[PATCH 35/38] crypto: drbg - Change DRBG_MAX_REQUESTS to 4096

Next message: Eric Biggers: "[PATCH 20/38] crypto: drbg - Move fixed values into constants"
Previous message: Eric Biggers: "[PATCH 19/38] crypto: drbg - De-virtualize drbg_state_ops"
In reply to: Eric Biggers: "[PATCH 19/38] crypto: drbg - De-virtualize drbg_state_ops"
Next in thread: Eric Biggers: "[PATCH 20/38] crypto: drbg - Move fixed values into constants"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Mon Apr 20 2026 - 02:45:12 EST

Currently a formal reseed happens only after each 1048576 requests.

That's quite a high number. Let's follow the example of BoringSSL and
use a more conservative value of 4096.

Note that in practice this makes little difference, now that we're
including 32 bytes from get_random_bytes() in the additional input on
every request anyway, which is a de facto reseed.

But for the same reason, we might as well decrease the actual reseed
interval to something more reasonable.

Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
---
crypto/drbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index cda79d601f4f..7fd076ddc105 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -113,11 +113,11 @@ enum drbg_seed_state {

/*
* Maximum number of requests before reseeding is forced.
* SP800-90A allows this to be up to 2**48. We use a lower value.
*/
-#define DRBG_MAX_REQUESTS (1 << 20)
+#define DRBG_MAX_REQUESTS 4096

/*
* Maximum number of random bytes that can be requested at once.
* SP800-90A allows up to 2**19 bits, which is 2**16 bytes.
*/
--
2.53.0