diff options
author | lloyd <[email protected]> | 2008-11-23 17:59:11 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2008-11-23 17:59:11 +0000 |
commit | 6ed33c39344921294b782f004002a942cbd82eb6 (patch) | |
tree | 8e53f878ab1cb52a662451844898fb06d5939a9a | |
parent | 7156bf573d68f01c9846191353934b8b7a5633d9 (diff) |
In Randpool and HMAC_RNG, zeroize the I/O buffer used for holding polled
randomness data after the contents have been fed into the MAC.
-rw-r--r-- | src/rng/hmac_rng/hmac_rng.cpp | 3 | ||||
-rw-r--r-- | src/rng/randpool/randpool.cpp | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index 95b119b9d..5f59a1691 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -72,6 +72,7 @@ void HMAC_RNG::randomize(byte out[], u32bit length) source_index = (source_index + 1) % entropy_sources.size(); extractor->update(io_buffer, got); + io_buffer.clear(); } } @@ -121,6 +122,7 @@ void HMAC_RNG::reseed_with_input(const byte input[], u32bit input_length) entropy += got; extractor->update(io_buffer, got); + io_buffer.clear(); } for(u32bit j = 0; j != entropy_sources.size(); ++j) @@ -130,6 +132,7 @@ void HMAC_RNG::reseed_with_input(const byte input[], u32bit input_length) entropy += got; extractor->update(io_buffer, got); + io_buffer.clear(); } } diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index 0017c476c..e35ee22ca 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -129,6 +129,7 @@ void Randpool::reseed() mac->update(buffer, got); entropy_est += got; + buffer.clear(); } // Then do a slow poll, until we think we have got enough entropy @@ -141,6 +142,7 @@ void Randpool::reseed() if(entropy_est > 512) break; + buffer.clear(); } SecureVector<byte> mac_val = mac->final(); |