upstream OpenBSD: arc4random: Randomise the rekey interval a little.
Previously, the chacha20 instance would be rekeyed every 1.6MB. This makes it happen at a random point somewhere in the 1-2MB range. Feedback deraadt@ visa@, ok tb@ visa@ newlib port: Make REKEY_BASE depend on SIZE_MAX Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
		
							parent
							
								
									f5fece2838
								
							
						
					
					
						commit
						52a410f9bd
					
				|  | @ -1,4 +1,4 @@ | |||
| /*	$OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $	*/ | ||||
| /*	$OpenBSD: arc4random.c,v 1.57 2022/07/31 05:10:36 djm Exp $	*/ | ||||
| 
 | ||||
| /*
 | ||||
|  * Copyright (c) 1996, David Mazieres <dm@uun.org> | ||||
|  | @ -49,6 +49,14 @@ | |||
| #define BLOCKSZ	64 | ||||
| #define RSBUFSZ	(16*BLOCKSZ) | ||||
| 
 | ||||
| #if SIZE_MAX <= 65535 | ||||
| #define REKEY_BASE	(  32*1024) /* NB. should be a power of 2 */ | ||||
| #elif SIZE_MAX <= 1048575 | ||||
| #define REKEY_BASE	( 512*1024) /* NB. should be a power of 2 */ | ||||
| #else | ||||
| #define REKEY_BASE	(1024*1024) /* NB. should be a power of 2 */ | ||||
| #endif | ||||
| 
 | ||||
| /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ | ||||
| static struct _rs { | ||||
| 	size_t		rs_have;	/* valid bytes at end of rs_buf */ | ||||
|  | @ -86,6 +94,7 @@ static void | |||
| _rs_stir(void) | ||||
| { | ||||
| 	u_char rnd[KEYSZ + IVSZ]; | ||||
| 	uint32_t rekey_fuzz = 0; | ||||
| 
 | ||||
| 	memset(rnd, 0, (KEYSZ + IVSZ) * sizeof(u_char)); | ||||
| 
 | ||||
|  | @ -102,8 +111,10 @@ _rs_stir(void) | |||
| 	rs->rs_have = 0; | ||||
| 	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); | ||||
| 
 | ||||
| 	rs->rs_count = (SIZE_MAX <= 65535) ? 65000 | ||||
| 	  : (SIZE_MAX <= 1048575 ? 1048000 : 1600000); | ||||
| 	/* rekey interval should not be predictable */ | ||||
| 	chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, | ||||
| 	     (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); | ||||
| 	rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); | ||||
| } | ||||
| 
 | ||||
| static inline void | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue