* modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail

  if RAND_bytes() fails; possible per API, although not in practice
  with the OpenSSL implementation.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757147 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 985ae957a5ad09f1949620a96421dea4783476ee..af2ada7b67dd0c043784ccc579408897eecf4797 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2306,7 +2306,9 @@ int ssl_callback_SessionTicket(SSL *ssl,
         }
 
         memcpy(keyname, ticket_key->key_name, 16);
-        RAND_bytes(iv, EVP_MAX_IV_LENGTH);
+        if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) != 1) {
+            return -1;
+        }
         EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
                            ticket_key->aes_key, iv);
         HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);