Don't use RDRAND if told not to

[openssl.git] / crypto / rand / md_rand.c

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index f8db4430c115cb887621a0044b922fc0b5650d8a..9b6b0b56f9c47095febc2dbb7082e719cb449760 100644 (file)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -551,18 +551,6 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
         if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
             goto err;
 
-#ifndef PURIFY                  /* purify complains */
-        /*
-         * The following line uses the supplied buffer as a small source of
-         * entropy: since this buffer is often uninitialised it may cause
-         * programs such as purify or valgrind to complain. So for those
-         * builds it is not used: the removal of such a small source of
-         * entropy has negligible impact on security.
-         */
-        if (!MD_Update(m, buf, j))
-            goto err;
-#endif
-
         k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
         if (k > 0) {
             if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
@@ -698,7 +686,8 @@ static int rand_status(void)
 
 #if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
      defined(__x86_64) || defined(__x86_64__) || \
-     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
+     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \
+     && !defined(OPENSSL_NO_RDRAND)
 
 # define RDRAND_CALLS    4