[PATCH v3 6/7] DRBG specific gcry_control requests

Stephan Mueller smueller at chronox.de
Wed Mar 19 08:39:32 CET 2014

This control request re-initializes the DRBG completely, i.e. the entire
state of the DRBG is zeroized (with two exceptions listed in

The control request takes the following values which influences how
the DRBG is re-initialized:
  * __u32 flags: This variable specifies the DRBG type to be used for the
                 next initialization. If set to 0, the previous DRBG type is
                 used for the initialization. The DRBG type is an OR of the
                 mandatory flags of the requested DRBG strength and DRBG
                 cipher type. Optionally, the prediction resistance flag
                 can be ORed into the flags variable. For example:
                   - CTR-DRBG with AES-128 without prediction
                   - HMAC-DRBG with SHA-512 with prediction resistance:
                        DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST
  * struct drbg_string *pers: personalization string to be used for
  * struct drbg_test_data *test: TEST parameter only -- should be NULL in
                                 normal use -- parameter sets predefined
The variable of flags is independent from the pers/perslen variables. If
flags is set to 0 and perslen is set to 0, the current DRBG type is
completely reset without using a personalization string.

Changes v3:

 * addition of struct drbg_test_data *test to reinit call
 * change personalization string invocation to struct drbg_string
 * remove set_entropy call

Signed-off-by: Stephan Mueller <smueller at chronox.de>
diff --git a/src/global.c b/src/global.c
index 4e8df86..5c19cca 100644
--- a/src/global.c
+++ b/src/global.c
@@ -671,6 +671,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
+      {
+        u_int32_t flags = va_arg (arg_ptr, u_int32_t);
+        struct drbg_string *pers = va_arg (arg_ptr, struct drbg_string *);
+	struct drbg_test_data *test_data = va_arg (arg_ptr, struct drbg_test_data *);
+        rc = _gcry_drbg_reinit(flags, pers, test_data);
+      }
+      break;
       _gcry_set_preferred_rng_type (0);
       rc = GPG_ERR_INV_OP;

More information about the Gcrypt-devel mailing list