rand: add a strength argument to the BN and RAND RNG calls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)

1 files changed, 8 insertions, 6 deletions

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index bdf5f71f44..7ad05ea008 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -315,7 +315,8 @@ const RAND_METHOD *RAND_get_rand_method(void)
  * the default method, then just call RAND_bytes().  Otherwise make
  * sure we're instantiated and use the private DRBG.
  */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                       unsigned int strength)
 {
     EVP_RAND_CTX *rand;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -331,17 +332,18 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
 
     rand = RAND_get0_private(ctx);
     if (rand != NULL)
-        return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+        return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);
 
     return 0;
 }
 
 int RAND_priv_bytes(unsigned char *buf, int num)
 {
-    return RAND_priv_bytes_ex(NULL, buf, num);
+    return RAND_priv_bytes_ex(NULL, buf, num, 0);
 }
 
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                  unsigned int strength)
 {
     EVP_RAND_CTX *rand;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -357,14 +359,14 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
 
     rand = RAND_get0_public(ctx);
     if (rand != NULL)
-        return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+        return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);
 
     return 0;
 }
 
 int RAND_bytes(unsigned char *buf, int num)
 {
-    return RAND_bytes_ex(NULL, buf, num);
+    return RAND_bytes_ex(NULL, buf, num, 0);
 }
 
 typedef struct rand_global_st {