nghttpx: Use secure random to create websocket nonce

cc5f752f · Tatsuhiro Tsujikawa · 39b1a51f · cc5f752f
Commit cc5f752f authored Sep 10, 2021 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

src/shrpx_http_downstream_connection.cc src/shrpx_http_downstream_connection.cc +3 -2

No files found.
--- a/src/shrpx_http_downstream_connection.cc
+++ b/src/shrpx_http_downstream_connection.cc
@@ -543,8 +543,9 @@ int HttpDownstreamConnection::push_request_headers() {
  if (req.connect_proto == ConnectProto::WEBSOCKET) {
    if (req.http_major == 2) {
      std::array<uint8_t, 16> nonce;
-      util::random_bytes(std::begin(nonce), std::end(nonce),
-                         worker_->get_randgen());
+      if (RAND_bytes(nonce.data(), nonce.size()) != 1) {
+        return -1;
+      }
      auto iov = make_byte_ref(balloc, base64::encode_length(nonce.size()) + 1);
      auto p = base64::encode(std::begin(nonce), std::end(nonce), iov.base);
      *p = '\0';