diff options
| author | Michael Brown | 2012-02-21 13:40:27 +0100 |
|---|---|---|
| committer | Michael Brown | 2012-02-21 13:43:03 +0100 |
| commit | 5a80c1106230f4308fe330eb9b881a349a3f9278 (patch) | |
| tree | fc8f2e8ffa1fd3f86d42d191b61e95c08178ba87 /src | |
| parent | [tls] Use ANS X9.82 Approved RBG as source of random data for TLS (diff) | |
| download | ipxe-5a80c1106230f4308fe330eb9b881a349a3f9278.tar.gz ipxe-5a80c1106230f4308fe330eb9b881a349a3f9278.tar.xz ipxe-5a80c1106230f4308fe330eb9b881a349a3f9278.zip | |
[crypto] Use ANS X9.82 Approved get_random_nz() for RSA
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/axtls/crypto.h | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/crypto/axtls/crypto.h b/src/crypto/axtls/crypto.h index a9893cf35..b7af7c419 100644 --- a/src/crypto/axtls/crypto.h +++ b/src/crypto/axtls/crypto.h @@ -130,9 +130,16 @@ void RNG_terminate(void); void get_random(int num_rand_bytes, uint8_t *rand_data); //void get_random_NZ(int num_rand_bytes, uint8_t *rand_data); -#include <string.h> +#include <ipxe/random_nz.h> static inline void get_random_NZ(int num_rand_bytes, uint8_t *rand_data) { - memset ( rand_data, 0x01, num_rand_bytes ); + /* AXTLS does not check for failures when generating random + * data. Rely on the fact that get_random_nz() does not + * request prediction resistance (and so cannot introduce new + * failures) and therefore any potential failure must already + * have been encountered by e.g. tls_generate_random(), which + * does check for failures. + */ + get_random_nz ( rand_data, num_rand_bytes ); } /************************************************************************** |