[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sat May 29 07:18:39 UTC 2021
The branch master has been updated
via 5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c (commit)
via 965fa9c0804dadb6f99dedbff9255a2ce6ddb640 (commit)
via 0f8815aace625f869a42cfc5c254c08d5a668077 (commit)
via 23e97567be012ff1b5082bf149810c72816c29bd (commit)
via 508258caa0299481d07d2118da5fe1524de0b6fd (commit)
via e587bccdf9152716e8ff74d8208a064cabf9f3e8 (commit)
from 83058e810b3abf6b04c20857323b9e487cbd0367 (commit)
- Log -----------------------------------------------------------------
commit 5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c
Author: Pauli <pauli at openssl.org>
Date: Fri May 28 14:46:40 2021 +1000
add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
commit 965fa9c0804dadb6f99dedbff9255a2ce6ddb640
Author: Pauli <pauli at openssl.org>
Date: Fri May 28 14:46:17 2021 +1000
prov: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
commit 0f8815aace625f869a42cfc5c254c08d5a668077
Author: Pauli <pauli at openssl.org>
Date: Fri May 28 14:45:57 2021 +1000
ssl: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
commit 23e97567be012ff1b5082bf149810c72816c29bd
Author: Pauli <pauli at openssl.org>
Date: Fri May 28 14:45:43 2021 +1000
test: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
commit 508258caa0299481d07d2118da5fe1524de0b6fd
Author: Pauli <pauli at openssl.org>
Date: Fri May 28 14:45:06 2021 +1000
rand: add a strength argument to the BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
commit e587bccdf9152716e8ff74d8208a064cabf9f3e8
Author: Pauli <pauli at openssl.org>
Date: Fri May 28 14:44:38 2021 +1000
doc: document the strength arugments to the RNG functions
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn_mime.c | 2 +-
crypto/asn1/p5_pbe.c | 2 +-
crypto/asn1/p5_pbev2.c | 5 ++-
crypto/bn/bn_blind.c | 2 +-
crypto/bn/bn_gf2m.c | 4 +-
crypto/bn/bn_prime.c | 7 ++--
crypto/bn/bn_rand.c | 47 ++++++++++++----------
crypto/bn/bn_rsa_fips186_4.c | 6 +--
crypto/bn/bn_sqrt.c | 2 +-
crypto/bn/bn_x931p.c | 9 +++--
crypto/cmp/cmp_hdr.c | 2 +-
crypto/cms/cms_enc.c | 2 +-
crypto/cms/cms_ess.c | 3 +-
crypto/cms/cms_pwri.c | 4 +-
crypto/crmf/crmf_pbm.c | 2 +-
crypto/dh/dh_key.c | 2 +-
crypto/dsa/dsa_ossl.c | 4 +-
crypto/ec/ec2_smpl.c | 4 +-
crypto/ec/ec_key.c | 2 +-
crypto/ec/ecdsa_ossl.c | 2 +-
crypto/ec/ecp_s390x_nistp.c | 2 +-
crypto/ec/ecp_smpl.c | 8 ++--
crypto/ec/ecx_backend.c | 2 +-
crypto/ec/ecx_meth.c | 8 ++--
crypto/evp/evp_enc.c | 2 +-
crypto/evp/p_seal.c | 2 +-
crypto/ffc/ffc_key_generate.c | 2 +-
crypto/ffc/ffc_params_generate.c | 4 +-
crypto/pkcs12/p12_mutl.c | 2 +-
crypto/pkcs7/pk7_doit.c | 2 +-
crypto/rand/rand_lib.c | 14 ++++---
crypto/rsa/rsa_oaep.c | 2 +-
crypto/rsa/rsa_pk1.c | 6 +--
crypto/rsa/rsa_pss.c | 2 +-
crypto/sm2/sm2_crypt.c | 2 +-
crypto/sm2/sm2_sign.c | 2 +-
crypto/srp/srp_vfy.c | 4 +-
doc/man3/BN_rand.pod | 36 ++++++++++-------
doc/man3/RAND_bytes.pod | 10 +++--
include/openssl/bn.h | 12 ++++--
include/openssl/rand.h | 17 ++++++--
.../ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 2 +-
.../ciphers/cipher_aes_cbc_hmac_sha256_hw.c | 2 +-
providers/implementations/ciphers/cipher_des.c | 2 +-
.../implementations/ciphers/cipher_tdes_common.c | 2 +-
.../implementations/ciphers/cipher_tdes_wrap.c | 2 +-
.../implementations/ciphers/ciphercommon_gcm.c | 4 +-
providers/implementations/kem/rsa_kem.c | 2 +-
providers/implementations/keymgmt/ecx_kmgmt.c | 10 ++---
ssl/record/ssl3_record.c | 2 +-
ssl/record/tls_pad.c | 2 +-
ssl/s3_lib.c | 4 +-
ssl/ssl_lib.c | 8 ++--
ssl/ssl_sess.c | 2 +-
ssl/statem/statem_clnt.c | 8 ++--
ssl/statem/statem_srvr.c | 6 +--
ssl/tls_srp.c | 4 +-
test/cmp_client_test.c | 2 +-
test/cmp_msg_test.c | 4 +-
test/sslapitest.c | 2 +-
test/tls-provider.c | 4 +-
61 files changed, 181 insertions(+), 147 deletions(-)
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 8d7094d035..1c1f72f800 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -251,7 +251,7 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
- if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32) <= 0)
+ if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32, 0) <= 0)
return 0;
for (i = 0; i < 32; i++) {
c = bound[i] & 0xf;
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index 61b8587ebd..9bc8aaa7a3 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -55,7 +55,7 @@ int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter,
}
if (salt)
memcpy(sstr, salt, saltlen);
- else if (RAND_bytes_ex(ctx, sstr, saltlen) <= 0)
+ else if (RAND_bytes_ex(ctx, sstr, saltlen, 0) <= 0)
goto err;
ASN1_STRING_set0(pbe->salt, sstr, saltlen);
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index c9d9d31cc2..d16fb8cfe3 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -69,7 +69,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter,
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+ else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher),
+ 0) <= 0)
goto err;
}
@@ -187,7 +188,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
if (salt)
memcpy(osalt->data, salt, saltlen);
- else if (RAND_bytes_ex(libctx, osalt->data, saltlen) <= 0)
+ else if (RAND_bytes_ex(libctx, osalt->data, saltlen, 0) <= 0)
goto merr;
if (iter <= 0)
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index eebf2aa95e..cee8bf329b 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -270,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
do {
int rv;
- if (!BN_priv_rand_range_ex(ret->A, ret->mod, ctx))
+ if (!BN_priv_rand_range_ex(ret->A, ret->mod, 0, ctx))
goto err;
if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
break;
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index 82aad3f599..304c2ea08d 100644
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@@ -742,7 +742,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
/* generate blinding value */
do {
if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1,
- BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
+ BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
goto err;
} while (BN_is_zero(b));
@@ -1051,7 +1051,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
goto err;
do {
if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY,
- ctx))
+ 0, ctx))
goto err;
if (!BN_GF2m_mod_arr(rho, rho, p))
goto err;
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 557f038105..64c7cd6a63 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -386,7 +386,7 @@ int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx,
