From 073f41085f0791593d96233ef617fcefe3cdacb9 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Sun, 19 Feb 2012 22:14:06 +0000 Subject: [rng] Add ANS X9.82 Approved Source of Entropy Input ANS X9.82 specifies several Approved Sources of Entropy Input (SEI). One such SEI uses an entropy source as the Source of Entropy Input, condensing each entropy source output after each GetEntropy call. This can be implemented relatively cheaply in iPXE and avoids the need to allocate potentially very large buffers. (Note that the terms "entropy source" and "Source of Entropy Input" are not synonyms within the context of ANS X9.82.) Use the iPXE API mechanism to allow entropy sources to be selected at compilation time. Signed-off-by: Michael Brown --- src/include/ipxe/hmac_drbg.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/include/ipxe/hmac_drbg.h') diff --git a/src/include/ipxe/hmac_drbg.h b/src/include/ipxe/hmac_drbg.h index c751cbcb6..b3dfe3682 100644 --- a/src/include/ipxe/hmac_drbg.h +++ b/src/include/ipxe/hmac_drbg.h @@ -59,9 +59,9 @@ FILE_LICENCE ( GPL2_OR_LATER ); * according to ANS X9.82 Part 3-2007 Section 10.2.1 Table 2 (NIST SP * 800-90 Section 10.1 Table 2). * - * We choose to allow up to 2^32-1 bytes (i.e. 2^35-8 bits). + * We choose to allow up to 32 bytes. */ -#define HMAC_DRBG_MAX_ENTROPY_LEN_BYTES 0xffffffffUL +#define HMAC_DRBG_MAX_ENTROPY_LEN_BYTES 32 /** Maximum personalisation string length * -- cgit v1.2.3-55-g7522