[Help-gnutls] Why delay generating second and other keys?

[Fran]

     I. On Mér, 2005-10-26 at 11:09 +0200, Nikos Mavrogiannopoulos
        wrote:
> On Tuesday 25 October 2005 23:39, Fran wrote:
> > If the computer spend 0,1 seconds making a key the first time. Making
> > second an other keys, the computer can spend 10 or more seconds.
> > I think that this can be a problem.
> 
> I suppose you talk about certtool. This is a good thing. The first key 
> depletes entropy from /dev/random. The second key the same. The system needs 
> some time to gather entropy.

I see /dev/random code an seems that extract data from mouse, keyboard,
interrupts, etc.
If mouse and keyboard do not affect to the PC, the random number is
gathered very slow (very slow).
This is a problem of enclosure (deterministic system, low precision),
and only should be solved with special device (hardware) with precision
that see the caos of real world (more liberty degree).
Nothing to be done.


Another question:
Libcrypt use exit() in functions.

The function 
> gnutls_x509_privkey_generate (key, key_type, bits, 0)

does not return any value because libcrypt function use exit(). For this reason a program that have this function can not known which is the problem.
For example if 
> gnutls_global_init();
is not called before.

> static void *
> _gcry_secmem_malloc_internal (size_t size)
> {
>   memblock_t *mb;
> 
>   if (!pool_okay)
>     {
>       log_info (_
>         ("operation is not possible without initialized secure memory\n"));
>       exit (2); <<<<<<<------------------------------------------------------------------------------------------------------------------------------------
>     }
>   if (show_warning && !suspend_warning)
>     {
>       show_warning = 0;
>       print_warn ();
>     }
> 
>   /* Blocks are always a multiple of 32. */
>   size = ((size + 31) / 32) * 32;
> 
>   mb = mb_get_new ((memblock_t *) pool, size);
>   if (mb)
>     stats_update (size, 0);
> 
>   return mb ? &mb->aligned.c : NULL;
> }