summary refs log tree commit diff
path: root/compat
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2022-12-23 17:16:13 -0500
committerJune McEnroe <june@causal.agency>2022-12-23 17:16:13 -0500
commit7f5dbfe6f3e489ba36e9cd6e251818565811b66c (patch)
tree8bc1ff7534b44b433797b04b1d1016212b9e24a2 /compat
parentMerge LibreSSL 3.5.2 (diff)
parentImport LibreSSL 3.7.0 (diff)
downloadlibretls-7f5dbfe6f3e489ba36e9cd6e251818565811b66c.tar.gz
libretls-7f5dbfe6f3e489ba36e9cd6e251818565811b66c.zip
Merge LibreSSL 3.7.0 3.7.0
Diffstat (limited to 'compat')
-rw-r--r--compat/arc4random.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/compat/arc4random.c b/compat/arc4random.c
index 6f95d57..1ec8e1e 100644
--- a/compat/arc4random.c
+++ b/compat/arc4random.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $	*/
+/*	$OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -49,6 +49,8 @@
 #define BLOCKSZ	64
 #define RSBUFSZ	(16*BLOCKSZ)
 
+#define REKEY_BASE	(1024*1024) /* NB. should be a power of 2 */
+
 /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
 static struct _rs {
 	size_t		rs_have;	/* valid bytes at end of rs_buf */
@@ -86,6 +88,7 @@ static void
 _rs_stir(void)
 {
 	u_char rnd[KEYSZ + IVSZ];
+	uint32_t rekey_fuzz = 0;
 
 	if (getentropy(rnd, sizeof rnd) == -1)
 		_getentropy_fail();
@@ -100,7 +103,10 @@ _rs_stir(void)
 	rs->rs_have = 0;
 	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
 
-	rs->rs_count = 1600000;
+	/* rekey interval should not be predictable */
+	chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,
+	    (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz));
+	rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE);
 }
 
 static inline void
='logmsg'> 2020-11-19Add "Come On Petunia"June McEnroe 2020-11-13Add x4 to LESSJune McEnroe 2020-11-04Remove modified sensitivity settingsJune McEnroe 2020-10-29Remove editJune McEnroe 2020-10-27Switch gr alias back to git rebaseJune McEnroe I always type out git reset and sometimes still expect gr to be rebase... Never got used to it I guess. 2020-10-27Allow cd host: to cd to same path over sshJune McEnroe 2020-10-27Use SendEnv for cd host:pathJune McEnroe Works properly for weird paths, etc. 2020-10-27Allow cd host:path over sshJune McEnroe Requires AcceptEnv SSH_CD in the remote sshd_config. 2020-10-07Use mandoc -T utf8 for text.June McEnroe Don't depend on LANG being set. 2020-09-20Add The Awakened KingdomJune McEnroe A cute extra novella. Finally finished this series. 2020-09-12Move /opt/local back, cheat port select to use system manJune McEnroe This is not really how you're supposed to use the select system, I don't think, since the mandoc package actually creates those files, but it does work. This lets me actually use the git installed by MacPorts. 2020-09-12Move /opt/local behind /usr againJune McEnroe The reason I did this with pkgsrc was because I actually don't want the man(1) from mandoc, since it won't follow MANSECT. Same applies to MacPorts. I wish I could disable its man(1) with a variant or whatever. 2020-09-12Enable toc in cgit renderings of man pagesJune McEnroe But keep it disabled for READMEs since they always use non-standard sections and the TOC is just distracting there, I think. Also add the style so its h1 is the same size as the ones inside sections... 2020-09-11Install mandoc on macOSJune McEnroe 2020-09-11Rewrite install script yet againJune McEnroe 2020-09-11Remove NetBSD from install scriptJune McEnroe I never use it. 2020-09-11Use MacPorts rather than pkgsrcJune McEnroe My system is probably such a mess now... 2020-09-11Add debian VM name to sshJune McEnroe 2020-09-11Add influencer tweetJune McEnroe 2020-09-10Add The Kingdom of GodsJune McEnroe Reading has really slowed down :( 2020-09-07Add SunglassesJune McEnroe An IRC find. 2020-09-06Add Between the BreathsJune McEnroe One of those good songs from a soundtrack of a film that probably isn't? The summary sounds a lot more interesting than the title implies, at least. 2020-09-04Open /dev/tty in nudgeJune McEnroe This makes it work even when it's run connected to a pipe, i.e. as the notify command of catgirl... 2020-09-04Add nudgeJune McEnroe 2020-09-03Build fbclock with -lzJune McEnroe I guess this got lost somewhere, long ago... 2020-08-29Add tweets from retweetsJune McEnroe