16:13:16 +0000
commit	c7ab256a26b40c83b42c202488c01636a208c01c (patch)
tree	0ec0407532b236ff11b9134f214f8db715d84e63 /src/lib/libssl/s3_srvr.c
parent	dd127b6b5a62ebd88f0cbb2e6d7d749d20363a16 (diff)
download	openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.gz openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.tar.bz2 openbsd-c7ab256a26b40c83b42c202488c01636a208c01c.zip