crypto: drbg - Change DRBG_MAX_REQUESTS to 4096

Currently a formal reseed happens only after each 1048576 requests. That's quite a high number. Let's follow the example of BoringSSL and use a more conservative value of 4096. Note that in practice this makes little difference, now that we're including 32 bytes from get_random_bytes() in the additional input on every request anyway, which is a de facto reseed. But for the same reason, we might as well decrease the actual reseed interval to something more reasonable. Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Eric Biggers <ebiggers@kernel.org> 2026-04-19 23:34:19 -0700
committer: Herbert Xu <herbert@gondor.apana.org.au> 2026-05-07 16:10:01 +0800
commit: 005b19f18ea9fc51fc35fbcb27759ae83c7c89f8 (patch)
tree: 909be7b6696a2bbbe61ed65bb4e1182abaec9bc0
parent: ca659874af31c6c6e1c5992475b88be8cb65d484 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c
index cda79d601f4f..7fd076ddc105 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -115,7 +115,7 @@ enum drbg_seed_state {
  * Maximum number of requests before reseeding is forced.
  * SP800-90A allows this to be up to 2**48.  We use a lower value.
  */
-#define DRBG_MAX_REQUESTS	(1 << 20)
+#define DRBG_MAX_REQUESTS	4096
 
 /*
  * Maximum number of random bytes that can be requested at once.
author	Eric Biggers <ebiggers@kernel.org>	2026-04-19 23:34:19 -0700
committer	Herbert Xu <herbert@gondor.apana.org.au>	2026-05-07 16:10:01 +0800
commit	005b19f18ea9fc51fc35fbcb27759ae83c7c89f8 (patch)
tree	909be7b6696a2bbbe61ed65bb4e1182abaec9bc0
parent	ca659874af31c6c6e1c5992475b88be8cb65d484 (diff)