aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-11-23 17:59:11 +0000
committerlloyd <[email protected]>2008-11-23 17:59:11 +0000
commit6ed33c39344921294b782f004002a942cbd82eb6 (patch)
tree8e53f878ab1cb52a662451844898fb06d5939a9a
parent7156bf573d68f01c9846191353934b8b7a5633d9 (diff)
In Randpool and HMAC_RNG, zeroize the I/O buffer used for holding polled
randomness data after the contents have been fed into the MAC.
-rw-r--r--src/rng/hmac_rng/hmac_rng.cpp3
-rw-r--r--src/rng/randpool/randpool.cpp2
2 files changed, 5 insertions, 0 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp
index 95b119b9d..5f59a1691 100644
--- a/src/rng/hmac_rng/hmac_rng.cpp
+++ b/src/rng/hmac_rng/hmac_rng.cpp
@@ -72,6 +72,7 @@ void HMAC_RNG::randomize(byte out[], u32bit length)
source_index = (source_index + 1) % entropy_sources.size();
extractor->update(io_buffer, got);
+ io_buffer.clear();
}
}
@@ -121,6 +122,7 @@ void HMAC_RNG::reseed_with_input(const byte input[], u32bit input_length)
entropy += got;
extractor->update(io_buffer, got);
+ io_buffer.clear();
}
for(u32bit j = 0; j != entropy_sources.size(); ++j)
@@ -130,6 +132,7 @@ void HMAC_RNG::reseed_with_input(const byte input[], u32bit input_length)
entropy += got;
extractor->update(io_buffer, got);
+ io_buffer.clear();
}
}
diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp
index 0017c476c..e35ee22ca 100644
--- a/src/rng/randpool/randpool.cpp
+++ b/src/rng/randpool/randpool.cpp
@@ -129,6 +129,7 @@ void Randpool::reseed()
mac->update(buffer, got);
entropy_est += got;
+ buffer.clear();
}
// Then do a slow poll, until we think we have got enough entropy
@@ -141,6 +142,7 @@ void Randpool::reseed()
if(entropy_est > 512)
break;
+ buffer.clear();
}
SecureVector<byte> mac_val = mac->final();