From 8f21260b09eca6226255763e1856c12fbc71985c Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 15 Jan 2020 18:12:59 +0000 Subject: [PATCH] Make sure we use RAND_bytes_ex and RAND_priv_bytes_ex in libssl Now that libssl knows about libctx we should use it wherever we generate a random number. Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10927) --- ssl/record/ssl3_record.c | 3 ++- ssl/s3_lib.c | 4 ++-- ssl/ssl_lib.c | 16 ++++++++-------- ssl/ssl_sess.c | 2 +- ssl/statem/statem_clnt.c | 7 ++++--- ssl/statem/statem_srvr.c | 8 +++++--- 6 files changed, 22 insertions(+), 18 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index a725583929..36e8d86902 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1015,7 +1015,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); return -1; - } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) { + } else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input, + ivlen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR); return -1; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 15aeae365e..745bccc836 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4570,9 +4570,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, unsigned char *p = result; l2n(Time, p); - ret = RAND_bytes(p, len - 4); + ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4); } else { - ret = RAND_bytes(result, len); + ret = RAND_bytes_ex(s->ctx->libctx, result, len); } if (ret > 0) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 384c28e76b..5ea310d5c4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3137,16 +3137,16 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; /* Setup RFC5077 ticket keys */ - if ((RAND_bytes(ret->ext.tick_key_name, - sizeof(ret->ext.tick_key_name)) <= 0) - || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key, - sizeof(ret->ext.secure->tick_hmac_key)) <= 0) - || (RAND_priv_bytes(ret->ext.secure->tick_aes_key, - sizeof(ret->ext.secure->tick_aes_key)) <= 0)) + if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name, + sizeof(ret->ext.tick_key_name)) <= 0) + || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key, + sizeof(ret->ext.secure->tick_hmac_key)) <= 0) + || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key, + sizeof(ret->ext.secure->tick_aes_key)) <= 0)) ret->options |= SSL_OP_NO_TICKET; - if (RAND_priv_bytes(ret->ext.cookie_hmac_key, - sizeof(ret->ext.cookie_hmac_key)) <= 0) + if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key, + sizeof(ret->ext.cookie_hmac_key)) <= 0) goto err; #ifndef OPENSSL_NO_SRP diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 8d18ce4504..941660d8a1 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -259,7 +259,7 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id, { unsigned int retry = 0; do - if (RAND_bytes(id, *id_len) <= 0) + if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len) <= 0) return 0; while (SSL_has_matching_session_id(ssl, id, *id_len) && (++retry < MAX_SESS_ID_ATTEMPTS)) ; diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index a13d2708b1..ef53fe7872 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1201,7 +1201,8 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) s->tmp_session_id_len = sess_id_len; session_id = s->tmp_session_id; if (s->hello_retry_request == SSL_HRR_NONE - && RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) { + && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id, + sess_id_len) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); @@ -2976,7 +2977,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; /* TODO(size_t): Convert this function */ - if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) { + if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2)) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA, ERR_R_MALLOC_FAILURE); goto err; @@ -3197,7 +3198,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) /* Generate session key * TODO(size_t): Convert this function */ - || RAND_bytes(pms, (int)pmslen) <= 0) { + || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c744bf64eb..4a18ad416d 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2844,7 +2844,8 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) OPENSSL_free(s->pha_context); s->pha_context_len = 32; if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL - || RAND_bytes(s->pha_context, s->pha_context_len) <= 0 + || RAND_bytes_ex(s->ctx->libctx, s->pha_context, + s->pha_context_len) <= 0 || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, @@ -3885,7 +3886,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, const EVP_CIPHER *cipher = EVP_aes_256_cbc(); iv_len = EVP_CIPHER_iv_length(cipher); - if (RAND_bytes(iv, iv_len) <= 0 + if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0 || !EVP_EncryptInit_ex(ctx, cipher, NULL, tctx->ext.secure->tick_aes_key, iv) || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, @@ -4015,7 +4016,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) /* SSLfatal() already called */ goto err; } - if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) { + if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c, + sizeof(age_add_u)) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); -- 2.25.1