diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-18 16:13:17 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-10-18 16:13:17 +0000 |
| commit | 3465ce2c19b9ddffe3dd38ffa43cb0c34a887fc0 (patch) | |
| tree | 2ea8a086dee1ff8f7cfe139f44085ae62a3167d0 /lib/libssl/s3_srvr.c | |
| parent | 7a7f4302a87b8f5db4f5b202649ea5e3fa7d0f57 (diff) | |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
Diffstat (limited to 'lib/libssl/s3_srvr.c')
| -rw-r--r-- | lib/libssl/s3_srvr.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index c4a8442a3e0..719b4c56c1d 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.86 2014/10/03 13:58:18 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -154,7 +154,6 @@ #include <stdio.h> #include "ssl_locl.h" #include <openssl/buffer.h> -#include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/hmac.h> @@ -1106,11 +1105,7 @@ ssl3_get_client_hello(SSL *s) * server_random before calling tls_session_secret_cb in order to allow * SessionTicket processing to use it in key derivation. */ - { - unsigned char *pos; - pos = s->s3->server_random; - RAND_pseudo_bytes(pos, SSL3_RANDOM_SIZE); - } + arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { SSL_CIPHER *pref_cipher = NULL; @@ -1961,7 +1956,7 @@ ssl3_get_client_key_exchange(SSL *s) i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; - RAND_bytes(p+2, i-2); + arc4random_buf(p + 2, i - 2); } s->session->master_key_length = @@ -2774,7 +2769,7 @@ ssl3_send_newsession_ticket(SSL *s) return (-1); } } else { - RAND_pseudo_bytes(iv, 16); + arc4random_buf(iv, 16); EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv); HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, |