Clarify DRBG seeding.

There is a legacy code path that OpenSSL won't use anymore but applications
could.  Add a comment indicating this to avoid confusion for people not
intimately conversant with the nuances in the RNG code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24745)

diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 3e88e7d06484160cc6fe9033fff8c1738949ab27..253131b10dbf2e85f4824ad78e715d1f4400c5fe 100644 (file)
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -202,6 +202,11 @@ static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy,
         return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len,
                                       prediction_resistance);
 #else
+        /*
+         * In normal use (i.e. OpenSSL's own uses), this is never called.
+         * Outside of the FIPS provider, OpenSSL sets its DRBGs up so that
+         * they always have a parent.  This remains purely for legacy reasons.
+         */
         return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len,
                                      max_len);
 #endif