#include "internal/evp_int.h"
#include "modes_lcl.h"
#include <openssl/rand.h>
+#include <internal/rand.h>
#include "evp_locl.h"
typedef struct {
memcpy(gctx->iv, ptr, arg);
enc = EVP_CIPHER_CTX_encrypting(c);
- if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
- return 0;
+ if (enc) {
+ if (c->drbg != NULL) {
+ if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0)
+ return 0;
+ } else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
+ return 0;
+ }
+ }
gctx->iv_gen = 1;
return 1;
return 0;
if (arg)
memcpy(gctx->iv, ptr, arg);
- if (EVP_CIPHER_CTX_encrypting(c)
- && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
- return 0;
+ if (EVP_CIPHER_CTX_encrypting(c)) {
+ if (c->drbg != NULL) {
+ if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0)
+ return 0;
+ } else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
+ return 0;
+ }
+ }
gctx->iv_gen = 1;
return 1;
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
+#include <internal/rand.h>
#include "modes_lcl.h"
#include "internal/evp_int.h"
#include "internal/constant_time_locl.h"
+#include "evp_locl.h"
typedef struct {
AES_KEY ks;
static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
unsigned char *out,
const unsigned char *inp,
- size_t inp_len, int n4x)
+ size_t inp_len, int n4x,
+ RAND_DRBG *drbg)
{ /* n4x is 1 or 2 */
HASH_DESC hash_d[8], edges[8];
CIPH_DESC ciph_d[8];
# endif
/* ask for IVs in bulk */
- if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+ IVs = blocks[0].c;
+ if (drbg != NULL) {
+ if (RAND_DRBG_bytes(drbg, IVs, 16 * x4) == 0)
+ return 0;
+ } else if (RAND_bytes(IVs, 16 * x4) <= 0) {
return 0;
+ }
ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
return (int)tls1_1_multi_block_encrypt(key, param->out,
param->inp, param->len,
- param->interleave / 4);
+ param->interleave / 4,
+ ctx->drbg);
}
case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
# endif
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
+#include <internal/rand.h>
#include "modes_lcl.h"
#include "internal/constant_time_locl.h"
#include "internal/evp_int.h"
+#include "evp_locl.h"
typedef struct {
AES_KEY ks;
static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
unsigned char *out,
const unsigned char *inp,
- size_t inp_len, int n4x)
+ size_t inp_len, int n4x,
+ RAND_DRBG *drbg)
{ /* n4x is 1 or 2 */
HASH_DESC hash_d[8], edges[8];
CIPH_DESC ciph_d[8];
# endif
/* ask for IVs in bulk */
- if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+ IVs = blocks[0].c;
+ if (drbg != NULL) {
+ if (RAND_DRBG_bytes(drbg, IVs, 16 * x4) == 0)
+ return 0;
+ } else if (RAND_bytes(IVs, 16 * x4) <= 0) {
return 0;
+ }
/* align */
ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32));
return (int)tls1_1_multi_block_encrypt(key, param->out,
param->inp, param->len,
- param->interleave / 4);
+ param->interleave / 4,
+ ctx->drbg);
}
case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
# endif
# include <openssl/rand.h>
# include "internal/aria.h"
# include "internal/evp_int.h"
+# include "internal/rand.h"
# include "modes_lcl.h"
# include "evp_locl.h"
return 0;
if (arg)
memcpy(gctx->iv, ptr, arg);
- if (EVP_CIPHER_CTX_encrypting(c)
- && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
- return 0;
+ if (EVP_CIPHER_CTX_encrypting(c)) {
+ if (c->drbg != NULL) {
+ if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0)
+ return 0;
+ } else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
+ return 0;
+ }
+ }
gctx->iv_gen = 1;
return 1;
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
+# include <internal/rand.h>
+# include "evp_locl.h"
typedef struct {
union {
switch (type) {
case EVP_CTRL_RAND_KEY:
- if (RAND_bytes(ptr, 8) <= 0)
+ if (c->drbg != NULL) {
+ if (RAND_DRBG_bytes(c->drbg, ptr, 8) == 0)
+ return 0;
+ } else if (RAND_bytes(ptr, 8) <= 0) {
return 0;
+ }
DES_set_odd_parity((DES_cblock *)ptr);
return 1;
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
+# include <internal/rand.h>
# include "evp_locl.h"
typedef struct {
switch (type) {
case EVP_CTRL_RAND_KEY:
- if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+ if (ctx->drbg != NULL) {
+ if (RAND_DRBG_bytes(ctx->drbg, ptr, EVP_CIPHER_CTX_key_length(ctx)) == 0)
+ return 0;
+ } else if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) {
return 0;
+ }
DES_set_odd_parity(deskey);
if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
DES_set_odd_parity(deskey + 1);
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
- if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
+ if (ctx->drbg != NULL) {
+ if (RAND_DRBG_bytes(ctx->drbg, EVP_CIPHER_CTX_iv_noconst(ctx), 8) == 0)
+ return -1;
+ } else if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0) {
return -1;
+ }
memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
+#include "internal/rand.h"
#include "evp_locl.h"
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
int ret;
+
+ if (type == EVP_CTRL_GET_DRBG) {
+ *(RAND_DRBG **)ptr = ctx->drbg;
+ return 1;
+ }
+ if (type == EVP_CTRL_SET_DRBG) {
+ ctx->drbg = ptr;
+ return 1;
+ }
if (!ctx->cipher) {
EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
return 0;
{
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
- if (RAND_bytes(key, ctx->key_len) <= 0)
+ if (ctx->drbg) {
+ if (RAND_DRBG_bytes(ctx->drbg, key, ctx->key_len) == 0)
+ return 0;
+ } else if (RAND_bytes(key, ctx->key_len) <= 0) {
return 0;
+ }
return 1;
}
int final_used;
int block_mask;
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
+ RAND_DRBG *drbg;
} /* EVP_CIPHER_CTX */ ;
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include <internal/rand.h>
+#include "evp_locl.h"
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char **ek, int *ekl, unsigned char *iv,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
- if (EVP_CIPHER_CTX_iv_length(ctx)
- && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
- return 0;
+ if (EVP_CIPHER_CTX_iv_length(ctx)) {
+ if (ctx->drbg) {
+ if (RAND_DRBG_bytes(ctx->drbg, iv, EVP_CIPHER_CTX_iv_length(ctx)) == 0)
+ return 0;
+ } else if (RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) {
+ return 0;
+ }
+ }
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;
=back
+=head1 Random numbers
+
+The following can be used to select the DRBG that is used to generate the random
+numbers:
+
+EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_DRBG, 0, drbg)
+
+The following can be used to get the DRBG:
+
+EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_DRBG, 0, &drbg)
+
+By default it's set to NULL which results in RAND_bytes() being used.
+
+
=head1 NOTES
Where possible the B<EVP> interface to symmetric ciphers should be used in
# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23
/* Set the input buffer lengths to use for a pipelined operation */
# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24
+# define EVP_CTRL_GET_DRBG 0x25
+# define EVP_CTRL_SET_DRBG 0x26
/* Padding modes */
#define EVP_PADDING_PKCS7 1
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
}
+ EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
goto err;
}
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
p = senc;
if (!i2d_SSL_SESSION(s->session, &p)) {
ERR_R_MALLOC_FAILURE);
goto err;
}
+ EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) {
mac_ctx = EVP_MD_CTX_new();
SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
+ EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
}
ciph_ctx = s->enc_write_ctx;
iv = s->write_iv;