Use the private RNG for data that is not public

[openssl.git] / crypto / bn / bn_rand.c

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 604b6bf6cf5c39dc15b043c1afc361af7a4eb290..c0d1a32292bace170ad817964b3497a158e1d964 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -239,7 +239,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
     memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
 
     for (done = 0; done < num_k_bytes;) {
-        if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
+        if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
             goto err;
         SHA512_Init(&sha);
         SHA512_Update(&sha, &done, sizeof(done));