pike.git / src / post_modules / Nettle / nettle.cmod

version» Context lines:

pike.git/src/post_modules/Nettle/nettle.cmod:313:    CVAR uint8_t *key;    CVAR uint8_t *ctr;    CVAR uint8_t *data;       DECLARE_STORAGE;      #ifndef AES256_KEY_SIZE   #define AES256_KEY_SIZE (256>>3)   #endif    -  void fortuna_generate() +  static void fortuna_generate()    {    aes_encrypt(&THIS->aes_ctx, 16, THIS->data, THIS->ctr);    INCREMENT(16, THIS->ctr);    }    -  void fortuna_rekey() +  static void fortuna_rekey()    {    fortuna_generate();    MEMCPY(THIS->key, THIS->data, 16);    fortuna_generate();    MEMCPY(THIS->key+16, THIS->data, 16);    aes_set_encrypt_key(&THIS->aes_ctx, AES256_KEY_SIZE, THIS->key);    }       /*! @decl void reseed(string(8bit) data)    *! Generates new a new key based on the provided additional
pike.git/src/post_modules/Nettle/nettle.cmod:359:    {    unsigned stored = 0;    struct string_builder s;    init_string_builder_alloc(&s, len+16, 0);       while( stored < len )    {    fortuna_generate();    string_builder_binary_strcat(&s, (const char *)THIS->data,    MINIMUM(16, (len-stored))); +  +  /* This should really be MINIMUM(16, (len-stored)) instead of +  16, but it is only less than 16 in the last round, so it +  doesn't matter if we rekey here or not. */    stored += 16; -  +     if( !(stored % (1<<20)) )    fortuna_rekey();    } -  +  +  /* Inverse of the above conditional, to avoid having fortuna_rekey +  applied twice in the rare condition that the string length is a +  multiple of 1<<20. */ +  if( (stored % (1<<20)) )    fortuna_rekey();       RETURN finish_string_builder(&s);    }       INIT    {    THIS->ctr = xalloc(16);    memset(THIS->ctr,0,16);    THIS->key = xalloc(32);