Configure: warn when 'none' is the chosen seed source

author Richard Levitte <levitte@openssl.org>

Thu, 16 Aug 2018 14:01:58 +0000 (16:01 +0200)

committer Richard Levitte <levitte@openssl.org>

Thu, 16 Aug 2018 20:39:27 +0000 (22:39 +0200)
author Richard Levitte <levitte@openssl.org>
Thu, 16 Aug 2018 14:01:58 +0000 (16:01 +0200)
committer Richard Levitte <levitte@openssl.org>
Thu, 16 Aug 2018 20:39:27 +0000 (22:39 +0200)
diff --git a/Configure b/Configure

index c9f6ea760b4ca6f23205e4c5f402fddfcc0e0f4e..2eb8533f5b038f4f0d7e4b945f34248a87c4429a 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -1010,9 +1010,18 @@ if (scalar(@seed_sources) == 0) {
      print "Using os-specific seed configuration\n";
      push @seed_sources, 'os';
  }
-die "Cannot seed with none and anything else"
-    if scalar(grep { $_ eq 'none' } @seed_sources) > 0
-        && scalar(@seed_sources) > 1;
+if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
+    die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
+    warn <<_____ if scalar(@seed_sources) == 1;
+You have selected the --with-rand-seed=none option, which effectively disables
+automatic reseeding of the OpenSSL random generator. All operations depending
+on the random generator such as creating keys will not work unless the random
+generator is seeded manually by the application.
+
+Please read the 'Note on random number generation' section in the INSTALL
+instructions and the RAND_DRBG(7) manual page for more details.
+_____
+}
  push @{$config{openssl_other_defines}},
       map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
         @seed_sources;
author	Richard Levitte <levitte@openssl.org>
	Thu, 16 Aug 2018 14:01:58 +0000 (16:01 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Thu, 16 Aug 2018 20:39:27 +0000 (22:39 +0200)