From 8aa39bf90a213f086b8e4990e77570ddb6748496 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 22 Aug 2012 09:58:22 +0200
Subject: ssl: Use crypto:strong_rand_bytes if possible

---
 lib/ssl/src/ssl.erl            | 19 ++++++++++++++++++-
 lib/ssl/src/ssl_cipher.erl     |  2 +-
 lib/ssl/src/ssl_connection.erl |  2 +-
 3 files changed, 20 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 4372a147fa..40d933a256 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -31,7 +31,7 @@
 	 controlling_process/2, listen/2, pid/1, peername/1, peercert/1,
 	 recv/2, recv/3, send/2, getopts/2, setopts/2, sockname/1,
 	 versions/0, session_info/1, format_error/1,
-	 renegotiate/1, prf/5, clear_pem_cache/0]).
+	 renegotiate/1, prf/5, clear_pem_cache/0, random_bytes/1]).
 
 -deprecated({pid, 1, next_major_release}).
 
@@ -484,6 +484,23 @@ format_error(Error) ->
             Other
     end.
 
+%%--------------------------------------------------------------------
+-spec random_bytes(integer()) -> binary().
+
+%%
+%% Description: Generates cryptographically secure random sequence if possible
+%% fallbacks on pseudo random function
+%%--------------------------------------------------------------------
+random_bytes(N) ->
+    try crypto:strong_rand_bytes(N) of
+	RandBytes ->
+	    RandBytes
+    catch
+	error:low_entropy ->
+	    crypto:rand_bytes(N)
+    end.
+
+
 %%%--------------------------------------------------------------
 %%% Internal functions
 %%%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 358972f522..80df8fd5cb 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -690,7 +690,7 @@ get_padding_aux(BlockSize, PadLength) ->
 
 random_iv(IV) ->
     IVSz = byte_size(IV),
-    crypto:rand_bytes(IVSz).
+    ssl:random_bytes(IVSz).
 
 next_iv(Bin, IV) ->
     BinSz = byte_size(Bin),
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index f83341dee7..4954f5d668 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -2310,7 +2310,7 @@ handle_unexpected_message(Msg, Info, #state{negotiated_version = Version} = Stat
     {stop, normal, State}.
 
 make_premaster_secret({MajVer, MinVer}, rsa) ->
-    Rand = crypto:rand_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
+    Rand = ssl:random_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
     <<?BYTE(MajVer), ?BYTE(MinVer), Rand/binary>>;
 make_premaster_secret(_, _) ->
     undefined.
-- 
cgit v1.2.3