From: Mark Wooding Date: Fri, 28 Aug 2020 23:25:56 +0000 (+0100) Subject: rand/rand.c (rand_gate): Evolve r->ibits in a more sensible manner. X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/commitdiff_plain/5f0438e6324f770ec8e1f53eadceea0857e4792d rand/rand.c (rand_gate): Evolve r->ibits in a more sensible manner. It's not really clear what this code was trying to do. Write i and o for the initial values of r->ibits and r->obits, respectively, i' and 'o for their respective final values, and O for RAND_OBITS. In the case that i + o <= O, we update i' = 0 and o' = i + o, maintaining the invariant that i' + o' = i + o. But if i + o > O, then we set o' = O and i' = (i + o) - i = o, which seems nonsensical. In particular, in the case that i = 1 and o = O, it apparently magics O - 1 bits of entropy from nowhere. Modify the code so that it at least maintains the sum of the entropy counters in either branch. I'm not sure this is actually correct, but it seems like a defensible position. --- diff --git a/rand/rand.c b/rand/rand.c index e2211d54..01e6422a 100644 --- a/rand/rand.c +++ b/rand/rand.c @@ -342,7 +342,7 @@ void rand_gate(rand_pool *r) r->o = RAND_SECSZ; r->obits += r->ibits; if (r->obits > RAND_OBITS) { - r->ibits = r->obits - r->ibits; + r->ibits = r->obits - RAND_OBITS; r->obits = RAND_OBITS; } else r->ibits = 0;