Check RAND_bytes() return value or use RAND_pseudo_bytes().
This commit is contained in:
Ulf Möller
parent
731d9c5fb5
commit
e7f97e2d22
4
CHANGES
4
CHANGES
@ -31,10 +31,6 @@
|
|||||||
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
|
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
|
||||||
error queue. New function RAND_pseudo_bytes() generates output that is
|
error queue. New function RAND_pseudo_bytes() generates output that is
|
||||||
guaranteed to be unique but not unpredictable.
|
guaranteed to be unique but not unpredictable.
|
||||||
(TO DO: always check the result of RAND_bytes when it is used in the
|
|
||||||
library, or use RAND_pseudo_bytes instead, because leaving the
|
|
||||||
error in the error queue but reporting success in a function that
|
|
||||||
uses RAND_bytes could confuse things considerably.)
|
|
||||||
[Ulf Möller]
|
[Ulf Möller]
|
||||||
|
|
||||||
*) Do more iterations of Rabin-Miller probable prime test (specifically,
|
*) Do more iterations of Rabin-Miller probable prime test (specifically,
|
||||||
|
|||||||
@ -448,7 +448,11 @@ bad:
|
|||||||
"invalid hex salt value\n");
|
"invalid hex salt value\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
} else RAND_bytes(salt, PKCS5_SALT_LEN);
|
} else if (RAND_bytes(salt, PKCS5_SALT_LEN) <= 0) {
|
||||||
|
BIO_printf(bio_err,
|
||||||
|
"prng not seeded\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
/* If -P option then don't bother writing */
|
/* If -P option then don't bother writing */
|
||||||
if((printkey != 2)
|
if((printkey != 2)
|
||||||
&& (BIO_write(wbio,magic,
|
&& (BIO_write(wbio,magic,
|
||||||
|
|||||||
@ -129,7 +129,8 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
|
|||||||
}
|
}
|
||||||
pbe->salt->length = saltlen;
|
pbe->salt->length = saltlen;
|
||||||
if (salt) memcpy (pbe->salt->data, salt, saltlen);
|
if (salt) memcpy (pbe->salt->data, salt, saltlen);
|
||||||
else RAND_bytes (pbe->salt->data, saltlen);
|
else if (RAND_bytes (pbe->salt->data, saltlen) <= 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
if (!(astype = ASN1_TYPE_new())) {
|
if (!(astype = ASN1_TYPE_new())) {
|
||||||
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
|
||||||
|
|||||||
@ -194,7 +194,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
|
|||||||
if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
|
if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
|
||||||
|
|
||||||
/* Create random IV */
|
/* Create random IV */
|
||||||
RAND_bytes(iv, EVP_CIPHER_iv_length(cipher));
|
RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher));
|
||||||
|
|
||||||
/* Dummy cipherinit to just setup the IV */
|
/* Dummy cipherinit to just setup the IV */
|
||||||
EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
|
EVP_CipherInit(&ctx, cipher, NULL, iv, 0);
|
||||||
@ -212,7 +212,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
|
|||||||
if (!(osalt->data = Malloc (saltlen))) goto merr;
|
if (!(osalt->data = Malloc (saltlen))) goto merr;
|
||||||
osalt->length = saltlen;
|
osalt->length = saltlen;
|
||||||
if (salt) memcpy (osalt->data, salt, saltlen);
|
if (salt) memcpy (osalt->data, salt, saltlen);
|
||||||
else RAND_bytes (osalt->data, saltlen);
|
else if (RAND_bytes (osalt->data, saltlen) <= 0) goto merr;
|
||||||
|
|
||||||
if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
|
if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
|
||||||
if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
|
if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
|
||||||
|
|||||||
@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
|
|||||||
|
|
||||||
BIO_clear_retry_flags(b);
|
BIO_clear_retry_flags(b);
|
||||||
#if 0
|
#if 0
|
||||||
RAND_bytes(&n,1);
|
RAND_pseudo_bytes(&n,1);
|
||||||
num=(n&0x07);
|
num=(n&0x07);
|
||||||
|
|
||||||
if (outl > num) outl=num;
|
if (outl > num) outl=num;
|
||||||
@ -178,7 +178,7 @@ static int nbiof_write(BIO *b, char *in, int inl)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
RAND_bytes(&n,1);
|
RAND_pseudo_bytes(&n,1);
|
||||||
num=(n&7);
