rpms / samba

Clone
Source Code
GIT

Blame SOURCES/0070-lib-util-Add-better-documentation-for-generate_secre.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c7-sig-storage-samba-411 c8 c8-beta c8-sig-storage-samba-411 c8-sig-storage-samba-412 c8-sig-storage-samba-413 c8-sig-storage-samba-414 c8-sig-storage-samba-415 c8s c8s-sig-storage-samba-413 c8s-sig-storage-samba-414 c8s-sig-storage-samba-415 c8s-sig-storage-samba-416 c8s-sig-storage-samba-417 c8s-sig-storage-samba-418 c8s-sig-storage-samba-419 c8s-sig-storage-samba-420 c9 c9-beta c9s-sig-storage-samba-414 c9s-sig-storage-samba-415 c9s-sig-storage-samba-416 c9s-sig-storage-samba-417 c9s-sig-storage-samba-418 c9s-sig-storage-samba-419 c9s-sig-storage-samba-420 c9s-sig-storage-samba-421
  1.   b6b438351cef67652d9aed43112618d18092527e
  2.   SOURCES
  3.   0070-lib-util-Add-better-documentation-for-generate_secre.patch
Blob History Raw
b6b438 
From deeb93c2fb7cc131741ced4877b75bcd3a64cef4 Mon Sep 17 00:00:00 2001
b6b438 
From: Andreas Schneider <asn@samba.org>
b6b438 
Date: Wed, 31 Jul 2019 15:38:50 +0200
b6b438 
Subject: [PATCH 070/187] lib:util: Add better documentation for
b6b438 
 generate_secret_buffer()
b6b438
b6b438 
Signed-off-by: Andreas Schneider <asn@samba.org>
b6b438 
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
b6b438 
(cherry picked from commit bf52ab7d2982de84a68a1b9c6d2f68250b7e7cca)
b6b438 
---
b6b438 
 lib/util/genrand.c | 17 ++++++++++++-----
b6b438 
 lib/util/genrand.h |  6 +++++-
b6b438 
 2 files changed, 17 insertions(+), 6 deletions(-)
b6b438
b6b438 
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
b6b438 
index 76c2cb81962..a5809aa2bc9 100644
b6b438 
--- a/lib/util/genrand.c
b6b438 
+++ b/lib/util/genrand.c
b6b438 
@@ -25,19 +25,26 @@
b6b438 
 #include <gnutls/gnutls.h>
b6b438 
 #include <gnutls/crypto.h>
b6b438
b6b438 
+/*
b6b438 
+ * Details about the GnuTLS CSPRNG:
b6b438 
+ *
b6b438 
+ * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
b6b438 
+ */
b6b438 
+
b6b438 
 _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
b6b438 
 {
b6b438 
 	/* Thread and fork safe random number generator for temporary keys. */
b6b438 
 	gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
b6b438 
 }
b6b438
b6b438 
-/*
b6b438 
- * Keep generate_secret_buffer in case we ever want to do something
b6b438 
- * different
b6b438 
- */
b6b438 
 _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
b6b438 
 {
b6b438 
-	/* Thread and fork safe random number generator for long term keys. */
b6b438 
+	/* The key generator, will re-seed after a fixed amount of bytes is
b6b438 
+	 * generated (typically less than the nonce), and will also re-seed
b6b438 
+	 * based on time, i.e., after few hours of operation without reaching
b6b438 
+	 * the limit for a re-seed. For its re-seed it mixes mixes data obtained
b6b438 
+	 * from the OS random device with the previous key.
b6b438 
+	 */
b6b438 
 	gnutls_rnd(GNUTLS_RND_KEY, out, len);
b6b438 
 }
b6b438
b6b438 
diff --git a/lib/util/genrand.h b/lib/util/genrand.h
b6b438 
index 5af23100596..abb8ce2c10a 100644
b6b438 
--- a/lib/util/genrand.h
b6b438 
+++ b/lib/util/genrand.h
b6b438 
@@ -25,7 +25,11 @@
b6b438 
 void generate_random_buffer(uint8_t *out, int len);
b6b438
b6b438 
 /**
b6b438 
- * Thread and fork safe random number generator for long term keys.
b6b438 
+ * @brief Generate random values for key buffers (e.g. session keys)
b6b438 
+ *
b6b438 
+ * @param[in]  out  A pointer to the buffer to fill with random data.
b6b438 
+ *
b6b438 
+ * @param[in]  len  The size of the buffer to fill.
b6b438 
  */
b6b438 
 void generate_secret_buffer(uint8_t *out, int len);
b6b438
b6b438 
--
b6b438 
2.23.0
b6b438

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation