TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

don't call rng_make_prng() from dh_make_key()

Browse Source 
While testing with multiple threads I had spurious errors where some tests
can't read from the PRNG.
If I tracked it down correctly that's caused by `dh_make_key()`
calling `rng_make_prng()` which re-initializes the selected PRNG.

I like the idea of "refreshing" the PRNG with entropy from a hopefully
secure RNG before generating a new key, but I don't think it's the duty
of a key-generation function to ensure that, but merely the application
that implements key-generation.
This commit is contained in:
Steffen Jaeckel 2017-06-09 13:38:21 +02:00
parent e3329bec26
commit c9f4628693
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/pk/dh/dh.c
View File

@ -188,11 +188,6 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
}
/* make up random string */
if ( rng_make_prng( keysize, wprng, prng, NULL) != CRYPT_OK) {
err = CRYPT_ERROR_READPRNG;
goto error2;
}
if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) {
err = CRYPT_ERROR_READPRNG;
goto error2;