]> andersk Git - openssh.git/blobdiff - bsd-arc4random.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- (djm) Periodically rekey arc4random
[openssh.git] / bsd-arc4random.c
diff --git a/bsd-arc4random.c b/bsd-arc4random.c
index 4c2f0854fee281b911e05e9c01481ff60b508a80..a1f5154613110bf7bc8e07e52401529d4b90ab49 100644 (file)
--- a/bsd-arc4random.c
+++ b/bsd-arc4random.c
@@ -33,6 +33,12 @@
 
 #ifndef HAVE_ARC4RANDOM
 
+/* Size of key to use */
+#define SEED_SIZE 20
+
+/* Number of bytes to reseed after */
+#define REKEY_BYTES    (1 >> 18)
+
 static int rc4_ready = 0;
 static RC4_KEY rc4;
 
@@ -40,27 +46,30 @@ unsigned int arc4random(void)
 {
        unsigned int r = 0;
 
-       if (!rc4_ready)
+       if (rc4_ready <= 0)
                arc4random_stir();
        
        RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+
+       rc4_ready -= sizeof(r);
        
        return(r);
 }
 
 void arc4random_stir(void)
 {
-       unsigned char rand_buf[32];
+       unsigned char rand_buf[SEED_SIZE];
        
        memset(&rc4, 0, sizeof(rc4));
 
        seed_rng();
+
        RAND_bytes(rand_buf, sizeof(rand_buf));
        
        RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
 
        memset(rand_buf, 0, sizeof(rand_buf));
        
-       rc4_ready = 1;
+       rc4_ready = REKEY_BYTES;
 }
 #endif /* !HAVE_ARC4RANDOM */
git-cvsimport mirror of OpenSSH
This page took 0.098464 seconds and 4 git commands to generate.