From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 16 Nov 2018 10:11:27 +0000 (+0100)
Subject: openssl: Use separate DRBG for RNG_STRONG and RNG_TRUE with OpenSSL 1.1.1
X-Git-Tag: 5.7.2dr4~12^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=69756c0bffb6ec905bf2008001669045b13c96ad;p=thirdparty%2Fstrongswan.git

openssl: Use separate DRBG for RNG_STRONG and RNG_TRUE with OpenSSL 1.1.1

OpenSSL 1.1.1 introduces DRGBs and provides two sources (same security
profile etc. but separate internal state), which allows us to use one for
RNG_WEAK (e.g. for nonces that are directly publicly visible) and the other
for stronger random data like keys.
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c
index a25b6b4b66..9514ca9166 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rng.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rng.c
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2012-2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2012 Aleksandr Grinberg
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -24,7 +27,6 @@
 #include <utils/debug.h>
 
 #include <openssl/rand.h>
-#include <openssl/err.h>
 
 #include "openssl_rng.h"
 
@@ -49,6 +51,13 @@ struct private_openssl_rng_t {
 METHOD(rng_t, get_bytes, bool,
 	private_openssl_rng_t *this, size_t bytes, uint8_t *buffer)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
+	if (this->quality > RNG_WEAK)
+	{	/* use a separate DRBG for data we wan't to keep private, compared
+		 * to e.g. nonces */
+		return RAND_priv_bytes((char*)buffer, bytes) == 1;
+	}
+#endif
 	return RAND_bytes((char*)buffer, bytes) == 1;
 }