Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl

Now that libssl knows about libctx we should use it wherever we generate a random number. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10927)
author: Matt Caswell <matt@openssl.org> 2020-01-15 18:12:59 +0000
committer: Matt Caswell <matt@openssl.org> 2020-01-24 15:12:56 +0000
commit: 8f21260b09eca6226255763e1856c12fbc71985c (patch)
tree: aa28cc741f8b5a26aeb66a3b5e52c6b6dedb66c1 /ssl/statem/statem_srvr.c
parent: d80bf693faaa8ad08ca76f52228837306d77bb32 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index c744bf64eb..4a18ad416d 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2844,7 +2844,8 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
             OPENSSL_free(s->pha_context);
             s->pha_context_len = 32;
             if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
-                    || RAND_bytes(s->pha_context, s->pha_context_len) <= 0
+                    || RAND_bytes_ex(s->ctx->libctx, s->pha_context,
+                                     s->pha_context_len) <= 0
                     || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                          SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
@@ -3885,7 +3886,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
         const EVP_CIPHER *cipher = EVP_aes_256_cbc();
 
         iv_len = EVP_CIPHER_iv_length(cipher);
-        if (RAND_bytes(iv, iv_len) <= 0
+        if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0
                 || !EVP_EncryptInit_ex(ctx, cipher, NULL,
                                        tctx->ext.secure->tick_aes_key, iv)
                 || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
@@ -4015,7 +4016,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
             /* SSLfatal() already called */
             goto err;
         }
-        if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
+        if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c,
+                          sizeof(age_add_u)) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
                      ERR_R_INTERNAL_ERROR);
author	Matt Caswell <matt@openssl.org>	2020-01-15 18:12:59 +0000
committer	Matt Caswell <matt@openssl.org>	2020-01-24 15:12:56 +0000
commit	8f21260b09eca6226255763e1856c12fbc71985c (patch)
tree	aa28cc741f8b5a26aeb66a3b5e52c6b6dedb66c1 /ssl/statem/statem_srvr.c
parent	d80bf693faaa8ad08ca76f52228837306d77bb32 (diff)