From c7ab256a26b40c83b42c202488c01636a208c01c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 18 Oct 2014 16:13:16 +0000 Subject: Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes(). arc4random provides high quality pseudo-random numbers, hence there is no need to differentiate between "strong" and "pseudo". Furthermore, the arc4random_buf() function is guaranteed to succeed, which avoids the need to check for and handle failure, simplifying the code. It is worth noting that a number of the replaced RAND_bytes() and RAND_pseudo_bytes() calls were missing return value checks and these functions can fail for a number of reasons (at least in OpenSSL - thankfully they were converted to wrappers around arc4random_buf() some time ago in LibreSSL). ok beck@ deraadt@ miod@ --- src/lib/libssl/d1_srvr.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'src/lib/libssl/d1_srvr.c') diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 68441fa63a..a85715753c 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.39 2014/09/27 11:03:43 jsing Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.40 2014/10/18 16:13:16 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -116,7 +116,6 @@ #include #include "ssl_locl.h" #include -#include #include #include #include @@ -902,8 +901,7 @@ dtls1_send_server_hello(SSL *s) if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf = (unsigned char *)s->init_buf->data; - p = s->s3->server_random; - RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE); + arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); /* Do the message type and length last */ d = p= &(buf[DTLS1_HM_HEADER_LENGTH]); @@ -1513,7 +1511,7 @@ dtls1_send_newsession_ticket(SSL *s) return -1; } } else { - RAND_pseudo_bytes(iv, 16); + arc4random_buf(iv, 16); EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv); HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, -- cgit v1.2.3-55-g6feb