summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirk Engling <erdgeist@erdgeist.org>2021-04-20 04:05:50 +0200
committerDirk Engling <erdgeist@erdgeist.org>2021-04-20 04:05:50 +0200
commitb73b3b17ccf02337fb07f5ae78d78c2ff1dc3ccc (patch)
tree1ab5ec163419a5e6d275e0c5841e319c5a24976b
parentccef1d0ccd0965ce91b2a439866dc1bd8301883d (diff)
Use arc4random whereever we need strong entropy
-rw-r--r--Makefile5
-rw-r--r--opentracker.c6
-rw-r--r--ot_udp.c14
-rw-r--r--proxy.c4
-rw-r--r--trackerlogic.h7
5 files changed, 35 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index d1709ee..79ce0cd 100644
--- a/Makefile
+++ b/Makefile
@@ -39,6 +39,10 @@ BINDIR?=$(PREFIX)/bin
39FEATURES+=-DWANT_DEV_RANDOM 39FEATURES+=-DWANT_DEV_RANDOM
40FEATURES+=-DWANT_FULLSCRAPE 40FEATURES+=-DWANT_FULLSCRAPE
41 41
42# Is enabled on BSD systems by default in trackerlogic.h
43# on Linux systems you will need -lbds
44#FEATURES+=-DWANT_ARC4RANDOM
45
42#FEATURES+=-D_DEBUG_HTTPERROR 46#FEATURES+=-D_DEBUG_HTTPERROR
43 47
44OPTS_debug=-D_DEBUG -g -ggdb # -pg -fprofile-arcs -ftest-coverage 48OPTS_debug=-D_DEBUG -g -ggdb # -pg -fprofile-arcs -ftest-coverage
@@ -46,6 +50,7 @@ OPTS_production=-O3
46 50
47CFLAGS+=-I$(LIBOWFAT_HEADERS) -Wall -pipe -Wextra #-ansi -pedantic 51CFLAGS+=-I$(LIBOWFAT_HEADERS) -Wall -pipe -Wextra #-ansi -pedantic
48LDFLAGS+=-L$(LIBOWFAT_LIBRARY) -lowfat -pthread -lpthread -lz 52LDFLAGS+=-L$(LIBOWFAT_LIBRARY) -lowfat -pthread -lpthread -lz
53#LDFLAGS+=-lbsd
49 54
50BINARY =opentracker 55BINARY =opentracker
51HEADERS=trackerlogic.h scan_urlencoded_query.h ot_mutex.h ot_stats.h ot_vector.h ot_clean.h ot_udp.h ot_iovec.h ot_fullscrape.h ot_accesslist.h ot_http.h ot_livesync.h ot_rijndael.h 56HEADERS=trackerlogic.h scan_urlencoded_query.h ot_mutex.h ot_stats.h ot_vector.h ot_clean.h ot_udp.h ot_iovec.h ot_fullscrape.h ot_accesslist.h ot_http.h ot_livesync.h ot_rijndael.h
diff --git a/opentracker.c b/opentracker.c
index d2c0635..1c729cf 100644
--- a/opentracker.c
+++ b/opentracker.c
@@ -256,11 +256,17 @@ static void * server_mainloop( void * args ) {
256#ifdef _DEBUG_HTTPERROR 256#ifdef _DEBUG_HTTPERROR
257 ws.debugbuf= malloc( G_DEBUGBUF_SIZE ); 257 ws.debugbuf= malloc( G_DEBUGBUF_SIZE );
258#endif 258#endif
259
259 if( !ws.inbuf || !ws.outbuf ) 260 if( !ws.inbuf || !ws.outbuf )
260 panic( "Initializing worker failed" ); 261 panic( "Initializing worker failed" );
262
263#ifdef WANT_ARC4RANDOM
264 arc4random_buf(&ws.rand48_state[0], 3 * sizeof(uint16_t));
265#else
261 ws.rand48_state[0] = (uint16_t)random(); 266 ws.rand48_state[0] = (uint16_t)random();
262 ws.rand48_state[1] = (uint16_t)random(); 267 ws.rand48_state[1] = (uint16_t)random();
263 ws.rand48_state[2] = (uint16_t)random(); 268 ws.rand48_state[2] = (uint16_t)random();
