diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-06-03 15:37:39 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-06-04 13:41:18 +0200 |
commit | 0ec158b688429286d43e1f27785c4b9cf37e83e4 (patch) | |
tree | 4f57e3fdba3d5118b0331a3fc4fed9f0b89fe3b1 /lib/nettle | |
parent | 9c38e8bf442367b86f49a71d16175a28a68930db (diff) | |
download | gnutls-0ec158b688429286d43e1f27785c4b9cf37e83e4.tar.gz |
fips140: when reseeding only reseed the required context not all
Diffstat (limited to 'lib/nettle')
-rw-r--r-- | lib/nettle/rnd-fips.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c index 7bb5dcaca1..33c23e678c 100644 --- a/lib/nettle/rnd-fips.c +++ b/lib/nettle/rnd-fips.c @@ -53,20 +53,25 @@ struct fips_ctx { static int _rngfips_ctx_reinit(struct fips_ctx *fctx); static int _rngfips_ctx_init(struct fips_ctx *fctx); +static int drbg_reseed(struct drbg_aes_ctx *ctx); static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx, void *buffer, size_t length) { int ret; - if (ctx->reseed_counter > DRBG_AES_RESEED_TIME - || _gnutls_fork_detected(&fctx->dfork) != 0) { - + if ( _gnutls_fork_detected(&fctx->dfork) != 0) { ret = _rngfips_ctx_reinit(fctx); if (ret < 0) return gnutls_assert_val(ret); } + if (ctx->reseed_counter > DRBG_AES_RESEED_TIME) { + ret = drbg_reseed(ctx); + if (ret < 0) + return gnutls_assert_val(ret); + } + ret = drbg_aes_random(ctx, length, buffer); if (ret == 0) return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED); |