#include "drbg_ctr.h"
-#define MAX_DRBG_REQUESTS 0xfffffffe
+#define MAX_DRBG_REQUESTS 0xfffffffe /* 2^32 - 2 */
+#define MAX_DRBG_BYTES 0x00010000 /* 2^19 bits = 2^16 bytes */
typedef struct private_drbg_ctr_t private_drbg_ctr_t;
{
chunk_t output;
+ if (len > MAX_DRBG_BYTES)
+ {
+ DBG1(DBG_LIB, "DRBG cannot generate more than %d bytes", MAX_DRBG_BYTES);
+ return FALSE;
+ }
+
if (this->reseed_counter > this->max_requests)
{
if (!reseed(this))
#include "drbg_hmac.h"
-#define MAX_DRBG_REQUESTS 0xfffffffe
+#define MAX_DRBG_REQUESTS 0xfffffffe /* 2^32 - 2 */
+#define MAX_DRBG_BYTES 0x00010000 /* 2^19 bits = 2^16 bytes */
typedef struct private_drbg_hmac_t private_drbg_hmac_t;
size_t delta;
chunk_t output;
- DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
- if (!out || len == 0)
+ if (len > MAX_DRBG_BYTES)
{
+ DBG1(DBG_LIB, "DRBG cannot generate more than %d bytes", MAX_DRBG_BYTES);
return FALSE;
}
- output = chunk_create(out, len);
if (this->reseed_counter > this->max_requests)
{
return FALSE;
}
}
+
+ DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len);
+ if (!out || len == 0)
+ {
+ return FALSE;
+ }
+ output = chunk_create(out, len);
+
while (len)
{
if (!this->prf->get_bytes(this->prf, this->value, this->value.ptr))
projects / thirdparty / strongswan.git / commitdiff
