diff options
author | Werner Koch <wk@gnupg.org> | 2017-06-16 17:09:20 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2017-06-16 17:09:20 +0200 |
commit | 82bc052eda5b3897724c7ad11e54f8203e8e88e9 (patch) | |
tree | 00eaf514e1a91dc9875d29ed00306a06a968a276 /random/rndjent.c | |
parent | e6f90a392a1fd59b19b16f7a2bc7c439ae369d5f (diff) | |
download | libgcrypt-82bc052eda5b3897724c7ad11e54f8203e8e88e9.tar.gz |
random: Make rndjent.c NTG.1 compliant.
* random/rndjent.c (_gcry_rndjent_poll): Hash the retrieved jitter.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'random/rndjent.c')
-rw-r--r-- | random/rndjent.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/random/rndjent.c b/random/rndjent.c index 99318b45..86dc88e9 100644 --- a/random/rndjent.c +++ b/random/rndjent.c @@ -306,7 +306,7 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins), if (jent_rng_collector) { /* We have a working JENT and it has not been disabled. */ - char buffer[256]; + char buffer[32]; while (length) { @@ -317,10 +317,14 @@ _gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins), rc = jent_read_entropy (jent_rng_collector, buffer, n); if (rc < 0) break; - (*add) (buffer, rc, origin); - length -= rc; - nbytes += rc; - jent_rng_totalbytes += rc; + /* We need to hash the output to conform to the BSI + * NTG.1 specs. */ + _gcry_md_hash_buffer (GCRY_MD_SHA256, buffer, buffer, rc); + n = rc < 32? rc : 32; + (*add) (buffer, n, origin); + length -= n; + nbytes += n; + jent_rng_totalbytes += n; } wipememory (buffer, sizeof buffer); } |