diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2018-03-03 23:19:03 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2018-04-01 21:11:26 +0200 |
commit | 2a70d65b99e1f2376be705d18bca88703b7e774a (patch) | |
tree | 644756e297bba6b57f675749e9fc972c968212c7 /crypto/rand/rand_lcl.h | |
parent | 2f6f913e9e02441245c974d7c5abe57f37c0420e (diff) |
Make sure we use a nonce when a nonce is required
If a nonce is required and the get_nonce callback is NULL, request 50%
more entropy following NIST SP800-90Ar1 section 9.1.
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5503
Diffstat (limited to 'crypto/rand/rand_lcl.h')
-rw-r--r-- | crypto/rand/rand_lcl.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 0a34aa0b93..94ffc96f20 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -108,6 +108,27 @@ typedef struct rand_drbg_ctr_st { /* + * The 'random pool' acts as a dumb container for collecting random + * input from various entropy sources. The pool has no knowledge about + * whether its randomness is fed into a legacy RAND_METHOD via RAND_add() + * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the + * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and + * 4) cleanup the random pool again. + * + * The random pool contains no locking mechanism because its scope and + * lifetime is intended to be restricted to a single stack frame. + */ +struct rand_pool_st { + unsigned char *buffer; /* points to the beginning of the random pool */ + size_t len; /* current number of random bytes contained in the pool */ + + size_t min_len; /* minimum number of random bytes requested */ + size_t max_len; /* maximum number of random bytes (allocated buffer size) */ + size_t entropy; /* current entropy count in bits */ + size_t requested_entropy; /* requested entropy count in bits */ +}; + +/* * The state of all types of DRBGs, even though we only have CTR mode * right now. */ |