don't call rng_make_prng()
from dh_make_key()
While testing with multiple threads I had spurious errors where some tests can't read from the PRNG. If I tracked it down correctly that's caused by `dh_make_key()` calling `rng_make_prng()` which re-initializes the selected PRNG. I like the idea of "refreshing" the PRNG with entropy from a hopefully secure RNG before generating a new key, but I don't think it's the duty of a key-generation function to ensure that, but merely the application that implements key-generation.
This commit is contained in:
parent
e3329bec26
commit
c9f4628693
@ -188,11 +188,6 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* make up random string */
|
/* make up random string */
|
||||||
if ( rng_make_prng( keysize, wprng, prng, NULL) != CRYPT_OK) {
|
|
||||||
err = CRYPT_ERROR_READPRNG;
|
|
||||||
goto error2;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) {
|
if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) {
|
||||||
err = CRYPT_ERROR_READPRNG;
|
err = CRYPT_ERROR_READPRNG;
|
||||||
goto error2;
|
goto error2;
|
||||||
|
Loading…
Reference in New Issue
Block a user