Patch for modification in random_init

Jouni Malinen j at w1.fi
Tue Mar 25 10:51:32 EDT 2014


On Mon, Mar 24, 2014 at 07:07:22AM +0000, Prameela Rani Garnepudi wrote:

> Please review the below patch ralated to random_init. Attached the same.

> In random_init return from the function immediately if random_entropy_file
> is NULL. Because, the process of creating random_fd socket and thus,
> eloop socket is unnecessary as the content read from /dev/random shall
> be written to random_entropy_file which is NULL.

This seems to disable reading of dummy_key completely and by doing that,
reduce the security of the internal backup entropy pool significantly.
This mechanism is used by random_get_bytes() regardless of whether the
entropy file is used to store entropy over process restarts. In other
words, I'm not going to be applying this without a significantly more
detailed justification that explain why this would not break internal
entropy pool design.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list