/* (Step 4) */
for (i = 0; i < iterations; ++i) {
/* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */
- if (!BN_priv_rand_range_ex(b, w3, ctx)
+ if (!BN_priv_rand_range_ex(b, w3, 0, ctx)
|| !BN_add_word(b, 2)) /* 1 < b < w-1 */
goto err;
@@ -484,7 +484,8 @@ static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods,
again:
/* TODO: Not all primes are private */
- if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, ctx))
+ if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, 0,
+ ctx))
return 0;
if (safe && !BN_set_bit(rnd, 1))
return 0;
@@ -550,7 +551,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
maxdelta = BN_MASK2 - BN_get_word(add);
again:
- if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx))
+ if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, 0, ctx))
goto err;
/* we need ((rnd-rem) % add) == 0 */
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 79e44ab960..baac4ea7ed 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -21,7 +21,7 @@ typedef enum bnrand_flag_e {
} BNRAND_FLAG;
static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
- BN_CTX *ctx)
+ unsigned int strength, BN_CTX *ctx)
{
unsigned char *buf = NULL;
int b, ret = 0, bit, bytes, mask;
@@ -47,8 +47,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
}
/* make a random number and set the top and bottom bits */
- b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes)
- : RAND_priv_bytes_ex(libctx, buf, bytes);
+ b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes, strength)
+ : RAND_priv_bytes_ex(libctx, buf, bytes, strength);
if (b <= 0)
goto err;
@@ -60,7 +60,7 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
unsigned char c;
for (i = 0; i < bytes; i++) {
- if (RAND_bytes_ex(libctx, &c, 1) <= 0)
+ if (RAND_bytes_ex(libctx, &c, 1, strength) <= 0)
goto err;
if (c >= 128 && i > 0)
buf[i] = buf[i - 1];
@@ -99,37 +99,39 @@ toosmall:
return 0;
}
-int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
+int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+ unsigned int strength, BN_CTX *ctx)
{
- return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
+ return bnrand(NORMAL, rnd, bits, top, bottom, strength, ctx);
}
#ifndef FIPS_MODULE
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
- return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
+ return bnrand(NORMAL, rnd, bits, top, bottom, 0, NULL);
}
int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
- return bnrand(TESTING, rnd, bits, top, bottom, NULL);
+ return bnrand(TESTING, rnd, bits, top, bottom, 0, NULL);
}
#endif
-int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
+int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+ unsigned int strength, BN_CTX *ctx)
{
- return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
+ return bnrand(PRIVATE, rnd, bits, top, bottom, strength, ctx);
}
#ifndef FIPS_MODULE
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
- return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
+ return bnrand(PRIVATE, rnd, bits, top, bottom, 0, NULL);
}
#endif
/* random number r: 0 <= r < range */
static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
- BN_CTX *ctx)
+ unsigned int strength, BN_CTX *ctx)
{
int n;
int count = 100;
@@ -152,7 +154,7 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
*/
do {
if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY,
- ctx))
+ strength, ctx))
return 0;
/*
@@ -179,7 +181,8 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
} else {
do {
/* range = 11..._2 or range = 101..._2 */
- if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
+ if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0,
+ ctx))
return 0;
if (!--count) {
@@ -194,27 +197,29 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
return 1;
}
-int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
+int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+ BN_CTX *ctx)
{
- return bnrand_range(NORMAL, r, range, ctx);
+ return bnrand_range(NORMAL, r, range, strength, ctx);
}
#ifndef FIPS_MODULE
int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
- return bnrand_range(NORMAL, r, range, NULL);
+ return bnrand_range(NORMAL, r, range, 0, NULL);
}
#endif
-int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
+int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+ BN_CTX *ctx)
{
- return bnrand_range(PRIVATE, r, range, ctx);
+ return bnrand_range(PRIVATE, r, range, strength, ctx);
}
#ifndef FIPS_MODULE
int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
{
- return bnrand_range(PRIVATE, r, range, NULL);
+ return bnrand_range(PRIVATE, r, range, 0, NULL);
}
# ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -282,7 +287,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
goto err;
}
for (done = 0; done < num_k_bytes;) {
- if (!RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes)))
+ if (!RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0))
goto err;
if (!EVP_DigestInit_ex(mdctx, md, NULL)
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index dc83865e4b..04fbabcb23 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -178,14 +178,14 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
if (Xp1 == NULL) {
/* Set the top and bottom bits to make it odd and the correct size */
if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
- ctx))
+ 0, ctx))
goto err;
}
/* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */
if (Xp2 == NULL) {
/* Set the top and bottom bits to make it odd and the correct size */
if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD,
- ctx))
+ 0, ctx))
goto err;
}
@@ -306,7 +306,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
* (Step 3) Choose Random X such that
* sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1.
*/
- if (!BN_priv_rand_range_ex(X, range, ctx) || !BN_add(X, X, base))
+ if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base))
goto end;
}
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 9fc7776db6..b663ae5ec5 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -182,7 +182,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
if (!BN_set_word(y, i))
goto end;
} else {
- if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, ctx))
+ if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, 0, ctx))
goto end;
if (BN_ucmp(y, p) >= 0) {
if (!(p->neg ? BN_add : BN_sub) (y, y, p))
