openssl: Use separate DRBG for RNG_STRONG and RNG_TRUE with OpenSSL 1.1.1

OpenSSL 1.1.1 introduces DRGBs and provides two sources (same security
profile etc. but separate internal state), which allows us to use one for
RNG_WEAK (e.g. for nonces that are directly publicly visible) and the other
for stronger random data like keys.

diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c
index a25b6b4b665627d04f06fa486eed0746fd858e5b..9514ca9166542eb2c7b8bf27de3fea1a3976490c 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_rng.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rng.c
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2012-2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2012 Aleksandr Grinberg
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -24,7 +27,6 @@
 #include <utils/debug.h>
 
 #include <openssl/rand.h>
-#include <openssl/err.h>
 
 #include "openssl_rng.h"
 
@@ -49,6 +51,13 @@ struct private_openssl_rng_t {
 METHOD(rng_t, get_bytes, bool,
        private_openssl_rng_t *this, size_t bytes, uint8_t *buffer)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+       if (this->quality > RNG_WEAK)
+       {       /* use a separate DRBG for data we wan't to keep private, compared
+                * to e.g. nonces */
+               return RAND_priv_bytes((char*)buffer, bytes) == 1;
+       }
+#endif
        return RAND_bytes((char*)buffer, bytes) == 1;
 }