From 9a2da87f130ab3c1e21d9b593efec78a8eb7b3f3 Mon Sep 17 00:00:00 2001
From: Carsten Bock <carsten@ng-voice.com>
Date: Wed, 28 Jan 2015 09:11:30 -0500
Subject: [PATCH] Fix randomness source for key generation.

    random(), and mutilations of the output of the same, are not suitable
    for generating cryptographic keys.  Use RAND_bytes() from openssl.

    We can do this without seeding during daemon initialization because:

    	- rtpengine in Linux-specific.
    	- openssl seeds transparently when /dev/urandom is present.

    From RAND_seed(3):

      On systems that provide "/dev/urandom", the randomness device is used
      to seed the PRNG transparently.  However, on all other systems, the
      application is responsible for seeding the PRNG by calling RAND_add(),
      RAND_egd(3) or RAND_load_file(3).
---
 daemon/aux.h | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/daemon/aux.h b/daemon/aux.h
index f1b3134c5..0c6b2b2c3 100644
--- a/daemon/aux.h
+++ b/daemon/aux.h
@@ -18,8 +18,7 @@
 #include <stdlib.h>
 #include <math.h>
 #include "compat.h"
-
-
+#include <openssl/rand.h>
 
 #if 0 && defined(__DEBUG)
 #define __THREAD_DEBUG 1
@@ -292,10 +291,8 @@ INLINE int strmemcmp(const void *mem, int len, const char *str) {
 	return memcmp(mem, str, len);
 }
 
-/* XXX replace with better source of randomness */
 INLINE void random_string(unsigned char *buf, int len) {
-	while (len--)
-		*buf++ = random() % 0x100;
+	RAND_bytes(buf, len);
 }