Add a DRBG to each SSL object Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)

commit: ae3947de09522206d61c0206a733517b10a910f8 [log] [tgz]
author: Rich Salz <rsalz@openssl.org> Thu Aug 03 10:24:03 2017 -0400
committer: Rich Salz <rsalz@openssl.org> Thu Aug 03 10:24:03 2017 -0400
tree: 7044411af55af40f9f5f5adad685ccc70d155998
parent: 75e2c877650444fb829547bdb58d46eb1297bc1a [diff] [blame]
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a2959a3..e36eb93 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -4213,11 +4213,11 @@
     if (send_time) {
         unsigned long Time = (unsigned long)time(NULL);
         unsigned char *p = result;
+
         l2n(Time, p);
-        /* TODO(size_t): Convert this */
-        ret = RAND_bytes(p, (int)(len - 4));
+        ret = ssl_randbytes(s, p, len - 4);
     } else {
-        ret = RAND_bytes(result, (int)len);
+        ret = ssl_randbytes(s, result, len);
     }
 #ifndef OPENSSL_NO_TLS13DOWNGRADE
     if (ret) {
commit	ae3947de09522206d61c0206a733517b10a910f8	[log] [tgz]
author	Rich Salz <rsalz@openssl.org>	Thu Aug 03 10:24:03 2017 -0400
committer	Rich Salz <rsalz@openssl.org>	Thu Aug 03 10:24:03 2017 -0400
tree	7044411af55af40f9f5f5adad685ccc70d155998
parent	75e2c877650444fb829547bdb58d46eb1297bc1a [diff] [blame]