[gnutls-dev] Re: ongoing entropy problems
Simon Josefsson
jas at extundo.com
Wed Feb 1 13:05:34 CET 2006
Werner Koch <wk at gnupg.org> writes:
> On Tue, 31 Jan 2006 19:30:29 +0100, Andreas Metzler said:
>
>> For bug #2 /dev/urandom is used, therefore there is no blocking in
>
> Who is using /dev/urandom: Exim proper or gnutls/libgcrypt?
>
>> exim, just the fact that anything using /dev/random will block, as
>> there is no entropy left.
>
> For my understanding, will someone be so kind to answer these
> questions:
>
> 1. Does gnutls use GCRY_VERY_STRONG_RANDOM?
Yes, in gc_random() which is used by RAND_bytes in
libextra/gnutls_openssl.c. Otherwise, no, as far as I can see.
Is exim using the OpenSSL compatibility interface? Does it invoke
RAND_bytes?
GnuTLS calls gnutls_mpi_randomize in a few places, but only with
GCRY_STRONG_RANDOM.
> 2. Does gnutls save the random seed file?
> gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, filename);
> atexit:
> gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
No. Should it? What should we use as the filename?
> 3. Does the problem only occur for inetd invoked exims?
I don't know.
Thanks.
More information about the Gnutls-devel
mailing list