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index c7ce437b16..20d35cf7af 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -175,7 +175,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
* - 1. By setting the top two bits we ensure that the lower bound is
* exceeded.
*/
- if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx))
+ if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0,
+ ctx))
return 0;
BN_CTX_start(ctx);
@@ -184,7 +185,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
goto err;
for (i = 0; i < 1000; i++) {
- if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY,
+ if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0,
ctx))
goto err;
@@ -230,9 +231,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
if (Xp1 == NULL || Xp2 == NULL)
goto error;
- if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
+ if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx))
goto error;
- if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx))
+ if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx))
goto error;
if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
goto error;
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index eca5578e44..86be2546d5 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -142,7 +142,7 @@ static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len)
unsigned char *bytes = OPENSSL_malloc(len);
int res = 0;
- if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len) <= 0)
+ if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len, 0) <= 0)
ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM);
else
res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len);
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 3bec60bcf0..09dbb21275 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -83,7 +83,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
- if (RAND_bytes_ex(libctx, iv, ivlen) <= 0)
+ if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
goto err;
piv = iv;
}
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index d029b75b69..6c43dd102a 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -128,7 +128,8 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
else {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
goto merr;
- if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32) <= 0)
+ if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32,
+ 0) <= 0)
goto err;
}
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index a278280563..d521f8cc47 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -94,7 +94,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
- if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen) <= 0)
+ if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0)
goto err;
if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
@@ -264,7 +264,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
/* Add random padding to end */
if (olen > inlen + 4
&& RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen,
- olen - 4 - inlen) <= 0)
+ olen - 4 - inlen, 0) <= 0)
return 0;
/* Encrypt twice */
if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index cf483dcb9a..21808d014b 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -55,7 +55,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
*/
if ((salt = OPENSSL_malloc(slen)) == NULL)
goto err;
- if (RAND_bytes_ex(libctx, salt, (int)slen) <= 0) {
+ if (RAND_bytes_ex(libctx, salt, (int)slen, 0) <= 0) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM);
goto err;
}
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 33ac134c51..6b8cd550f2 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -318,7 +318,7 @@ static int generate_key(DH *dh)
goto err;
l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1;
if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE,
- BN_RAND_BOTTOM_ANY, ctx))
+ BN_RAND_BOTTOM_ANY, 0, ctx))
goto err;
/*
* We handle just one known case where g is a quadratic non-residue:
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index c16d85c9e1..86d89f4c72 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -132,7 +132,7 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
/* Generate a blinding value */
do {
if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1,
- BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
+ BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
goto err;
} while (BN_is_zero(blind));
BN_set_flags(blind, BN_FLG_CONSTTIME);
@@ -250,7 +250,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst,
dlen, ctx))
goto err;
- } else if (!BN_priv_rand_range_ex(k, dsa->params.q, ctx))
+ } else if (!BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx))
goto err;
} while (BN_is_zero(k));
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index d8c2a7888f..3a59544c8b 100644
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -730,7 +730,7 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
/* s blinding: make sure lambda (s->Z here) is not zero */
do {
if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1,
- BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) {
+ BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) {
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
return 0;
}
@@ -745,7 +745,7 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
/* r blinding: make sure lambda (r->Y here for storage) is not zero */
do {
if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1,
- BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) {
+ BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) {
ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB);
return 0;
}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index ea2bad3e26..ba6b8df514 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -298,7 +298,7 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test)
}
do
- if (!BN_priv_rand_range_ex(priv_key, order, ctx))
+ if (!BN_priv_rand_range_ex(priv_key, order, 0, ctx))
goto err;
while (BN_is_zero(priv_key)) ;
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index b2bf68a5ce..fe9b3cf593 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -135,7 +135,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
goto err;
}
} else {
- if (!BN_priv_rand_range_ex(k, order, ctx)) {
+ if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index 173fd72362..4a676c37ad 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -180,7 +180,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
* internally implementing counter-measures for RNG weakness.
