Commit d153fb05 authored by Brian Wellington's avatar Brian Wellington
Browse files

Require less entropy to be present for smaller keys. This means that

generating entropy on the keyboard doesn't take 5 minutes anymore.
parent 6036112f
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: bsafe_link.c,v 1.31 2000/06/12 18:05:09 bwelling Exp $
* $Id: bsafe_link.c,v 1.32 2000/06/22 21:19:13 bwelling Exp $
*/
#if defined(DNSSAFE)
......@@ -309,6 +309,7 @@ dnssafersa_generate(dst_key_t *key, int exp) {
int exponent_len = 0;
RSA_Key *rsa;
unsigned char randomSeed[256];
int entropylen;
isc_buffer_t b;
A_RSA_KEY *pub = NULL;
isc_result_t ret;
......@@ -392,11 +393,12 @@ dnssafersa_generate(dst_key_t *key, int exp) {
if (B_RandomInit(randomAlgorithm, CHOOSER, NULL_SURRENDER) != 0)
do_fail(ISC_R_NOMEMORY);
ret = dst__entropy_getdata(randomSeed, sizeof(randomSeed), ISC_FALSE);
entropylen = ISC_MIN(sizeof(randomSeed), 2 * key->key_size / 8);
ret = dst__entropy_getdata(randomSeed, entropylen, ISC_FALSE);
if (ret != ISC_R_SUCCESS)
goto fail;
if (B_RandomUpdate(randomAlgorithm, randomSeed, sizeof(randomSeed),
if (B_RandomUpdate(randomAlgorithm, randomSeed, entropylen,
NULL_SURRENDER) != 0)
do_fail(ISC_R_NOMEMORY);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment