aes_set_encrypt_key(&ctx->key, length, key);
ctx->seeded = 0;
+ ctx->reseed_counter = 0;
ctx->prev_block_present = 0;
return 1;
dt_func(dt_priv, ctx->dt);
+ ctx->reseed_counter = 0;
ctx->seeded = 1;
}
-
-/* This is nettle's increment macro */
-/* Requires that size > 0 */
-#define INCREMENT(size, ctr) \
- do { \
- unsigned increment_i = (size) - 1; \
- if (++(ctr)[increment_i] == 0) \
- while (increment_i > 0 \
- && ++(ctr)[--increment_i] == 0 ) \
- ; \
- } while (0)
int
drbg_aes_random(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst)
INCREMENT(sizeof(ctx->dt), ctx->dt);
}
+
+ if (ctx->reseed_counter > DRBG_AES_RESEED_TIME)
+ return 0;
+ ctx->reseed_counter++;
return 1;
}
#include <config.h>
#include <nettle/aes.h>
+/* This is nettle's increment macro */
+/* Requires that size > 0 */
+#define INCREMENT(size, ctr) \
+ do { \
+ unsigned increment_i = (size) - 1; \
+ if (++(ctr)[increment_i] == 0) \
+ while (increment_i > 0 \
+ && ++(ctr)[--increment_i] == 0 ) \
+ ; \
+ } while (0)
+
/* This is the AES-based random-number generator from ANSI X9.31
* Appendix A.2.4. Note that the DT value from the document is obtained
* during seeding. Then it is used as an 128-bit counter which is
unsigned prev_block_present;
uint8_t prev_block[AES_BLOCK_SIZE];
+ unsigned reseed_counter;
};
+/* This DRBG should be reseeded if reseed_counter exceeds
+ * that number.
+ */
+#define DRBG_AES_RESEED_TIME 65536
+
typedef int (*aes_dt) (void *priv, uint8_t dt[AES_BLOCK_SIZE]);
/* should return zero on error */
{
int ret;
- if (fctx->pid != getpid()) {
- /* We are in a child of us. */
+ if (fctx->pid != getpid() ||
+ ctx->reseed_counter > DRBG_AES_RESEED_TIME) {
+
ret = _rngfips_reinit(fctx);
if (ret < 0)
return gnutls_assert_val(ret);