Consistently use RAND_bytes and check for failure.

RAND_pseudo_bytes just calls RAND_bytes now and only returns 0 or 1. Switch all callers within the library call the new one and use the simpler failure check. This fixes a few error checks that no longer work (< 0) and some missing ones. Change-Id: Id51c79deec80075949f73fa1fbd7b76aac5570c6 Reviewed-on: https://boringssl-review.googlesource.com/2621 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-12-16 15:48:10 +0300
committer: Adam Langley <agl@google.com> 2014-12-16 22:15:59 +0300
commit: a6d81018f8fd5647d88a49923633f29dd77c2365 (patch)
tree: a2182160a477558c1919642629a684046938c42b /ssl/ssl_sess.c
parent: 263eac02f5c27ad91c1514c93246b84980f73c97 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index fd340d99..cbfdb9aa 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -237,8 +237,10 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
 {
 	unsigned int retry = 0;
 	do
-		if (RAND_pseudo_bytes(id, *id_len) <= 0)
+		{
+		if (!RAND_bytes(id, *id_len))
 			return 0;
+		}
 	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
 		(++retry < MAX_SESS_ID_ATTEMPTS));
 	if(retry < MAX_SESS_ID_ATTEMPTS)
author	David Benjamin <davidben@chromium.org>	2014-12-16 15:48:10 +0300
committer	Adam Langley <agl@google.com>	2014-12-16 22:15:59 +0300
commit	a6d81018f8fd5647d88a49923633f29dd77c2365 (patch)
tree	a2182160a477558c1919642629a684046938c42b /ssl/ssl_sess.c
parent	263eac02f5c27ad91c1514c93246b84980f73c97 (diff)