You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by jo...@apache.org on 2016/08/22 11:10:58 UTC

svn commit: r1757147 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Author: jorton
Date: Mon Aug 22 11:10:58 2016
New Revision: 1757147

URL: http://svn.apache.org/viewvc?rev=1757147&view=rev
Log:
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail
  if RAND_bytes() fails; possible per API, although not in practice
  with the OpenSSL implementation.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1757147&r1=1757146&r2=1757147&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Mon Aug 22 11:10:58 2016
@@ -2306,7 +2306,9 @@ int ssl_callback_SessionTicket(SSL *ssl,
         }
 
         memcpy(keyname, ticket_key->key_name, 16);
-        RAND_bytes(iv, EVP_MAX_IV_LENGTH);
+        if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) != 1) {
+            return -1;
+        }
         EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
                            ticket_key->aes_key, iv);
         HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);