Add a DRBG to each SSL object

Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
author: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
commit: ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree: 7044411af55af40f9f5f5adad685ccc70d155998 /ssl/statem
parent: 75e2c877650444fb829547bdb58d46eb1297bc1a (diff)
download: openssl-ae3947de09522206d61c0206a733517b10a910f8.zip
openssl-ae3947de09522206d61c0206a733517b10a910f8.tar.gz
openssl-ae3947de09522206d61c0206a733517b10a910f8.tar.bz2
2 files changed, 5 insertions, 5 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5f6c6b0..5f2855b 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2816,7 +2816,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt, int *al)
     pms[0] = s->client_version >> 8;
     pms[1] = s->client_version & 0xff;
     /* TODO(size_t): Convert this function */
-    if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {
+    if (ssl_randbytes(s, pms + 2, (int)(pmslen - 2)) <= 0) {
         goto err;
     }
 
@@ -3006,7 +3006,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt, int *al)
         /* Generate session key
          * TODO(size_t): Convert this function
          */
-        || RAND_bytes(pms, (int)pmslen) <= 0) {
+        || ssl_randbytes(s, pms, (int)pmslen) <= 0) {
         *al = SSL_AD_INTERNAL_ERROR;
         SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR);
         goto err;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9d3c387..fad339a 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2671,7 +2671,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt, int *al)
      * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
      */
 
-    if (RAND_bytes(rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0)
+    if (ssl_randbytes(s, rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0)
         goto err;
 
     /*
@@ -3378,7 +3378,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
     } age_add_u;
 
     if (SSL_IS_TLS13(s)) {
-        if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0)
+        if (ssl_randbytes(s, age_add_u.age_add_c, sizeof(age_add_u)) <= 0)
             goto err;
         s->session->ext.tick_age_add = age_add_u.age_add;
        /*
@@ -3487,7 +3487,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
         const EVP_CIPHER *cipher = EVP_aes_256_cbc();
 
         iv_len = EVP_CIPHER_iv_length(cipher);
-        if (RAND_bytes(iv, iv_len) <= 0)
+        if (ssl_randbytes(s, iv, iv_len) <= 0)
             goto err;
         if (!EVP_EncryptInit_ex(ctx, cipher, NULL,
                                 tctx->ext.tick_aes_key, iv))
author	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
commit	ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree	7044411af55af40f9f5f5adad685ccc70d155998 /ssl/statem
parent	75e2c877650444fb829547bdb58d46eb1297bc1a (diff)
download	openssl-ae3947de09522206d61c0206a733517b10a910f8.zip openssl-ae3947de09522206d61c0206a733517b10a910f8.tar.gz openssl-ae3947de09522206d61c0206a733517b10a910f8.tar.bz2