|
num=(n&7);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -484,7 +484,7 @@ void doencryption(void)
|
|||||||
if (feof(DES_IN))
|
if (feof(DES_IN))
|
||||||
{
|
{
|
||||||
for (i=7-rem; i>0; i--)
|
for (i=7-rem; i>0; i--)
|
||||||
RAND_bytes(buf + l++, 1);
|
RAND_pseudo_bytes(buf + l++, 1);
|
||||||
buf[l++]=rem;
|
buf[l++]=rem;
|
||||||
ex=1;
|
ex=1;
|
||||||
len+=rem;
|
len+=rem;
|
||||||
|
|||||||
@ -130,7 +130,7 @@ int des_enc_write(int fd, const void *_buf, int len,
|
|||||||
{
|
{
|
||||||
cp=shortbuf;
|
cp=shortbuf;
|
||||||
memcpy(shortbuf,buf,len);
|
memcpy(shortbuf,buf,len);
|
||||||
RAND_bytes(shortbuf+len, 8-len);
|
RAND_pseudo_bytes(shortbuf+len, 8-len);
|
||||||
rnum=8;
|
rnum=8;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|||||||
@ -121,7 +121,7 @@ DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
|
|||||||
if (callback != NULL) callback(0,m++,cb_arg);
|
if (callback != NULL) callback(0,m++,cb_arg);
|
||||||
|
|
||||||
if (!seed_len)
|
if (!seed_len)
|
||||||
RAND_bytes(seed,SHA_DIGEST_LENGTH);
|
RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
|
||||||
else
|
else
|
||||||
seed_len=0;
|
seed_len=0;
|
||||||
|
|
||||||
|
|||||||
@ -451,7 +451,7 @@ static void sig_out(BIO* b)
|
|||||||
if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
|
if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
|
||||||
|
|
||||||
EVP_DigestInit(md, md->digest);
|
EVP_DigestInit(md, md->digest);
|
||||||
RAND_bytes(&(md->md.base[0]), md->digest->md_size);
|
RAND_pseudo_bytes(&(md->md.base[0]), md->digest->md_size);
|
||||||
memcpy(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]), md->digest->md_size);
|
memcpy(&(ctx->buf[ctx->buf_len]), &(md->md.base[0]), md->digest->md_size);
|
||||||
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
|
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
|
||||||
ctx->buf_len+= md->digest->md_size;
|
ctx->buf_len+= md->digest->md_size;
|
||||||
|
|||||||
@ -73,9 +73,10 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
|
|||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (npubk <= 0) return(0);
|
if (npubk <= 0) return(0);
|
||||||
if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) return(0);
|
if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
|
||||||
|
return(0);
|
||||||
if (type->iv_len > 0)
|
if (type->iv_len > 0)
|
||||||
RAND_bytes(iv,type->iv_len);
|
RAND_pseudo_bytes(iv,type->iv_len);
|
||||||
|
|
||||||
EVP_CIPHER_CTX_init(ctx);
|
EVP_CIPHER_CTX_init(ctx);
|
||||||
EVP_EncryptInit(ctx,type,key,iv);
|
EVP_EncryptInit(ctx,type,key,iv);
|
||||||
|
|||||||
@ -379,7 +379,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
|
|||||||
kstr=(unsigned char *)buf;
|
kstr=(unsigned char *)buf;
|
||||||
}
|
}
|
||||||
RAND_add(data,i,0);/* put in the RSA key. */
|
RAND_add(data,i,0);/* put in the RSA key. */
|
||||||
RAND_bytes(iv,8); /* Generate a salt */
|
if (RAND_bytes(iv,8) <= 0) /* Generate a salt */
|
||||||
|
goto err;
|
||||||
/* The 'iv' is used as the iv and as a salt. It is
|
/* The 'iv' is used as the iv and as a salt. It is
|
||||||
* NOT taken from the BytesToKey function */
|
* NOT taken from the BytesToKey function */
|
||||||
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
|
EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
|
||||||
|
|||||||
@ -156,7 +156,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
|
|||||||
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
|
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (!salt) RAND_bytes (p12->mac->salt->data, saltlen);
|
if (!salt) {
|
||||||
|
if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
else memcpy (p12->mac->salt->data, salt, saltlen);
|
else memcpy (p12->mac->salt->data, salt, saltlen);
|
||||||
p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
|
p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
|
||||||
if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
|
if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
|
||||||
|
|||||||
@ -164,7 +164,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
