diff options
| author | Andreas Schneider <asn@samba.org> | 2019-07-31 15:38:50 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-08-12 09:23:40 +0000 |
| commit | bf52ab7d2982de84a68a1b9c6d2f68250b7e7cca (patch) | |
| tree | e673f166d7e273ed3a2b0af877696a93016651f8 /lib/util/genrand.c | |
| parent | 2b2df6cd398c9cb62989710f9b1642665ec89406 (diff) | |
| download | samba-bf52ab7d2982de84a68a1b9c6d2f68250b7e7cca.tar.gz | |
lib:util: Add better documentation for generate_secret_buffer()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib/util/genrand.c')
| -rw-r--r-- | lib/util/genrand.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/util/genrand.c b/lib/util/genrand.c index 76c2cb81962..a5809aa2bc9 100644 --- a/lib/util/genrand.c +++ b/lib/util/genrand.c @@ -25,19 +25,26 @@ #include <gnutls/gnutls.h> #include <gnutls/crypto.h> +/* + * Details about the GnuTLS CSPRNG: + * + * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html + */ + _PUBLIC_ void generate_random_buffer(uint8_t *out, int len) { /* Thread and fork safe random number generator for temporary keys. */ gnutls_rnd(GNUTLS_RND_RANDOM, out, len); } -/* - * Keep generate_secret_buffer in case we ever want to do something - * different - */ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) { - /* Thread and fork safe random number generator for long term keys. */ + /* The key generator, will re-seed after a fixed amount of bytes is + * generated (typically less than the nonce), and will also re-seed + * based on time, i.e., after few hours of operation without reaching + * the limit for a re-seed. For its re-seed it mixes mixes data obtained + * from the OS random device with the previous key. + */ gnutls_rnd(GNUTLS_RND_KEY, out, len); } |