rand: use size_t for size argument to RAND_bytes_ex()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15540)

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 7ad05ea008034a52c49fc0c8d3be693a317f5851..56e615f6b9343266a16a46a3ec7bd4698c471416 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -315,7 +315,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
  * the default method, then just call RAND_bytes().  Otherwise make
  * sure we're instantiated and use the private DRBG.
  */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                        unsigned int strength)
 {
     EVP_RAND_CTX *rand;
@@ -339,10 +339,12 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
 
 int RAND_priv_bytes(unsigned char *buf, int num)
 {
-    return RAND_priv_bytes_ex(NULL, buf, num, 0);
+    if (num < 0)
+        return 0;
+    return RAND_priv_bytes_ex(NULL, buf, (size_t)num, 0);
 }
 
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                   unsigned int strength)
 {
     EVP_RAND_CTX *rand;
@@ -366,7 +368,9 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
 
 int RAND_bytes(unsigned char *buf, int num)
 {
-    return RAND_bytes_ex(NULL, buf, num, 0);
+    if (num < 0)
+        return 0;
+    return RAND_bytes_ex(NULL, buf, (size_t)num, 0);
 }
 
 typedef struct rand_global_st {

diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod
index 832790fb95945cba01eb676fb5b0ff7290e28074..3267d8fbb10fb0483bfd551f18ce4f82823f55a9 100644 (file)
--- a/doc/man3/RAND_bytes.pod
+++ b/doc/man3/RAND_bytes.pod
@@ -12,9 +12,9 @@ RAND_pseudo_bytes - generate random data
  int RAND_bytes(unsigned char *buf, int num);
  int RAND_priv_bytes(unsigned char *buf, int num);
 
- int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                    unsigned int strength);
- int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                         unsigned int strength);
 
 Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining

diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h
index e08a4dba975b65f48cb2f1309cc1de5411793fb0..07b6c7aa62dd52fbf3d13657becb400b262701d0 100644 (file)
--- a/include/crypto/ecerr.h
+++ b/include/crypto/ecerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy

diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
index a017fbeb769bca8df9fe8cd37774d1c2ee8365a9..49088d208b2c826c2d5dc27884a0deeb609400e8 100644 (file)
--- a/include/openssl/ecerr.h
+++ b/include/openssl/ecerr.h
@@ -56,6 +56,7 @@
 #  define EC_R_INVALID_GENERATOR                           173
 #  define EC_R_INVALID_GROUP_ORDER                         122
 #  define EC_R_INVALID_KEY                                 116
+#  define EC_R_INVALID_LENGTH                              117
 #  define EC_R_INVALID_NAMED_GROUP_CONVERSION              174
 #  define EC_R_INVALID_OUTPUT_LENGTH                       161
 #  define EC_R_INVALID_P                                   172

diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 304fd9fe1e6c12af0935a0acaa2ed82c09c9b07d..ad3054fd575f5370c85d09a3f4ab70c8110de92d 100644 (file)
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -65,14 +65,14 @@ int RAND_priv_bytes(unsigned char *buf, int num);
  * Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX and
  * a strength.
  */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                        unsigned int strength);
 
 /*
  * Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and
  * a strength.
  */
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num,
                   unsigned int strength);
 
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0

diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h
index 4335f1cb33ce1bf7ecb8ccf5f55311e50c3d534b..c58463c7c19f27ba471aecb2ab5317eef3867221 100644 (file)
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -48,6 +48,7 @@
 # define RSA_R_INVALID_KEYPAIR                            171
 # define RSA_R_INVALID_KEY_LENGTH                         173
 # define RSA_R_INVALID_LABEL                              160
+# define RSA_R_INVALID_LENGTH                             181
 # define RSA_R_INVALID_MESSAGE_LENGTH                     131
 # define RSA_R_INVALID_MGF1_MD                            156
 # define RSA_R_INVALID_MODULUS                            174