Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| @@ -157,7 +157,7 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { | |||
| // |RAND_bytes| calls within the fipsmodule should be wrapped with state lock | |||
| // functions to avoid updating the service indicator with the DRBG functions. | |||
| FIPS_service_indicator_lock_state(); | |||
There was a problem hiding this comment.
warning: call to undeclared function 'FIPS_service_indicator_lock_state'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
FIPS_service_indicator_lock_state();
^| FIPS_service_indicator_lock_state(); | ||
| RAND_bytes((uint8_t *)rnd->d, words * sizeof(BN_ULONG)); | ||
| AWSLC_ABORT_IF_NOT_ONE(RAND_bytes((uint8_t *)rnd->d, words * sizeof(BN_ULONG))); | ||
| FIPS_service_indicator_unlock_state(); |
There was a problem hiding this comment.
warning: call to undeclared function 'FIPS_service_indicator_unlock_state'; ISO C99 and later do not support implicit function declarations [clang-diagnostic-implicit-function-declaration]
FIPS_service_indicator_unlock_state();
^| #include <openssl/rand.h> | ||
| static MLK_INLINE void mlk_randombytes(void *ptr, size_t len) { | ||
| RAND_bytes(ptr, len); | ||
| AWSLC_ABORT_IF_NOT_ONE(RAND_bytes(ptr, len)); |
There was a problem hiding this comment.
warning: no matching function for call to 'RAND_bytes' [clang-diagnostic-error]
AWSLC_ABORT_IF_NOT_ONE(RAND_bytes(ptr, len));
^Additional context
crypto/internal.h:1459: expanded from macro 'AWSLC_ABORT_IF_NOT_ONE'
x), abort())
^crypto/internal.h:1431: expanded from macro '__AWS_LC_ENSURE'
\
^include/openssl/rand.h:31: candidate function not viable: cannot convert argument of incomplete type 'void *' to 'uint8_t *' (aka 'unsigned char *') for 1st argument
OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len);
^
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3078 +/- ##
==========================================
+ Coverage 78.36% 78.38% +0.01%
==========================================
Files 689 689
Lines 121144 121129 -15
Branches 16973 16964 -9
==========================================
+ Hits 94935 94947 +12
+ Misses 25314 25287 -27
Partials 895 895 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
4 participants
Description of changes:
RAND_bytesin AWS-LC always returns 1 and cannot actually fail. However, call sites across the codebase handle its return value inconsistently:RAND_bytes(...)calls with no check at all.if (!RAND_bytes(...)) { goto err; }patterns thatattempt graceful recovery.
if (RAND_bytes(...) != 1) { abort(); }(only onecall site).
For a cryptographic library, silently continuing with a failed RNG is never the right choice. This change introduces an
AWSLC_ABORT_IF_NOT_ONEmacro and applies it uniformly to allRAND_bytescall sites withincrypto/. IfRAND_bytesever returns a non-1 value in the future, the process will abort immediately rather than operating with potentially uninitialized randomness.Call-outs:
RAND_bytescalls inssl/and test files are not converted in this change.ml_dsa.cdiff includes some incidental trailing-whitespace cleanup on blank lines.PKCS12_create(pkcs8_x509.c), theRAND_bytescall is now evaluated beforeCBB_flushrather than being short-circuited behind it. This is benign sinceRAND_byteshas no dependency on CBB state.Testing:
Existing tests. No behavioral change under normal operation since
RAND_bytesalways returns 1 today.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.