diff options
author | Rich Salz <rsalz@openssl.org> | 2017-08-03 10:24:03 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-03 10:24:03 -0400 |
commit | ae3947de09522206d61c0206a733517b10a910f8 (patch) | |
tree | 7044411af55af40f9f5f5adad685ccc70d155998 /crypto/rand/drbg_lib.c | |
parent | 75e2c877650444fb829547bdb58d46eb1297bc1a (diff) |
Add a DRBG to each SSL object
Give each SSL object it's own DRBG, chained to the parent global
DRBG which is used only as a source of randomness into the per-SSL
DRBG. This is used for all session, ticket, and pre-master secret keys.
It is NOT used for ECDH key generation which use only the global
DRBG. (Doing that without changing the API is tricky, if not impossible.)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4050)
Diffstat (limited to 'crypto/rand/drbg_lib.c')
-rw-r--r-- | crypto/rand/drbg_lib.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index e3d97d38d9..a24ec8e2e4 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -78,6 +78,9 @@ RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) goto err; if (parent != NULL) { + if (parent->state == DRBG_UNINITIALISED + && RAND_DRBG_instantiate(parent, NULL, 0) == 0) + goto err; if (!RAND_DRBG_set_callbacks(drbg, drbg_entropy_from_parent, drbg_release_entropy, NULL, NULL) @@ -98,6 +101,11 @@ err: return NULL; } +RAND_DRBG *RAND_DRBG_get0_global(void) +{ + return &rand_drbg; +} + /* * Uninstantiate |drbg| and free all memory. */ |