RAND_bytes updates

Ensure RAND_bytes return value is checked correctly, and that we no longer use RAND_pseudo_bytes. Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-26 11:57:37 +00:00
parent 8817e2e0c9
commit 266483d2f5
36 changed files with 100 additions and 66 deletions
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2168,10 +2168,7 @@ int ssl3_get_client_key_exchange(SSL *s)
         * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
         */

-        /*
-         * should be RAND_bytes, but we cannot work around a failure.
-         */
-        if (RAND_pseudo_bytes(rand_premaster_secret,
+        if (RAND_bytes(rand_premaster_secret,
                              sizeof(rand_premaster_secret)) <= 0)
            goto err;
        decrypt_len =