Skip to content

Commit

Permalink
Randomise the rekey interval a little. Previously, the chacha20
Browse files Browse the repository at this point in the history 
instance would be rekeyed every 1.6MB. This makes it happen at a
random point somewhere in the 1-2MB range.

Feedback deraadt@ visa@, ok tb@ visa@
  • Loading branch information
@djmdjm
djmdjm committed Jul 31, 2022
1 parent 3d925bf commit d9204e6
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions lib/libc/crypt/arc4random.c
View file
@@ -1,4 +1,4 @@
/* $OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $ */
/* $OpenBSD: arc4random.c,v 1.57 2022/07/31 05:10:36 djm Exp $ */

/*
* Copyright (c) 1996, David Mazieres <dm@uun.org>
Expand Down Expand Up @@ -49,6 +49,8 @@
#define BLOCKSZ 64
#define RSBUFSZ (16*BLOCKSZ)

#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */

/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
static struct _rs {
size_t rs_have; /* valid bytes at end of rs_buf */
Expand Down Expand Up @@ -86,6 +88,7 @@ static void
_rs_stir(void)
{
u_char rnd[KEYSZ + IVSZ];
uint32_t rekey_fuzz = 0;

if (getentropy(rnd, sizeof rnd) == -1)
_getentropy_fail();
Expand All @@ -100,7 +103,10 @@ _rs_stir(void)
rs->rs_have = 0;
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));

rs->rs_count = 1600000;
/* rekey interval should not be predictable */
chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,
(uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz));
rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE);
}

static inline void
Expand Down

0 comments on commit d9204e6

Please sign in to comment.