upstream OpenBSD: arc4random: Randomise the rekey interval a little.
Previously, the chacha20 instance would be rekeyed every 1.6MB. This makes it happen at a random point somewhere in the 1-2MB range. Feedback deraadt@ visa@, ok tb@ visa@ newlib port: Make REKEY_BASE depend on SIZE_MAX Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
parent
f5fece2838
commit
52a410f9bd
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $ */
|
||||
/* $OpenBSD: arc4random.c,v 1.57 2022/07/31 05:10:36 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1996, David Mazieres <dm@uun.org>
|
||||
|
@ -49,6 +49,14 @@
|
|||
#define BLOCKSZ 64
|
||||
#define RSBUFSZ (16*BLOCKSZ)
|
||||
|
||||
#if SIZE_MAX <= 65535
|
||||
#define REKEY_BASE ( 32*1024) /* NB. should be a power of 2 */
|
||||
#elif SIZE_MAX <= 1048575
|
||||
#define REKEY_BASE ( 512*1024) /* NB. should be a power of 2 */
|
||||
#else
|
||||
#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */
|
||||
#endif
|
||||
|
||||
/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
|
||||
static struct _rs {
|
||||
size_t rs_have; /* valid bytes at end of rs_buf */
|
||||
|
@ -86,6 +94,7 @@ static void
|
|||
_rs_stir(void)
|
||||
{
|
||||
u_char rnd[KEYSZ + IVSZ];
|
||||
uint32_t rekey_fuzz = 0;
|
||||
|
||||
memset(rnd, 0, (KEYSZ + IVSZ) * sizeof(u_char));
|
||||
|
||||
|
@ -102,8 +111,10 @@ _rs_stir(void)
|
|||
rs->rs_have = 0;
|
||||
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
|
||||
|
||||
rs->rs_count = (SIZE_MAX <= 65535) ? 65000
|
||||
: (SIZE_MAX <= 1048575 ? 1048000 : 1600000);
|
||||
/* rekey interval should not be predictable */
|
||||
chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,
|
||||
(uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz));
|
||||
rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE);
|
||||
}
|
||||
|
||||
static inline void
|
||||
|
|
Loading…
Reference in New Issue