diff options
author | Pauli <pauli@openssl.org> | 2021-05-28 14:45:57 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-05-29 17:17:12 +1000 |
commit | 0f8815aace625f869a42cfc5c254c08d5a668077 (patch) | |
tree | 3bbf7b2aaec23023be2232920f5b0011744e4126 /ssl/statem | |
parent | 23e97567be012ff1b5082bf149810c72816c29bd (diff) | |
download | openssl-0f8815aace625f869a42cfc5c254c08d5a668077.tar.gz |
ssl: add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/statem_clnt.c | 8 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
2 files changed, 7 insertions, 7 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ad1d0e7e05..c10a1e46b2 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1191,7 +1191,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) session_id = s->tmp_session_id; if (s->hello_retry_request == SSL_HRR_NONE && RAND_bytes_ex(s->ctx->libctx, s->tmp_session_id, - sess_id_len) <= 0) { + sess_id_len, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -2853,7 +2853,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; /* TODO(size_t): Convert this function */ - if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2)) <= 0) { + if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2), 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } @@ -3060,7 +3060,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) /* Generate session key * TODO(size_t): Convert this function */ - || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) { + || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; }; @@ -3185,7 +3185,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) goto err; } - if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen) <= 0) { + if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 56d4b4591a..bf4a486a8d 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2738,7 +2738,7 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) return 0; } if (RAND_bytes_ex(s->ctx->libctx, s->pha_context, - s->pha_context_len) <= 0 + s->pha_context_len, 0) <= 0 || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -3778,7 +3778,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } iv_len = EVP_CIPHER_iv_length(cipher); - if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len) <= 0 + if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 || !EVP_EncryptInit_ex(ctx, cipher, NULL, tctx->ext.secure->tick_aes_key, iv) || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, @@ -3905,7 +3905,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) goto err; } if (RAND_bytes_ex(s->ctx->libctx, age_add_u.age_add_c, - sizeof(age_add_u)) <= 0) { + sizeof(age_add_u), 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } |