summaryrefslogtreecommitdiff
path: root/src/lib/libssl/s3_srvr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/s3_srvr.c')
-rw-r--r--src/lib/libssl/s3_srvr.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c4a8442a3e..719b4c56c1 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_srvr.c,v 1.86 2014/10/03 13:58:18 jsing Exp $ */ 1/* $OpenBSD: s3_srvr.c,v 1.87 2014/10/18 16:13:16 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -154,7 +154,6 @@
154#include <stdio.h> 154#include <stdio.h>
155#include "ssl_locl.h" 155#include "ssl_locl.h"
156#include <openssl/buffer.h> 156#include <openssl/buffer.h>
157#include <openssl/rand.h>
158#include <openssl/objects.h> 157#include <openssl/objects.h>
159#include <openssl/evp.h> 158#include <openssl/evp.h>
160#include <openssl/hmac.h> 159#include <openssl/hmac.h>
@@ -1106,11 +1105,7 @@ ssl3_get_client_hello(SSL *s)
1106 * server_random before calling tls_session_secret_cb in order to allow 1105 * server_random before calling tls_session_secret_cb in order to allow
1107 * SessionTicket processing to use it in key derivation. 1106 * SessionTicket processing to use it in key derivation.
1108 */ 1107 */
1109 { 1108 arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
1110 unsigned char *pos;
1111 pos = s->s3->server_random;
1112 RAND_pseudo_bytes(pos, SSL3_RANDOM_SIZE);
1113 }
1114 1109
1115 if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { 1110 if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
1116 SSL_CIPHER *pref_cipher = NULL; 1111 SSL_CIPHER *pref_cipher = NULL;
@@ -1961,7 +1956,7 @@ ssl3_get_client_key_exchange(SSL *s)
1961 i = SSL_MAX_MASTER_KEY_LENGTH; 1956 i = SSL_MAX_MASTER_KEY_LENGTH;
1962 p[0] = s->client_version >> 8; 1957 p[0] = s->client_version >> 8;
1963 p[1] = s->client_version & 0xff; 1958 p[1] = s->client_version & 0xff;
1964 RAND_bytes(p+2, i-2); 1959 arc4random_buf(p + 2, i - 2);
1965 } 1960 }
1966 1961
1967 s->session->master_key_length = 1962 s->session->master_key_length =
@@ -2774,7 +2769,7 @@ ssl3_send_newsession_ticket(SSL *s)
2774 return (-1); 2769 return (-1);
2775 } 2770 }
2776 } else { 2771 } else {
2777 RAND_pseudo_bytes(iv, 16); 2772 arc4random_buf(iv, 16);
2778 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 2773 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2779 tctx->tlsext_tick_aes_key, iv); 2774 tctx->tlsext_tick_aes_key, iv);
2780 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, 2775 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 18:07:02 +0000