diff options
| author | Pauli <pauli@openssl.org> | 2021-05-28 14:46:40 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-05-29 17:17:12 +1000 |
| commit | 5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c (patch) | |
| tree | 77ed94d8e02241ec4af496cd44e85feb26d6e01b /crypto | |
| parent | 965fa9c0804dadb6f99dedbff9255a2ce6ddb640 (diff) | |
| download | openssl-new-5cbd2ea3f94aa8adec9b4486ac757d4d688e3f8c.tar.gz | |
add zero strenght arguments to BN and RAND RNG calls
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
Diffstat (limited to 'crypto')
35 files changed, 61 insertions, 57 deletions
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 8d7094d035..1c1f72f800 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -251,7 +251,7 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, if ((flags & SMIME_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ - if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32) <= 0) + if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32, 0) <= 0) return 0; for (i = 0; i < 32; i++) { c = bound[i] & 0xf; diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index 61b8587ebd..9bc8aaa7a3 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -55,7 +55,7 @@ int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, } if (salt) memcpy(sstr, salt, saltlen); - else if (RAND_bytes_ex(ctx, sstr, saltlen) <= 0) + else if (RAND_bytes_ex(ctx, sstr, saltlen, 0) <= 0) goto err; ASN1_STRING_set0(pbe->salt, sstr, saltlen); diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index c9d9d31cc2..d16fb8cfe3 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -69,7 +69,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, if (EVP_CIPHER_iv_length(cipher)) { if (aiv) memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher)) <= 0) + else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher), + 0) <= 0) goto err; } @@ -187,7 +188,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, if (salt) memcpy(osalt->data, salt, saltlen); - else if (RAND_bytes_ex(libctx, osalt->data, saltlen) <= 0) + else if (RAND_bytes_ex(libctx, osalt->data, saltlen, 0) <= 0) goto merr; if (iter <= 0) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index eebf2aa95e..cee8bf329b 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -270,7 +270,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, do { int rv; - if (!BN_priv_rand_range_ex(ret->A, ret->mod, ctx)) + if (!BN_priv_rand_range_ex(ret->A, ret->mod, 0, ctx)) goto err; if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) break; diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 82aad3f599..304c2ea08d 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -742,7 +742,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* generate blinding value */ do { if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; } while (BN_is_zero(b)); @@ -1051,7 +1051,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], goto err; do { if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, - ctx)) + 0, ctx)) goto err; if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 557f038105..64c7cd6a63 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -386,7 +386,7 @@ int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, /* (Step 4) */ for (i = 0; i < iterations; ++i) { /* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */ - if (!BN_priv_rand_range_ex(b, w3, ctx) + if (!BN_priv_rand_range_ex(b, w3, 0, ctx) || !BN_add_word(b, 2)) /* 1 < b < w-1 */ goto err; @@ -484,7 +484,8 @@ static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods, again: /* TODO: Not all primes are private */ - if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, ctx)) + if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, 0, + ctx)) return 0; if (safe && !BN_set_bit(rnd, 1)) return 0; @@ -550,7 +551,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods, maxdelta = BN_MASK2 - BN_get_word(add); again: - if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, ctx)) + if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, 0, ctx)) goto err; /* we need ((rnd-rem) % add) == 0 */ diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c index dc83865e4b..04fbabcb23 100644 --- a/crypto/bn/bn_rsa_fips186_4.c +++ b/crypto/bn/bn_rsa_fips186_4.c @@ -178,14 +178,14 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout, if (Xp1 == NULL) { /* Set the top and bottom bits to make it odd and the correct size */ if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, - ctx)) + 0, ctx)) goto err; } /* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */ if (Xp2 == NULL) { /* Set the top and bottom bits to make it odd and the correct size */ if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, - ctx)) + 0, ctx)) goto err; } @@ -306,7 +306,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, * (Step 3) Choose Random X such that * sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1. */ - if (!BN_priv_rand_range_ex(X, range, ctx) || !BN_add(X, X, base)) + if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base)) goto end; } /* (Step 4) Y = X + ((R - X) mod 2r1r2) */ diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 9fc7776db6..b663ae5ec5 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -182,7 +182,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) if (!BN_set_word(y, i)) goto end; } else { - if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, ctx)) + if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, 0, ctx)) goto end; if (BN_ucmp(y, p) >= 0) { if (!(p->neg ? BN_add : BN_sub) (y, y, p)) diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index c7ce437b16..20d35cf7af 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -175,7 +175,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * - 1. By setting the top two bits we ensure that the lower bound is * exceeded. */ - if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, ctx)) + if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0, + ctx)) return 0; BN_CTX_start(ctx); @@ -184,7 +185,7 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) goto err; for (i = 0; i < 1000; i++) { - if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, + if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; @@ -230,9 +231,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, if (Xp1 == NULL || Xp2 == NULL) goto error; - if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx)) + if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx)) goto error; - if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, ctx)) + if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx)) goto error; if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) goto error; diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index eca5578e44..86be2546d5 