From 2259de0de726f3f617b2451d64f72f0d4d6bc0ae Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 8 Dec 2015 10:54:42 -0500
Subject: Always hash crypto_strongest_rand() along with some prng

(before using it for anything besides feeding the PRNG)

Part of #17694
---
 src/common/crypto_curve25519.c | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

(limited to 'src/common/crypto_curve25519.c')

diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index 00302a2ff0..2002483265 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -111,18 +111,11 @@ curve25519_public_key_is_ok(const curve25519_public_key_t *key)
 int
 curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong)
 {
-  uint8_t k_tmp[CURVE25519_SECKEY_LEN];
-
-  crypto_rand((char*)out, CURVE25519_SECKEY_LEN);
-  if (extra_strong && !crypto_strongest_rand(k_tmp, CURVE25519_SECKEY_LEN)) {
-    /* If they asked for extra-strong entropy and we have some, use it as an
-     * HMAC key to improve not-so-good entropy rather than using it directly,
-     * just in case the extra-strong entropy is less amazing than we hoped. */
-    crypto_hmac_sha256((char*) out,
-                       (const char *)k_tmp, sizeof(k_tmp),
-                       (const char *)out, CURVE25519_SECKEY_LEN);
-  }
-  memwipe(k_tmp, 0, sizeof(k_tmp));
+  if (extra_strong)
+    crypto_strongest_rand(out, CURVE25519_SECKEY_LEN);
+  else
+    crypto_rand((char*)out, CURVE25519_SECKEY_LEN);
+
   return 0;
 }
 
-- 
cgit v1.2.3-54-g00ecf