|
Lines 65-70
Link Here
|
| 65 |
#define IVSZ 8 |
65 |
#define IVSZ 8 |
| 66 |
#define BLOCKSZ 64 |
66 |
#define BLOCKSZ 64 |
| 67 |
#define RSBUFSZ (16*BLOCKSZ) |
67 |
#define RSBUFSZ (16*BLOCKSZ) |
|
|
68 |
#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ |
| 69 |
|
| 68 |
static int rs_initialized; |
70 |
static int rs_initialized; |
| 69 |
static pid_t rs_stir_pid; |
71 |
static pid_t rs_stir_pid; |
| 70 |
static chacha_ctx rs; /* chacha context for random keystream */ |
72 |
static chacha_ctx rs; /* chacha context for random keystream */ |
|
Lines 125-130
static void
Link Here
|
| 125 |
_rs_stir(void) |
127 |
_rs_stir(void) |
| 126 |
{ |
128 |
{ |
| 127 |
u_char rnd[KEYSZ + IVSZ]; |
129 |
u_char rnd[KEYSZ + IVSZ]; |
|
|
130 |
uint32_t rekey_fuzz = 0; |
| 128 |
|
131 |
|
| 129 |
#ifdef WITH_OPENSSL |
132 |
#ifdef WITH_OPENSSL |
| 130 |
if (RAND_bytes(rnd, sizeof(rnd)) <= 0) |
133 |
if (RAND_bytes(rnd, sizeof(rnd)) <= 0) |
|
Lines 145-151
_rs_stir(void)
Link Here
|
| 145 |
rs_have = 0; |
148 |
rs_have = 0; |
| 146 |
memset(rs_buf, 0, RSBUFSZ); |
149 |
memset(rs_buf, 0, RSBUFSZ); |
| 147 |
|
150 |
|
| 148 |
rs_count = 1600000; |
151 |
/* rekey interval should not be predictable */ |
|
|
152 |
chacha_encrypt_bytes(&rs, (uint8_t *)&rekey_fuzz, |
| 153 |
(uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); |
| 154 |
rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); |
| 149 |
} |
155 |
} |
| 150 |
|
156 |
|
| 151 |
static inline void |
157 |
static inline void |
| 152 |
- |
|
|