Always set the position to the start of the block when generating a new

block of data in the X9.31 PRNG (previously, adding entropy would cause a new block to be computed but the read pointer would be the same as it had been in the old block). Nominally this is very slightly faster (we don't throw away bytes we just computed) but the change is more to make the code more obvious/explicit; I was surprised by its old behavior, which seems bad. In theory it could introduce additional weaknesses, if gaining advantage to this partial block that was being thrown away assisted in an attack (I do not know of any attacks against the X9.31 PRNG that work that way, however).
author: lloyd <[email protected]> 2008-04-15 19:12:30 +0000
committer: lloyd <[email protected]> 2008-04-15 19:12:30 +0000
commit: 89a3150032bc56cc288e175cac31fa7a3514705c (patch)
tree: 79651cf676ae7b320a3b7ad420fae4a813f355ff
parent: 1ddf84acb8ef642c27bbb38637c54dbb23964d54 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/src/x931_rng.cpp b/src/x931_rng.cpp
index ee21d480e..01b8c33d2 100644
--- a/src/x931_rng.cpp
+++ b/src/x931_rng.cpp
@@ -29,10 +29,7 @@ void ANSI_X931_RNG::randomize(byte out[], u32bit length) throw(PRNG_Unseeded)
       position += copied;
 
       if(position == R.size())
-         {
          update_buffer();
-         position = 0;
-         }
       }
    }
 
@@ -53,6 +50,8 @@ void ANSI_X931_RNG::update_buffer()
 
    xor_buf(V, R, DT, BLOCK_SIZE);
    cipher->encrypt(V);
+
+   position = 0;
    }
 
 /*************************************************
author	lloyd <[email protected]>	2008-04-15 19:12:30 +0000
committer	lloyd <[email protected]>	2008-04-15 19:12:30 +0000
commit	89a3150032bc56cc288e175cac31fa7a3514705c (patch)
tree	79651cf676ae7b320a3b7ad420fae4a813f355ff
parent	1ddf84acb8ef642c27bbb38637c54dbb23964d54 (diff)