reported by X41 D-Sec.
int* shufport;
log_assert(daemon && daemon->cfg);
if(!daemon->rand) {
- unsigned int seed = (unsigned int)time(NULL) ^
- (unsigned int)getpid() ^ 0x438;
- daemon->rand = ub_initstate(seed, NULL);
+ daemon->rand = ub_initstate(NULL);
if(!daemon->rand)
fatal_exit("could not init random generator");
hash_set_raninit((uint32_t)ub_random(daemon->rand));
return NULL;
}
/* create random state here to avoid locking trouble in RAND_bytes */
- seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^
- (((unsigned int)worker->thread_num)<<17);
- /* shift thread_num so it does not match out pid bits */
- if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) {
- explicit_bzero(&seed, sizeof(seed));
+ if(!(worker->rndstate = ub_initstate(daemon->rand))) {
log_err("could not init random numbers.");
tube_delete(worker->cmd);
free(worker->ports);
- Fix Shared Memory World Writeable,
reported by X41 D-Sec.
- Adjust unbound-control to make stats_shm a read only operation.
+ - Fix Weak Entropy Used For Nettle,
+ reported by X41 D-Sec.
19 November 2019: Wouter
- Fix CVE-2019-18934, shell execution in ipsecmod.
static struct ub_ctx* ub_ctx_create_nopipe(void)
{
struct ub_ctx* ctx;
- unsigned int seed;
#ifdef USE_WINSOCK
int r;
WSADATA wsa_data;
return NULL;
}
alloc_init(&ctx->superalloc, NULL, 0);
- seed = (unsigned int)time(NULL) ^ (unsigned int)getpid();
- if(!(ctx->seed_rnd = ub_initstate(seed, NULL))) {
- explicit_bzero(&seed, sizeof(seed));
+ if(!(ctx->seed_rnd = ub_initstate(NULL))) {
ub_randfree(ctx->seed_rnd);
free(ctx);
errno = ENOMEM;
return NULL;
}
- explicit_bzero(&seed, sizeof(seed));
lock_basic_init(&ctx->qqpipe_lock);
lock_basic_init(&ctx->rrpipe_lock);
lock_basic_init(&ctx->cfglock);
static struct libworker*
libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb)
{
- unsigned int seed;
struct libworker* w = (struct libworker*)calloc(1, sizeof(*w));
struct config_file* cfg = ctx->env->cfg;
int* ports;
}
w->env->worker = (struct worker*)w;
w->env->probe_timer = NULL;
- seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^
- (((unsigned int)w->thread_num)<<17);
- seed ^= (unsigned int)w->env->alloc->next_id;
if(!w->is_bg || w->is_bg_thread) {
lock_basic_lock(&ctx->cfglock);
}
- if(!(w->env->rnd = ub_initstate(seed, ctx->seed_rnd))) {
+ if(!(w->env->rnd = ub_initstate(ctx->seed_rnd))) {
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);
}
- explicit_bzero(&seed, sizeof(seed));
libworker_delete(w);
return NULL;
}
hash_set_raninit((uint32_t)ub_random(w->env->rnd));
}
}
- explicit_bzero(&seed, sizeof(seed));
if(eb)
w->base = comm_base_create_event(eb);
struct ub_randstate* r;
int num = 1000, i;
long int a[1000];
- unsigned int seed = (unsigned)time(NULL);
unit_show_feature("ub_random");
- printf("ub_random seed is %u\n", seed);
- unit_assert( (r = ub_initstate(seed, NULL)) );
+ unit_assert( (r = ub_initstate(NULL)) );
for(i=0; i<num; i++) {
a[i] = ub_random(r);
unit_assert(a[i] >= 0);
}
struct ub_randstate*
-ub_initstate(unsigned int ATTR_UNUSED(seed),
- struct ub_randstate* ATTR_UNUSED(from))
+ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
{
struct ub_randstate* s = (struct ub_randstate*)malloc(1);
if(!s) {
{
}
-struct ub_randstate* ub_initstate(unsigned int ATTR_UNUSED(seed),
- struct ub_randstate* ATTR_UNUSED(from))
+struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
{
struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
if(!s) {
log_err("Re-seeding not supported, generator untouched");
}
-struct ub_randstate* ub_initstate(unsigned int seed,
- struct ub_randstate* ATTR_UNUSED(from))
+struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from))
{
struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
uint8_t buf[YARROW256_SEED_FILE_SIZE];
yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf);
s->seeded = yarrow256_is_seeded(&s->ctx);
} else {
- /* Stretch the uint32 input seed and feed it to Yarrow */
- uint32_t v = seed;
- size_t i;
- for(i=0; i < (YARROW256_SEED_FILE_SIZE/sizeof(seed)); i++) {
- memmove(buf+i*sizeof(seed), &v, sizeof(seed));
- v = v*seed + (uint32_t)i;
- }
- yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf);
- s->seeded = yarrow256_is_seeded(&s->ctx);
+ log_err("nettle random(yarrow) cannot initialize, "
+ "getentropy failed: %s", strerror(errno));
+ free(s);
+ return NULL;
}
return s;
/**
* Initialize a random generator state for use
- * @param seed: seed value to create state contents.
- * (ignored for arc4random).
* @param from: if not NULL, the seed is taken from this random structure.
* can be used to seed random states via a parent-random-state that
* is itself seeded with entropy.
* @return new state or NULL alloc failure.
*/
-struct ub_randstate* ub_initstate(unsigned int seed,
- struct ub_randstate* from);
+struct ub_randstate* ub_initstate(struct ub_randstate* from);
/**
* Generate next random number from the state passed along.
projects / thirdparty / unbound.git / commitdiff
