This is a separate patch so it may be considered separately. I think it's in the spirit of the original ANSI specs, but opinions are solicited. Signed-off-by: George Spelvin <linux@xxxxxxxxxxx> --- crypto/ansi_cprng.c | 9 +++++++++ 1 file changed, 9 insertions(+) I'm really not sure what people will think of this. diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c index c2c285f3..4ed7c0cf 100644 --- a/crypto/ansi_cprng.c +++ b/crypto/ansi_cprng.c @@ -213,6 +213,15 @@ static int get_prng_bytes(unsigned char *buf, unsigned int nbytes, len = nbytes - pos; memcpy(buf + pos, ctx->rand_data.bytes + read_pos, len); read_pos += len; + /* + * If not in deterministic mode, never buffer old entropy; + * re-seed on each read request. This is in the spirit of the + * specifications, which are themselves not clear on the subject + * of multiple requests for output over a period of time. + */ + if (!(ctx->flags & PRNG_DETERMINISTIC)) + read_pos = DEFAULT_BLK_SZ; + memzero_explicit(ctx->rand_data.bytes, read_pos); ctx->rand_read_pos = read_pos; err = nbytes; -- 2.1.3 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html