fips140: when reseeding only reseed the required context not all

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-06-03 15:37:39 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-06-04 13:41:18 +0200
commit: 0ec158b688429286d43e1f27785c4b9cf37e83e4 (patch)
tree: 4f57e3fdba3d5118b0331a3fc4fed9f0b89fe3b1 /lib/nettle
parent: 9c38e8bf442367b86f49a71d16175a28a68930db (diff)
download: gnutls-0ec158b688429286d43e1f27785c4b9cf37e83e4.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
index 7bb5dcaca1..33c23e678c 100644
--- a/lib/nettle/rnd-fips.c
+++ b/lib/nettle/rnd-fips.c
@@ -53,20 +53,25 @@ struct fips_ctx {
 
 static int _rngfips_ctx_reinit(struct fips_ctx *fctx);
 static int _rngfips_ctx_init(struct fips_ctx *fctx);
+static int drbg_reseed(struct drbg_aes_ctx *ctx);
 
 static int get_random(struct drbg_aes_ctx *ctx, struct fips_ctx *fctx,
 		      void *buffer, size_t length)
 {
 	int ret;
 
-	if (ctx->reseed_counter > DRBG_AES_RESEED_TIME
-	    || _gnutls_fork_detected(&fctx->dfork) != 0) {
-
+	if ( _gnutls_fork_detected(&fctx->dfork) != 0) {
 		ret = _rngfips_ctx_reinit(fctx);
 		if (ret < 0)
 			return gnutls_assert_val(ret);
 	}
 
+	if (ctx->reseed_counter > DRBG_AES_RESEED_TIME) {
+		ret = drbg_reseed(ctx);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+	}
+
 	ret = drbg_aes_random(ctx, length, buffer);
 	if (ret == 0)
 		return gnutls_assert_val(GNUTLS_E_RANDOM_FAILED);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-06-03 15:37:39 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-06-04 13:41:18 +0200
commit	0ec158b688429286d43e1f27785c4b9cf37e83e4 (patch)
tree	4f57e3fdba3d5118b0331a3fc4fed9f0b89fe3b1 /lib/nettle
parent	9c38e8bf442367b86f49a71d16175a28a68930db (diff)
download	gnutls-0ec158b688429286d43e1f27785c4b9cf37e83e4.tar.gz