Loading changes/bug7801 0 → 100644 +13 −0 Original line number Diff line number Diff line o Minor bugfixes: - When choosing which stream on a formerly stalled circuit to wake first, make better use of the platform's weak RNG. Previously, we had been using the % ("modulo") operator to try to generate a 1/N chance of picking each stream, but this behaves badly with many platforms' choice of weak RNG. Fix for bug 7801; bugfix on 0.2.2.20-alpha. - Use our own weak RNG when we need a weak RNG. Windows's rand() and Irix's random() only return 15 bits; Solaris's random() returns more bits but its RAND_MAX says it only returns 15, and so on. Fixes another aspect of bug 7801; bugfix on 0.2.2.20-alpha. src/common/compat.c +0 −24 Original line number Diff line number Diff line Loading @@ -2059,30 +2059,6 @@ tor_lookup_hostname(const char *name, uint32_t *addr) return -1; } /** Initialize the insecure libc RNG. */ void tor_init_weak_random(unsigned seed) { #ifdef _WIN32 srand(seed); #else srandom(seed); #endif } /** Return a randomly chosen value in the range 0..TOR_RAND_MAX. This * entropy will not be cryptographically strong; do not rely on it * for anything an adversary should not be able to predict. */ long tor_weak_random(void) { #ifdef _WIN32 return rand(); #else return random(); #endif } /** Hold the result of our call to <b>uname</b>. */ static char uname_result[256]; /** True iff uname_result is set. */ Loading src/common/compat.h +0 −5 Original line number Diff line number Diff line Loading @@ -581,11 +581,6 @@ typedef enum { SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED = 0x08, } socks5_reply_status_t; /* ===== Insecure rng */ void tor_init_weak_random(unsigned seed); long tor_weak_random(void); #define TOR_RAND_MAX (RAND_MAX) /* ===== OS compatibility */ const char *get_uname(void); Loading src/common/crypto.c +4 −4 Original line number Diff line number Diff line Loading @@ -2337,12 +2337,12 @@ crypto_dh_free(crypto_dh_t *dh) (OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c')) /** Set the seed of the weak RNG to a random value. */ static void seed_weak_rng(void) void crypto_seed_weak_rng(tor_weak_rng_t *rng) { unsigned seed; crypto_rand((void*)&seed, sizeof(seed)); tor_init_weak_random(seed); tor_init_weak_random(rng, seed); } /** Try to get <b>out_len</b> bytes of the strongest entropy we can generate, Loading Loading @@ -2426,7 +2426,7 @@ crypto_seed_rng(int startup) } memwipe(buf, 0, sizeof(buf)); seed_weak_rng(); if (rand_poll_ok || load_entropy_ok) return 0; else Loading src/common/crypto.h +2 −0 Original line number Diff line number Diff line Loading @@ -256,6 +256,8 @@ int crypto_strongest_rand(uint8_t *out, size_t out_len); int crypto_rand_int(unsigned int max); uint64_t crypto_rand_uint64(uint64_t max); double crypto_rand_double(void); struct tor_weak_rng_t; void crypto_seed_weak_rng(struct tor_weak_rng_t *rng); char *crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, const char *suffix); Loading Loading
changes/bug7801 0 → 100644 +13 −0 Original line number Diff line number Diff line o Minor bugfixes: - When choosing which stream on a formerly stalled circuit to wake first, make better use of the platform's weak RNG. Previously, we had been using the % ("modulo") operator to try to generate a 1/N chance of picking each stream, but this behaves badly with many platforms' choice of weak RNG. Fix for bug 7801; bugfix on 0.2.2.20-alpha. - Use our own weak RNG when we need a weak RNG. Windows's rand() and Irix's random() only return 15 bits; Solaris's random() returns more bits but its RAND_MAX says it only returns 15, and so on. Fixes another aspect of bug 7801; bugfix on 0.2.2.20-alpha.
src/common/compat.c +0 −24 Original line number Diff line number Diff line Loading @@ -2059,30 +2059,6 @@ tor_lookup_hostname(const char *name, uint32_t *addr) return -1; } /** Initialize the insecure libc RNG. */ void tor_init_weak_random(unsigned seed) { #ifdef _WIN32 srand(seed); #else srandom(seed); #endif } /** Return a randomly chosen value in the range 0..TOR_RAND_MAX. This * entropy will not be cryptographically strong; do not rely on it * for anything an adversary should not be able to predict. */ long tor_weak_random(void) { #ifdef _WIN32 return rand(); #else return random(); #endif } /** Hold the result of our call to <b>uname</b>. */ static char uname_result[256]; /** True iff uname_result is set. */ Loading
src/common/compat.h +0 −5 Original line number Diff line number Diff line Loading @@ -581,11 +581,6 @@ typedef enum { SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED = 0x08, } socks5_reply_status_t; /* ===== Insecure rng */ void tor_init_weak_random(unsigned seed); long tor_weak_random(void); #define TOR_RAND_MAX (RAND_MAX) /* ===== OS compatibility */ const char *get_uname(void); Loading
src/common/crypto.c +4 −4 Original line number Diff line number Diff line Loading @@ -2337,12 +2337,12 @@ crypto_dh_free(crypto_dh_t *dh) (OPENSSL_VERSION_NUMBER >= OPENSSL_V(0,9,8,'c')) /** Set the seed of the weak RNG to a random value. */ static void seed_weak_rng(void) void crypto_seed_weak_rng(tor_weak_rng_t *rng) { unsigned seed; crypto_rand((void*)&seed, sizeof(seed)); tor_init_weak_random(seed); tor_init_weak_random(rng, seed); } /** Try to get <b>out_len</b> bytes of the strongest entropy we can generate, Loading Loading @@ -2426,7 +2426,7 @@ crypto_seed_rng(int startup) } memwipe(buf, 0, sizeof(buf)); seed_weak_rng(); if (rand_poll_ok || load_entropy_ok) return 0; else Loading
src/common/crypto.h +2 −0 Original line number Diff line number Diff line Loading @@ -256,6 +256,8 @@ int crypto_strongest_rand(uint8_t *out, size_t out_len); int crypto_rand_int(unsigned int max); uint64_t crypto_rand_uint64(uint64_t max); double crypto_rand_double(void); struct tor_weak_rng_t; void crypto_seed_weak_rng(struct tor_weak_rng_t *rng); char *crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, const char *suffix); Loading
