From b73b3b17ccf02337fb07f5ae78d78c2ff1dc3ccc Mon Sep 17 00:00:00 2001 From: Dirk Engling Date: Tue, 20 Apr 2021 04:05:50 +0200 Subject: Use arc4random whereever we need strong entropy --- Makefile | 5 +++++ opentracker.c | 6 ++++++ ot_udp.c | 14 +++++++++++++- proxy.c | 4 ++++ trackerlogic.h | 7 +++++++ 5 files changed, 35 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d1709ee..79ce0cd 100644 --- a/Makefile +++ b/Makefile @@ -39,6 +39,10 @@ BINDIR?=$(PREFIX)/bin FEATURES+=-DWANT_DEV_RANDOM FEATURES+=-DWANT_FULLSCRAPE +# Is enabled on BSD systems by default in trackerlogic.h +# on Linux systems you will need -lbds +#FEATURES+=-DWANT_ARC4RANDOM + #FEATURES+=-D_DEBUG_HTTPERROR OPTS_debug=-D_DEBUG -g -ggdb # -pg -fprofile-arcs -ftest-coverage @@ -46,6 +50,7 @@ OPTS_production=-O3 CFLAGS+=-I$(LIBOWFAT_HEADERS) -Wall -pipe -Wextra #-ansi -pedantic LDFLAGS+=-L$(LIBOWFAT_LIBRARY) -lowfat -pthread -lpthread -lz +#LDFLAGS+=-lbsd BINARY =opentracker HEADERS=trackerlogic.h scan_urlencoded_query.h ot_mutex.h ot_stats.h ot_vector.h ot_clean.h ot_udp.h ot_iovec.h ot_fullscrape.h ot_accesslist.h ot_http.h ot_livesync.h ot_rijndael.h diff --git a/opentracker.c b/opentracker.c index d2c0635..1c729cf 100644 --- a/opentracker.c +++ b/opentracker.c @@ -256,11 +256,17 @@ static void * server_mainloop( void * args ) { #ifdef _DEBUG_HTTPERROR ws.debugbuf= malloc( G_DEBUGBUF_SIZE ); #endif + if( !ws.inbuf || !ws.outbuf ) panic( "Initializing worker failed" ); + +#ifdef WANT_ARC4RANDOM + arc4random_buf(&ws.rand48_state[0], 3 * sizeof(uint16_t)); +#else ws.rand48_state[0] = (uint16_t)random(); ws.rand48_state[1] = (uint16_t)random(); ws.rand48_state[2] = (uint16_t)random(); +#endif for( ; ; ) { int64 sock; diff --git a/ot_udp.c b/ot_udp.c index 3bf311c..6b455f3 100644 --- a/ot_udp.c +++ b/ot_udp.c @@ -29,13 +29,21 @@ static ot_time g_hour_of_the_key; static void udp_generate_rijndael_round_key() { uint32_t key[16]; +#ifdef WANT_ARC4RANDOM + arc4random_buf(&key[0], sizeof(key)); +#else key[0] = random(); key[1] = random(); key[2] = random(); key[3] = random(); +#endif rijndaelKeySetupEnc128( g_rijndael_round_key, (uint8_t*)key ); +#ifdef WANT_ARC4RANDOM + g_key_of_the_hour[0] = arc4random(); +#else g_key_of_the_hour[0] = random(); +#endif g_hour_of_the_key = g_now_minutes; } @@ -46,7 +54,11 @@ static void udp_make_connectionid( uint32_t connid[2], const ot_ip6 remoteip, in if( g_now_minutes + 60 > g_hour_of_the_key ) { g_hour_of_the_key = g_now_minutes; g_key_of_the_hour[1] = g_key_of_the_hour[0]; - g_key_of_the_hour[0] = random(); +#ifdef WANT_ARC4RANDOM + g_key_of_the_hour[0] = arc4random(); +#else + g_key_of_the_hour[0] = random(); +#endif } memcpy( plain, remoteip, sizeof( plain ) ); diff --git a/proxy.c b/proxy.c index 1f09777..640958a 100644 --- a/proxy.c +++ b/proxy.c @@ -553,7 +553,11 @@ int main( int argc, char **argv ) { int scanon = 1, lbound = 0, sbound = 0; srandom( time(NULL) ); +#ifdef WANT_ARC4RANDOM + g_tracker_id = arc4random(); +#else g_tracker_id = random(); +#endif noipv6=1; while( scanon ) { diff --git a/trackerlogic.h b/trackerlogic.h index 33dccbe..87b9138 100644 --- a/trackerlogic.h +++ b/trackerlogic.h @@ -12,6 +12,13 @@ #include #include +#if defined(__linux__) && defined(WANT_ARC4RANDOM) +#include +#endif +#ifdef __FreeBSD__ +#define WANT_ARC4RANDOM +#endif + typedef uint8_t ot_hash[20]; typedef time_t ot_time; typedef char ot_ip6[16]; -- cgit v1.2.3