6 files changed, 47 insertions, 22 deletions

diff --git a/src/lib/rng/chacha_rng/chacha_rng.cpp b/src/lib/rng/chacha_rng/chacha_rng.cpp
index 86c71f9fe..ad8ee9ba8 100644
--- a/src/lib/rng/chacha_rng/chacha_rng.cpp
+++ b/src/lib/rng/chacha_rng/chacha_rng.cpp
@@ -68,28 +68,34 @@ void ChaCha_RNG::randomize(uint8_t output[], size_t output_len)
 void ChaCha_RNG::randomize_with_input(uint8_t output[], size_t output_len,
                                       const uint8_t input[], size_t input_len)
    {
-   add_entropy(input, input_len);
    reseed_check();
 
+   if(input_len > 0)
+      {
+      update(input, input_len);
+      }
+
    clear_mem(output, output_len);
    m_chacha->cipher1(output, output_len);
    }
 
-void ChaCha_RNG::add_entropy(const uint8_t input[], size_t input_len)
+void ChaCha_RNG::update(const uint8_t input[], size_t input_len)
    {
-   if(input_len > 0)
-      {
-      m_hmac->update(input, input_len);
-      m_chacha->set_key(m_hmac->final());
+   m_hmac->update(input, input_len);
+   m_chacha->set_key(m_hmac->final());
+
+   secure_vector<uint8_t> mac_key(m_hmac->output_length());
+   m_chacha->cipher1(mac_key.data(), mac_key.size());
+   m_hmac->set_key(mac_key);
+   }
 
-      secure_vector<uint8_t> mac_key(m_hmac->output_length());
-      m_chacha->cipher1(mac_key.data(), mac_key.size());
-      m_hmac->set_key(mac_key);
+void ChaCha_RNG::add_entropy(const uint8_t input[], size_t input_len)
+   {
+   update(input, input_len);
 
-      if(8*input_len >= security_level())
-         {
-         m_reseed_counter = 1;
-         }
+   if(8*input_len >= security_level())
+      {
+      reset_reseed_counter();
       }
    }
 
diff --git a/src/lib/rng/chacha_rng/chacha_rng.h b/src/lib/rng/chacha_rng/chacha_rng.h
index b6a763f62..7deaa2d89 100644
--- a/src/lib/rng/chacha_rng/chacha_rng.h
+++ b/src/lib/rng/chacha_rng/chacha_rng.h
@@ -115,6 +115,8 @@ class BOTAN_DLL ChaCha_RNG final : public Stateful_RNG
 
       size_t security_level() const override;
 
+      size_t max_number_of_bytes_per_request() const override { return 0; }
+
    private:
       void update(const uint8_t input[], size_t input_len);
 
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.cpp b/src/lib/rng/hmac_drbg/hmac_drbg.cpp
index 4f19b5256..a01b761d9 100644
--- a/src/lib/rng/hmac_drbg/hmac_drbg.cpp
+++ b/src/lib/rng/hmac_drbg/hmac_drbg.cpp
@@ -161,7 +161,7 @@ void HMAC_DRBG::add_entropy(const uint8_t input[], size_t input_len)
 
    if(8*input_len >= security_level())
       {
-      m_reseed_counter = 1;
+      reset_reseed_counter();
       }
    }
 
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.h b/src/lib/rng/hmac_drbg/hmac_drbg.h
index 1c95cb304..4d3faa082 100644
--- a/src/lib/rng/hmac_drbg/hmac_drbg.h
+++ b/src/lib/rng/hmac_drbg/hmac_drbg.h
@@ -143,6 +143,9 @@ class BOTAN_DLL HMAC_DRBG final : public Stateful_RNG
 
       size_t security_level() const override;
 
+      size_t max_number_of_bytes_per_request() const override
+         { return m_max_number_of_bytes_per_request; }
+
    private:
       void update(const uint8_t input[], size_t input_len);
 
diff --git a/src/lib/rng/stateful_rng/stateful_rng.cpp b/src/lib/rng/stateful_rng/stateful_rng.cpp
index df33a2f54..dec791793 100644
--- a/src/lib/rng/stateful_rng/stateful_rng.cpp
+++ b/src/lib/rng/stateful_rng/stateful_rng.cpp
@@ -32,7 +32,7 @@ void Stateful_RNG::initialize_with(const uint8_t input[], size_t len)
 
    if(8*len >= security_level())
       {
-      m_reseed_counter = 1;
+      reset_reseed_counter();
       }
    }
 
@@ -55,7 +55,7 @@ size_t Stateful_RNG::reseed(Entropy_Sources& srcs,
 
    if(bits_collected >= security_level())
       {
-      m_reseed_counter = 1;
+      reset_reseed_counter();
       }
 
    return bits_collected;
@@ -67,7 +67,7 @@ void Stateful_RNG::reseed_from_rng(RandomNumberGenerator& rng, size_t poll_bits)
 
    if(poll_bits >= security_level())
       {
-      m_reseed_counter = 1;
+      reset_reseed_counter();
       }
    }
 
diff --git a/src/lib/rng/stateful_rng/stateful_rng.h b/src/lib/rng/stateful_rng/stateful_rng.h
index ed51aac6a..d02be5659 100644
--- a/src/lib/rng/stateful_rng/stateful_rng.h
+++ b/src/lib/rng/stateful_rng/stateful_rng.h
@@ -103,15 +103,30 @@ class BOTAN_DLL Stateful_RNG : public RandomNumberGenerator
       */
       virtual size_t security_level() const = 0;
 
+      /**
+      * Some DRBGs have a notion of the maximum number of bytes per
+      * request.  Longer requests (to randomize) will be treated as
+      * multiple requests, and may initiate reseeding multiple times,
+      * depending on the values of max_number_of_bytes_per_request and
+      * reseed_interval(). This function returns zero if the RNG in
+      * question does not have such a notion.
+      *
+      * @return max number of bytes per request (or zero)
+      */
+      virtual size_t max_number_of_bytes_per_request() const = 0;
+
+      size_t reseed_interval() const { return m_reseed_interval; }
+
       void clear() override;
 
    protected:
-      /**
-      * Called with lock held
-      */
       void reseed_check();
 
-      uint32_t last_pid() const { return m_last_pid; }
+      /**
+      * Called by a subclass to notify that a reseed has been
+      * successfully performed.
+      */
+      void reset_reseed_counter() { m_reseed_counter = 1; }
 
    private:
       // A non-owned and possibly null pointer to shared RNG
@@ -123,7 +138,6 @@ class BOTAN_DLL Stateful_RNG : public RandomNumberGenerator
       const size_t m_reseed_interval;
       uint32_t m_last_pid = 0;
 
-   protected:
       /*
       * Set to 1 after a successful seeding, then incremented.  Reset
       * to 0 by clear() or a fork. This logic is used even if