mirror of
https://github.com/openssl/openssl.git
synced 2025-01-24 13:55:42 +08:00
7998e7dc07
The 'rand_generate' method is not well suited for being used with weak entropy sources in the 'get_entropy' callback, because the caller needs to provide a preallocated buffer without knowing how much bytes are actually needed to collect the required entropy. Instead we use the 'rand_get_seed' and 'rand_clear_seed' methods which were exactly designed for this purpose: it's the callee who allocates and fills the buffer, and finally cleans it up again. The 'rand_get_seed' and 'rand_clear_seed' methods are currently optional for a provided random generator. We could fall back to using 'rand_generate' if those methods are not implemented. However, imo it would be better to simply make them an officially documented requirement for seed sources. Fixes #22332 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22394) |
||
---|---|---|
.. | ||
seeding | ||
build.info | ||
crngt.c | ||
drbg_ctr.c | ||
drbg_hash.c | ||
drbg_hmac.c | ||
drbg_local.h | ||
drbg.c | ||
seed_src.c | ||
test_rng.c |