*/
if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
- len) != 1) {
+ len, 0) != 1) {
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto ret;
}
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index c54d6fb6c8..bde8cad346 100644
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -1396,7 +1396,7 @@ int ossl_ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r,
goto err;
do {
- if (!BN_priv_rand_range_ex(e, group->field, ctx))
+ if (!BN_priv_rand_range_ex(e, group->field, 0, ctx))
goto err;
} while (BN_is_zero(e));
@@ -1449,7 +1449,7 @@ int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
*/
do {
ERR_set_mark();
- ret = BN_priv_rand_range_ex(lambda, group->field, ctx);
+ ret = BN_priv_rand_range_ex(lambda, group->field, 0, ctx);
ERR_pop_to_mark();
if (ret == 0) {
ret = 1;
@@ -1519,13 +1519,13 @@ int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group,
/* make sure lambda (r->Y here for storage) is not zero */
do {
- if (!BN_priv_rand_range_ex(r->Y, group->field, ctx))
+ if (!BN_priv_rand_range_ex(r->Y, group->field, 0, ctx))
return 0;
} while (BN_is_zero(r->Y));
/* make sure lambda (s->Z here for storage) is not zero */
do {
- if (!BN_priv_rand_range_ex(s->Z, group->field, ctx))
+ if (!BN_priv_rand_range_ex(s->Z, group->field, 0, ctx))
return 0;
} while (BN_is_zero(s->Z));
diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c
index 3a1314626b..14278592cd 100644
--- a/crypto/ec/ecx_backend.c
+++ b/crypto/ec/ecx_backend.c
@@ -187,7 +187,7 @@ ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg,
}
if (op == KEY_OP_KEYGEN) {
if (id != EVP_PKEY_NONE) {
- if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id)) <= 0)
+ if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id), 0) <= 0)
goto err;
if (id == EVP_PKEY_X25519) {
privkey[0] &= 248;
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index c47bd9f9dd..9dd347d670 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -937,7 +937,7 @@ static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN, 0) <= 0)
goto err;
privkey[0] &= 248;
@@ -980,7 +980,7 @@ static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN, 0) <= 0)
goto err;
privkey[0] &= 252;
@@ -1029,7 +1029,7 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0)
goto err;
md = EVP_MD_fetch(ctx->libctx, "SHA512", ctx->propquery);
@@ -1095,7 +1095,7 @@ static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
goto err;
}
- if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN, 0) <= 0)
goto err;
hashctx = EVP_MD_CTX_new();
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index dc22d507a4..356951014b 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1332,7 +1332,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx);
kl = EVP_CIPHER_CTX_key_length(ctx);
- if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl) <= 0)
+ if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0)
return 0;
return 1;
}
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index c13041f027..bafafd6244 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -44,7 +44,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return 0;
len = EVP_CIPHER_CTX_iv_length(ctx);
- if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len) <= 0)
+ if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len, 0) <= 0)
goto err;
len = EVP_CIPHER_CTX_key_length(ctx);
diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c
index d8d2116ddc..61a4a7427d 100644
--- a/crypto/ffc/ffc_key_generate.c
+++ b/crypto/ffc/ffc_key_generate.c
@@ -45,7 +45,7 @@ int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
do {
/* Steps (3, 4 & 7) : c + 1 = 1 + random[0..2^N - 1] */
- if (!BN_priv_rand_range_ex(priv, two_powN, ctx)
+ if (!BN_priv_rand_range_ex(priv, two_powN, 0, ctx)
|| !BN_add_word(priv, 1))
goto err;
/* Step (6) : loop if c > M - 2 (i.e. c + 1 >= M) */
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 26ab9120c6..3c6f789c3e 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
/* A.1.1.2 Step (5) : generate seed with size seed_len */
if (generate_seed
- && RAND_bytes_ex(libctx, seed, (int)seedlen) < 0)
+ && RAND_bytes_ex(libctx, seed, (int)seedlen, 0) < 0)
goto err;
/*
* A.1.1.2 Step (6) AND
@@ -399,7 +399,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
if (!BN_GENCB_call(cb, 0, m++))
goto err;
- if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize) <= 0)
+ if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize, 0) <= 0)
goto err;
memcpy(buf, seed, qsize);
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index f072436110..041711d7d4 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -260,7 +260,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
p12->mac->salt->length = saltlen;
if (!salt) {
if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data,
- saltlen) <= 0)
+ saltlen, 0) <= 0)
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index c8e6c798b4..8d4e95a3b4 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -300,7 +300,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
ivlen = EVP_CIPHER_iv_length(evp_cipher);
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0)
- if (RAND_bytes_ex(libctx, iv, ivlen) <= 0)
+ if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
goto err;
(void)ERR_set_mark();
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index bdf5f71f44..7ad05ea008 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -315,7 +315,8 @@ const RAND_METHOD *RAND_get_rand_method(void)
* the default method, then just call RAND_bytes(). Otherwise make
* sure we're instantiated and use the private DRBG.
