diff options
Diffstat (limited to 'lib/nettle/rnd.c')
-rw-r--r-- | lib/nettle/rnd.c | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index cddf1f72ff..a7fe09db75 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -49,15 +49,15 @@ /* after this number of bytes PRNG will rekey using the system RNG */ static const unsigned prng_reseed_limits[] = { - [GNUTLS_RND_NONCE] = 16*1024*1024, /* 16 MB - we re-seed using the GNUTLS_RND_RANDOM output */ - [GNUTLS_RND_RANDOM] = 2*1024*1024, /* 2MB - we re-seed by time as well */ - [GNUTLS_RND_KEY] = 2*1024*1024 /* same as GNUTLS_RND_RANDOM - but we re-key on every operation */ + [GNUTLS_RND_NONCE] = 16 * 1024 * 1024, /* 16 MB - we re-seed using the GNUTLS_RND_RANDOM output */ + [GNUTLS_RND_RANDOM] = 2 * 1024 * 1024, /* 2MB - we re-seed by time as well */ + [GNUTLS_RND_KEY] = 2 * 1024 * 1024 /* same as GNUTLS_RND_RANDOM - but we re-key on every operation */ }; static const time_t prng_reseed_time[] = { - [GNUTLS_RND_NONCE] = 14400, /* 4 hours */ - [GNUTLS_RND_RANDOM] = 7200, /* 2 hours */ - [GNUTLS_RND_KEY] = 7200 /* same as RANDOM */ + [GNUTLS_RND_NONCE] = 14400, /* 4 hours */ + [GNUTLS_RND_RANDOM] = 7200, /* 2 hours */ + [GNUTLS_RND_KEY] = 7200 /* same as RANDOM */ }; struct prng_ctx_st { @@ -68,11 +68,10 @@ struct prng_ctx_st { }; struct generators_ctx_st { - struct prng_ctx_st nonce; /* GNUTLS_RND_NONCE */ - struct prng_ctx_st normal; /* GNUTLS_RND_RANDOM, GNUTLS_RND_KEY */ + struct prng_ctx_st nonce; /* GNUTLS_RND_NONCE */ + struct prng_ctx_st normal; /* GNUTLS_RND_RANDOM, GNUTLS_RND_KEY */ }; - static void wrap_nettle_rnd_deinit(void *_ctx) { gnutls_free(_ctx); @@ -87,12 +86,11 @@ static void wrap_nettle_rnd_deinit(void *_ctx) */ static int single_prng_init(struct prng_ctx_st *ctx, uint8_t new_key[PRNG_KEY_SIZE], - unsigned new_key_size, - unsigned init) + unsigned new_key_size, unsigned init) { uint8_t nonce[CHACHA_NONCE_SIZE]; - memset(nonce, 0, sizeof(nonce)); /* to prevent valgrind from whinning */ + memset(nonce, 0, sizeof(nonce)); /* to prevent valgrind from whinning */ if (init == 0) { /* use the previous key to generate IV as well */ @@ -102,7 +100,7 @@ static int single_prng_init(struct prng_ctx_st *ctx, * from the old key */ chacha_crypt(&ctx->ctx, new_key_size, new_key, new_key); } else { - struct timespec now; /* current time */ + struct timespec now; /* current time */ ctx->forkid = _gnutls_get_forkid(); @@ -126,7 +124,7 @@ static int single_prng_init(struct prng_ctx_st *ctx, static int wrap_nettle_rnd_init(void **_ctx) { int ret; - uint8_t new_key[PRNG_KEY_SIZE*2]; + uint8_t new_key[PRNG_KEY_SIZE * 2]; struct generators_ctx_st *ctx; ctx = calloc(1, sizeof(*ctx)); @@ -147,7 +145,9 @@ static int wrap_nettle_rnd_init(void **_ctx) } /* initialize the random/key RNG */ - ret = single_prng_init(&ctx->normal, new_key+PRNG_KEY_SIZE, PRNG_KEY_SIZE, 1); + ret = + single_prng_init(&ctx->normal, new_key + PRNG_KEY_SIZE, + PRNG_KEY_SIZE, 1); if (ret < 0) { gnutls_assert(); goto fail; @@ -161,8 +161,7 @@ static int wrap_nettle_rnd_init(void **_ctx) return ret; } -static int -wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize) +static int wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize) { struct generators_ctx_st *ctx = _ctx; struct prng_ctx_st *prng_ctx; @@ -199,7 +198,9 @@ wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize) if (reseed != 0 || prng_ctx->counter > prng_reseed_limits[level]) { if (level == GNUTLS_RND_NONCE) { - ret = wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key, sizeof(new_key)); + ret = + wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key, + sizeof(new_key)); } else { /* we also use the system entropy to reduce the impact @@ -227,8 +228,10 @@ wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize) chacha_crypt(&prng_ctx->ctx, datasize, data, data); prng_ctx->counter += datasize; - if (level == GNUTLS_RND_KEY) { /* prevent backtracking */ - ret = wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key, sizeof(new_key)); + if (level == GNUTLS_RND_KEY) { /* prevent backtracking */ + ret = + wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key, + sizeof(new_key)); if (ret < 0) { gnutls_assert(); _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR); @@ -246,7 +249,7 @@ wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize) ret = 0; _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); -cleanup: + cleanup: return ret; } @@ -256,8 +259,8 @@ static void wrap_nettle_rnd_refresh(void *_ctx) char tmp; /* force reseed */ - ctx->nonce.counter = prng_reseed_limits[GNUTLS_RND_NONCE]+1; - ctx->normal.counter = prng_reseed_limits[GNUTLS_RND_RANDOM]+1; + ctx->nonce.counter = prng_reseed_limits[GNUTLS_RND_NONCE] + 1; + ctx->normal.counter = prng_reseed_limits[GNUTLS_RND_RANDOM] + 1; wrap_nettle_rnd(_ctx, GNUTLS_RND_NONCE, &tmp, 1); wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, &tmp, 1); |