Always hash crypto_strongest_rand() along with some prng

(before using it for anything besides feeding the PRNG)

Part of #17694

1 files changed, 3 insertions, 1 deletions

diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index 1749efc34c..41ec486f0a 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -107,7 +107,9 @@ ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
 {
   int r;
   uint8_t seed[32];
-  if (! extra_strong || crypto_strongest_rand(seed, sizeof(seed)) < 0)
+  if (extra_strong)
+    crypto_strongest_rand(seed, sizeof(seed));
+ else
     crypto_rand((char*)seed, sizeof(seed));
 
   r = get_ed_impl()->seckey_expand(seckey_out->seckey, seed);