[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
       via  2805ee1e095a78f596dc7adf778441e2edb9f15c (commit)
      from  96d7852cbd0c7861cce155e1dc8c621648c0ba70 (commit)


- Log -----------------------------------------------------------------
commit 2805ee1e095a78f596dc7adf778441e2edb9f15c
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Aug 16 16:01:58 2018 +0200

    Configure: warn when 'none' is the chosen seed source
    
    Fixes #6980
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/6981)

-----------------------------------------------------------------------

Summary of changes:
 Configure | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/Configure b/Configure
index c9f6ea7..2eb8533 100755
--- a/Configure
+++ b/Configure
@@ -1010,9 +1010,18 @@ if (scalar(@seed_sources) == 0) {
     print "Using os-specific seed configuration\n";
     push @seed_sources, 'os';
 }
-die "Cannot seed with none and anything else"
-    if scalar(grep { $_ eq 'none' } @seed_sources) > 0
-        && scalar(@seed_sources) > 1;
+if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
+    die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
+    warn <<_____ if scalar(@seed_sources) == 1;
+You have selected the --with-rand-seed=none option, which effectively disables
+automatic reseeding of the OpenSSL random generator. All operations depending
+on the random generator such as creating keys will not work unless the random
+generator is seeded manually by the application.
+
+Please read the 'Note on random number generation' section in the INSTALL
+instructions and the RAND_DRBG(7) manual page for more details.
+_____
+}
 push @{$config{openssl_other_defines}},
      map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
 	@seed_sources;