From: Witold Kręcicki <wpk@isc.org>
Date: Fri, 12 Oct 2018 11:59:33 +0000 (+0000)
Subject: Use non-cryptographically-secure PRNG to generate a nonce for cookies.
X-Git-Tag: v9.13.4~84^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6cd89d5e9f24278ffafd39d65701213a47a99d8e;p=thirdparty%2Fbind9.git

Use non-cryptographically-secure PRNG to generate a nonce for cookies.

Rationale: the nonce here is only used to make sure there is a low
probability of duplication, according to section B.2 of RFC7873.
It is only 32-bit, and even if an attacker knows the algorithm used
to generate nonces it won't, in any way, give him any platform to
attack the server as long as server secret used to sign the
(nonce, time) pair with HMAC-SHA1 is secure.

On the other hand, currently, each packet sent requires (unnecessarily)
a CS pseudo-random number which is ineffective.
---

diff --git a/CHANGES b/CHANGES
index 892a2107a07..27bf2ce4def 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5062.	[func]		Use non-crypto-secure PRNG to generate nonces for
+			cookies [GL !887]
+
 5061.	[protocol]	Add support for EID and NIMLOC. [GL #626]
 
 5060.	[bug]		GID, UID and UINFO could not be loaded using unknown
diff --git a/lib/ns/client.c b/lib/ns/client.c
index 32c8ddfe220..7b789047e6b 100644
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -1656,7 +1656,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
 		isc_buffer_init(&buf, cookie, sizeof(cookie));
 		isc_stdtime_get(&now);
 
-		isc_nonce_buf(&nonce, sizeof(nonce));
+		isc_random_buf(&nonce, sizeof(nonce));
 
 		compute_cookie(client, now, nonce, client->sctx->secret, &buf);