Commit ae3947de authored by Rich Salz's avatar Rich Salz
Browse files

Add a DRBG to each SSL object 



Give each SSL object it's own DRBG, chained to the parent global
DRBG which is used only as a source of randomness into the per-SSL
DRBG.  This is used for all session, ticket, and pre-master secret keys.
It is NOT used for ECDH key generation which use only the global
DRBG. (Doing that without changing the API is tricky, if not impossible.)

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4050)
parent 75e2c877

apps/s_server.c

+2 −2
Original line number Diff line number Diff line
@@ -67,7 +67,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context); 
static void close_accept_socket(void);

static int init_ssl_connection(SSL *s);

static void print_stats(BIO *bp, SSL_CTX *ctx);

static int generate_session_id(const SSL *ssl, unsigned char *id,

static int generate_session_id(SSL *ssl, unsigned char *id,

                               unsigned int *id_len);

static void init_session_cache_ctx(SSL_CTX *sctx);

static void free_sessions(void);
@@ -3412,7 +3412,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context) 
}



#define MAX_SESSION_ID_ATTEMPTS 10

static int generate_session_id(const SSL *ssl, unsigned char *id,

static int generate_session_id(SSL *ssl, unsigned char *id,

                               unsigned int *id_len)

{

    unsigned int count = 0;

crypto/rand/drbg_lib.c

+8 −0
Original line number Diff line number Diff line
@@ -78,6 +78,9 @@ RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent) 
        goto err;



    if (parent != NULL) {

        if (parent->state == DRBG_UNINITIALISED

                && RAND_DRBG_instantiate(parent, NULL, 0) == 0)

            goto err;

        if (!RAND_DRBG_set_callbacks(drbg, drbg_entropy_from_parent,

                                     drbg_release_entropy,

                                     NULL, NULL)
@@ -98,6 +101,11 @@ err: 
    return NULL;

}



RAND_DRBG *RAND_DRBG_get0_global(void)

{

    return &rand_drbg;

}



/*

 * Uninstantiate |drbg| and free all memory.

 */

include/internal/rand.h

+1 −0
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, 
                       int prediction_resistance,

                       const unsigned char *adin, size_t adinlen);

int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, int interval);

RAND_DRBG *RAND_DRBG_get0_global(void);



/*

 * EXDATA

include/openssl/ssl.h

+1 −1
Original line number Diff line number Diff line
@@ -622,7 +622,7 @@ __owur int SRP_Calc_A_param(SSL *s); 
 * bytes. The callback can alter this length to be less if desired. It is

 * also an error for the callback to set the size to zero.

 */

typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,

typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id,

                               unsigned int *id_len);



# define SSL_SESS_CACHE_OFF                      0x0000

ssl/record/ssl3_record.c

+1 −1
Original line number Diff line number Diff line
@@ -892,7 +892,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) 
                         */

                        SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);

                        return -1;

                    } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {

                    } else if (ssl_randbytes(s, recs[ctr].input, ivlen) <= 0) {

                        SSLerr(SSL_F_TLS1_ENC, ERR_R_INTERNAL_ERROR);

                        return -1;

                    }