aboutsummaryrefslogtreecommitdiffstats
path: root/src/rng
diff options
context:
space:
mode:
authorlloyd <[email protected]>2009-06-21 19:02:34 +0000
committerlloyd <[email protected]>2009-06-21 19:02:34 +0000
commit41f381d1873bc343bf472e97f5bae718471365c9 (patch)
tree8d54d15c06e9772fd4932142cfba4073aec77df6 /src/rng
parent0b512325b23e29ce400b5b03cdfa502fb6fcefa5 (diff)
Improve handling of low-entropy situations in HMAC_RNG and Randpool.
When a reseed is attempted, up to poll_bits attempts will be made, running in order through the set of available sources. So for instance if poll_bits is set to the default 256, then up to 256 polls will be performed (some of which might not provide any entropy, of course) before stopping; of course if the accumulators goal is achived before that point, then the polling stops. This should greatly help to resolve the recent rash of PRNG unseeded problems some people have been having.
Diffstat (limited to 'src/rng')
-rw-r--r--src/rng/hmac_rng/hmac_rng.cpp11
-rw-r--r--src/rng/randpool/randpool.cpp11
2 files changed, 14 insertions, 8 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp
index 757f59037..113489db3 100644
--- a/src/rng/hmac_rng/hmac_rng.cpp
+++ b/src/rng/hmac_rng/hmac_rng.cpp
@@ -72,12 +72,15 @@ void HMAC_RNG::reseed_with_input(u32bit poll_bits,
Entropy_Accumulator_BufferedComputation accum(*extractor, poll_bits);
- for(u32bit i = 0; i < entropy_sources.size(); ++i)
+ if(!entropy_sources.empty())
{
- if(accum.polling_goal_achieved())
- break;
+ u32bit poll_attempt = 0;
- entropy_sources[i]->poll(accum);
+ while(!accum.polling_goal_achieved() && poll_attempt < poll_bits)
+ {
+ entropy_sources[poll_attempt % entropy_sources.size()]->poll(accum);
+ ++poll_attempt;
+ }
}
// And now add the user-provided input, if any
diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp
index f9e05c246..77a5228c6 100644
--- a/src/rng/randpool/randpool.cpp
+++ b/src/rng/randpool/randpool.cpp
@@ -105,12 +105,15 @@ void Randpool::reseed(u32bit poll_bits)
{
Entropy_Accumulator_BufferedComputation accum(*mac, poll_bits);
- for(u32bit i = 0; i != entropy_sources.size(); ++i)
+ if(!entropy_sources.empty())
{
- entropy_sources[i]->poll(accum);
+ u32bit poll_attempt = 0;
- if(accum.polling_goal_achieved())
- break;
+ while(!accum.polling_goal_achieved() && poll_attempt < poll_bits)
+ {
+ entropy_sources[poll_attempt % entropy_sources.size()]->poll(accum);
+ ++poll_attempt;
+ }
}
SecureVector<byte> mac_val = mac->final();