From: Richard Levitte <levitte@openssl.org>
Date: Thu, 16 Aug 2018 14:01:58 +0000 (+0200)
Subject: Configure: warn when 'none' is the chosen seed source
X-Git-Tag: OpenSSL_1_1_1-pre9~15
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=2805ee1e095a78f596dc7adf778441e2edb9f15c

Configure: warn when 'none' is the chosen seed source

Fixes #6980

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6981)
---

diff --git a/Configure b/Configure
index c9f6ea760b..2eb8533f5b 100755
--- a/Configure
+++ b/Configure
@@ -1010,9 +1010,18 @@ if (scalar(@seed_sources) == 0) {
     print "Using os-specific seed configuration\n";
     push @seed_sources, 'os';
 }
-die "Cannot seed with none and anything else"
-    if scalar(grep { $_ eq 'none' } @seed_sources) > 0
-        && scalar(@seed_sources) > 1;
+if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
+    die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
+    warn <<_____ if scalar(@seed_sources) == 1;
+You have selected the --with-rand-seed=none option, which effectively disables
+automatic reseeding of the OpenSSL random generator. All operations depending
+on the random generator such as creating keys will not work unless the random
+generator is seeded manually by the application.
+
+Please read the 'Note on random number generation' section in the INSTALL
+instructions and the RAND_DRBG(7) manual page for more details.
+_____
+}
 push @{$config{openssl_other_defines}},
      map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
 	@seed_sources;