summary refs log tree commit diff
path: root/compat/arc4random.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2022-12-23 17:16:13 -0500
committerJune McEnroe <june@causal.agency>2022-12-23 17:16:13 -0500
commit7f5dbfe6f3e489ba36e9cd6e251818565811b66c (patch)
tree8bc1ff7534b44b433797b04b1d1016212b9e24a2 /compat/arc4random.c
parentMerge LibreSSL 3.5.2 (diff)
parentImport LibreSSL 3.7.0 (diff)
downloadlibretls-b6fc326c74a1f8eef5383014b4ef2556831ee2f7.tar.gz
libretls-b6fc326c74a1f8eef5383014b4ef2556831ee2f7.zip
Merge LibreSSL 3.7.0 3.7.0
Diffstat (limited to '')
-rw-r--r--compat/arc4random.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/compat/arc4random.c b/compat/arc4random.c
index 6f95d57..1ec8e1e 100644
--- a/compat/arc4random.c
+++ b/compat/arc4random.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $	*/
+/*	$OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -49,6 +49,8 @@
 #define BLOCKSZ	64
 #define RSBUFSZ	(16*BLOCKSZ)
 
+#define REKEY_BASE	(1024*1024) /* NB. should be a power of 2 */
+
 /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
 static struct _rs {
 	size_t		rs_have;	/* valid bytes at end of rs_buf */
@@ -86,6 +88,7 @@ static void
 _rs_stir(void)
 {
 	u_char rnd[KEYSZ + IVSZ];
+	uint32_t rekey_fuzz = 0;
 
 	if (getentropy(rnd, sizeof rnd) == -1)
 		_getentropy_fail();
@@ -100,7 +103,10 @@ _rs_stir(void)
 	rs->rs_have = 0;
 	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
 
-	rs->rs_count = 1600000;
+	/* rekey interval should not be predictable */
+	chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,
+	    (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz));
+	rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE);
 }
 
 static inline void