From 2d5669770a5723d258703384f905e1d13d6b8696 Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Mon, 23 Mar 2015 02:15:45 +0000
Subject: Avoid putting very small values in mlock memory

---
 src/build-data/buildh.in | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/build-data')

diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in
index f8009cf0b..36b5f3959 100644
--- a/src/build-data/buildh.in
+++ b/src/build-data/buildh.in
@@ -35,7 +35,11 @@
 /* How much to allocate for a buffer of no particular size */
 #define BOTAN_DEFAULT_BUFFER_SIZE 1024
 
-/* Maximum size to allocate out of the mlock pool */
+/* Minimum and maximum sizes to allocate out of the mlock pool (bytes)
+   Default min is 16 as smaller values are easily bruteforceable and thus
+   likely not cryptographic keys.
+*/
+#define BOTAN_MLOCK_ALLOCATOR_MIN_ALLOCATION 16
 #define BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION 128
 
 /* Multiplier on a block cipher's native parallelism */
@@ -67,7 +71,7 @@
 */
 #define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 512
 #define BOTAN_RNG_RESEED_POLL_BITS 128
-#define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(20)
+#define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10)
 #define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(100)
 
 /* Should we use GCC-style inline assembler? */
-- 
cgit v1.2.3