Configure: warn when 'none' is the chosen seed source

Fixes #6980 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/6981)
2018-08-16 16:01:58 +02:00 · 2018-08-16 16:01:58 +02:00 · 2805ee1e09
commit 2805ee1e09
parent 96d7852cbd
1 changed files with 12 additions and 3 deletions
--- a/15
+++ b/15
@ -1010,9 +1010,18 @@ if (scalar(@seed_sources) == 0) {
    print "Using os-specific seed configuration\n";
    push @seed_sources, 'os';
 }
-die "Cannot seed with none and anything else"
-    if scalar(grep { $_ eq 'none' } @seed_sources) > 0
-        && scalar(@seed_sources) > 1;
+if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
+    die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
+    warn <<_____ if scalar(@seed_sources) == 1;
+You have selected the --with-rand-seed=none option, which effectively disables
+automatic reseeding of the OpenSSL random generator. All operations depending
+on the random generator such as creating keys will not work unless the random
+generator is seeded manually by the application.
+
+Please read the 'Note on random number generation' section in the INSTALL
+instructions and the RAND_DRBG(7) manual page for more details.
+_____
+}
 push @{$config{openssl_other_defines}},
     map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
 	@seed_sources;