X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_srvr.c;h=68a8c812e037116ec2a3e80bd76d3c98d28193ff;hb=af9752e5faff5dd3c82fc2d02d1e7ad457ccb84a;hp=0efe3ddc6d687395918ccb414536df59b6d12b8f;hpb=24a0d3933d24059942a3cf99695d486c8fadd576;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 0efe3ddc6d..68a8c812e0 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2168,10 +2168,7 @@ int ssl3_get_client_key_exchange(SSL *s)
          * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
          */
 
-        /*
-         * should be RAND_bytes, but we cannot work around a failure.
-         */
-        if (RAND_pseudo_bytes(rand_premaster_secret,
+        if (RAND_bytes(rand_premaster_secret,
                               sizeof(rand_premaster_secret)) <= 0)
             goto err;
         decrypt_len =
@@ -2889,8 +2886,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_EC
     EVP_PKEY_free(clnt_pub_pkey);
     EC_POINT_free(clnt_ecpoint);
-    if (srvr_ecdh != NULL)
-        EC_KEY_free(srvr_ecdh);
+    EC_KEY_free(srvr_ecdh);
     BN_CTX_free(bn_ctx);
 #endif
     return (-1);
@@ -3431,11 +3427,11 @@ int ssl3_send_newsession_ticket(SSL *s)
         /* Now write out lengths: p points to end of data written */
         /* Total length */
         len = p - ssl_handshake_start(s);
-        if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
-            goto err;
         /* Skip ticket lifetime hint */
         p = ssl_handshake_start(s) + 4;
         s2n(len - 6, p);
+        if(!ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, len))
+            goto err;
         s->state = SSL3_ST_SW_SESSION_TICKET_B;
         OPENSSL_free(senc);
     }