rand: trust user supplied entropy when configured without a random source

Fixes #20841 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20843) (cherry picked from commit 56547da9d3fa24f54b439497d322b12beb004c80)
author: Pauli <pauli@openssl.org> 2023-04-27 11:25:11 +1000
committer: Pauli <pauli@openssl.org> 2023-05-03 07:52:05 +1000
commit: 9a634d90fb05e49021315f67ad87f7275449c000 (patch)
tree: 649d718d53a60104c1d919a3e607fa4a6689f2da
parent: 05d42befb962db332cc73d3d4e835396b8e1edde (diff)
download: openssl-new-9a634d90fb05e49021315f67ad87f7275449c000.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index f341d915db..548434a8ec 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -272,7 +272,13 @@ void RAND_add(const void *buf, int num, double randomness)
 # endif
     drbg = RAND_get0_primary(NULL);
     if (drbg != NULL && num > 0)
+# ifdef OPENSSL_RAND_SEED_NONE
+        /* Without an entropy source, we have to rely on the user */
+        EVP_RAND_reseed(drbg, 0, buf, num, NULL, 0);
+# else
+        /* With an entropy source, we downgrade this to additional input */
         EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
+# endif
 }
 
 # if !defined(OPENSSL_NO_DEPRECATED_1_1_0)
author	Pauli <pauli@openssl.org>	2023-04-27 11:25:11 +1000
committer	Pauli <pauli@openssl.org>	2023-05-03 07:52:05 +1000
commit	9a634d90fb05e49021315f67ad87f7275449c000 (patch)
tree	649d718d53a60104c1d919a3e607fa4a6689f2da
parent	05d42befb962db332cc73d3d4e835396b8e1edde (diff)
download	openssl-new-9a634d90fb05e49021315f67ad87f7275449c000.tar.gz