Simplifications in the RNG code.

2 files changed, 32 insertions, 19 deletions

diff --git a/lib/nettle/rnd-common.c b/lib/nettle/rnd-common.c
index 24737433ed..ea89797669 100644
--- a/lib/nettle/rnd-common.c
+++ b/lib/nettle/rnd-common.c
@@ -40,6 +40,14 @@
 /* gnulib wants to claim strerror even if it cannot provide it. WTF */
 #undef strerror
 
+#ifdef HAVE_GETRUSAGE
+# ifdef RUSAGE_THREAD
+#  define ARG_RUSAGE RUSAGE_THREAD
+# else
+#  define ARG_RUSAGE RUSAGE_SELF
+# endif
+#endif
+
 void _rnd_get_event(struct event_st *e)
 {
 	static unsigned count = 0;
@@ -47,11 +55,7 @@ void _rnd_get_event(struct event_st *e)
 	gettime(&e->now);
 
 #ifdef HAVE_GETRUSAGE
-#ifdef RUSAGE_THREAD
-	if (getrusage(RUSAGE_THREAD, &e->rusage) < 0) {
-#else
-	if (getrusage(RUSAGE_SELF, &e->rusage) < 0) {
-#endif
+	if (getrusage(ARG_RUSAGE, &e->rusage) < 0) {
 		_gnutls_debug_log("getrusage failed: %s\n",
 				  strerror(errno));
 		abort();
@@ -68,6 +72,8 @@ void _rnd_get_event(struct event_st *e)
 }
 
 #ifdef _WIN32
+/* The windows randomness gatherer.
+ */
 
 #include <windows.h>
 #include <wincrypt.h>
@@ -109,6 +115,9 @@ void _rnd_system_entropy_deinit(void)
 
 #else /* POSIX */
 
+/* The POSIX (Linux-BSD) randomness gatherer.
+ */
+
 #include <time.h>
 #include <sys/types.h>
 #include <sys/stat.h>
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index fd75eb4d9a..18bcbf32aa 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -73,7 +73,7 @@ struct rnd_ctx_st {
 
 static struct rnd_ctx_st rnd_ctx;
 
-/* after this number of bytes salsa20 will reseed */
+/* after this number of bytes salsa20 will rekey */
 #define NONCE_RESEED_BYTES (1048576)
 static struct nonce_ctx_st nonce_ctx;
 
@@ -168,30 +168,34 @@ static void wrap_nettle_rnd_deinit(void *ctx)
 	rnd_ctx.mutex = NULL;
 }
 
-static int nonce_rng_init(struct nonce_ctx_st *ctx, struct event_st *event, unsigned init)
+static int nonce_rng_init(struct nonce_ctx_st *ctx, unsigned init)
 {
 	uint8_t buffer[SALSA20_KEY_SIZE];
+	uint8_t iv[8];
 	int ret;
 
-	/* Get a key from the standard RNG or from the entropy source.  */
+	/* Get a key from the system randomness source.  */
 	ret = _rnd_get_system_entropy(buffer, sizeof(buffer));
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
 	if (init == 0) {
-		/* Add continuity by XORing the new key with data generated
+		/* use the previous key to generate IV as well */
+		memset(iv, 0, sizeof(iv)); /* to prevent valgrind from whinning */
+		salsa20r12_crypt(&ctx->ctx, sizeof(iv), iv, iv);
+
+		/* Add key continuity by XORing the new key with data generated
 		 * from the old key */
 		salsa20r12_crypt(&ctx->ctx, sizeof(buffer), buffer, buffer);
+	} else {
+		/* when initializing read the IV from the system randomness source */
+		ret = _rnd_get_system_entropy(iv, sizeof(iv));
+		if (ret < 0)
+			return gnutls_assert_val(ret);
 	}
 
 	salsa20_set_key(&ctx->ctx, sizeof(buffer), buffer);
-
-	if (sizeof(struct event_st) < 8) {
-		abort();
-	}
-
-	if (event != NULL)
-		salsa20_set_iv(&ctx->ctx, (void*)event);
+	salsa20_set_iv(&ctx->ctx, iv);
 
 	zeroize_key(buffer, sizeof(buffer));
 
@@ -250,7 +254,7 @@ static int wrap_nettle_rnd_init(void **ctx)
 	yarrow256_slow_reseed(&rnd_ctx.yctx);
 
 	/* initialize the nonce RNG */
-	ret = nonce_rng_init(&nonce_ctx, &event, 1);
+	ret = nonce_rng_init(&nonce_ctx, 1);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
@@ -279,7 +283,7 @@ wrap_nettle_rnd_nonce(void *_ctx, void *data, size_t datasize)
 
 	if (reseed != 0 || nonce_ctx.counter > NONCE_RESEED_BYTES) {
 		/* reseed nonce */
-		ret = nonce_rng_init(&nonce_ctx, NULL, 0);
+		ret = nonce_rng_init(&nonce_ctx, 0);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
@@ -355,7 +359,7 @@ static void wrap_nettle_rnd_refresh(void *_ctx)
 	RND_UNLOCK(&rnd_ctx);
 
 	RND_LOCK(&nonce_ctx);
-	nonce_rng_init(&nonce_ctx, &event, 0);
+	nonce_rng_init(&nonce_ctx, 0);
 	RND_UNLOCK(&nonce_ctx);
 
 	return;