1 files changed, 22 insertions, 25 deletions

diff --git a/providers/implementations/rands/seed_src.c b/providers/implementations/rands/seed_src.c
index 7a4b780bb4..30fd25244e 100644
--- a/providers/implementations/rands/seed_src.c
+++ b/providers/implementations/rands/seed_src.c
@@ -179,35 +179,32 @@ static size_t seed_get_seed(void *vseed, unsigned char **pout,
                             int prediction_resistance,
                             const unsigned char *adin, size_t adin_len)
 {
-    size_t bytes_needed;
-    unsigned char *p;
-
-    /*
-     * Figure out how many bytes we need.
-     * This assumes that the seed sources provide eight bits of entropy
-     * per byte.  For lower quality sources, the formula will need to be
-     * different.
-     */
-    bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0;
-    if (bytes_needed < min_len)
-        bytes_needed = min_len;
-    if (bytes_needed > max_len) {
-        ERR_raise(ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK);
-        return 0;
-    }
+    size_t ret = 0;
+    size_t entropy_available = 0;
+    size_t i;
+    RAND_POOL *pool;
 
-    p = OPENSSL_secure_malloc(bytes_needed);
-    if (p == NULL) {
-        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+    pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
+    if (pool == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
         return 0;
     }
-    if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance,
-                          adin, adin_len) != 0) {
-        *pout = p;
-        return bytes_needed;
+
+    /* Get entropy by polling system entropy sources. */
+    entropy_available = ossl_pool_acquire_entropy(pool);
+
+    if (entropy_available > 0) {
+        ret = ossl_rand_pool_length(pool);
+        *pout = ossl_rand_pool_detach(pool);
+
+        /* xor the additional data into the output */
+        for (i = 0 ; i < adin_len ; ++i)
+            (*pout)[i % ret] ^= adin[i];
+    } else {
+        ERR_raise(ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK);
     }
-    OPENSSL_secure_clear_free(p, bytes_needed);
-    return 0;
+    ossl_rand_pool_free(pool);
+    return ret;
 }
 
 static void seed_clear_seed(ossl_unused void *vdrbg,