hmac_drbg: make no reseeding behaviour explicit
Add a flag to the hmac_drbg context that will signal that reseeding is not required.
Change tests and one ecdsa call to not use reseeding, as was the previous case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index fc7aea9..d8669c3 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -63,6 +63,7 @@
memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
ctx->prediction_resistance = MBEDTLS_HMAC_DRBG_PR_OFF;
+ ctx->reseed_flag = MBEDTLS_HMAC_DRBG_RESEED;
#if defined(MBEDTLS_THREADING_C)
mbedtls_mutex_init( &ctx->mutex );
#endif
@@ -389,6 +390,15 @@
}
/*
+ * Set the reseeding flag
+ */
+void mbedtls_hmac_drbg_set_reseeding( mbedtls_hmac_drbg_context *ctx,
+ int reseed_flag )
+{
+ ctx->reseed_flag = reseed_flag;
+}
+
+/*
* Set entropy length grabbed for seeding
*/
int mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
@@ -434,14 +444,20 @@
return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
/* 1. (aka VII and IX) Check reseed counter and PR */
- if( ctx->f_entropy != NULL && /* For no-reseeding instances */
- ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
- ctx->reseed_counter > ctx->reseed_interval ) )
+ if( ctx->reseed_flag != MBEDTLS_HMAC_DRBG_NO_RESEED &&
+ ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
+ ctx->reseed_counter > ctx->reseed_interval ) )
{
- if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
- return( ret );
-
- add_len = 0; /* VII.4 */
+ if( ctx->f_entropy == NULL )
+ {
+ return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
+ }
+ else
+ {
+ if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
+ return( ret );
+ add_len = 0; /* VII.4 */
+ }
}
/* 2. Use additional data if any */