don't call rng_make_prng() from dh_make_key()

While testing with multiple threads I had spurious errors where some tests
can't read from the PRNG.
If I tracked it down correctly that's caused by `dh_make_key()`
calling `rng_make_prng()` which re-initializes the selected PRNG.

I like the idea of "refreshing" the PRNG with entropy from a hopefully
secure RNG before generating a new key, but I don't think it's the duty
of a key-generation function to ensure that, but merely the application
that implements key-generation.
This commit is contained in:
Steffen Jaeckel 2017-06-09 13:38:21 +02:00
parent e3329bec26
commit c9f4628693

View File

@ -188,11 +188,6 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
} }
/* make up random string */ /* make up random string */
if ( rng_make_prng( keysize, wprng, prng, NULL) != CRYPT_OK) {
err = CRYPT_ERROR_READPRNG;
goto error2;
}
if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) { if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) {
err = CRYPT_ERROR_READPRNG; err = CRYPT_ERROR_READPRNG;
goto error2; goto error2;