From 75e2c877650444fb829547bdb58d46eb1297bc1a Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 3 Aug 2017 09:23:28 -0400 Subject: Switch from ossl_rand to DRBG rand If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/4019) --- ssl/statem/statem.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'ssl') diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index e5a50c4..4f259fd 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -272,7 +272,6 @@ static info_cb get_callback(SSL *s) static int state_machine(SSL *s, int server) { BUF_MEM *buf = NULL; - unsigned long Time = (unsigned long)time(NULL); void (*cb) (const SSL *ssl, int type, int val) = NULL; OSSL_STATEM *st = &s->statem; int ret = -1; @@ -283,7 +282,6 @@ static int state_machine(SSL *s, int server) return -1; } - RAND_add(&Time, sizeof(Time), 0); ERR_clear_error(); clear_sys_error(); -- cgit v1.1