diff options
author | lloyd <[email protected]> | 2009-06-21 19:02:34 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2009-06-21 19:02:34 +0000 |
commit | 41f381d1873bc343bf472e97f5bae718471365c9 (patch) | |
tree | 8d54d15c06e9772fd4932142cfba4073aec77df6 /src/rng | |
parent | 0b512325b23e29ce400b5b03cdfa502fb6fcefa5 (diff) |
Improve handling of low-entropy situations in HMAC_RNG and Randpool.
When a reseed is attempted, up to poll_bits attempts will be made, running
in order through the set of available sources. So for instance if poll_bits
is set to the default 256, then up to 256 polls will be performed (some of
which might not provide any entropy, of course) before stopping; of course
if the accumulators goal is achived before that point, then the polling stops.
This should greatly help to resolve the recent rash of PRNG unseeded problems
some people have been having.
Diffstat (limited to 'src/rng')
-rw-r--r-- | src/rng/hmac_rng/hmac_rng.cpp | 11 | ||||
-rw-r--r-- | src/rng/randpool/randpool.cpp | 11 |
2 files changed, 14 insertions, 8 deletions
diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index 757f59037..113489db3 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -72,12 +72,15 @@ void HMAC_RNG::reseed_with_input(u32bit poll_bits, Entropy_Accumulator_BufferedComputation accum(*extractor, poll_bits); - for(u32bit i = 0; i < entropy_sources.size(); ++i) + if(!entropy_sources.empty()) { - if(accum.polling_goal_achieved()) - break; + u32bit poll_attempt = 0; - entropy_sources[i]->poll(accum); + while(!accum.polling_goal_achieved() && poll_attempt < poll_bits) + { + entropy_sources[poll_attempt % entropy_sources.size()]->poll(accum); + ++poll_attempt; + } } // And now add the user-provided input, if any diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index f9e05c246..77a5228c6 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -105,12 +105,15 @@ void Randpool::reseed(u32bit poll_bits) { Entropy_Accumulator_BufferedComputation accum(*mac, poll_bits); - for(u32bit i = 0; i != entropy_sources.size(); ++i) + if(!entropy_sources.empty()) { - entropy_sources[i]->poll(accum); + u32bit poll_attempt = 0; - if(accum.polling_goal_achieved()) - break; + while(!accum.polling_goal_achieved() && poll_attempt < poll_bits) + { + entropy_sources[poll_attempt % entropy_sources.size()]->poll(accum); + ++poll_attempt; + } } SecureVector<byte> mac_val = mac->final(); |