]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
force reseed and rekey on fork and if we exceed a number of iterations.
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 4 Dec 2013 14:08:33 +0000 (15:08 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 4 Dec 2013 14:08:33 +0000 (15:08 +0100)
lib/nettle/int/drbg-aes.c
lib/nettle/int/drbg-aes.h
lib/nettle/rnd-fips.c

index f73cfdb23f482efe29c1c267c18c7c4aed0d2092..e70a655de901ed7268e5aceb1dcfb4311e9a7d96 100644 (file)
@@ -35,6 +35,7 @@ drbg_aes_set_key(struct drbg_aes_ctx *ctx, unsigned length,
 
        aes_set_encrypt_key(&ctx->key, length, key);
        ctx->seeded = 0;
+       ctx->reseed_counter = 0;
        ctx->prev_block_present = 0;
 
        return 1;
@@ -49,19 +50,9 @@ drbg_aes_seed(struct drbg_aes_ctx *ctx, const uint8_t seed[AES_BLOCK_SIZE],
        
        dt_func(dt_priv, ctx->dt);
        
+       ctx->reseed_counter = 0;
        ctx->seeded = 1;
 }
-
-/* This is nettle's increment macro */
-/* Requires that size > 0 */
-#define INCREMENT(size, ctr)                    \
-  do {                                          \
-    unsigned increment_i = (size) - 1;          \
-    if (++(ctr)[increment_i] == 0)              \
-      while (increment_i > 0                    \
-             && ++(ctr)[--increment_i] == 0 )   \
-        ;                                       \
-  } while (0)
  
 int
 drbg_aes_random(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst)
@@ -144,6 +135,10 @@ drbg_aes_random(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst)
                
                INCREMENT(sizeof(ctx->dt), ctx->dt);
        }
+       
+       if (ctx->reseed_counter > DRBG_AES_RESEED_TIME)
+               return 0;
+       ctx->reseed_counter++;
 
        return 1;
 }
index f6807402932b6915ffeb64a0413332fd62ba1930..9454fd01e88b75c9983bebfbfb459365944cb9f5 100644 (file)
 #include <config.h>
 #include <nettle/aes.h>
 
+/* This is nettle's increment macro */
+/* Requires that size > 0 */
+#define INCREMENT(size, ctr)                    \
+  do {                                          \
+    unsigned increment_i = (size) - 1;          \
+    if (++(ctr)[increment_i] == 0)              \
+      while (increment_i > 0                    \
+             && ++(ctr)[--increment_i] == 0 )   \
+        ;                                       \
+  } while (0)
+
 /* This is the AES-based random-number generator from ANSI X9.31 
  * Appendix A.2.4. Note that the DT value from the document is obtained
  * during seeding. Then it is used as an 128-bit counter which is
@@ -43,8 +54,14 @@ struct drbg_aes_ctx {
 
        unsigned prev_block_present;
        uint8_t prev_block[AES_BLOCK_SIZE];
+       unsigned reseed_counter;
 };
 
+/* This DRBG should be reseeded if reseed_counter exceeds
+ * that number.
+ */
+#define DRBG_AES_RESEED_TIME 65536
+
 typedef int (*aes_dt) (void *priv, uint8_t dt[AES_BLOCK_SIZE]);
 
 /* should return zero on error */
index 088c98501868bfc1a8cd4642c2b61a0c133cf72f..a0613dadb0767c46bc8fd56a5459c4293b642bf8 100644 (file)
@@ -130,8 +130,9 @@ static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx* fctx,
 {
        int ret;
 
-       if (fctx->pid != getpid()) {
-               /* We are in a child of us. */
+       if (fctx->pid != getpid() || 
+               ctx->reseed_counter > DRBG_AES_RESEED_TIME) {
+
                ret = _rngfips_reinit(fctx);
                if (ret < 0)
                        return gnutls_assert_val(ret);