Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.

It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).

ok beck@ deraadt@ miod@

1 files changed, 5 insertions, 6 deletions

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index d3108f2663..3fa8f5039f 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.86 2014/10/15 17:39:34 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -145,7 +145,6 @@
 #include <openssl/objects.h>
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
-#include <openssl/rand.h>
 #include <openssl/ocsp.h>
 #include <openssl/dh.h>
 #ifndef OPENSSL_NO_ENGINE
@@ -1786,11 +1785,11 @@ SSL_CTX_new(const SSL_METHOD *meth)
 
         ret->tlsext_servername_callback = 0;
         ret->tlsext_servername_arg = NULL;
+
         /* Setup RFC4507 ticket keys */
-        if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
-            || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
-            || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
-                ret->options |= SSL_OP_NO_TICKET;
+        arc4random_buf(ret->tlsext_tick_key_name, 16);
+        arc4random_buf(ret->tlsext_tick_hmac_key, 16);
+        arc4random_buf(ret->tlsext_tick_aes_key, 16);
 
         ret->tlsext_status_cb = 0;
         ret->tlsext_status_arg = NULL;