*/
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ unsigned int strength)
{
EVP_RAND_CTX *rand;
#ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -331,17 +332,18 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
rand = RAND_get0_private(ctx);
if (rand != NULL)
- return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+ return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);
return 0;
}
int RAND_priv_bytes(unsigned char *buf, int num)
{
- return RAND_priv_bytes_ex(NULL, buf, num);
+ return RAND_priv_bytes_ex(NULL, buf, num, 0);
}
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ unsigned int strength)
{
EVP_RAND_CTX *rand;
#ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -357,14 +359,14 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
rand = RAND_get0_public(ctx);
if (rand != NULL)
- return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+ return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);
return 0;
}
int RAND_bytes(unsigned char *buf, int num)
{
- return RAND_bytes_ex(NULL, buf, num);
+ return RAND_bytes_ex(NULL, buf, num, 0);
}
typedef struct rand_global_st {
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 9c5d2e9e99..5068057fd1 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -103,7 +103,7 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
db[emlen - flen - mdlen - 1] = 0x01;
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
/* step 3d: generate random byte string */
- if (RAND_bytes_ex(libctx, seed, mdlen) <= 0)
+ if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
goto err;
dbmask_len = emlen - mdlen;
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 01a84fba70..9094b1ac50 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -138,12 +138,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
/* pad out with non-zero random data */
j = tlen - 3 - flen;
- if (RAND_bytes_ex(libctx, p, j) <= 0)
+ if (RAND_bytes_ex(libctx, p, j, 0) <= 0)
return 0;
for (i = 0; i < j; i++) {
if (*p == '\0')
do {
- if (RAND_bytes_ex(libctx, p, 1) <= 0)
+ if (RAND_bytes_ex(libctx, p, 1, 0) <= 0)
return 0;
} while (*p == '\0');
p++;
@@ -315,7 +315,7 @@ int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *libctx,
* to decrypt.
*/
if (RAND_priv_bytes_ex(libctx, rand_premaster_secret,
- sizeof(rand_premaster_secret)) <= 0) {
+ sizeof(rand_premaster_secret), 0) <= 0) {
ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
return -1;
}
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index be1ea1f599..bca208340e 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -205,7 +205,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (RAND_bytes_ex(rsa->libctx, salt, sLen) <= 0)
+ if (RAND_bytes_ex(rsa->libctx, salt, sLen, 0) <= 0)
goto err;
}
maskedDBLen = emLen - hLen - 1;
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index 2b8b10e25d..f2771dbe73 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -187,7 +187,7 @@ int ossl_sm2_encrypt(const EC_KEY *key,
memset(ciphertext_buf, 0, *ciphertext_len);
- if (!BN_priv_rand_range_ex(k, order, ctx)) {
+ if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
goto done;
}
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index d9e16e1f98..907d6585ea 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -240,7 +240,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
}
for (;;) {
- if (!BN_priv_rand_range_ex(k, order, ctx)) {
+ if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
goto done;
}
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 85e2c96e1a..e8beb60d27 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -645,7 +645,7 @@ char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt,
}
if (*salt == NULL) {
- if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+ if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0)
goto err;
s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
@@ -728,7 +728,7 @@ int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt,
goto err;
if (*salt == NULL) {
- if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+ if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0)
goto err;
salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod
index 1c50c692b9..06ee99d28e 100644
--- a/doc/man3/BN_rand.pod
+++ b/doc/man3/BN_rand.pod
@@ -11,16 +11,20 @@ BN_pseudo_rand_range
#include <openssl/bn.h>
- int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+ unsigned int strength, BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+ int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+ unsigned int strength, BN_CTX *ctx);
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, unsigned int strength,
+ BN_CTX *ctx);
int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
- int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx);
+ int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, unsigned int strength,
+ BN_CTX *ctx);
int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
@@ -32,30 +36,32 @@ openssl_user_macros(7):
=head1 DESCRIPTION
-BN_rand_ex() generate a cryptographically strong pseudo-random
-number of B<bits> in length and stores it in B<rnd> using the random number
-generator for the library context associated with B<ctx>. The parameter B<ctx>
+BN_rand_ex() generates a cryptographically strong pseudo-random
+number of I<bits> in length and security strength at least I<strength> bits
+using the random number generator for the library context associated with
+I<ctx>. The function stores the generated data in I<rnd>. The parameter I<ctx>
may be NULL in which case the default library context is used.
