CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2014/10/18 10:13:16
Modified files:
lib/libssl/src/ssl: d1_both.c d1_clnt.c d1_enc.c d1_pkt.c
d1_srvr.c s23_clnt.c s23_srvr.c s3_both.c
s3_clnt.c s3_pkt.c s3_srvr.c ssl_lib.c
ssl_sess.c t1_clnt.c t1_enc.c t1_lib.c
t1_srvr.c
Log message:
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
