X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/a3ad4421ce9e122bc9079ffc6e60f45b1b06c1d7..81ceb2c35de440e701d2f4e6960001395d2b7e97:/rand/rand.c

diff --git a/rand/rand.c b/rand/rand.c
index c2540f7e..90e81930 100644
--- a/rand/rand.c
+++ b/rand/rand.c
@@ -163,11 +163,14 @@ static int trivial_quick(rand_pool *r) { return (-1); }
 
 #if CPUFAM_X86 || CPUFAM_AMD64
 extern int rand_quick_x86ish_rdrand(rand_pool */*r*/);
+extern int rand_quick_x86ish_rdseed(rand_pool */*r*/);
 #endif
 
 static quick__functype *pick_quick(void)
 {
 #if CPUFAM_X86 || CPUFAM_AMD64
+  DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdseed,
+		     cpu_feature_p(CPUFEAT_X86_RDSEED));
   DISPATCH_PICK_COND(rand_quick, rand_quick_x86ish_rdrand,
 		     cpu_feature_p(CPUFEAT_X86_RDRAND));
 #endif
@@ -251,9 +254,7 @@ void rand_add(rand_pool *r, const void *p, size_t sz, unsigned goodbits)
   const octet *c = p;
   int i, rot;
 
-#if RAND_POOLSZ != 128
-#  error Polynomial in rand_add is out of date.  Fix it.
-#endif
+  STATIC_ASSERT(RAND_POOLSZ == 128, "Polynomial doesn't match pool size");
 
   RAND_RESOLVE(r);
 
@@ -306,6 +307,8 @@ void rand_gate(rand_pool *r)
   HASH_CTX hc;
   CIPHER_CTX cc;
 
+  STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long");
+
   RAND_RESOLVE(r);
   QUICK(r);
 
@@ -313,6 +316,7 @@ void rand_gate(rand_pool *r)
 
   HASH_INIT(&hc);
   STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
+  HASH(&hc, r->k.k, RAND_KEYSZ);
   HASH(&hc, r->pool, RAND_POOLSZ);
   HASH(&hc, r->buf, RAND_BUFSZ);
   HASH_DONE(&hc, h);
@@ -320,7 +324,6 @@ void rand_gate(rand_pool *r)
 
   /* --- Now mangle all of the data based on the hash --- */
 
-  assert(CIPHER_KEYSZ <= HASH_SZ);
   CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0);
   CIPHER_ENCRYPT(&cc, r->pool, r->pool, RAND_POOLSZ);
   CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ);
@@ -331,7 +334,7 @@ void rand_gate(rand_pool *r)
   r->o = RAND_SECSZ;
   r->obits += r->ibits;
   if (r->obits > RAND_OBITS) {
-    r->ibits = r->obits - r->ibits;
+    r->ibits = r->obits - RAND_OBITS;
     r->obits = RAND_OBITS;
   } else
     r->ibits = 0;
@@ -356,6 +359,8 @@ void rand_stretch(rand_pool *r)
   HASH_CTX hc;
   CIPHER_CTX cc;
 
+  STATIC_ASSERT(CIPHER_KEYSZ <= HASH_SZ, "rand cipher keysize too long");
+
   RAND_RESOLVE(r);
   QUICK(r);
 
@@ -363,6 +368,7 @@ void rand_stretch(rand_pool *r)
 
   HASH_INIT(&hc);
   STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
+  HASH(&hc, r->k.k, RAND_KEYSZ);
   HASH(&hc, r->pool, RAND_POOLSZ);
   HASH(&hc, r->buf, RAND_BUFSZ);
   HASH_DONE(&hc, h);
@@ -370,7 +376,6 @@ void rand_stretch(rand_pool *r)
 
   /* --- Now mangle the buffer based on the hash --- */
 
-  assert(CIPHER_KEYSZ <= HASH_SZ);
   CIPHER_INIT(&cc, h, CIPHER_KEYSZ, 0);
   CIPHER_ENCRYPT(&cc, r->buf, r->buf, RAND_BUFSZ);
   BURN(cc);
@@ -470,11 +475,15 @@ void rand_getgood(rand_pool *r, void *p, size_t sz)
 	chunk = r->obits / 8;
     }
 
-    if (chunk + r->o > RAND_BUFSZ)
+    if (chunk + r->o <= RAND_BUFSZ) {
+      memcpy(o, r->buf + r->o, chunk);
+      r->o += chunk;
+    } else {
       chunk = RAND_BUFSZ - r->o;
+      memcpy(o, r->buf + r->o, chunk);
+      rand_stretch(r);
+    }
 
-    memcpy(o, r->buf + r->o, chunk);
-    r->o += chunk;
     r->obits -= chunk * 8;
     o += chunk;
     sz -= chunk;