crypto: drbg - Change DRBG_MAX_REQUESTS to 4096

Currently a formal reseed happens only after each 1048576 requests.

That's quite a high number.  Let's follow the example of BoringSSL and
use a more conservative value of 4096.

Note that in practice this makes little difference, now that we're
including 32 bytes from get_random_bytes() in the additional input on
every request anyway, which is a de facto reseed.

But for the same reason, we might as well decrease the actual reseed
interval to something more reasonable.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/drbg.c b/crypto/drbg.c
index cda79d601f4f43ec8e2b5583b6421f73acf108f1..7fd076ddc10538e390f0db5a63244891966aa40e 100644 (file)
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -115,7 +115,7 @@ enum drbg_seed_state {
  * Maximum number of requests before reseeding is forced.
  * SP800-90A allows this to be up to 2**48.  We use a lower value.
  */
-#define DRBG_MAX_REQUESTS      (1 << 20)
+#define DRBG_MAX_REQUESTS      4096
 
 /*
  * Maximum number of random bytes that can be requested at once.