From 965fa9c0804dadb6f99dedbff9255a2ce6ddb640 Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 28 May 2021 14:46:17 +1000 Subject: prov: add zero strenght arguments to BN and RAND RNG calls Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15513) --- providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c | 2 +- providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c | 2 +- providers/implementations/ciphers/cipher_des.c | 2 +- providers/implementations/ciphers/cipher_tdes_common.c | 2 +- providers/implementations/ciphers/cipher_tdes_wrap.c | 2 +- providers/implementations/ciphers/ciphercommon_gcm.c | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) (limited to 'providers/implementations/ciphers') diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c index bd1c611b42..f70e98508a 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c @@ -143,7 +143,7 @@ static size_t tls1_multi_block_encrypt(void *vctx, # endif /* ask for IVs in bulk */ - if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4) <= 0) + if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0) return 0; mctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */ diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c index 7001dfcd1c..14fbf63b03 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -147,7 +147,7 @@ static size_t tls1_multi_block_encrypt(void *vctx, # endif /* ask for IVs in bulk */ - if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4) <= 0) + if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0) return 0; mctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */ diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 4563ea2edb..d03d65b668 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -122,7 +122,7 @@ static int des_generatekey(PROV_CIPHER_CTX *ctx, void *ptr) DES_cblock *deskey = ptr; size_t kl = ctx->keylen; - if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0) + if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl, 0) <= 0) return 0; DES_set_odd_parity(deskey); return 1; diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c index 88acc16049..346aec05a1 100644 --- a/providers/implementations/ciphers/cipher_tdes_common.c +++ b/providers/implementations/ciphers/cipher_tdes_common.c @@ -120,7 +120,7 @@ static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr) DES_cblock *deskey = ptr; size_t kl = ctx->keylen; - if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0) + if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl, 0) <= 0) return 0; DES_set_odd_parity(deskey); if (kl >= 16) diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index 4bfd17f515..f6a859539e 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -97,7 +97,7 @@ static int des_ede3_wrap(PROV_CIPHER_CTX *ctx, unsigned char *out, memcpy(out + inl + ivlen, sha1tmp, icvlen); OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); /* Generate random IV */ - if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen) <= 0) + if (RAND_bytes_ex(ctx->libctx, ctx->iv, ivlen, 0) <= 0) return 0; memcpy(out, ctx->iv, ivlen); /* Encrypt everything after IV in place */ diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index b19e15b3b2..97a1af3191 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -371,7 +371,7 @@ static int gcm_iv_generate(PROV_GCM_CTX *ctx, int offset) return 0; /* Use DRBG to generate random iv */ - if (RAND_bytes_ex(ctx->libctx, ctx->iv + offset, sz) <= 0) + if (RAND_bytes_ex(ctx->libctx, ctx->iv + offset, sz, 0) <= 0) return 0; ctx->iv_state = IV_STATE_BUFFERED; ctx->iv_gen_rand = 1; @@ -485,7 +485,7 @@ static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv, if (len > 0) memcpy(ctx->iv, iv, len); if (ctx->enc - && RAND_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len) <= 0) + && RAND_bytes_ex(ctx->libctx, ctx->iv + len, ctx->ivlen - len, 0) <= 0) return 0; ctx->iv_gen = 1; ctx->iv_state = IV_STATE_BUFFERED; -- cgit v1.2.3