In fallback mode, use value of buffer to improve quality of hash.

diff --git a/libraries/liblutil/entropy.c b/libraries/liblutil/entropy.c
index 07b4c83b5f9e8092e732108a497ed0115d70bc2f..23e5cb4a0c7bb2fbafff0d6fdac0894ca38830db 100644 (file)
--- a/libraries/liblutil/entropy.c
+++ b/libraries/liblutil/entropy.c
@@ -24,6 +24,10 @@
 /*
  * lutil_entropy() provides nbytes of entropy in buf.
  * Quality offerred is suitable for one-time uses, such as "once" keys.
+ *
+ * Note:  Callers are encouraged to provide additional bytes of
+ * of entropy in the buf argument.  This information is used in
+ * fallback mode to improve the quality of bytes returned.
  */
 int lutil_entropy( char *buf, int nbytes )
 {
@@ -75,7 +79,7 @@ int lutil_entropy( char *buf, int nbytes )
                 *      MD5 is a strong cryptographic hash, this should
                 *      be fairly resistant to attack
                 */
-               static int counter = 0;
+               static sig_atomic_t counter = 0;
                int n;
 
                struct rdata_s {
@@ -119,10 +123,14 @@ int lutil_entropy( char *buf, int nbytes )
 
                        lutil_MD5Init( &ctx );
                        lutil_MD5Update( &ctx, (char *) &rdata, sizeof( rdata ) );
+
+                       /* use caller to provided information */
+                       lutil_MD5Update( &ctx, (char *) &buf, nbytes );
+
                        lutil_MD5Final( digest, &ctx );
 
                        memcpy( &buf[n], digest,
-                               nbytes - n > 16 ? 16 : nbytes - n );
+                               nbytes - n >= 16 ? 16 : nbytes - n );
                }
 
                return 0;