diff options
author | Matt Caswell <matt@openssl.org> | 2020-01-15 18:12:59 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-01-24 15:12:56 +0000 |
commit | 8f21260b09eca6226255763e1856c12fbc71985c (patch) | |
tree | aa28cc741f8b5a26aeb66a3b5e52c6b6dedb66c1 /ssl/statem/statem_srvr.c | |
parent | d80bf693faaa8ad08ca76f52228837306d77bb32 (diff) |
Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl
Now that libssl knows about libctx we should use it wherever we generate
a random number.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10927)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c744bf64eb..4a18ad416d 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2844,7 +2844,8 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) OPENSSL_free(s->pha_context); s->pha_context_len = 32; if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL - || RAND_bytes(s->pha_context, s->pha_context_len) <= 0 + || RAND_bytes_ex(s->ctx->libctx, s->pha_context, + s->pha_context_len) <= 0 || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, @@ -3885,7 +3886,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, const EVP_CIPHER *cipher = EVP_aes_256_cbc(); iv_len = EVP_CIPHER_iv_length(cipher); - if (RAND_bytes(iv, iv_len) <= 0 + if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0 || !EVP_EncryptInit_ex(ctx, cipher, NULL, tctx->ext.secure->tick_aes_key, iv) || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, @@ -4015,7 +4016,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) /* SSLfatal() already called */ goto err; } - if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) { + if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c, + sizeof(age_add_u)) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); |