From: Pauli <ppzgs1@gmail.com>
Date: Thu, 27 Jun 2024 00:08:05 +0000 (+1000)
Subject: Clarify DRBG seeding.
X-Git-Tag: openssl-3.1.7~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a648836d1d150166678fe31f2341bb9260bf8f45;p=thirdparty%2Fopenssl.git

Clarify DRBG seeding.

There is a legacy code path that OpenSSL won't use anymore but applications
could.  Add a comment indicating this to avoid confusion for people not
intimately conversant with the nuances in the RNG code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24745)

(cherry picked from commit 1eb122aa0ca152dc564e61674caf3f11acd85b57)
---

diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 3159a9d9654..045d9cf1d1f 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -205,6 +205,11 @@ static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy,
         return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len,
                                       prediction_resistance);
 #else
+        /*
+         * In normal use (i.e. OpenSSL's own uses), this is never called.
+         * Outside of the FIPS provider, OpenSSL sets its DRBGs up so that
+         * they always have a parent.  This remains purely for legacy reasons.
+         */
         return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len,
                                      max_len);
 #endif