Remove add_entropy_vec. Much cleaner way of doing this: add the entire

contents of all SSL/TLS handshake messages into the PRNG input.

2 files changed, 4 insertions, 4 deletions

diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp
index bb00886b4..8a4275d93 100644
--- a/src/ssl/tls_client.cpp
+++ b/src/ssl/tls_client.cpp
@@ -363,6 +363,8 @@ void TLS_Client::read_handshake(byte rec_type,
 void TLS_Client::process_handshake_msg(Handshake_Type type,
                                        const MemoryRegion<byte>& contents)
    {
+   rng.add_entropy(&contents[0], contents.size());
+
    if(type == HELLO_REQUEST)
       {
       if(state == 0)
@@ -405,8 +407,6 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
 
       state->version = state->server_hello->version();
 
-      rng.add_entropy_vec(state->server_hello->random());
-
       if(state->version > state->client_hello->version())
          throw TLS_Exception(HANDSHAKE_FAILURE,
                              "TLS_Client: Server replied with bad version");
diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp
index a6e1a8758..a4cfcf7de 100644
--- a/src/ssl/tls_server.cpp
+++ b/src/ssl/tls_server.cpp
@@ -325,6 +325,8 @@ void TLS_Server::read_handshake(byte rec_type,
 void TLS_Server::process_handshake_msg(Handshake_Type type,
                                        const MemoryRegion<byte>& contents)
    {
+   rng.add_entropy(&contents[0], contents.size());
+
    if(state == 0)
       throw Unexpected_Message("Unexpected handshake message");
 
@@ -348,8 +350,6 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
 
       state->client_hello = new Client_Hello(contents, type);
 
-      rng.add_entropy_vec(state->client_hello->random());
-
       client_requested_hostname = state->client_hello->hostname();
 
       state->version = choose_version(state->client_hello->version(),