ref: 88edd57fedfdba84862030f6269ca67ebd121f77
parent: b10a9e7d3bae3472bb487c861970f661eb67e04c
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Sep 11 15:07:17 EDT 2016
kernel: rekey chacha state on each randomread() invocation we can encrypt the 256 bit chacha key on each invocation making it hard to reconstruct previous outputs of the generator given the current state (backtracking resiatance).
--- a/sys/src/9/port/random.c
+++ b/sys/src/9/port/random.c
@@ -96,9 +96,10 @@
if(hwrandbuf != nil)
(*hwrandbuf)(p, n);
- /* copy chacha state and increment iv */
+ /* copy chacha state, rekey and increment iv */
qlock(rs);
c = *rs;
+ chacha_encrypt((uchar*)&rs->input[4], 32, &c);
if(++rs->input[13] == 0)
if(++rs->input[14] == 0)
++rs->input[15];
--
⑨