-If B<bits> is less than zero, or too small to
-accommodate the requirements specified by the B<top> and B<bottom>
+If I<bits> is less than zero, or too small to
+accommodate the requirements specified by the I<top> and I<bottom>
parameters, an error is returned.
-The B<top> parameters specifies
+The I<top> parameters specifies
requirements on the most significant bit of the generated number.
If it is B<BN_RAND_TOP_ANY>, there is no constraint.
If it is B<BN_RAND_TOP_ONE>, the top bit must be one.
If it is B<BN_RAND_TOP_TWO>, the two most significant bits of
the number will be set to 1, so that the product of two such random
-numbers will always have 2*B<bits> length.
-If B<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
+numbers will always have 2*I<bits> length.
+If I<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it
is B<BN_RAND_BOTTOM_ANY> it can be odd or even.
-If B<bits> is 1 then B<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
+If I<bits> is 1 then I<top> cannot also be B<BN_RAND_FLG_TOPTWO>.
BN_rand() is the same as BN_rand_ex() except that the default library context
is always used.
BN_rand_range_ex() generates a cryptographically strong pseudo-random
-number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range> using the random number
-generator for the library context associated with B<ctx>. The parameter B<ctx>
+number I<rnd>, of security stength at least I<strength> bits,
+in the range 0 E<lt>= I<rnd> E<lt> I<range> using the random number
+generator for the library context associated with I<ctx>. The parameter I<ctx>
may be NULL in which case the default library context is used.
BN_rand_range() is the same as BN_rand_range_ex() except that the default
diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod
index aeec94dd8b..832790fb95 100644
--- a/doc/man3/RAND_bytes.pod
+++ b/doc/man3/RAND_bytes.pod
@@ -12,8 +12,10 @@ RAND_pseudo_bytes - generate random data
int RAND_bytes(unsigned char *buf, int num);
int RAND_priv_bytes(unsigned char *buf, int num);
- int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
- int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
+ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ unsigned int strength);
+ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ unsigned int strength);
Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
@@ -34,7 +36,9 @@ affect the secrecy of these private values, as described in L<RAND(7)>
and L<EVP_RAND(7)>.
RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and
-RAND_priv_bytes() except that they both take an additional I<ctx> parameter.
+RAND_priv_bytes() except that they both take additional I<strength> and
+I<ctx> parameters. The bytes genreated will have a security strength of at
+least I<strength> bits.
The DRBG used for the operation is the public or private DRBG associated with
the specified I<ctx>. The parameter can be NULL, in which case
the default library context is used (see L<OSSL_LIB_CTX(3)>.
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 2217ec0857..ecd7f01b9b 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -214,13 +214,17 @@ void BN_CTX_free(BN_CTX *c);
void BN_CTX_start(BN_CTX *ctx);
BIGNUM *BN_CTX_get(BN_CTX *ctx);
void BN_CTX_end(BN_CTX *ctx);
-int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+ unsigned int strength, BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+ unsigned int strength, BN_CTX *ctx);
int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
+int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+ BN_CTX *ctx);
int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
+int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range,
+ unsigned int strength, BN_CTX *ctx);
int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 100da328c3..304fd9fe1e 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -61,11 +61,20 @@ OSSL_DEPRECATEDIN_3_0 RAND_METHOD *RAND_OpenSSL(void);
int RAND_bytes(unsigned char *buf, int num);
int RAND_priv_bytes(unsigned char *buf, int num);
-/* Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
+/*
+ * Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX and
+ * a strength.
+ */
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ unsigned int strength);
+
+/*
+ * Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and
+ * a strength.
