diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2022-07-31 05:10:37 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2022-07-31 05:10:37 +0000 |
| commit | d017eff99383c64e1c5e7e0353463dc0bb26299d (patch) | |
| tree | 59b217258aefda88a1d8a0ee48d163ab31bceb6d /lib/libc | |
| parent | 533e2fa45314b9be883c26675b4c5ed36af236ad (diff) | |
Randomise the rekey interval a little. Previously, the chacha20
instance would be rekeyed every 1.6MB. This makes it happen at a
random point somewhere in the 1-2MB range.
Feedback deraadt@ visa@, ok tb@ visa@
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/crypt/arc4random.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/libc/crypt/arc4random.c b/lib/libc/crypt/arc4random.c index 6cbab6e79bc..61bf0edaaa7 100644 --- a/lib/libc/crypt/arc4random.c +++ b/lib/libc/crypt/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $ */ +/* $OpenBSD: arc4random.c,v 1.57 2022/07/31 05:10:36 djm Exp $ */ /* * Copyright (c) 1996, David Mazieres <dm@uun.org> @@ -49,6 +49,8 @@ #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ static struct _rs { size_t rs_have; /* valid bytes at end of rs_buf */ @@ -86,6 +88,7 @@ static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; + uint32_t rekey_fuzz = 0; if (getentropy(rnd, sizeof rnd) == -1) _getentropy_fail(); @@ -100,7 +103,10 @@ _rs_stir(void) rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs->rs_count = 1600000; + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void |