From 95b19711938b5ecf076683e303384109125fd891 Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Wed, 1 Jun 2022 14:56:39 -0400
Subject: [PATCH] Only use additional entropy source when configured within
 transit and sys random (#15734)

- When an end-user specifies the all source type within
   transit/random and sys/tools/random, only use the additional source
   if we are actually configured with an external entropy source
---
 helper/random/random_api.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/helper/random/random_api.go b/helper/random/random_api.go
index 1cee54272..9bc89f9af 100644
--- a/helper/random/random_api.go
+++ b/helper/random/random_api.go
@@ -71,10 +71,10 @@ func HandleRandomAPI(d *framework.FieldData, additionalSource io.Reader) (*logic
 		}
 		randBytes, err = uuid.GenerateRandomBytesWithReader(bytes, additionalSource)
 	case "all":
-		var sealBytes []byte
-		sealBytes, err = uuid.GenerateRandomBytesWithReader(bytes, additionalSource)
-		if err == nil {
-			randBytes, err = uuid.GenerateRandomBytes(bytes)
+		randBytes, err = uuid.GenerateRandomBytes(bytes)
+		if err == nil && rand.Reader != additionalSource {
+			var sealBytes []byte
+			sealBytes, err = uuid.GenerateRandomBytesWithReader(bytes, additionalSource)
 			if err == nil {
 				randBytes, err = xor.XORBytes(sealBytes, randBytes)
 			}