From: Joe Orton <jorton@apache.org>
Date: Mon, 22 Aug 2016 11:10:58 +0000 (+0000)
Subject: * modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail
X-Git-Tag: 2.5.0-alpha~1218
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b70d7ae5b5171f322f3c172cf414e92fce2d4820;p=thirdparty%2Fapache%2Fhttpd.git

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SessionTicket): Fail
  if RAND_bytes() fails; possible per API, although not in practice
  with the OpenSSL implementation.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757147 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 985ae957a5a..af2ada7b67d 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2306,7 +2306,9 @@ int ssl_callback_SessionTicket(SSL *ssl,
         }
 
         memcpy(keyname, ticket_key->key_name, 16);
-        RAND_bytes(iv, EVP_MAX_IV_LENGTH);
+        if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) != 1) {
+            return -1;
+        }
         EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
                            ticket_key->aes_key, iv);
         HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);