rand/rand.c (rand_gate): Evolve r->ibits in a more sensible manner.

It's not really clear what this code was trying to do.  Write i and o
for the initial values of r->ibits and r->obits, respectively, i' and 'o
for their respective final values, and O for RAND_OBITS.  In the case
that i + o <= O, we update i' = 0 and o' = i + o, maintaining the
invariant that i' + o' = i + o.  But if i + o > O, then we set o' = O and
i' = (i + o) - i = o, which seems nonsensical.  In particular, in the
case that i = 1 and o = O, it apparently magics O - 1 bits of entropy
from nowhere.

Modify the code so that it at least maintains the sum of the entropy
counters in either branch.  I'm not sure this is actually correct, but
it seems like a defensible position.

diff --git a/rand/rand.c b/rand/rand.c
index e2211d5422966f4281e1361af10e43af055a11f5..01e6422a3dc6cea9be7a41e279b3e727466b6682 100644 (file)
--- a/rand/rand.c
+++ b/rand/rand.c
@@ -342,7 +342,7 @@ void rand_gate(rand_pool *r)
   r->o = RAND_SECSZ;
   r->obits += r->ibits;
   if (r->obits > RAND_OBITS) {
-    r->ibits = r->obits - r->ibits;
+    r->ibits = r->obits - RAND_OBITS;
     r->obits = RAND_OBITS;
   } else
     r->ibits = 0;