From b70d7ae5b5171f322f3c172cf414e92fce2d4820 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 22 Aug 2016 11:10:58 +0000
Subject: [PATCH] * modules/ssl/ssl_engine_kernel.c
 (ssl_callback_SessionTicket): Fail   if RAND_bytes() fails; possible per API,
 although not in practice   with the OpenSSL implementation.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757147 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_kernel.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 985ae957a5..af2ada7b67 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2306,7 +2306,9 @@ int ssl_callback_SessionTicket(SSL *ssl,
         }
 
         memcpy(keyname, ticket_key->key_name, 16);
-        RAND_bytes(iv, EVP_MAX_IV_LENGTH);
+        if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) != 1) {
+            return -1;
+        }
         EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
                            ticket_key->aes_key, iv);
         HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);
-- 
2.50.1