From cfc656294ee8f704bcfda96a23232e93e6c7bd6a Mon Sep 17 00:00:00 2001 From: ryndia <68096721+ryndia@users.noreply.github.com> Date: Wed, 7 Sep 2022 20:16:20 +0400 Subject: [PATCH 1/2] Update arc4random.c --- compat/arc4random.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/compat/arc4random.c b/compat/arc4random.c index b536d3143..ae342d3a4 100644 --- a/compat/arc4random.c +++ b/compat/arc4random.c @@ -22,7 +22,7 @@ /* * ChaCha based random number generator for OpenBSD. */ - +#define REKEY_BASE (1024*1024) //base 2 #include #include #include @@ -179,7 +179,7 @@ static void _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; - + uint32_t rekey_fuzz = 0; if (getentropy(rnd, sizeof rnd) == -1) { if(errno != ENOSYS || fallback_getentropy_urandom(rnd, sizeof rnd) == -1) { @@ -201,7 +201,9 @@ _rs_stir(void) rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - rs->rs_count = 1600000; + /*rs->rs_count = 1600000;*/ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,(uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void From 5f3b4605865a929e028511268caff320e34af079 Mon Sep 17 00:00:00 2001 From: Philip Homburg Date: Tue, 20 Sep 2022 14:47:19 +0200 Subject: [PATCH 2/2] Align with version 1.58 on cvsweb.openbsd.org --- compat/arc4random.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/compat/arc4random.c b/compat/arc4random.c index ae342d3a4..486ab89c6 100644 --- a/compat/arc4random.c +++ b/compat/arc4random.c @@ -22,7 +22,7 @@ /* * ChaCha based random number generator for OpenBSD. */ -#define REKEY_BASE (1024*1024) //base 2 + #include #include #include @@ -57,6 +57,8 @@ #define BLOCKSZ 64 #define RSBUFSZ (16*BLOCKSZ) +#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ + /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ static struct { size_t rs_have; /* valid bytes at end of rs_buf */ @@ -180,6 +182,7 @@ _rs_stir(void) { u_char rnd[KEYSZ + IVSZ]; uint32_t rekey_fuzz = 0; + if (getentropy(rnd, sizeof rnd) == -1) { if(errno != ENOSYS || fallback_getentropy_urandom(rnd, sizeof rnd) == -1) { @@ -201,9 +204,10 @@ _rs_stir(void) rs->rs_have = 0; memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); - /*rs->rs_count = 1600000;*/ - chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,(uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); - rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); + /* rekey interval should not be predictable */ + chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, + (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); + rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); } static inline void