ref: c0a9c3b551ed5d9b3a9d8389e36a3eb059662702
parent: 36c9a2489d1f0e3d4e6a890bb86edde64d719acb
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Sep 11 15:07:17 EDT 2016
kernel: rekey chacha state on each randomread() invocation we can encrypt the 256 bit chacha key on each invocation making it hard to reconstruct previous outputs of the generator given the current state (backtracking resiatance).
--- a/sys/src/9/port/random.c
+++ b/sys/src/9/port/random.c
@@ -96,9 +96,10 @@
if(hwrandbuf != nil)
(*hwrandbuf)(p, n);
- /* copy chacha state and increment iv */
+ /* copy chacha state, rekey and increment iv */
qlock(rs);
c = *rs;
+ chacha_encrypt((uchar*)&rs->input[4], 32, &c);
if(++rs->input[13] == 0)
if(++rs->input[14] == 0)
++rs->input[15];