Patch for modification in random_init
Tue Mar 25 07:51:32 PDT 2014
On Mon, Mar 24, 2014 at 07:07:22AM +0000, Prameela Rani Garnepudi wrote:
> Please review the below patch ralated to random_init. Attached the same.
> In random_init return from the function immediately if random_entropy_file
> is NULL. Because, the process of creating random_fd socket and thus,
> eloop socket is unnecessary as the content read from /dev/random shall
> be written to random_entropy_file which is NULL.
This seems to disable reading of dummy_key completely and by doing that,
reduce the security of the internal backup entropy pool significantly.
This mechanism is used by random_get_bytes() regardless of whether the
entropy file is used to store entropy over process restarts. In other
words, I'm not going to be applying this without a significantly more
detailed justification that explain why this would not break internal
entropy pool design.
Jouni Malinen PGP id EFC895FA
More information about the Hostap