RAND_pseudo_bytes is good enough for encryption IVs,

we should not need RAND_bytes (and we cannot use the latter unless we load a seed file)

RAND_pseudo_bytes is good enough for encryption IVs,
we should not need RAND_bytes (and we cannot use the latter unless we load a seed file)
f13b93d3 · Bodo Möller · 7be5af1d · f13b93d3
显示空白变更内容
内联并排

Showing with 1 addition and 4 deletion

apps/enc.c apps/enc.c +1 -4

未找到文件。
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -448,11 +448,8 @@ bad:
 								"invalid hex salt value\n");
 							goto end;
 						}
-					} else if (RAND_bytes(salt, PKCS5_SALT_LEN) <= 0) {
-						BIO_printf(bio_err,
-							"prng not seeded\n");
+					} else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) <= 0)
 						goto end;
-					}
 					/* If -P option then don't bother writing */
 					if((printkey != 2)
 					   && (BIO_write(wbio,magic,