Always include a high res timestamp in the RNG additional_data

128 bits of RDRAND output is plenty, and including a timestamp means the AD changes even in RDRAND gets stuck as in the buggy AMD CPUs.
author: Jack Lloyd <[email protected]> 2019-10-06 09:13:18 -0400
committer: Jack Lloyd <[email protected]> 2019-10-16 11:32:58 -0400
commit: b896677a8b6c22052908f70c393edc9ed50304e7 (patch)
tree: 25c8011c78273044b34b5d5cc068e30f157ffee9 /src/lib/rng
parent: 638741499e1adc226388d889b104cefbe0049d8f (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/lib/rng/stateful_rng/stateful_rng.cpp b/src/lib/rng/stateful_rng/stateful_rng.cpp
index 80442542f..1587e50f8 100644
--- a/src/lib/rng/stateful_rng/stateful_rng.cpp
+++ b/src/lib/rng/stateful_rng/stateful_rng.cpp
@@ -44,17 +44,18 @@ void Stateful_RNG::randomize_with_ts_input(uint8_t output[], size_t output_len)
    {
    uint8_t additional_input[24] = { 0 };
 
+   store_le(OS::get_high_resolution_clock(), additional_input);
+
 #if defined(BOTAN_HAS_RDRAND_RNG)
    if(RDRAND_RNG::available())
       {
       RDRAND_RNG rdrand;
-      rdrand.randomize(additional_input, sizeof(additional_input));
+      rdrand.randomize(additional_input + 8, sizeof(additional_input) - 8);
       }
    else
 #endif
       {
-      store_le(OS::get_system_timestamp_ns(), additional_input);
-      store_le(OS::get_high_resolution_clock(), additional_input + 8);
+      store_le(OS::get_system_timestamp_ns(), additional_input + 8);
       store_le(m_last_pid, additional_input + 16);
       store_le(static_cast<uint32_t>(m_reseed_counter), additional_input + 20);
       }
author	Jack Lloyd <[email protected]>	2019-10-06 09:13:18 -0400
committer	Jack Lloyd <[email protected]>	2019-10-16 11:32:58 -0400
commit	b896677a8b6c22052908f70c393edc9ed50304e7 (patch)
tree	25c8011c78273044b34b5d5cc068e30f157ffee9 /src/lib/rng
parent	638741499e1adc226388d889b104cefbe0049d8f (diff)