RAND_bytes updates
Ensure RAND_bytes return value is checked correctly, and that we no longer
use RAND_pseudo_bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 27f03d4..bab95f3 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2810,7 +2810,12 @@
EVP_PKEY_encrypt_init(pkey_ctx);
/* Generate session key */
- RAND_bytes(pms, pmslen);
+ if (RAND_bytes(pms, pmslen) <= 0) {
+ EVP_PKEY_CTX_free(pkey_ctx);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ };
/*
* If we have client certificate, use its secret as peer key
*/
