Add a DRBG to each SSL object

Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
author: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
commit: ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree: 7044411af55af40f9f5f5adad685ccc70d155998 /ssl/s3_lib.c
parent: 75e2c877650444fb829547bdb58d46eb1297bc1a (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a2959a3896..e36eb93ca7 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4213,11 +4213,11 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
     if (send_time) {
         unsigned long Time = (unsigned long)time(NULL);
         unsigned char *p = result;
+
         l2n(Time, p);
-        /* TODO(size_t): Convert this */
-        ret = RAND_bytes(p, (int)(len - 4));
+        ret = ssl_randbytes(s, p, len - 4);
     } else {
-        ret = RAND_bytes(result, (int)len);
+        ret = ssl_randbytes(s, result, len);
     }
 #ifndef OPENSSL_NO_TLS13DOWNGRADE
     if (ret) {
author	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
commit	ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree	7044411af55af40f9f5f5adad685ccc70d155998 /ssl/s3_lib.c
parent	75e2c877650444fb829547bdb58d46eb1297bc1a (diff)