RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-26 11:57:37 +00:00
parent 8817e2e0c9
commit 266483d2f5
36 changed files with 100 additions and 66 deletions
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2810,7 +2810,12 @@ int ssl3_send_client_key_exchange(SSL *s)

            EVP_PKEY_encrypt_init(pkey_ctx);
            /* Generate session key */
-            RAND_bytes(pms, pmslen);
+            if (RAND_bytes(pms, pmslen) <= 0) {
+                EVP_PKEY_CTX_free(pkey_ctx);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            };
            /*
             * If we have client certificate, use its secret as peer key
             */