From 957a29c4690936be929ed711b86442194f4954ec Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 23 Apr 2015 00:09:17 +0200
Subject: [PATCH] salsa20_random_buf(): mix the output size with the key

---
 .../randombytes/salsa20/randombytes_salsa20_random.c        | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
index dba91e7c..43e2d0f2 100644
--- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
+++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
@@ -367,7 +367,8 @@ randombytes_salsa20_random(void)
 void
 randombytes_salsa20_random_buf(void * const buf, const size_t size)
 {
-    int ret;
+    size_t i;
+    int    ret;
 
     randombytes_salsa20_random_stir_if_needed();
     COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES);
@@ -378,6 +379,9 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size)
     ret = crypto_stream_salsa20((unsigned char *) buf, (unsigned long long) size,
                                 (unsigned char *) &stream.nonce, stream.key);
     assert(ret == 0);
+    for (i = 0U; i < sizeof size; i++) {
+        stream.key[i] ^= ((const unsigned char *) (const void *) &size)[i];
+    }
     stream.nonce++;
     crypto_stream_salsa20_xor(stream.key, stream.key, sizeof stream.key,
                               (unsigned char *) &stream.nonce, stream.key);