- if (cc->rng_init_done) {
- br_hmac_drbg_update(&cc->rng, data, len);
- } else {
- /*
- * If using TLS-1.2, then SHA-256 or SHA-384 must be
- * present (or both); we prefer SHA-256 which is faster
- * for 32-bit systems.
- *
- * If using TLS-1.0 or 1.1 then SHA-1 must be present.
- *
- * Though HMAC_DRBG/SHA-1 is, as far as we know, as safe
- * as these things can be, we still prefer the SHA-2
- * functions over SHA-1, if only for public relations
- * (known theoretical weaknesses of SHA-1 with regards to
- * collisions are mostly irrelevant here, but they still
- * make people nervous).
- */
- const br_hash_class *h;
-
- h = br_multihash_getimpl(&cc->mhash, br_sha256_ID);
- if (!h) {
- h = br_multihash_getimpl(&cc->mhash, br_sha384_ID);
- if (!h) {
- h = br_multihash_getimpl(&cc->mhash,
- br_sha1_ID);
- if (!h) {
- br_ssl_engine_fail(cc,
- BR_ERR_BAD_STATE);
- return;
- }
- }
- }
- br_hmac_drbg_init(&cc->rng, h, data, len);
- cc->rng_init_done = 1;
+ /*
+ * Externally provided entropy is assumed to be "good enough"
+ * (we cannot really test its quality) so if the RNG structure
+ * could be initialised at all, then we marked the RNG as
+ * "properly seeded".
+ */
+ if (!rng_init(cc)) {
+ return;