Diff of pike.git/src/post_modules/Nettle/nettle.cmod (c4e773943a14814d484fd643b1b9e984ef2d7ffd » 09ff89c7762fa544dd6194f1a4f6d626e9811446)

pike.git/src/post_modules/Nettle/nettle.cmod:386:   *!    *! @seealso    *! @[Random.AES128_CTR_DRBG]    */   PIKECLASS AES128_CTR_DRBG   program_flags PROGRAM_CLEAR_STORAGE;   {    CVAR struct aes_ctx aes_ctx;    CVAR uint8_t *key;    CVAR uint8_t *ctr; - CVAR INT64 counter; + CVAR INT64 reseed_counter; + CVAR INT64 reseed_interval;       DECLARE_STORAGE;       /*    * blocklen = 128    * ctr_len = 128    * keylen = 128    * seedlen = 256    * reseed_interval = 2**48    */
pike.git/src/post_modules/Nettle/nettle.cmod:427:      /*! @decl void reseed(string(8bit) data)    *! Updated the internal key with the provided additional entropy.    */    PIKEFUN void reseed(string(8bit) data)    {    if( data->len!=32 )    Pike_error("Illegal entropy size.\n");    NO_WIDE_STRING(data);    ctr_debug_update(data->str); - THIS->counter = 1; + THIS->reseed_counter = 1;    }    - + /*! @decl int(1..281474976710656) reseed_interval + *! The number of times @[random_string] can be called before a + *! reseeding is forced. The number needs to be in the range of + *! 1..1<<48. + *! + *! @seealso + *! @[entropy_underflow] + */ + PIKEFUN void `reseed_interval=(int(1..281474976710656) interval) + { + if( interval < 1 || interval > (1L<<48) ) + Pike_error("Interval out of range.\n"); + THIS->reseed_interval = interval; + } + + PIKEFUN int `reseed_interval() + { + RETURN THIS->reseed_interval; + } + + /*! @decl void entropy_underflow() + *! Called when @[random_string] has been called more than + *! @[reseed_interval] times. + */ + PIKEFUN void entropy_underflow() + flags ID_PROTECTED; + { + Pike_error("Requires reseed.\n"); + } +    /*! @decl string(8bit) random_string(int(0..) len)    *!    *! Generates @[len] amount of pseudo random data. Does not allow    *! for additional input data in the call.    */    PIKEFUN string(8bit) random_string(int len)    {    int stored = 0;    struct pike_string *s;    uint8_t *str;       if(len<0) Pike_error("Length has to be positive.\n"); - if(THIS->counter>(1L<<48)) Pike_error("Requires reseed\n"); + if(THIS->reseed_counter>THIS->reseed_interval) + apply_current(f_Nettle_AES128_CTR_DRBG_entropy_underflow_fun_num, 0);       s = begin_shared_string(len);    str = (uint8_t *)s->str;       while( (len-stored) >= 16 )    {    INCREMENT(16, THIS->ctr);    aes_encrypt(&THIS->aes_ctx, 16, str, THIS->ctr);    stored += 16;    str += 16;
pike.git/src/post_modules/Nettle/nettle.cmod:467:      if( len>stored )    {    uint8_t buf[16];    INCREMENT(16, THIS->ctr);    aes_encrypt(&THIS->aes_ctx, 16, buf, THIS->ctr);    memcpy(str, buf, len-stored);    }       ctr_debug_update(NULL); - THIS->counter++; + THIS->reseed_counter++;       RETURN end_shared_string(s);    }       INIT    {    THIS->ctr = xcalloc(1,16);    THIS->key = xcalloc(1,16); - THIS->counter = 1; + THIS->reseed_counter = 1; + THIS->reseed_interval = 1L<<48;    aes_set_encrypt_key(&THIS->aes_ctx, AES128_KEY_SIZE, THIS->key);    }       EXIT    gc_trivial;    {    free(THIS->ctr);    free(THIS->key);    }   }

pike.git / src / post_modules / Nettle / nettle.cmod