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -142,7 +142,7 @@ static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len) unsigned char *bytes = OPENSSL_malloc(len); int res = 0; - if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len) <= 0) + if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len, 0) <= 0) ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM); else res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len); diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 3bec60bcf0..09dbb21275 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -83,7 +83,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_bytes_ex(libctx, iv, ivlen) <= 0) + if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; piv = iv; } diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index d029b75b69..6c43dd102a 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -128,7 +128,8 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( else { if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) goto merr; - if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32) <= 0) + if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32, + 0) <= 0) goto err; } diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a278280563..d521f8cc47 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -94,7 +94,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen) <= 0) + if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0) goto err; if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); @@ -264,7 +264,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, /* Add random padding to end */ if (olen > inlen + 4 && RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen, - olen - 4 - inlen) <= 0) + olen - 4 - inlen, 0) <= 0) return 0; /* Encrypt twice */ if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index cf483dcb9a..21808d014b 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -55,7 +55,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, */ if ((salt = OPENSSL_malloc(slen)) == NULL) goto err; - if (RAND_bytes_ex(libctx, salt, (int)slen) <= 0) { + if (RAND_bytes_ex(libctx, salt, (int)slen, 0) <= 0) { ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM); goto err; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 33ac134c51..6b8cd550f2 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -318,7 +318,7 @@ static int generate_key(DH *dh) goto err; l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1; if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE, - BN_RAND_BOTTOM_ANY, ctx)) + BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; /* * We handle just one known case where g is a quadratic non-residue: diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index c16d85c9e1..86d89f4c72 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -132,7 +132,7 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa) /* Generate a blinding value */ do { if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; } while (BN_is_zero(blind)); BN_set_flags(blind, BN_FLG_CONSTTIME); @@ -250,7 +250,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst, dlen, ctx)) goto err; - } else if (!BN_priv_rand_range_ex(k, dsa->params.q, ctx)) + } else if (!BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx)) goto err; } while (BN_is_zero(k)); diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index d8c2a7888f..3a59544c8b 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -730,7 +730,7 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, /* s blinding: make sure lambda (s->Z here) is not zero */ do { if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) { + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); return 0; } @@ -745,7 +745,7 @@ int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, /* r blinding: make sure lambda (r->Y here for storage) is not zero */ do { if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) { + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); return 0; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index ea2bad3e26..ba6b8df514 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -298,7 +298,7 @@ static int ec_generate_key(EC_KEY *eckey, int pairwise_test) } do - if (!BN_priv_rand_range_ex(priv_key, order, ctx)) + if (!BN_priv_rand_range_ex(priv_key, order, 0, ctx)) goto err; while (BN_is_zero(priv_key)) ; diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index b2bf68a5ce..fe9b3cf593 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -135,7 +135,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, goto err; } } else { - if (!BN_priv_rand_range_ex(k, order, ctx)) { + if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c index 173fd72362..4a676c37ad 100644 --- a/crypto/ec/ecp_s390x_nistp.c +++ b/crypto/ec/ecp_s390x_nistp.c @@ -180,7 +180,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, * internally implementing counter-measures for RNG weakness. */ if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), - len) != 1) { + len, 0) != 1) { ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto ret; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index c54d6fb6c8..bde8cad346 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1396,7 +1396,7 @@ int ossl_ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, goto err; do { - if (!BN_priv_rand_range_ex(e, group->field, ctx)) + if (!BN_priv_rand_range_ex(e, group->field, 0, ctx)) goto err; } while (BN_is_zero(e)); @@ -1449,7 +1449,7 @@ int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, */ do { ERR_set_mark(); - ret = BN_priv_rand_range_ex(lambda, group->field, ctx); + ret = BN_priv_rand_range_ex(lambda, group->field, 0, ctx); ERR_pop_to_mark(); if (ret == 0) { ret = 1; @@ -1519,13 +1519,13 @@ int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group, /* make sure lambda (r->Y here for storage) is not zero */ do { - if (!BN_priv_rand_range_ex(r->Y, group->field, ctx)) + if (!BN_priv_rand_range_ex(r->Y, group->field, 0, ctx)) return 0; } while (BN_is_zero(r->Y)); /* make sure lambda (s->Z here for storage) is not zero */ do { - if (!BN_priv_rand_range_ex(s->Z, group->field, ctx)) + if (!BN_priv_rand_range_ex(s->Z, group->field, 0, ctx)) return 0; } while (BN_is_zero(s->Z)); diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index 3a1314626b..14278592cd 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -187,7 +187,7 @@ ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg, } if (op == KEY_OP_KEYGEN) { if (id != EVP_PKEY_NONE) { - if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id)) <= 0) + if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id), 0) <= 0) goto err; if (id == EVP_PKEY_X25519) { privkey[0] &= 248; diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index c47bd9f9dd..9dd347d670 