Add a DRBG to each SSL object
Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
This commit is contained in:
Rich Salz
parent
75e2c87765
commit
ae3947de09
13 changed files with 51 additions and 20 deletions
|
|
@ -4213,11 +4213,11 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
|
|||
if (send_time) {
|
||||
unsigned long Time = (unsigned long)time(NULL);
|
||||
unsigned char *p = result;
|
||||
|
||||
l2n(Time, p);
|
||||
/* TODO(size_t): Convert this */
|
||||
ret = RAND_bytes(p, (int)(len - 4));
|
||||
ret = ssl_randbytes(s, p, len - 4);
|
||||
} else {
|
||||
ret = RAND_bytes(result, (int)len);
|
||||
ret = ssl_randbytes(s, result, len);
|
||||
}
|
||||
#ifndef OPENSSL_NO_TLS13DOWNGRADE
|
||||
if (ret) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue