-- Leo's gemini proxy

-- Connecting to git.thebackupbox.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

repo: urcd
action: commit
revision:
path_from:
revision_from: b9990f5dde6d396e9ae5a46d5d17f33e7810a154:
path_to:
revision_to:

commit b9990f5dde6d396e9ae5a46d5d17f33e7810a154
Author: root <root@localhost.(none)>
Date:   Mon Dec 15 01:35:55 2014 +0000

    [liburc] security: randombytes improvement, xor against d buffer with mutating sha512 hash

diff --git a/src/liburc.h b/src/liburc.h

--- a/src/liburc.h
+++ b/src/liburc.h
@@ -1,3 +1,4 @@
+#include <nacl/crypto_hash_sha512.h>
 #include <nacl/crypto_secretbox.h>
 #include <nacl/crypto_sign.h>
 #include <nacl/crypto_box.h>
@@ -45,15 +46,18 @@ void randombytes(unsigned char *b, int blen) {
  if (devurandomfd == -1) devurandomfd = open("/dev/arandom",O_RDONLY);
  if (devurandomfd == -1) devurandomfd = open("/dev/urandom",O_RDONLY);
  if (devurandomfd == -1) {
+  static unsigned char d[64];
   unsigned char * h = malloc(256 * sizeof(unsigned char));
   unsigned char s[256]; /* sometimes heap is zeroed, try luck with stack */
   struct timeval now;
   int i;
   for (i=0;i<blen;++i) {
+   if (!i&63) crypto_hash_sha512(d,b,blen);
    gettimeofday(&now,'\x00');
    srand(now.tv_usec);
    b[i] = rand() & 255;
    b[i] ^= s[i & 255];
+   b[i] ^= d[i & 63];
    if (h) b[i] ^= h[i & 255];
   }if (h) free(h);
  } else read(devurandomfd,b,blen);

-- Response ended

-- Page fetched on Sun Jun 2 16:24:16 2024