From 0f8815aace625f869a42cfc5c254c08d5a668077 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Fri, 28 May 2021 14:45:57 +1000
Subject: ssl: add zero strenght arguments to BN and RAND RNG calls

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
---
 ssl/ssl_lib.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'ssl/ssl_lib.c')

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index f35eaf07c5..af95f2e056 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3284,15 +3284,15 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
 
     /* Setup RFC5077 ticket keys */
     if ((RAND_bytes_ex(libctx, ret->ext.tick_key_name,
-                       sizeof(ret->ext.tick_key_name)) <= 0)
+                       sizeof(ret->ext.tick_key_name), 0) <= 0)
         || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_hmac_key,
-                               sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+                               sizeof(ret->ext.secure->tick_hmac_key), 0) <= 0)
         || (RAND_priv_bytes_ex(libctx, ret->ext.secure->tick_aes_key,
-                               sizeof(ret->ext.secure->tick_aes_key)) <= 0))
+                               sizeof(ret->ext.secure->tick_aes_key), 0) <= 0))
         ret->options |= SSL_OP_NO_TICKET;
 
     if (RAND_priv_bytes_ex(libctx, ret->ext.cookie_hmac_key,
-                           sizeof(ret->ext.cookie_hmac_key)) <= 0)
+                           sizeof(ret->ext.cookie_hmac_key), 0) <= 0)
         goto err;
 
 #ifndef OPENSSL_NO_SRP
-- 
cgit v1.2.3