+ */
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ unsigned int strength);
-/* Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX */
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
OSSL_DEPRECATEDIN_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num);
# endif
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
index bd1c611b42..f70e98508a 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c
@@ -143,7 +143,7 @@ static size_t tls1_multi_block_encrypt(void *vctx,
# endif
/* ask for IVs in bulk */
- if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4) <= 0)
+ if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
return 0;
mctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
index 7001dfcd1c..14fbf63b03 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c
@@ -147,7 +147,7 @@ static size_t tls1_multi_block_encrypt(void *vctx,
# endif
/* ask for IVs in bulk */
- if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4) <= 0)
+ if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
return 0;
mctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c
index 4563ea2edb..d03d65b668 100644
--- a/providers/implementations/ciphers/cipher_des.c
+++ b/providers/implementations/ciphers/cipher_des.c
@@ -122,7 +122,7 @@ static int des_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
DES_cblock *deskey = ptr;
size_t kl = ctx->keylen;
- if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
+ if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl, 0) <= 0)
return 0;
DES_set_odd_parity(deskey);
return 1;
diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c
index 88acc16049..346aec05a1 100644
--- a/providers/implementations/ciphers/cipher_tdes_common.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -120,7 +120,7 @@ static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
DES_cblock *deskey = ptr;
size_t kl = ctx->keylen;
- if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
+ if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl, 0) <= 0)
return 0;
DES_set_odd_parity(deskey);
if (kl >= 16)
diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c
index 4bfd17f515..f6a859539e 100644
--- a/providers/implementations/ciphers/cipher_tdes_wrap.c
+++ b/providers/implementations/ciphers/cipher_tdes_wrap.c
@@ -97,7 +97,7 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out + inl + ivlen, sha1tmp, icvlen);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
- if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen) <= 0)
+ if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen, 0) <= 0)
return 0;
memcpy(out, ctx->iv, ivlen);
/* Encrypt everything after IV in place */
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index b19e15b3b2..97a1af3191 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -371,7 +371,7 @@ static int gcm_iv_generate(PROV_GCM_CTX *ctx, int offset)
return 0;
/* Use DRBG to generate random iv */
- if (RAND_bytes_ex(ctx->libctx, ctx->iv + offset, sz) <= 0)
+ if (RAND_bytes_ex(ctx->libctx, ctx->iv + offset, sz, 0) <= 0)
return 0;
ctx->iv_state = IV_STATE_BUFFERED;
ctx->iv_gen_rand = 1;
@@ -485,7 +485,7 @@ static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv,
if (len > 0)
memcpy(ctx->iv, iv, len);
if (ctx->enc
- && RAND_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len) <= 0)
+ && RAND_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len, 0) <= 0)
return 0;
ctx->iv_gen = 1;
ctx->iv_state = IV_STATE_BUFFERED;
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 1ccc57a8da..313ab133b3 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -229,7 +229,7 @@ static int rsasve_gen_rand_bytes(RSA *rsa_pub,
ret = (z != NULL
&& (BN_copy(nminus3, RSA_get0_n(rsa_pub)) != NULL)
&& BN_sub_word(nminus3, 3)
- && BN_priv_rand_range_ex(z, nminus3, bnctx)
+ && BN_priv_rand_range_ex(z, nminus3, 0, bnctx)
&& BN_add_word(z, 2)
&& (BN_bn2binpad(z, out, outlen) == outlen));
BN_CTX_end(bnctx);
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 506f350173..9de954651b 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -577,7 +577,7 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (RAND_priv_bytes_ex(gctx->libctx, privkey, key->keylen) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, key->keylen, 0) <= 0)
goto err;
switch (gctx->type) {
case ECX_KEY_TYPE_X25519:
@@ -836,7 +836,7 @@ static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx)
goto err;
}
- if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, X25519_KEYLEN, 0) <= 0)
goto err;
privkey[0] &= 248;
@@ -882,7 +882,7 @@ static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx)
goto err;
}
- if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, X448_KEYLEN, 0) <= 0)
goto err;
privkey[0] &= 252;
@@ -934,7 +934,7 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx)
goto err;
}
- if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0)
goto err;
sha = EVP_MD_fetch(gctx->libctx, "SHA512", gctx->propq);
@@ -1004,7 +1004,7 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx)
shake = EVP_MD_fetch(gctx->libctx, "SHAKE256", gctx->propq);
if (shake == NULL)
goto err;
- if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED448_KEYLEN, 0) <= 0)
goto err;
hashctx = EVP_MD_CTX_new();
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index ec7d448d39..8788d49e4c 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -997,7 +997,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
} else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input,
- ivlen) <= 0) {
+ ivlen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
diff --git a/ssl/record/tls_pad.c b/ssl/record/tls_pad.c
index 8383ce8d1c..54ff9cdf36 100644
--- a/ssl/record/tls_pad.c
+++ b/ssl/record/tls_pad.c
@@ -253,7 +253,7 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
}
/* Create the random MAC we will emit if padding is bad */
- if (!RAND_bytes_ex(libctx, randmac, mac_size))
+ if (!RAND_bytes_ex(libctx, randmac, mac_size, 0))
return 0;
if (!ossl_assert(mac != NULL && alloced != NULL))
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7839a4d318..348d02d8bd 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4552,9 +4552,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
unsigned char *p = result;
l2n(Time, p);
- ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4);
+ ret = RAND_bytes_ex(s->ctx->libctx, p, len - 4, 0);
} else {
- ret = RAND_bytes_ex(s->ctx->libctx, result, len);
+ ret = RAND_bytes_ex(s->ctx->libctx, result, len, 0);
}
if (ret > 0) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f35eaf07c5..af95f2e056 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3284,15 +3284,15 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
/* Setup RFC5077 ticket keys */
