ssl: add zero strenght arguments to BN and RAND RNG calls

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
author: Pauli <pauli@openssl.org> 2021-05-28 14:45:57 +1000
committer: Pauli <pauli@openssl.org> 2021-05-29 17:17:12 +1000
commit: 0f8815aace625f869a42cfc5c254c08d5a668077 (patch)
tree: 3bbf7b2aaec23023be2232920f5b0011744e4126 /ssl/record
parent: 23e97567be012ff1b5082bf149810c72816c29bd (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index ec7d448d39..8788d49e4c 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -997,7 +997,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
                         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                         return 0;
                     } else if (RAND_bytes_ex(s->ctx->libctx, recs[ctr].input,
-                                             ivlen) <= 0) {
+                                             ivlen, 0) <= 0) {
                         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                         return 0;
                     }
diff --git a/ssl/record/tls_pad.c b/ssl/record/tls_pad.c
index 8383ce8d1c..54ff9cdf36 100644
--- a/ssl/record/tls_pad.c
+++ b/ssl/record/tls_pad.c
@@ -253,7 +253,7 @@ static int ssl3_cbc_copy_mac(size_t *reclen,
     }
 
     /* Create the random MAC we will emit if padding is bad */
-    if (!RAND_bytes_ex(libctx, randmac, mac_size))
+    if (!RAND_bytes_ex(libctx, randmac, mac_size, 0))
         return 0;
 
     if (!ossl_assert(mac != NULL && alloced != NULL))
author	Pauli <pauli@openssl.org>	2021-05-28 14:45:57 +1000
committer	Pauli <pauli@openssl.org>	2021-05-29 17:17:12 +1000
commit	0f8815aace625f869a42cfc5c254c08d5a668077 (patch)
tree	3bbf7b2aaec23023be2232920f5b0011744e4126 /ssl/record
parent	23e97567be012ff1b5082bf149810c72816c29bd (diff)