From 545de7a3a11d2d2ff57e342e47187bad568cee38 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 19 Jul 2012 21:34:27 +0800
Subject: [PATCH] /dev/random blocks on busy servers too.
---
gendss.c | 1 -
genrsa.c | 1 -
random.c | 18 ------------------
random.h | 1 -
4 files changed, 21 deletions(-)
diff --git a/gendss.c b/gendss.c
index 07866721..5abb4d83 100644
--- a/gendss.c
+++ b/gendss.c
@@ -57,7 +57,6 @@ dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
m_mp_init_multi(key->p, key->q, key->g, key->y, key->x, NULL);
seedrandom();
- seedstrongrandom();
getq(key);
getp(key, size);
diff --git a/genrsa.c b/genrsa.c
index 39d0a85b..b0867e20 100644
--- a/genrsa.c
+++ b/genrsa.c
@@ -56,7 +56,6 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
&pminus, &lcm, &qminus, NULL);
seedrandom();
- seedstrongrandom();
if (mp_set_int(key->e, RSA_E) != MP_OKAY) {
fprintf(stderr, "RSA generation failed\n");
diff --git a/random.c b/random.c
index f729ae29..c97e7122 100644
--- a/random.c
+++ b/random.c
@@ -155,24 +155,6 @@ static void write_urandom()
#endif
}
-/* add entropy from the stronger, blocking source /dev/random. Only used
- * for generating persistent private keys (RSA and DSS) */
-void seedstrongrandom()
-{
- /* We assume that PRNGD is a strong source, so don't need to do anything here */
-#ifndef DROPBEAR_PRNGD_SOCKET
- hash_state hs;
-
- sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
- if (process_file(&hs, "/dev/random", INIT_SEED_SIZE, 0)
- != DROPBEAR_SUCCESS) {
- dropbear_exit("Failure reading random device %s", "/dev/random");
- }
-
- sha1_done(&hs, hashpool);
-#endif
-}
-
/* Initialise the prng from /dev/urandom or prngd. This function can
* be called multiple times */
void seedrandom() {
diff --git a/random.h b/random.h
index fa90064f..544e77e3 100644
--- a/random.h
+++ b/random.h
@@ -27,7 +27,6 @@
struct mp_int;
-void seedstrongrandom();
void seedrandom();
void genrandom(unsigned char* buf, unsigned int len);
void addrandom(char * buf, unsigned int len);
--
GitLab