if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
- sizeof(ret->ext.tick_key_name)) <= 0)
+ sizeof(ret->ext.tick_key_name), 0) <= 0)
|| (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
- sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+ sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
|| (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
- sizeof(ret->ext.secure->tick_aes_key)) <= 0))
+ sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
ret->options |= SSL_OP_NO_TICKET;
if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
- sizeof(ret->ext.cookie_hmac_key)) <= 0)
+ sizeof(ret->ext.cookie_hmac_key), 0) <= 0)
goto err;
#ifndef OPENSSL_NO_SRP
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 88bdd14dc8..3409795628 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -264,7 +264,7 @@ static int def_generate_session_id(SSL *ssl, unsigned char *id,
{
unsigned int retry = 0;
do
- if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len) <= 0)
+ if (RAND_bytes_ex(ssl->ctx->libctx, id, *id_len, 0) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ad1d0e7e05..c10a1e46b2 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1191,7 +1191,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
session_id = s->tmp_session_id;
if (s->hello_retry_request == SSL_HRR_NONE
&& RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id,
- sess_id_len) <= 0) {
+ sess_id_len, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
}
@@ -2853,7 +2853,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
pms[0] = s->client_version >> 8;
pms[1] = s->client_version & 0xff;
/* TODO(size_t): Convert this function */
- if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2)) <= 0) {
+ if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2), 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -3060,7 +3060,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
/* Generate session key
* TODO(size_t): Convert this function
*/
- || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) {
+ || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
};
@@ -3185,7 +3185,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt)
goto err;
}
- if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) {
+ if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 56d4b4591a..bf4a486a8d 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2738,7 +2738,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
return 0;
}
if (RAND_bytes_ex(s->ctx->libctx, s->pha_context,
- s->pha_context_len) <= 0
+ s->pha_context_len, 0) <= 0
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
s->pha_context_len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -3778,7 +3778,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
}
iv_len = EVP_CIPHER_iv_length(cipher);
- if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0
+ if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0
|| !EVP_EncryptInit_ex(ctx, cipher, NULL,
tctx->ext.secure->tick_aes_key, iv)
|| !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key,
@@ -3905,7 +3905,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
goto err;
}
if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c,
- sizeof(age_add_u)) <= 0) {
+ sizeof(age_add_u), 0) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
index 430cd7dae8..0ce3290dc4 100644
--- a/ssl/tls_srp.c
+++ b/ssl/tls_srp.c
@@ -203,7 +203,7 @@ int ssl_srp_server_param_with_username_intern(SSL *s, int *ad)
(s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
return SSL3_AL_FATAL;
- if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b)) <= 0)
+ if (RAND_priv_bytes_ex(s->ctx->libctx, b, sizeof(b), 0) <= 0)
return SSL3_AL_FATAL;
s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
OPENSSL_cleanse(b, sizeof(b));
@@ -420,7 +420,7 @@ int ssl_srp_calc_a_param_intern(SSL *s)
{
unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
- if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd)) <= 0)
+ if (RAND_priv_bytes_ex(s->ctx->libctx, rnd, sizeof(rnd), 0) <= 0)
return 0;
s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
OPENSSL_cleanse(rnd, sizeof(rnd));
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 3d9b37b3a2..d181a03d19 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -373,7 +373,7 @@ int setup_tests(void)
|| !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))
|| !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx))
|| !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx))
- || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
+ || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) {
cleanup_tests();
return 0;
}
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index fd5337b208..a9a858c07a 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -149,7 +149,7 @@ static int test_cmp_create_ir_protection_set(void)
fixture->bodytype = OSSL_CMP_PKIBODY_IR;
fixture->err_code = -1;
fixture->expected = 1;
- if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret)))
+ if (!TEST_int_eq(1, RAND_bytes_ex(libctx, secret, sizeof(secret), 0))
|| !TEST_true(SET_OPT_UNPROTECTED_SEND(ctx, 0))
|| !TEST_true(set1_newPkey(ctx, newkey))
|| !TEST_true(OSSL_CMP_CTX_set1_secretValue(ctx, secret,
@@ -566,7 +566,7 @@ int setup_tests(void)
if (!TEST_ptr(newkey = load_pkey_pem(newkey_f, libctx))
|| !TEST_ptr(cert = load_cert_pem(server_cert_f, libctx))
- || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref)))) {
+ || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) {
cleanup_tests();
return 0;
}
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 28e9852dbb..b687ab9e22 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1294,7 +1294,7 @@ static int test_ktls_sendfile(int tls_version, const char *cipher)
|| !TEST_true(BIO_get_ktls_send(serverssl->wbio)))
goto end;
- if (!TEST_true(RAND_bytes_ex(libctx, buf, SENDFILE_SZ)))
+ if (!TEST_true(RAND_bytes_ex(libctx, buf, SENDFILE_SZ, 0)))
goto end;
out = BIO_new_file(tmpfilename, "wb");
diff --git a/test/tls-provider.c b/test/tls-provider.c
index 20360d469e..f8eeaeb363 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -640,7 +640,7 @@ static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
return NULL;
if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
- if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE) <= 0) {
+ if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE, 0) <= 0) {
OPENSSL_free(key);
return NULL;
}
@@ -813,7 +813,7 @@ unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx)
int i;
retry:
- if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id)))
+ if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id), 0))
return 0;
/*
* Ensure group_id is within the IANA Reserved for private use range
More information about the openssl-commits
mailing list