From 41f381d1873bc343bf472e97f5bae718471365c9 Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Sun, 21 Jun 2009 19:02:34 +0000
Subject: Improve handling of low-entropy situations in HMAC_RNG and Randpool.
 When a reseed is attempted, up to poll_bits attempts will be made, running in
 order through the set of available sources. So for instance if poll_bits is
 set to the default 256, then up to 256 polls will be performed (some of which
 might not provide any entropy, of course) before stopping; of course if the
 accumulators goal is achived before that point, then the polling stops.

This should greatly help to resolve the recent rash of PRNG unseeded problems
some people have been having.
---
 src/rng/hmac_rng/hmac_rng.cpp | 11 +++++++----
 src/rng/randpool/randpool.cpp | 11 +++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp
index 757f59037..113489db3 100644
--- a/src/rng/hmac_rng/hmac_rng.cpp
+++ b/src/rng/hmac_rng/hmac_rng.cpp
@@ -72,12 +72,15 @@ void HMAC_RNG::reseed_with_input(u32bit poll_bits,
 
    Entropy_Accumulator_BufferedComputation accum(*extractor, poll_bits);
 
-   for(u32bit i = 0; i < entropy_sources.size(); ++i)
+   if(!entropy_sources.empty())
       {
-      if(accum.polling_goal_achieved())
-         break;
+      u32bit poll_attempt = 0;
 
-      entropy_sources[i]->poll(accum);
+      while(!accum.polling_goal_achieved() && poll_attempt < poll_bits)
+         {
+         entropy_sources[poll_attempt % entropy_sources.size()]->poll(accum);
+         ++poll_attempt;
+         }
       }
 
    // And now add the user-provided input, if any
diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp
index f9e05c246..77a5228c6 100644
--- a/src/rng/randpool/randpool.cpp
+++ b/src/rng/randpool/randpool.cpp
@@ -105,12 +105,15 @@ void Randpool::reseed(u32bit poll_bits)
    {
    Entropy_Accumulator_BufferedComputation accum(*mac, poll_bits);
 
-   for(u32bit i = 0; i != entropy_sources.size(); ++i)
+   if(!entropy_sources.empty())
       {
-      entropy_sources[i]->poll(accum);
+      u32bit poll_attempt = 0;
 
-      if(accum.polling_goal_achieved())
-         break;
+      while(!accum.polling_goal_achieved() && poll_attempt < poll_bits)
+         {
+         entropy_sources[poll_attempt % entropy_sources.size()]->poll(accum);
+         ++poll_attempt;
+         }
       }
 
    SecureVector<byte> mac_val = mac->final();
-- 
cgit v1.2.3