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -937,7 +937,7 @@ static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) goto err; } - if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN) <= 0) + if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN, 0) <= 0) goto err; privkey[0] &= 248; @@ -980,7 +980,7 @@ static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) goto err; } - if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN) <= 0) + if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN, 0) <= 0) goto err; privkey[0] &= 252; @@ -1029,7 +1029,7 @@ static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) goto err; } - if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN) <= 0) + if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0) goto err; md = EVP_MD_fetch(ctx->libctx, "SHA512", ctx->propquery); @@ -1095,7 +1095,7 @@ static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) goto err; } - if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN) <= 0) + if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN, 0) <= 0) goto err; hashctx = EVP_MD_CTX_new(); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index dc22d507a4..356951014b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1332,7 +1332,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx); kl = EVP_CIPHER_CTX_key_length(ctx); - if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl) <= 0) + if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0) return 0; return 1; } diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index c13041f027..bafafd6244 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -44,7 +44,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 0; len = EVP_CIPHER_CTX_iv_length(ctx); - if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len) <= 0) + if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len, 0) <= 0) goto err; len = EVP_CIPHER_CTX_key_length(ctx); diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c index d8d2116ddc..61a4a7427d 100644 --- a/crypto/ffc/ffc_key_generate.c +++ b/crypto/ffc/ffc_key_generate.c @@ -45,7 +45,7 @@ int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, do { /* Steps (3, 4 & 7) : c + 1 = 1 + random[0..2^N - 1] */ - if (!BN_priv_rand_range_ex(priv, two_powN, ctx) + if (!BN_priv_rand_range_ex(priv, two_powN, 0, ctx) || !BN_add_word(priv, 1)) goto err; /* Step (6) : loop if c > M - 2 (i.e. c + 1 >= M) */ diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 26ab9120c6..3c6f789c3e 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, /* A.1.1.2 Step (5) : generate seed with size seed_len */ if (generate_seed - && RAND_bytes_ex(libctx, seed, (int)seedlen) < 0) + && RAND_bytes_ex(libctx, seed, (int)seedlen, 0) < 0) goto err; /* * A.1.1.2 Step (6) AND @@ -399,7 +399,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize) <= 0) + if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize, 0) <= 0) goto err; memcpy(buf, seed, qsize); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index f072436110..041711d7d4 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -260,7 +260,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, p12->mac->salt->length = saltlen; if (!salt) { if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data, - saltlen) <= 0) + saltlen, 0) <= 0) return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index c8e6c798b4..8d4e95a3b4 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -300,7 +300,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) ivlen = EVP_CIPHER_iv_length(evp_cipher); xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); if (ivlen > 0) - if (RAND_bytes_ex(libctx, iv, ivlen) <= 0) + if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; (void)ERR_set_mark(); diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 9c5d2e9e99..5068057fd1 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -103,7 +103,7 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, db[emlen - flen - mdlen - 1] = 0x01; memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); /* step 3d: generate random byte string */ - if (RAND_bytes_ex(libctx, seed, mdlen) <= 0) + if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) goto err; dbmask_len = emlen - mdlen; diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 01a84fba70..9094b1ac50 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -138,12 +138,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to /* pad out with non-zero random data */ j = tlen - 3 - flen; - if (RAND_bytes_ex(libctx, p, j) <= 0) + if (RAND_bytes_ex(libctx, p, j, 0) <= 0) return 0; for (i = 0; i < j; i++) { if (*p == '\0') do { - if (RAND_bytes_ex(libctx, p, 1) <= 0) + if (RAND_bytes_ex(libctx, p, 1, 0) <= 0) return 0; } while (*p == '\0'); p++; @@ -315,7 +315,7 @@ int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *libctx, * to decrypt. */ if (RAND_priv_bytes_ex(libctx, rand_premaster_secret, - sizeof(rand_premaster_secret)) <= 0) { + sizeof(rand_premaster_secret), 0) <= 0) { ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); return -1; } diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index be1ea1f599..bca208340e 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -205,7 +205,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); goto err; } - if (RAND_bytes_ex(rsa->libctx, salt, sLen) <= 0) + if (RAND_bytes_ex(rsa->libctx, salt, sLen, 0) <= 0) goto err; } maskedDBLen = emLen - hLen - 1; diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index 2b8b10e25d..f2771dbe73 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -187,7 +187,7 @@ int ossl_sm2_encrypt(const EC_KEY *key, memset(ciphertext_buf, 0, *ciphertext_len); - if (!BN_priv_rand_range_ex(k, order, ctx)) { + if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index d9e16e1f98..907d6585ea 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -240,7 +240,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) } for (;;) { - if (!BN_priv_rand_range_ex(k, order, ctx)) { + if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; } diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 85e2c96e1a..e8beb60d27 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -645,7 +645,7 @@ char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, } if (*salt == NULL) { - if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0) + if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0) goto err; s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); @@ -728,7 +728,7 @@ int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, goto err; if (*salt == NULL) { - if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN) <= 0) + if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0) goto err; salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); |