|
|
b6b438 |
From deeb93c2fb7cc131741ced4877b75bcd3a64cef4 Mon Sep 17 00:00:00 2001
|
|
|
b6b438 |
From: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Date: Wed, 31 Jul 2019 15:38:50 +0200
|
|
|
b6b438 |
Subject: [PATCH 070/187] lib:util: Add better documentation for
|
|
|
b6b438 |
generate_secret_buffer()
|
|
|
b6b438 |
|
|
|
b6b438 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
b6b438 |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
b6b438 |
(cherry picked from commit bf52ab7d2982de84a68a1b9c6d2f68250b7e7cca)
|
|
|
b6b438 |
---
|
|
|
b6b438 |
lib/util/genrand.c | 17 ++++++++++++-----
|
|
|
b6b438 |
lib/util/genrand.h | 6 +++++-
|
|
|
b6b438 |
2 files changed, 17 insertions(+), 6 deletions(-)
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
|
|
|
b6b438 |
index 76c2cb81962..a5809aa2bc9 100644
|
|
|
b6b438 |
--- a/lib/util/genrand.c
|
|
|
b6b438 |
+++ b/lib/util/genrand.c
|
|
|
b6b438 |
@@ -25,19 +25,26 @@
|
|
|
b6b438 |
#include <gnutls/gnutls.h>
|
|
|
b6b438 |
#include <gnutls/crypto.h>
|
|
|
b6b438 |
|
|
|
b6b438 |
+/*
|
|
|
b6b438 |
+ * Details about the GnuTLS CSPRNG:
|
|
|
b6b438 |
+ *
|
|
|
b6b438 |
+ * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
|
|
|
b6b438 |
+ */
|
|
|
b6b438 |
+
|
|
|
b6b438 |
_PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
|
|
|
b6b438 |
{
|
|
|
b6b438 |
/* Thread and fork safe random number generator for temporary keys. */
|
|
|
b6b438 |
gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
-/*
|
|
|
b6b438 |
- * Keep generate_secret_buffer in case we ever want to do something
|
|
|
b6b438 |
- * different
|
|
|
b6b438 |
- */
|
|
|
b6b438 |
_PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
|
|
|
b6b438 |
{
|
|
|
b6b438 |
- /* Thread and fork safe random number generator for long term keys. */
|
|
|
b6b438 |
+ /* The key generator, will re-seed after a fixed amount of bytes is
|
|
|
b6b438 |
+ * generated (typically less than the nonce), and will also re-seed
|
|
|
b6b438 |
+ * based on time, i.e., after few hours of operation without reaching
|
|
|
b6b438 |
+ * the limit for a re-seed. For its re-seed it mixes mixes data obtained
|
|
|
b6b438 |
+ * from the OS random device with the previous key.
|
|
|
b6b438 |
+ */
|
|
|
b6b438 |
gnutls_rnd(GNUTLS_RND_KEY, out, len);
|
|
|
b6b438 |
}
|
|
|
b6b438 |
|
|
|
b6b438 |
diff --git a/lib/util/genrand.h b/lib/util/genrand.h
|
|
|
b6b438 |
index 5af23100596..abb8ce2c10a 100644
|
|
|
b6b438 |
--- a/lib/util/genrand.h
|
|
|
b6b438 |
+++ b/lib/util/genrand.h
|
|
|
b6b438 |
@@ -25,7 +25,11 @@
|
|
|
b6b438 |
void generate_random_buffer(uint8_t *out, int len);
|
|
|
b6b438 |
|
|
|
b6b438 |
/**
|
|
|
b6b438 |
- * Thread and fork safe random number generator for long term keys.
|
|
|
b6b438 |
+ * @brief Generate random values for key buffers (e.g. session keys)
|
|
|
b6b438 |
+ *
|
|
|
b6b438 |
+ * @param[in] out A pointer to the buffer to fill with random data.
|
|
|
b6b438 |
+ *
|
|
|
b6b438 |
+ * @param[in] len The size of the buffer to fill.
|
|
|
b6b438 |
*/
|
|
|
b6b438 |
void generate_secret_buffer(uint8_t *out, int len);
|
|
|
b6b438 |
|
|
|
b6b438 |
--
|
|
|
b6b438 |
2.23.0
|
|
|
b6b438 |
|