[newlib-cygwin] upstream OpenBSD: arc4random: Randomise the rekey interval a little.

public inbox for newlib-cvs@sourceware.org
help / color / mirror / Atom feed

* [newlib-cygwin] upstream OpenBSD: arc4random: Randomise the rekey interval a little.
@ 2022-09-10 19:01 Corinna Vinschen
  0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2022-09-10 19:01 UTC (permalink / raw)
  To: newlib-cvs

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=52a410f9bdd504d94f1e5711ecbf096eaaf9af97

commit 52a410f9bdd504d94f1e5711ecbf096eaaf9af97
Author: djm <djm@openbsd.org>
Date:   Sun Jul 31 05:10:36 2022 +0000

    upstream OpenBSD: arc4random: Randomise the rekey interval a little.
    
    Previously, the chacha20 instance would be rekeyed every 1.6MB. This
    makes it happen at a random point somewhere in the 1-2MB range.
    
    Feedback deraadt@ visa@, ok tb@ visa@
    
    newlib port: Make REKEY_BASE depend on SIZE_MAX
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 newlib/libc/stdlib/arc4random.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/newlib/libc/stdlib/arc4random.c b/newlib/libc/stdlib/arc4random.c
index c394f984a..7b6ac8a7a 100644
--- a/newlib/libc/stdlib/arc4random.c
+++ b/newlib/libc/stdlib/arc4random.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random.c,v 1.56 2022/02/28 21:56:29 dtucker Exp $	*/
+/*	$OpenBSD: arc4random.c,v 1.57 2022/07/31 05:10:36 djm Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -49,6 +49,14 @@
 #define BLOCKSZ	64
 #define RSBUFSZ	(16*BLOCKSZ)
 
+#if SIZE_MAX <= 65535
+#define REKEY_BASE	(  32*1024) /* NB. should be a power of 2 */
+#elif SIZE_MAX <= 1048575
+#define REKEY_BASE	( 512*1024) /* NB. should be a power of 2 */
+#else
+#define REKEY_BASE	(1024*1024) /* NB. should be a power of 2 */
+#endif
+
 /* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
 static struct _rs {
 	size_t		rs_have;	/* valid bytes at end of rs_buf */
@@ -86,6 +94,7 @@ static void
 _rs_stir(void)
 {
 	u_char rnd[KEYSZ + IVSZ];
+	uint32_t rekey_fuzz = 0;
 
 	memset(rnd, 0, (KEYSZ + IVSZ) * sizeof(u_char));
 
@@ -102,8 +111,10 @@ _rs_stir(void)
 	rs->rs_have = 0;
 	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
 
-	rs->rs_count = (SIZE_MAX <= 65535) ? 65000
-	  : (SIZE_MAX <= 1048575 ? 1048000 : 1600000);
+	/* rekey interval should not be predictable */
+	chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,
+	     (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz));
+	rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE);
 }
 
 static inline void

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-09-10 19:01 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-10 19:01 [newlib-cygwin] upstream OpenBSD: arc4random: Randomise the rekey interval a little Corinna Vinschen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).