diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2017-11-03 20:59:16 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2018-04-02 22:22:43 +0200 |
commit | 4cffafe96786558f66e1900ac462f9ccba921132 (patch) | |
tree | f075edeb812b1ed574e6656a7f1bd312dbe5e02e /ssl/ssl_lib.c | |
parent | 1238caa725a1dfb5f9d7ef3ba3b014d2af4cab60 (diff) |
Use the private RNG for data that is not public
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Fixes: #4641
GH: #4665
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9d4c4d4899..1509423020 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3047,13 +3047,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) /* Setup RFC5077 ticket keys */ if ((RAND_bytes(ret->ext.tick_key_name, sizeof(ret->ext.tick_key_name)) <= 0) - || (RAND_bytes(ret->ext.secure->tick_hmac_key, + || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key, sizeof(ret->ext.secure->tick_hmac_key)) <= 0) - || (RAND_bytes(ret->ext.secure->tick_aes_key, + || (RAND_priv_bytes(ret->ext.secure->tick_aes_key, sizeof(ret->ext.secure->tick_aes_key)) <= 0)) ret->options |= SSL_OP_NO_TICKET; - if (RAND_bytes(ret->ext.cookie_hmac_key, + if (RAND_priv_bytes(ret->ext.cookie_hmac_key, sizeof(ret->ext.cookie_hmac_key)) <= 0) goto err; |