Replace read_random(9) with more appropriate arc4rand(9) KPIs

Reviewed by:	ae, delphij
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D19760

3 files changed, 2 insertions, 27 deletions

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 09e067ce2609..d54427410b92 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -4760,34 +4760,10 @@ key_random()
 {
 	u_long value;
 
-	key_randomfill(&value, sizeof(value));
+	arc4random_buf(&value, sizeof(value));
 	return value;
 }
 
-void
-key_randomfill(void *p, size_t l)
-{
-	size_t n;
-	u_long v;
-	static int warn = 1;
-
-	n = 0;
-	n = (size_t)read_random(p, (u_int)l);
-	/* last resort */
-	while (n < l) {
-		v = random();
-		bcopy(&v, (u_int8_t *)p + n,
-		    l - n < sizeof(v) ? l - n : sizeof(v));
-		n += sizeof(v);
-
-		if (warn) {
-			printf("WARNING: pseudo-random number generator "
-			    "used for IPsec processing\n");
-			warn = 0;
-		}
-	}
-}
-
 /*
  * map SADB_SATYPE_* to IPPROTO_*.
  * if satype == SADB_SATYPE then satype is mapped to ~0.
diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h
index 7d7ae69f379d..2ee7c208f195 100644
--- a/sys/netipsec/key.h
+++ b/sys/netipsec/key.h
@@ -78,7 +78,6 @@ void key_unregister_ifnet(struct secpolicy **, u_int);
 void key_delete_xform(const struct xformsw *);
 
 extern u_long key_random(void);
-extern void key_randomfill(void *, size_t);
 extern void key_freereg(struct socket *);
 extern int key_parse(struct mbuf *, struct socket *);
 extern void key_init(void);
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 68fbf3fc3851..77cba8345f89 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -768,7 +768,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
 	 */
 	switch (sav->flags & SADB_X_EXT_PMASK) {
 	case SADB_X_EXT_PRAND:
-		(void) read_random(pad, padding - 2);
+		arc4random_buf(pad, padding - 2);
 		break;
 	case SADB_X_EXT_PZERO:
 		bzero(pad, padding - 2);