Use arc4random whereever we need strong entropy

diff --git a/Makefile b/Makefile
index d1709eec00f710e3fc54dceb88c36870881ecd88..79ce0cd50987960a89e91b357cad60fd9521bdf7 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -39,6 +39,10 @@ BINDIR?=$(PREFIX)/bin
 FEATURES+=-DWANT_DEV_RANDOM
 FEATURES+=-DWANT_FULLSCRAPE
 
+# Is enabled on BSD systems by default in trackerlogic.h
+# on Linux systems you will need -lbds
+#FEATURES+=-DWANT_ARC4RANDOM
+
 #FEATURES+=-D_DEBUG_HTTPERROR
 
 OPTS_debug=-D_DEBUG -g -ggdb # -pg -fprofile-arcs -ftest-coverage
@@ -46,6 +50,7 @@ OPTS_production=-O3
 
 CFLAGS+=-I$(LIBOWFAT_HEADERS) -Wall -pipe -Wextra #-ansi -pedantic
 LDFLAGS+=-L$(LIBOWFAT_LIBRARY) -lowfat -pthread -lpthread -lz
+#LDFLAGS+=-lbsd
 
 BINARY =opentracker
 HEADERS=trackerlogic.h scan_urlencoded_query.h ot_mutex.h ot_stats.h ot_vector.h ot_clean.h ot_udp.h ot_iovec.h ot_fullscrape.h ot_accesslist.h ot_http.h ot_livesync.h ot_rijndael.h

diff --git a/opentracker.c b/opentracker.c
index d2c0635589b4a839fb0ceb1acdfb20d7ce86a586..1c729cf5f6b8b5fb130dc40efa887f2329027c7d 100644 (file)
--- a/opentracker.c
+++ b/opentracker.c
@@ -256,11 +256,17 @@ static void * server_mainloop( void * args ) {
 #ifdef _DEBUG_HTTPERROR
   ws.debugbuf= malloc( G_DEBUGBUF_SIZE );
 #endif
+
   if( !ws.inbuf || !ws.outbuf )
     panic( "Initializing worker failed" );
+
+#ifdef WANT_ARC4RANDOM
+  arc4random_buf(&ws.rand48_state[0], 3 * sizeof(uint16_t));
+#else
   ws.rand48_state[0] = (uint16_t)random();
   ws.rand48_state[1] = (uint16_t)random();
   ws.rand48_state[2] = (uint16_t)random();
+#endif
 
   for( ; ; ) {
     int64 sock;

diff --git a/ot_udp.c b/ot_udp.c
index 3bf311cd4daeaf30548ea66bfada616e9bfd0c0b..6b455f3a342eaa2650e7299a414e76a31ddf59b4 100644 (file)
--- a/ot_udp.c
+++ b/ot_udp.c
@@ -29,13 +29,21 @@ static ot_time  g_hour_of_the_key;
 
 static void udp_generate_rijndael_round_key() {
   uint32_t key[16];
+#ifdef WANT_ARC4RANDOM
+  arc4random_buf(&key[0], sizeof(key));
+#else
   key[0] = random();
   key[1] = random();
   key[2] = random();
   key[3] = random();
+#endif
   rijndaelKeySetupEnc128( g_rijndael_round_key, (uint8_t*)key );
 
+#ifdef WANT_ARC4RANDOM
+  g_key_of_the_hour[0] = arc4random();
+#else
   g_key_of_the_hour[0] = random();
+#endif
   g_hour_of_the_key = g_now_minutes;
 }
 
@@ -46,7 +54,11 @@ static void udp_make_connectionid( uint32_t connid[2], const ot_ip6 remoteip, in
   if( g_now_minutes + 60 > g_hour_of_the_key ) {
     g_hour_of_the_key = g_now_minutes;
     g_key_of_the_hour[1] = g_key_of_the_hour[0];
-    g_key_of_the_hour[0] = random();
+#ifdef WANT_ARC4RANDOM
+  g_key_of_the_hour[0] = arc4random();
+#else
+  g_key_of_the_hour[0] = random();
+#endif
   }
 
   memcpy( plain, remoteip, sizeof( plain ) );

diff --git a/proxy.c b/proxy.c
index 1f09777b8904f731eeee769545c2b6bee3cb3fd9..640958a071af3fdb46146fbbe01e79432ed6acd0 100644 (file)
--- a/proxy.c
+++ b/proxy.c
@@ -553,7 +553,11 @@ int main( int argc, char **argv ) {
   int scanon = 1, lbound = 0, sbound = 0;
 
   srandom( time(NULL) );
+#ifdef WANT_ARC4RANDOM
+  g_tracker_id = arc4random();
+#else
   g_tracker_id = random();
+#endif
   noipv6=1;
 
   while( scanon ) {

diff --git a/trackerlogic.h b/trackerlogic.h
index 33dccbe3fe64118ab01bdeeccbe2ac88cf8c30e3..87b913867c2db606ddda152cafec8ca787eed03a 100644 (file)
--- a/trackerlogic.h
+++ b/trackerlogic.h
@@ -12,6 +12,13 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#if defined(__linux__) && defined(WANT_ARC4RANDOM)
+#include <bsd/stdlib.h>
+#endif
+#ifdef __FreeBSD__
+#define WANT_ARC4RANDOM
+#endif
+
 typedef uint8_t ot_hash[20];
 typedef time_t  ot_time;
 typedef char    ot_ip6[16];