diff options
author | June McEnroe <june@causal.agency> | 2022-12-23 17:16:13 -0500 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2022-12-23 17:16:13 -0500 |
commit | 7f5dbfe6f3e489ba36e9cd6e251818565811b66c (patch) | |
tree | 8bc1ff7534b44b433797b04b1d1016212b9e24a2 | |
parent | Merge LibreSSL 3.5.2 (diff) | |
parent | Import LibreSSL 3.7.0 (diff) | |
download | libretls-3.7.0.tar.gz libretls-3.7.0.zip |
Merge LibreSSL 3.7.0 3.7.0
-rw-r--r-- | LIBTLS_VERSION | 2 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | compat/arc4random.c | 10 |
3 files changed, 10 insertions, 4 deletions
diff --git a/LIBTLS_VERSION b/LIBTLS_VERSION index 4afa027..ce7dc5a 100644 --- a/LIBTLS_VERSION +++ b/LIBTLS_VERSION @@ -1 +1 @@ -25:0:0 +26:1:0 diff --git a/VERSION b/VERSION index 8b7c8d3..e17f512 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -3.5.2 +3.7.0 diff --git a/compat/arc4random.c b/compat/arc4random.c index 6f95d57..1ec8e1e 100644 --- a/compat/arc4random.c +++ b/compat/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $ */ +/* $OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $ */ /* * Copyright (c) 1996, David Mazieres <dm@uun.org> @@ -49,6 +49,8 @@ #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ static struct _rs { size_t rs_have; /* valid bytes at end of rs_buf */ @@ -86,6 +88,7 @@ static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; + uint32_t rekey_fuzz = 0; if (getentropy(rnd, sizeof rnd) == -1) _getentropy_fail(); @@ -100,7 +103,10 @@ _rs_stir(void) rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs->rs_count = 1600000; + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void |