Make rand_bytes crypto-safe, use rand_pseudo_bytes for no-fail random

nse_openssl.cc

@@ -244,7 +244,9 @@ static int l_rand_bytes( lua_State *L ) /** rand_bytes( number bytes ) */
   unsigned char * result = (unsigned char *) malloc( len );
   if (!result) return luaL_error( L, "Couldn't allocate memory.");
 
-  RAND_bytes( result, len );
+  if (RAND_bytes( result, len ) != 1) {
+    return luaL_error(L, "Failure in RAND_bytes.");
+  }
   lua_pushlstring( L, (char *) result, len );
   free( result );
   return 1;
@@ -256,9 +258,7 @@ static int l_rand_pseudo_bytes( lua_State *L ) /** rand_pseudo_bytes( number byt
   unsigned char * result = (unsigned char *) malloc( len );
   if (!result) return luaL_error( L, "Couldn't allocate memory.");
 
-  if (RAND_bytes( result, len ) != 1) {
-    return luaL_error(L, "Failure in RAND_bytes.");
-  }
+  RAND_pseudo_bytes( result, len );
   lua_pushlstring( L, (char *) result, len );
   free( result );
   return 1;

nselib/openssl.luadoc

@@ -128,12 +128,17 @@ function bignum_div(a, b)
 -- @return bignum
 function bignum_add(a, b)
 
---- Returns a string containing random data.
+--- Returns a string containing cryptographically-strong random data.
+--
+-- If the PRNG has not been seeded with enough randomness, this function throws an error.
 -- @param bytes Length of the returned string in bytes.
 -- @return Random string.
 function rand_bytes(bytes)
 
 --- Returns a string containing pseudorandom data.
+--
+-- No indication is given whether or not the contents of the string are
+-- cryptographically strong.
 -- @param bytes Length of the returned string in bytes.
 -- @return Pseudorandom string.
 function rand_pseudo_bytes(bytes)