Patch for modification in random_init

Jouni Malinen j
Tue Mar 25 07:51:32 PDT 2014

On Mon, Mar 24, 2014 at 07:07:22AM +0000, Prameela Rani Garnepudi wrote:

> Please review the below patch ralated to random_init. Attached the same.

> In random_init return from the function immediately if random_entropy_file
> is NULL. Because, the process of creating random_fd socket and thus,
> eloop socket is unnecessary as the content read from /dev/random shall
> be written to random_entropy_file which is NULL.

This seems to disable reading of dummy_key completely and by doing that,
reduce the security of the internal backup entropy pool significantly.
This mechanism is used by random_get_bytes() regardless of whether the
entropy file is used to store entropy over process restarts. In other
words, I'm not going to be applying this without a significantly more
detailed justification that explain why this would not break internal
entropy pool design.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list