diff options
| author |   jsing <jsing@openbsd.org> | 2014-10-18 16:13:16 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2014-10-18 16:13:16 +0000 |
| commit | 2a423e6aaa833911b411f5d8bd9e83e4b6a9852b (patch) | |
| tree | a511a4987f7b972abfef83e5a878713acc1e5697 /lib/libc/stdlib/realpath.c | |
| parent | plug file descriptor leaks on read or write failure; (diff) | |
| download | wireguard-openbsd-2a423e6aaa833911b411f5d8bd9e83e4b6a9852b.tar.xz wireguard-openbsd-2a423e6aaa833911b411f5d8bd9e83e4b6a9852b.zip | |
Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().
arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.
It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).
ok beck@ deraadt@ miod@
Diffstat (limited to 'lib/libc/stdlib/realpath.c')
0 files changed, 0 insertions, 0 deletions