diff options
author | Pauli <pauli@openssl.org> | 2021-05-28 14:46:40 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-05-29 17:17:12 +1000 |
commit | 5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c (patch) | |
tree | 77ed94d8e02241ec4af496cd44e85feb26d6e01b /crypto/cms | |
parent | 965fa9c0804dadb6f99dedbff9255a2ce6ddb640 (diff) | |
download | openssl-new-5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c.tar.gz |
add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms_enc.c | 2 | ||||
-rw-r--r-- | crypto/cms/cms_ess.c | 3 | ||||
-rw-r--r-- | crypto/cms/cms_pwri.c | 4 |
3 files changed, 5 insertions, 4 deletions
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 3bec60bcf0..09dbb21275 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -83,7 +83,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_bytes_ex(libctx, iv, ivlen) <= 0) + if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; piv = iv; } diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index d029b75b69..6c43dd102a 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -128,7 +128,8 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( else { if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) goto merr; - if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32) <= 0) + if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32, + 0) <= 0) goto err; } diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a278280563..d521f8cc47 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -94,7 +94,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen) <= 0) + if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0) goto err; if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); @@ -264,7 +264,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, /* Add random padding to end */ if (olen > inlen + 4 && RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen, - olen - 4 - inlen) <= 0) + olen - 4 - inlen, 0) <= 0) return 0; /* Encrypt twice */ if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) |