Use the private RNG for data that is not public

Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Fixes: #4641 GH: #4665
author: Kurt Roeckx <kurt@roeckx.be> 2017-11-03 20:59:16 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2018-04-02 22:22:43 +0200
commit: 4cffafe96786558f66e1900ac462f9ccba921132 (patch)
tree: f075edeb812b1ed574e6656a7f1bd312dbe5e02e /ssl/statem/statem_srvr.c
parent: 1238caa725a1dfb5f9d7ef3ba3b014d2af4cab60 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 876b6a79e3..60e0bc7373 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2936,7 +2936,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
      * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
      */
 
-    if (RAND_bytes(rand_premaster_secret,
+    if (RAND_priv_bytes(rand_premaster_secret,
                       sizeof(rand_premaster_secret)) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
                  ERR_R_INTERNAL_ERROR);
author	Kurt Roeckx <kurt@roeckx.be>	2017-11-03 20:59:16 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2018-04-02 22:22:43 +0200
commit	4cffafe96786558f66e1900ac462f9ccba921132 (patch)
tree	f075edeb812b1ed574e6656a7f1bd312dbe5e02e /ssl/statem/statem_srvr.c
parent	1238caa725a1dfb5f9d7ef3ba3b014d2af4cab60 (diff)