|
|||||||
if (RAND_bytes(key,keylen) <= 0)
|
if (RAND_bytes(key,keylen) <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
|
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
|
||||||
if (ivlen > 0) RAND_bytes(iv,ivlen);
|
if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
|
||||||
EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
|
EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
|
||||||
|
|
||||||
if (ivlen > 0) {
|
if (ivlen > 0) {
|
||||||
|
|||||||
@ -118,7 +118,7 @@ err:
|
|||||||
int RAND_write_file(const char *file)
|
int RAND_write_file(const char *file)
|
||||||
{
|
{
|
||||||
unsigned char buf[BUFSIZE];
|
unsigned char buf[BUFSIZE];
|
||||||
int i,ret=0;
|
int i,ret=0,err=0;
|
||||||
FILE *out = NULL;
|
FILE *out = NULL;
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
@ -156,7 +156,8 @@ int RAND_write_file(const char *file)
|
|||||||
{
|
{
|
||||||
i=(n > BUFSIZE)?BUFSIZE:n;
|
i=(n > BUFSIZE)?BUFSIZE:n;
|
||||||
n-=BUFSIZE;
|
n-=BUFSIZE;
|
||||||
RAND_bytes(buf,i);
|
if (RAND_bytes(buf,i) <= 0)
|
||||||
|
err=1;
|
||||||
i=fwrite(buf,1,i,out);
|
i=fwrite(buf,1,i,out);
|
||||||
if (i <= 0)
|
if (i <= 0)
|
||||||
{
|
{
|
||||||
@ -169,7 +170,7 @@ int RAND_write_file(const char *file)
|
|||||||
fclose(out);
|
fclose(out);
|
||||||
memset(buf,0,BUFSIZE);
|
memset(buf,0,BUFSIZE);
|
||||||
err:
|
err:
|
||||||
return(ret);
|
return(err ? -1 : ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
char *RAND_file_name(char *buf, int size)
|
char *RAND_file_name(char *buf, int size)
|
||||||
|
|||||||
@ -224,7 +224,7 @@ static int ssl23_client_hello(SSL *s)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
p=s->s3->client_random;
|
p=s->s3->client_random;
|
||||||
RAND_bytes(p,SSL3_RANDOM_SIZE);
|
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
|
||||||
|
|
||||||
/* Do the message type and length last */
|
/* Do the message type and length last */
|
||||||
d= &(buf[2]);
|
d= &(buf[2]);
|
||||||
@ -285,7 +285,7 @@ static int ssl23_client_hello(SSL *s)
|
|||||||
i=ch_len;
|
i=ch_len;
|
||||||
s2n(i,d);
|
s2n(i,d);
|
||||||
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
|
memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
|
||||||
RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
|
RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
|
||||||
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
|
memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
|
||||||
p+=i;
|
p+=i;
|
||||||
|
|
||||||
|
|||||||
@ -515,7 +515,7 @@ static int client_hello(SSL *s)
|
|||||||
s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
|
s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
|
||||||
s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
|
s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
|
||||||
/*challenge id data*/
|
/*challenge id data*/
|
||||||
RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
|
RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
|
||||||
memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
|
memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
|
||||||
d+=SSL2_CHALLENGE_LENGTH;
|
d+=SSL2_CHALLENGE_LENGTH;
|
||||||
|
|
||||||
@ -557,12 +557,19 @@ static int client_master_key(SSL *s)
|
|||||||
/* make key_arg data */
|
/* make key_arg data */
|
||||||
i=EVP_CIPHER_iv_length(c);
|
i=EVP_CIPHER_iv_length(c);
|
||||||
sess->key_arg_length=i;
|
sess->key_arg_length=i;
|
||||||
if (i > 0) RAND_bytes(sess->key_arg,i);
|
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
|
||||||
|
|
||||||
/* make a master key */
|
/* make a master key */
|
||||||
i=EVP_CIPHER_key_length(c);
|
i=EVP_CIPHER_key_length(c);
|
||||||
sess->master_key_length=i;
|
sess->master_key_length=i;
|
||||||
if (i > 0) RAND_bytes(sess->master_key,i);
|
if (i > 0)
|
||||||
|
{
|
||||||
|
if (RAND_bytes(sess->master_key,i) <= 0)
|
||||||
|
{
|
||||||
|
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
|
if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
|
||||||
enc=8;
|
enc=8;
|
||||||
|
|||||||
@ -415,7 +415,7 @@ static int get_client_master_key(SSL *s)
