--- gvpe/src/connection.C	2013/07/16 16:44:36	1.98
+++ gvpe/src/connection.C	2013/07/17 04:36:03	1.99
@@ -120,11 +120,11 @@
     u8 mac_key[MAC_KEYSIZE];
     static const unsigned char mac_info[] = "gvpe mac key";
 
-    hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt));
+    hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
     kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm));
     kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
     kdf.extract (s, sizeof (s));
-    kdf.extract_done ();
+    kdf.extract_done (HKDF_PRF_HASH ());
     kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
 
     HMAC_CTX_init (&hctx);
@@ -135,11 +135,11 @@
     u8 cipher_key[CIPHER_KEYSIZE];
     static const unsigned char cipher_info[] = "gvpe cipher key";
 
-    hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt));
+    hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
     kdf.extract (auth2.rsa.ikm, sizeof (auth2.rsa.ikm));
     kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
     kdf.extract (s, sizeof (s));
-    kdf.extract_done ();
+    kdf.extract_done (HKDF_PRF_HASH ());
     kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
 
     EVP_CIPHER_CTX_init (&cctx);
@@ -195,7 +195,7 @@
   if (auth_expire < ev_now ())
     {
       // request data
-      RAND_pseudo_bytes ((unsigned char *)&snd_auth.rsa, sizeof snd_auth.rsa);
+      RAND_bytes ((unsigned char *)&snd_auth.rsa, sizeof snd_auth.rsa);
       curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
       auth_hash (snd_auth, snd_auth_mac);
 
@@ -460,7 +460,7 @@
 
   datahdr.seqno = ntohl (seqno);
 #if RAND_SIZE
-  RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
+  RAND_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
 #endif
 
   require (EVP_EncryptUpdate (cctx,