diff options
author | Pauli <ppzgs1@gmail.com> | 2024-06-27 10:08:05 +1000 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2024-06-29 14:12:12 +1000 |
commit | 9b725e7ede0161229f5e1329d17395968e4aa2c8 (patch) | |
tree | f52ab45e044a43b3e4df9133ab0adbe12657c781 | |
parent | ca20235724166c61ce6eb421197feb7c9654eb42 (diff) |
Clarify DRBG seeding.
There is a legacy code path that OpenSSL won't use anymore but applications
could. Add a comment indicating this to avoid confusion for people not
intimately conversant with the nuances in the RNG code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24745)
(cherry picked from commit 1eb122aa0ca152dc564e61674caf3f11acd85b57)
-rw-r--r-- | providers/implementations/rands/drbg.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index 46a056bc2a..4d48a48449 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -202,6 +202,11 @@ static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy, return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len, prediction_resistance); #else + /* + * In normal use (i.e. OpenSSL's own uses), this is never called. + * Outside of the FIPS provider, OpenSSL sets its DRBGs up so that + * they always have a parent. This remains purely for legacy reasons. + */ return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len, max_len); #endif |