From 68027ab14541a5e43e9f8747f953ecb9069ea0c6 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 3 Dec 2019 16:42:14 +0100 Subject: [PATCH] - Fix Client NONCE Generation used for Server NONCE, reported by X41 D-Sec. --- dnscrypt/dnscrypt.c | 15 +-------------- doc/Changelog | 2 ++ 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 173d26c95..6d187a748 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -442,20 +442,7 @@ dnscrypt_hrtime(void) static void add_server_nonce(uint8_t *nonce) { - uint64_t ts; - uint64_t tsn; - uint32_t suffix; - ts = dnscrypt_hrtime(); - // TODO? dnscrypt-wrapper does some logic with context->nonce_ts_last - // unclear if we really need it, so skipping it for now. - tsn = (ts << 10) | (randombytes_random() & 0x3ff); -#if (BYTE_ORDER == LITTLE_ENDIAN) - tsn = - (((uint64_t)htonl((uint32_t)tsn)) << 32) | htonl((uint32_t)(tsn >> 32)); -#endif - memcpy(nonce + crypto_box_HALF_NONCEBYTES, &tsn, 8); - suffix = randombytes_random(); - memcpy(nonce + crypto_box_HALF_NONCEBYTES + 8, &suffix, 4); + randombytes_buf(nonce + crypto_box_HALF_NONCEBYTES, 8/*tsn*/+4/*suffix*/); } /** diff --git a/doc/Changelog b/doc/Changelog index 574c469c9..099db0484 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -26,6 +26,8 @@ reported by X41 D-Sec. - Fix Bad Indentation, in dnscrypt.c, reported by X41 D-Sec. + - Fix Client NONCE Generation used for Server NONCE, + reported by X41 D-Sec. 2 December 2019: Wouter - Merge pull request #122 from he32: In tcp_callback_writer(), -- 2.47.3