Some changes to HMAC_RNG:

 - Only give out half of K in each iteration. This prevents an
   attacker who recovers the PRF key and knows some RNG outputs from
   being able to determine other RNG outputs.

 - Don't reset the counter on a reseed, and every 1024 outputs (16
   Kbytes with default PRF) initiate a poll.

 - Don't ever reseed when called with add_entropy, just give it to the
   extractor, as we know that eventually we'll reseed at which time
   that input will be incorporated.

0 files changed, 0 insertions, 0 deletions