diff options
| author | Ingela Anderton Andin <[email protected]> | 2016-04-15 11:02:02 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2016-04-25 11:41:39 +0200 |
| commit | f1db2eb29768eca2d7affdfd95753b477df05beb (patch) | |
| tree | 51bb31bef83050e2cab75cb16acd8c059a4bd854 /lib/ssl/src/ssl_record.erl | |
| parent | 1ad18832cb21fac5a5b513005f1e6a5ffd7d0329 (diff) | |
| download | otp-f1db2eb29768eca2d7affdfd95753b477df05beb.tar.gz otp-f1db2eb29768eca2d7affdfd95753b477df05beb.tar.bz2 otp-f1db2eb29768eca2d7affdfd95753b477df05beb.zip | |
ssl: Remove use of crypto:rand_bytes/1
ssl already used crypto:strong_rand_bytes/1 for most operations as
its use cases are mostly cryptographical. Now crypto:strong_rand_bytes/1
will be used everywhere.
However crypto:rand_bytes/1 was used as fallback if
crypto:strong_rand_bytes/1 throws low_entropy, this
will no longer be the case. This is a potential incompatibility.
The fallback was introduced a long time ago for interoperability reasons.
Now days this should not be a problem, and if it is, the security
compromise is not acceptable anyway.
Diffstat (limited to 'lib/ssl/src/ssl_record.erl')
| -rw-r--r-- | lib/ssl/src/ssl_record.erl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl index ecff950668..866bfcef7e 100644 --- a/lib/ssl/src/ssl_record.erl +++ b/lib/ssl/src/ssl_record.erl @@ -460,7 +460,7 @@ empty_security_params(ConnectionEnd = ?SERVER) -> random() -> Secs_since_1970 = calendar:datetime_to_gregorian_seconds( calendar:universal_time()) - 62167219200, - Random_28_bytes = crypto:rand_bytes(28), + Random_28_bytes = ssl_cipher:random_bytes(28), <<?UINT32(Secs_since_1970), Random_28_bytes/binary>>. dtls_next_epoch(#connection_state{epoch = undefined}) -> %% SSL/TLS |