-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: urcd action: commit revision: path_from: revision_from: b9990f5dde6d396e9ae5a46d5d17f33e7810a154: path_to: revision_to:
commit b9990f5dde6d396e9ae5a46d5d17f33e7810a154 Author: root <root@localhost.(none)> Date: Mon Dec 15 01:35:55 2014 +0000 [liburc] security: randombytes improvement, xor against d buffer with mutating sha512 hash diff --git a/src/liburc.h b/src/liburc.h
--- a/src/liburc.h +++ b/src/liburc.h @@ -1,3 +1,4 @@ +#include <nacl/crypto_hash_sha512.h> #include <nacl/crypto_secretbox.h> #include <nacl/crypto_sign.h> #include <nacl/crypto_box.h> @@ -45,15 +46,18 @@ void randombytes(unsigned char *b, int blen) { if (devurandomfd == -1) devurandomfd = open("/dev/arandom",O_RDONLY); if (devurandomfd == -1) devurandomfd = open("/dev/urandom",O_RDONLY); if (devurandomfd == -1) { + static unsigned char d[64]; unsigned char * h = malloc(256 * sizeof(unsigned char)); unsigned char s[256]; /* sometimes heap is zeroed, try luck with stack */ struct timeval now; int i; for (i=0;i<blen;++i) { + if (!i&63) crypto_hash_sha512(d,b,blen); gettimeofday(&now,'\x00'); srand(now.tv_usec); b[i] = rand() & 255; b[i] ^= s[i & 255]; + b[i] ^= d[i & 63]; if (h) b[i] ^= h[i & 255]; }if (h) free(h); } else read(devurandomfd,b,blen);
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 16:24:16 2024