|
|||||||
i=ek;
|
i=ek;
|
||||||
else
|
else
|
||||||
i=EVP_CIPHER_key_length(c);
|
i=EVP_CIPHER_key_length(c);
|
||||||
RAND_bytes(p,i);
|
RAND_pseudo_bytes(p,i);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
@ -680,7 +680,7 @@ static int server_hello(SSL *s)
|
|||||||
/* make and send conn_id */
|
/* make and send conn_id */
|
||||||
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
|
s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
|
||||||
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
|
s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
|
||||||
RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
|
RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
|
||||||
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
|
memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
|
||||||
d+=SSL2_CONNECTION_ID_LENGTH;
|
d+=SSL2_CONNECTION_ID_LENGTH;
|
||||||
|
|
||||||
@ -798,7 +798,7 @@ static int request_certificate(SSL *s)
|
|||||||
p=(unsigned char *)s->init_buf->data;
|
p=(unsigned char *)s->init_buf->data;
|
||||||
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
|
*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
|
||||||
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
|
*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
|
||||||
RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
||||||
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
|
||||||
|
|
||||||
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
|
s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
|
||||||
|
|||||||
@ -466,7 +466,7 @@ static int ssl3_client_hello(SSL *s)
|
|||||||
p=s->s3->client_random;
|
p=s->s3->client_random;
|
||||||
Time=time(NULL); /* Time */
|
Time=time(NULL); /* Time */
|
||||||
l2n(Time,p);
|
l2n(Time,p);
|
||||||
RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
||||||
|
|
||||||
/* Do the message type and length last */
|
/* Do the message type and length last */
|
||||||
d=p= &(buf[4]);
|
d=p= &(buf[4]);
|
||||||
@ -1341,7 +1341,8 @@ static int ssl3_send_client_key_exchange(SSL *s)
|
|||||||
|
|
||||||
tmp_buf[0]=s->client_version>>8;
|
tmp_buf[0]=s->client_version>>8;
|
||||||
tmp_buf[1]=s->client_version&0xff;
|
tmp_buf[1]=s->client_version&0xff;
|
||||||
RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
|
if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
|
s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
|
||||||
|
|
||||||
|
|||||||
@ -816,7 +816,7 @@ static int ssl3_send_server_hello(SSL *s)
|
|||||||
p=s->s3->server_random;
|
p=s->s3->server_random;
|
||||||
Time=time(NULL); /* Time */
|
Time=time(NULL); /* Time */
|
||||||
l2n(Time,p);
|
l2n(Time,p);
|
||||||
RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
|
||||||
/* Do the message type and length last */
|
/* Do the message type and length last */
|
||||||
d=p= &(buf[4]);
|
d=p= &(buf[4]);
|
||||||
|
|
||||||
@ -1292,7 +1292,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
|
|||||||
{
|
{
|
||||||
p[0]=(s->version>>8);
|
p[0]=(s->version>>8);
|
||||||
p[1]=(s->version & 0xff);
|
p[1]=(s->version & 0xff);
|
||||||
RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
|
RAND_pseudo_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
|
||||||
i=SSL_MAX_MASTER_KEY_LENGTH;
|
i=SSL_MAX_MASTER_KEY_LENGTH;
|
||||||
}
|
}
|
||||||
/* else, an SSLeay bug, ssl only server, tls client */
|
/* else, an SSLeay bug, ssl only server, tls client */
|
||||||
|
|||||||
@ -184,7 +184,7 @@ int ssl_get_new_session(SSL *s, int session)
|
|||||||
{
|
{
|
||||||
SSL_SESSION *r;
|
SSL_SESSION *r;
|
||||||
|
|
||||||
RAND_bytes(ss->session_id,ss->session_id_length);
|
RAND_pseudo_bytes(ss->session_id,ss->session_id_length);
|
||||||
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
|
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
|
||||||
r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
|
r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
|
||||||
(char *)ss);
|
(char *)ss);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user