Hi Hauke! On Sun, 19 Feb 2023 21:06:15 +0100 Hauke Mehrtens <[email protected]> wrote:
> Hi Torsten, > > Sorry for the late answer, I forgot about this mail thread. No problem. > > On Sun, 29 Jan 2023 17:08:38 +0100 > > Hauke Mehrtens <[email protected]> wrote: [...] > ustreamss uses the randomness to generate session keys (including > ephemeral keys), IVs and padding. The long term keys are generated in a > different application. [...] > > I think we should wait with creating TLS sessions till we have enough > random data to do it securely. I tested this on a lantiq xrx200 (MIPS) > device and it was initialized much before the LAN interface was up. ^^^^^^^^^^^ Yes. Good that it works out this way. Otherwise you'd have had a tough decision to make. > The code in ustream-mbedtls.c was probably initially written when > /dev/random was still blocking when too much entropy was read out of the > pool. I guess so, too. > I will rename the function. Cool. You can add my review tag if you want... Torsten _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
