RAND_pseudo_bytes is good enough for encryption IVs,

we should not need RAND_bytes (and we cannot use the latter unless we load a seed file)
2024-11-21 01:15:20 +08:00 · 2000-01-24 09:32:20 +00:00 · 2000-01-24 09:32:20 +00:00 · f13b93d3b4
commit f13b93d3b4
parent 7be5af1ddf
1 changed files with 1 additions and 4 deletions
--- a/apps/enc.c
+++ b/apps/enc.c
@ -448,11 +448,8 @@ bad:
 								"invalid hex salt value\n");
 							goto end;
 						}
-					} else if (RAND_bytes(salt, PKCS5_SALT_LEN) <= 0) {
-						BIO_printf(bio_err,
-							"prng not seeded\n");
+					} else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) <= 0)
 						goto end;
-					}
 					/* If -P option then don't bother writing */
 					if((printkey != 2)
 					   && (BIO_write(wbio,magic,