diff options
Diffstat (limited to 'src/lib/rng/hmac_drbg/hmac_drbg.cpp')
| -rw-r--r-- | src/lib/rng/hmac_drbg/hmac_drbg.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/rng/hmac_drbg/hmac_drbg.cpp b/src/lib/rng/hmac_drbg/hmac_drbg.cpp index e47d49628..03ea2013a 100644 --- a/src/lib/rng/hmac_drbg/hmac_drbg.cpp +++ b/src/lib/rng/hmac_drbg/hmac_drbg.cpp @@ -158,12 +158,18 @@ void HMAC_DRBG::update(const uint8_t input[], size_t input_len) void HMAC_DRBG::add_entropy(const uint8_t input[], size_t input_len) { update(input, input_len); + + if(8*input_len >= security_level()) + { + m_reseed_counter = 1; + } } size_t HMAC_DRBG::security_level() const { - // sqrt of hash size - return m_mac->output_length() * 8 / 2; + // security strength of the hash function + // for pre-image resistance (see NIST SP800-57), + // but NIST SP800-90A only supports up to 256 bits + return std::min(m_mac->output_length(), size_t(32)) * 8; } - } |