269#endif
264 270
265 for( ; ; ) { 271 for( ; ; ) {
266 int64 sock; 272 int64 sock;
diff --git a/ot_udp.c b/ot_udp.c
index 3bf311c..6b455f3 100644
--- a/ot_udp.c
+++ b/ot_udp.c
@@ -29,13 +29,21 @@ static ot_time g_hour_of_the_key;
29 29
30static void udp_generate_rijndael_round_key() { 30static void udp_generate_rijndael_round_key() {
31 uint32_t key[16]; 31 uint32_t key[16];
32#ifdef WANT_ARC4RANDOM
33 arc4random_buf(&key[0], sizeof(key));
34#else
32 key[0] = random(); 35 key[0] = random();
33 key[1] = random(); 36 key[1] = random();
34 key[2] = random(); 37 key[2] = random();
35 key[3] = random(); 38 key[3] = random();
39#endif
36 rijndaelKeySetupEnc128( g_rijndael_round_key, (uint8_t*)key ); 40 rijndaelKeySetupEnc128( g_rijndael_round_key, (uint8_t*)key );
37 41
42#ifdef WANT_ARC4RANDOM
43 g_key_of_the_hour[0] = arc4random();
44#else
38 g_key_of_the_hour[0] = random(); 45 g_key_of_the_hour[0] = random();
46#endif
39 g_hour_of_the_key = g_now_minutes; 47 g_hour_of_the_key = g_now_minutes;
40} 48}
41 49
@@ -46,7 +54,11 @@ static void udp_make_connectionid( uint32_t connid[2], const ot_ip6 remoteip, in
46 if( g_now_minutes + 60 > g_hour_of_the_key ) { 54 if( g_now_minutes + 60 > g_hour_of_the_key ) {
47 g_hour_of_the_key = g_now_minutes; 55 g_hour_of_the_key = g_now_minutes;
48 g_key_of_the_hour[1] = g_key_of_the_hour[0]; 56 g_key_of_the_hour[1] = g_key_of_the_hour[0];
49 g_key_of_the_hour[0] = random(); 57#ifdef WANT_ARC4RANDOM
58 g_key_of_the_hour[0] = arc4random();
59#else
60 g_key_of_the_hour[0] = random();
61#endif
50 } 62 }
51 63
52 memcpy( plain, remoteip, sizeof( plain ) ); 64 memcpy( plain, remoteip, sizeof( plain ) );
diff --git a/proxy.c b/proxy.c
index 1f09777..640958a 100644
--- a/proxy.c
+++ b/proxy.c
@@ -553,7 +553,11 @@ int main( int argc, char **argv ) {
553 int scanon = 1, lbound = 0, sbound = 0; 553 int scanon = 1, lbound = 0, sbound = 0;
554 554
555 srandom( time(NULL) ); 555 srandom( time(NULL) );
556#ifdef WANT_ARC4RANDOM
557 g_tracker_id = arc4random();
558#else
556 g_tracker_id = random(); 559 g_tracker_id = random();
560#endif
557 noipv6=1; 561 noipv6=1;
558 562
559 while( scanon ) { 563 while( scanon ) {
diff --git a/trackerlogic.h b/trackerlogic.h
index 33dccbe..87b9138 100644
--- a/trackerlogic.h
+++ b/trackerlogic.h
@@ -12,6 +12,13 @@
12#include <stdint.h> 12#include <stdint.h>
13#include <stdlib.h> 13#include <stdlib.h>
14 14
15#if defined(__linux__) && defined(WANT_ARC4RANDOM)
16#include <bsd/stdlib.h>
17#endif
18#ifdef __FreeBSD__
19#define WANT_ARC4RANDOM
20#endif
21
15typedef uint8_t ot_hash[20]; 22typedef uint8_t ot_hash[20];
16typedef time_t ot_time; 23typedef time_t ot_time;
17typedef char ot_ip6[16]; 24typedef char ot_ip6[16];