- Fix Client NONCE Generation used for Server NONCE,

  reported by X41 D-Sec.

diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c
index 173d26c9524f5c001808da16c8fb698bacdfcee9..6d187a748bbcfc2b2de73cc5507f6b3a63df0d17 100644 (file)
--- a/dnscrypt/dnscrypt.c
+++ b/dnscrypt/dnscrypt.c
@@ -442,20 +442,7 @@ dnscrypt_hrtime(void)
 static void
 add_server_nonce(uint8_t *nonce)
 {
-    uint64_t ts;
-    uint64_t tsn;
-    uint32_t suffix;
-    ts = dnscrypt_hrtime();
-    // TODO? dnscrypt-wrapper does some logic with context->nonce_ts_last
-    // unclear if we really need it, so skipping it for now.
-    tsn = (ts << 10) | (randombytes_random() & 0x3ff);
-#if (BYTE_ORDER == LITTLE_ENDIAN)
-    tsn =
-        (((uint64_t)htonl((uint32_t)tsn)) << 32) | htonl((uint32_t)(tsn >> 32));
-#endif
-    memcpy(nonce + crypto_box_HALF_NONCEBYTES, &tsn, 8);
-    suffix = randombytes_random();
-    memcpy(nonce + crypto_box_HALF_NONCEBYTES + 8, &suffix, 4);
+    randombytes_buf(nonce + crypto_box_HALF_NONCEBYTES, 8/*tsn*/+4/*suffix*/);
 }
 
 /**

diff --git a/doc/Changelog b/doc/Changelog
index 574c469c9f5cf813b5ad7b68736e3a7f5b025e77..099db0484259ad45dbd9b15cf69fcab4e4b76fea 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -26,6 +26,8 @@
          reported by X41 D-Sec.
        - Fix Bad Indentation, in dnscrypt.c,
          reported by X41 D-Sec.
+       - Fix Client NONCE Generation used for Server NONCE,
+         reported by X41 D-Sec.
 
 2 December 2019: Wouter
        - Merge pull request #122 from he32: In tcp_callback_writer(),