Don't use a ssl specific DRBG anymore

Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
author: Kurt Roeckx <kurt@roeckx.be> 2018-03-08 22:30:28 +0100
committer: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> 2018-03-19 15:04:40 +0100
commit: 16cfc2c90d9e7776965db07c1f31bbec2f6c41e3 (patch)
tree: dab155d1453fce5e7e2a5d6c2d4d02557227cb41 /crypto/evp/e_aes_cbc_hmac_sha256.c
parent: 7caf122e717e79afcb986fe217e77a630b67bf4c (diff)
1 files changed, 3 insertions, 12 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index e752d304b6..caac0c9d3d 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -18,11 +18,9 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include <openssl/rand_drbg.h>
 #include "modes_lcl.h"
 #include "internal/constant_time_locl.h"
 #include "internal/evp_int.h"
-#include "evp_locl.h"
 
 typedef struct {
     AES_KEY ks;
@@ -152,8 +150,7 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
 static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
                                          unsigned char *out,
                                          const unsigned char *inp,
-                                         size_t inp_len, int n4x,
-                                         RAND_DRBG *drbg)
+                                         size_t inp_len, int n4x)
 {                               /* n4x is 1 or 2 */
     HASH_DESC hash_d[8], edges[8];
     CIPH_DESC ciph_d[8];
@@ -173,13 +170,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 #  endif
 
     /* ask for IVs in bulk */
-    IVs = blocks[0].c;
-    if (drbg != NULL) {
-        if (RAND_DRBG_bytes(drbg, IVs, 16 * x4) == 0)
-            return 0;
-    } else if (RAND_bytes(IVs, 16 * x4) <= 0) {
+    if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
         return 0;
-    }
 
     /* align */
     ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32));
@@ -885,8 +877,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
 
             return (int)tls1_1_multi_block_encrypt(key, param->out,
                                                    param->inp, param->len,
-                                                   param->interleave / 4,
-                                                   ctx->drbg);
+                                                   param->interleave / 4);
         }
     case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
 # endif
author	Kurt Roeckx <kurt@roeckx.be>	2018-03-08 22:30:28 +0100
committer	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>	2018-03-19 15:04:40 +0100
commit	16cfc2c90d9e7776965db07c1f31bbec2f6c41e3 (patch)
tree	dab155d1453fce5e7e2a5d6c2d4d02557227cb41 /crypto/evp/e_aes_cbc_hmac_sha256.c
parent	7caf122e717e79afcb986fe217e77a630b67bf4c (diff)