Add a DRBG to each SSL object

Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
author: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
commit: ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree: 7044411af55af40f9f5f5adad685ccc70d155998 /ssl/record
parent: 75e2c877650444fb829547bdb58d46eb1297bc1a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index afb03fde5b..ae485046a4 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -892,7 +892,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
                          */
                         SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
                         return -1;
-                    } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {
+                    } else if (ssl_randbytes(s, recs[ctr].input, ivlen) <= 0) {
                         SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);
                         return -1;
                     }
author	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
commit	ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree	7044411af55af40f9f5f5adad685ccc70d155998 /ssl/record
parent	75e2c877650444fb829547bdb58d46eb1297bc1a (diff)