diff options
author | Matt Caswell <matt@openssl.org> | 2020-01-15 18:12:59 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-01-24 15:12:56 +0000 |
commit | 8f21260b09eca6226255763e1856c12fbc71985c (patch) | |
tree | aa28cc741f8b5a26aeb66a3b5e52c6b6dedb66c1 /ssl/ssl_lib.c | |
parent | d80bf693faaa8ad08ca76f52228837306d77bb32 (diff) | |
download | openssl-8f21260b09eca6226255763e1856c12fbc71985c.tar.gz |
Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl
Now that libssl knows about libctx we should use it wherever we generate
a random number.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10927)
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 384c28e76b..5ea310d5c4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3137,16 +3137,16 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; /* Setup RFC5077 ticket keys */ - if ((RAND_bytes(ret->ext.tick_key_name, - sizeof(ret->ext.tick_key_name)) <= 0) - || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key, - sizeof(ret->ext.secure->tick_hmac_key)) <= 0) - || (RAND_priv_bytes(ret->ext.secure->tick_aes_key, - sizeof(ret->ext.secure->tick_aes_key)) <= 0)) + if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name, + sizeof(ret->ext.tick_key_name)) <= 0) + || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key, + sizeof(ret->ext.secure->tick_hmac_key)) <= 0) + || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key, + sizeof(ret->ext.secure->tick_aes_key)) <= 0)) ret->options |= SSL_OP_NO_TICKET; - if (RAND_priv_bytes(ret->ext.cookie_hmac_key, - sizeof(ret->ext.cookie_hmac_key)) <= 0) + if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key, + sizeof(ret->ext.cookie_hmac_key)) <= 0) goto err; #ifndef OPENSSL_NO_SRP |