Add a DRBG to each SSL object

Give each SSL object it's own DRBG, chained to the parent global DRBG which is used only as a source of randomness into the per-SSL DRBG. This is used for all session, ticket, and pre-master secret keys. It is NOT used for ECDH key generation which use only the global DRBG. (Doing that without changing the API is tricky, if not impossible.) Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4050)
author: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-03 10:24:03 -0400
commit: ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree: 7044411af55af40f9f5f5adad685ccc70d155998 /ssl/tls_srp.c
parent: 75e2c877650444fb829547bdb58d46eb1297bc1a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index bfdbdf5874..368cacee3d 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -153,7 +153,7 @@ int SSL_srp_server_param_with_username(SSL *s, int *ad)
         (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
         return SSL3_AL_FATAL;
 
-    if (RAND_bytes(b, sizeof(b)) <= 0)
+    if (ssl_randbytes(s, b, sizeof(b)) <= 0)
         return SSL3_AL_FATAL;
     s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
     OPENSSL_cleanse(b, sizeof(b));
@@ -343,7 +343,7 @@ int SRP_Calc_A_param(SSL *s)
 {
     unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
 
-    if (RAND_bytes(rnd, sizeof(rnd)) <= 0)
+    if (ssl_randbytes(s, rnd, sizeof(rnd)) <= 0)
         return 0;
     s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
     OPENSSL_cleanse(rnd, sizeof(rnd));
author	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-03 10:24:03 -0400
commit	ae3947de09522206d61c0206a733517b10a910f8 (patch)
tree	7044411af55af40f9f5f5adad685ccc70d155998 /ssl/tls_srp.c
parent	75e2c877650444fb829547bdb58d46eb1297bc1a (diff)