Use arc4random_buf() instead of RAND_bytes() or RAND_pseudo_bytes().

arc4random provides high quality pseudo-random numbers, hence there is no
need to differentiate between "strong" and "pseudo". Furthermore, the
arc4random_buf() function is guaranteed to succeed, which avoids the need
to check for and handle failure, simplifying the code.

It is worth noting that a number of the replaced RAND_bytes() and
RAND_pseudo_bytes() calls were missing return value checks and these
functions can fail for a number of reasons (at least in OpenSSL -
thankfully they were converted to wrappers around arc4random_buf() some
time ago in LibreSSL).

ok beck@ deraadt@ miod@

1 files changed, 2 insertions, 4 deletions

diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 3ffd7078a52..d76fb8b9c85 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.41 2014/09/22 14:26:22 jsing Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.42 2014/10/18 16:13:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -136,7 +136,6 @@
  */
 
 #include <openssl/lhash.h>
-#include <openssl/rand.h>
 
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
@@ -258,8 +257,7 @@ def_generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)
 	unsigned int retry = 0;
 
 	do {
-		if (RAND_pseudo_bytes(id, *id_len) <= 0)
-			return 0;
+		arc4random_buf(id, *id_len);
 	} while (SSL_has_matching_session_id(ssl, id, *id_len) &&
 	    (++retry < MAX_SESS_ID_ATTEMPTS));