From: Steffan Karger Date: Tue, 25 Jul 2017 21:02:34 +0000 (+0200) Subject: Move create_temp_file() out of #ifdef ENABLE_CRYPTO X-Git-Tag: v2.4.4~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a91c38fbabf6f949990ef8a3801d56225a47a33f;p=thirdparty%2Fopenvpn.git Move create_temp_file() out of #ifdef ENABLE_CRYPTO By using get_random() instead of prng_bytes(), we no longer have to place create_temp_file() inside #ifdef ENABLE_CRYPTO. The resulting filename now has 62 bits of entropy (2 * [0-INT_MAX]) instead of the previous 128 bits, but that should be plenty. Assuming an int is 32 bits, we would need about 2**31 (2147483648) files to have a (roughly) 0.5 chance of failing in one of the 6 attempts we do. (This is preparing to move the function out of misc.c, where I'd prefer to not have to add a #include "crypto.h".) Signed-off-by: Steffan Karger Acked-by: David Sommerseth Message-Id: <20170725210234.5673-1-steffan@karger.me> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15146.html Signed-off-by: David Sommerseth (cherry picked from commit cd5a74d0d7c6347b31e261e98ca8984819e594df) --- diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 0adb164e4..cd12f9186 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -808,8 +808,6 @@ test_file(const char *filename) return ret; } -#ifdef ENABLE_CRYPTO - /* create a temporary filename in directory */ const char * create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) @@ -822,15 +820,11 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) do { - uint8_t rndbytes[16]; - const char *rndstr; - ++attempts; ++counter; - prng_bytes(rndbytes, sizeof rndbytes); - rndstr = format_hex_ex(rndbytes, sizeof rndbytes, 40, 0, NULL, gc); - buf_printf(&fname, PACKAGE "_%s_%s.tmp", prefix, rndstr); + buf_printf(&fname, PACKAGE "_%s_%08lx%08lx.tmp", prefix, + (unsigned long) get_random(), (unsigned long) get_random()); retfname = gen_path(directory, BSTR(&fname), gc); if (!retfname) @@ -861,6 +855,8 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) return NULL; } +#ifdef ENABLE_CRYPTO + /* * Prepend a random string to hostname to prevent DNS caching. * For example, foo.bar.gov would be modified to .foo.bar.gov.