From: Eric Biggers <ebiggers@kernel.org>
Date: Mon, 20 Apr 2026 06:34:19 +0000 (-0700)
Subject: crypto: drbg - Change DRBG_MAX_REQUESTS to 4096
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=005b19f18ea9fc51fc35fbcb27759ae83c7c89f8;p=thirdparty%2Fkernel%2Flinux.git

crypto: drbg - Change DRBG_MAX_REQUESTS to 4096

Currently a formal reseed happens only after each 1048576 requests.

That's quite a high number.  Let's follow the example of BoringSSL and
use a more conservative value of 4096.

Note that in practice this makes little difference, now that we're
including 32 bytes from get_random_bytes() in the additional input on
every request anyway, which is a de facto reseed.

But for the same reason, we might as well decrease the actual reseed
interval to something more reasonable.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

diff --git a/crypto/drbg.c b/crypto/drbg.c
index cda79d601f4f4..7fd076ddc1053 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -115,7 +115,7 @@ enum drbg_seed_state {
  * Maximum number of requests before reseeding is forced.
  * SP800-90A allows this to be up to 2**48.  We use a lower value.
  */
-#define DRBG_MAX_REQUESTS	(1 << 20)
+#define DRBG_MAX_REQUESTS	4096
 
 /*
  * Maximum number of random bytes that can be requested at once.