projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4f373a9
)
rand: trust user supplied entropy when configured without a random source
author
Pauli
<pauli@openssl.org>
Thu, 27 Apr 2023 01:25:11 +0000
(11:25 +1000)
committer
Pauli
<pauli@openssl.org>
Tue, 2 May 2023 21:51:21 +0000
(07:51 +1000)
Fixes #20841
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/20843)
crypto/rand/rand_lib.c
patch
|
blob
|
history
diff --git
a/crypto/rand/rand_lib.c
b/crypto/rand/rand_lib.c
index ce95bf6210b15dc8bb951f6cdf3ba5f09c10d1c5..0cdb9caa6ddc56e2dc950c675a6205a3e63830df 100644
(file)
--- a/
crypto/rand/rand_lib.c
+++ b/
crypto/rand/rand_lib.c
@@
-273,7
+273,13
@@
void RAND_add(const void *buf, int num, double randomness)
# endif
drbg = RAND_get0_primary(NULL);
if (drbg != NULL && num > 0)
+# ifdef OPENSSL_RAND_SEED_NONE
+ /* Without an entropy source, we have to rely on the user */
+ EVP_RAND_reseed(drbg, 0, buf, num, NULL, 0);
+# else
+ /* With an entropy source, we downgrade this to additional input */
EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
+# endif
}
# if !defined(OPENSSL_NO_DEPRECATED_1_1_0)