nodejs
diff --git a/Collapse file
‎src/crypto/crypto_util.cc‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_util.cc
+10-4Lines changed: 10 additions & 4 deletions b/Collapse file
‎src/crypto/crypto_util.cc‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_util.cc
+10-4Lines changed: 10 additions & 4 deletions
diff --git a/Collapse file
‎src/crypto/crypto_util.h‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_util.h
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎src/crypto/crypto_util.h‎
Copy file name to clipboardExpand all lines: src/crypto/crypto_util.h
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/Collapse file
‎src/node.cc‎
Copy file name to clipboardExpand all lines: src/node.cc
+4-2Lines changed: 4 additions & 2 deletions b/Collapse file
‎src/node.cc‎
Copy file name to clipboardExpand all lines: src/node.cc
+4-2Lines changed: 4 additions & 2 deletions
@@ -76,10 +76,16 @@ void CheckEntropy() {
 bool EntropySource(unsigned char* buffer, size_t length) {
   // Ensure that OpenSSL's PRNG is properly seeded.
   CheckEntropy();
-  // RAND_bytes() can return 0 to indicate that the entropy data is not truly
-  // random. That's okay, it's still better than V8's stock source of entropy,
-  // which is /dev/urandom on UNIX platforms and the current time on Windows.
-  return RAND_bytes(buffer, length) != -1;
+  // If RAND_bytes() returns 0 or -1, the data might not be random at all. In
+  // that case, return false, which causes V8 to use its own entropy source. The
+  // quality of V8's entropy source depends on multiple factors and we should
+  // not assume that it is cryptographically secure (even though it often is).
+  // However, even if RAND_bytes() fails and V8 resorts to its potentially weak
+  // entropy source, it really does not matter much: V8 only uses the entropy
+  // source to seed its own PRNG, which itself is not cryptographically secure.
+  // In other words, even a cryptographically secure entropy source would not
+  // guarantee cryptographically secure random numbers in V8.
+  return RAND_bytes(buffer, length) == 1;
 }
 
 int PasswordCallback(char* buf, int size, int rwflag, void* u) {
 
@@ -134,7 +134,7 @@ struct MarkPopErrorOnReturn {
 void CheckEntropy();
 
 // Generate length bytes of random data. If this returns false, the data
-// may not be truly random but it's still generally good enough.
+// might not be random at all and should not be used.
 bool EntropySource(unsigned char* buffer, size_t length);
 
 int PasswordCallback(char* buf, int size, int rwflag, void* u);
 
@@ -980,8 +980,10 @@ std::unique_ptr<InitializationResult> InitializeOncePerProcess(
       return result;
     }
 
-    // V8 on Windows doesn't have a good source of entropy. Seed it from
-    // OpenSSL's pool.
+    // Seed V8's PRNG from OpenSSL's pool. This is recommended by V8 and a
+    // potentially better source of randomness than what V8 uses by default, but
+    // it does not guarantee that pseudo-random values produced by V8 will be
+    // cryptograhically secure.
     V8::SetEntropySource(crypto::EntropySource);
 #endif  // HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL)
   }
Original file line number	Diff line number	Diff line change
`@@ -980,8 +980,10 @@ std::unique_ptr<InitializationResult> InitializeOncePerProcess(`
`980`	`980`	`return result;`
`981`	`981`	`}`
`982`	`982`
`983`		`- // V8 on Windows doesn't have a good source of entropy. Seed it from`
`984`		`- // OpenSSL's pool.`
	`983`	`+ // Seed V8's PRNG from OpenSSL's pool. This is recommended by V8 and a`
	`984`	`+ // potentially better source of randomness than what V8 uses by default, but`
	`985`	`+ // it does not guarantee that pseudo-random values produced by V8 will be`
	`986`	`+ // cryptograhically secure.`
`985`	`987`	`V8::SetEntropySource(crypto::EntropySource);`
`986`	`988`	`#endif // HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL)`
`987`	`989`	`}`