Support set *_drbg reseed interval before seed

mbedtls_ctr_drbg_set_reseed_interval() and mbedtls_hmac_drbg_set_reseed_interval() can now be called before their seed functions and the reseed_interval value will persist. Previously it would be overwritten with the default value. *_drbg_reseed_interval is now set in init() and free(). mbedtls_ctr_drbg_free() and mbedtls_hmac_drbg_free() now reset the drbg context to the state immediately after init(). Tests: - Added test to check that DRBG reseeds when reseed_counter reaches reseed_interval, if reseed_interval set before seed and reseed_interval is less than MBEDTLS_CTR_DRBG_RESEED_INTERVAL. Signed-off-by: gacquroff <gavina352@gmail.com>
2020-03-01 17:06:11 -08:00 · 2020-03-01 17:06:11 -08:00 · 6aceb51e43
commit 6aceb51e43
parent 662deb38d6
6 changed files with 54 additions and 21 deletions
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@ -210,6 +210,11 @@ mbedtls_ctr_drbg_context;
 *                      and prepares it for mbedtls_ctr_drbg_seed()
 *                      or mbedtls_ctr_drbg_free().
 *
+ * \note                The reseed interval is
+ *                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
+ *                      You can override it by calling
+ *                      mbedtls_ctr_drbg_set_reseed_interval().
+ *
 * \param ctx           The CTR_DRBG context to initialize.
 */
 void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
@ -309,7 +314,8 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                   size_t len );

 /**
- * \brief               This function clears CTR_CRBG context data.
+ * \brief               This function resets CTR_DRBG context to the state immediately
+ *                      after initial call of mbedtls_ctr_drbg_init().
 *
 * \param ctx           The CTR_DRBG context to clear.
 */