diff options
author | Pauli <pauli@openssl.org> | 2023-04-27 11:25:11 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-05-03 07:51:45 +1000 |
commit | 97fc9022f37cff4382bb9e58899d6cf2d4d20e74 (patch) | |
tree | fb8415427f574d8ef447a0d4cf210ddc9352a70b | |
parent | c04ad5700ae0a531e91697b26cdcac6764dd6072 (diff) | |
download | openssl-new-97fc9022f37cff4382bb9e58899d6cf2d4d20e74.tar.gz |
rand: trust user supplied entropy when configured without a random source
Fixes #20841
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20843)
(cherry picked from commit 56547da9d3fa24f54b439497d322b12beb004c80)
-rw-r--r-- | crypto/rand/rand_lib.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index b186ec7f27..c38317998d 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -273,7 +273,13 @@ void RAND_add(const void *buf, int num, double randomness) # endif drbg = RAND_get0_primary(NULL); if (drbg != NULL && num > 0) +# ifdef OPENSSL_RAND_SEED_NONE + /* Without an entropy source, we have to rely on the user */ + EVP_RAND_reseed(drbg, 0, buf, num, NULL, 0); +# else + /* With an entropy source, we downgrade this to additional input */ EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); +# endif } # if !defined(OPENSSL_NO_DEPRECATED_1_1_0) |