git: 09f390a21553 - stable/13 - arc4random(3): Reduce diff with OpenBSD.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 24 Aug 2022 05:11:24 UTC
The branch stable/13 has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=09f390a21553f9adf8f581b40060b9b3c0f6a021 commit 09f390a21553f9adf8f581b40060b9b3c0f6a021 Author: Xin LI <delphij@FreeBSD.org> AuthorDate: 2022-08-10 00:27:54 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2022-08-24 05:11:09 +0000 arc4random(3): Reduce diff with OpenBSD. The main change was v1.57 by djm@: Randomise the rekey interval a little. Previously, the chacha20 instance would be rekeyed every 1.6MB. This makes it happen at a random point somewhere in the 1-2MB range. Reviewed by: csprng (markm, cem) Differential Revision: https://reviews.freebsd.org/D36088 (cherry picked from commit e9a2e4d1d28bf608a2ec915e25df9200af98e3b8) --- lib/libc/gen/arc4random.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/libc/gen/arc4random.c b/lib/libc/gen/arc4random.c index aecbdb8911bd..07e31e64e758 100644 --- a/lib/libc/gen/arc4random.c +++ b/lib/libc/gen/arc4random.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */ +/* $OpenBSD: arc4random.c,v 1.58 2022/07/31 13:41:45 tb Exp $ */ /* * Copyright (c) 1996, David Mazieres <dm@uun.org> @@ -66,6 +66,8 @@ __FBSDID("$FreeBSD$"); #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + /* Marked INHERIT_ZERO, so zero'd out in fork children. */ static struct _rs { size_t rs_have; /* valid bytes at end of rs_buf */ @@ -106,6 +108,7 @@ static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; + uint32_t rekey_fuzz = 0; #if defined(__FreeBSD__) bool need_init; @@ -152,7 +155,10 @@ _rs_stir(void) rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs->rs_count = 1600000; + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void