Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
src: fix CSPRNG when length exceeds INT_MAX
CSPRNG implicitly casts the size_t length argument to a signed int when calling RAND_bytes(), which leaves it up to the caller to ensure that the length argument actually fits into such a signed int. However, not all call sites explicitly ensure that, which could lead to subtle bugs. In OpenSSL 3, use RAND_bytes_ex() instead, which does not require casting the length to a signed int. In OpenSSL 1.1.1, RAND_bytes_ex() is not supported, thus we have to process blocks of size INT_MAX one by one. PR-URL: #47515 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: James M Snell <[email protected]>
- Loading branch information