@@ -213,6 +213,15 @@ static int get_prng_bytes(unsigned char *buf, unsigned int nbytes,
len = nbytes - pos;
memcpy(buf + pos, ctx->rand_data.bytes + read_pos, len);
read_pos += len;
+ /*
+ * If not in deterministic mode, never buffer old entropy;
+ * re-seed on each read request. This is in the spirit of the
+ * specifications, which are themselves not clear on the subject
+ * of multiple requests for output over a period of time.
+ */
+ if (!(ctx->flags & PRNG_DETERMINISTIC))
+ read_pos = DEFAULT_BLK_SZ;
+
memzero_explicit(ctx->rand_data.bytes, read_pos);
ctx->rand_read_pos = read_pos;
err = nbytes;
This is a separate patch so it may be considered separately. I think it's in the spirit of the original ANSI specs, but opinions are solicited. Signed-off-by: George Spelvin <linux@horizon.com> --- crypto/ansi_cprng.c | 9 +++++++++ 1 file changed, 9 insertions(+) I'm really not sure what people will think of this.