[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [tor/master 3/5] Add wrappers function for libc random()
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon, 29 Nov 2010 15:53:33 -0500
Subject: Add wrappers function for libc random()
Commit: 89e97bdf940d6c063fc9860306395c500d1c7027
On windows, it's called something different.
---
src/common/compat.c | 24 ++++++++++++++++++++++++
src/common/compat.h | 5 +++++
src/common/crypto.c | 10 ++++++++++
src/or/relay.c | 2 +-
4 files changed, 40 insertions(+), 1 deletions(-)
diff --git a/src/common/compat.c b/src/common/compat.c
index 20394b4..4d556a8 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1679,6 +1679,30 @@ tor_lookup_hostname(const char *name, uint32_t *addr)
return -1;
}
+/** Initialize the insecure libc RNG. */
+void
+tor_init_weak_random(unsigned seed)
+{
+#ifdef MS_WINDOWS
+ srand(seed);
+#else
+ srandom(seed);
+#endif
+}
+
+/** Return a randomly chosen value in the range 0..TOR_RAND_MAX. This
+ * entropy will not be cryptographically strong; do not rely on it
+ * for anything an adversary should not be able to predict. */
+long
+tor_weak_random(void)
+{
+#ifdef MS_WINDOWS
+ return rand();
+#else
+ return random();
+#endif
+}
+
/** Hold the result of our call to <b>uname</b>. */
static char uname_result[256];
/** True iff uname_result is set. */
diff --git a/src/common/compat.h b/src/common/compat.h
index 7d59501..449bf74 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -480,6 +480,11 @@ typedef enum {
SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED = 0x08,
} socks5_reply_status_t;
+/* ===== Insecure rng */
+void tor_init_weak_random(unsigned seed);
+long tor_weak_random(void);
+#define TOR_RAND_MAX (RAND_MAX)
+
/* ===== OS compatibility */
const char *get_uname(void);
diff --git a/src/common/crypto.c b/src/common/crypto.c
index b49547f..81a432d 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1935,6 +1935,14 @@ crypto_dh_free(crypto_dh_env_t *dh)
OPENSSL_VERSION_NUMBER <= 0x00907fffl) || \
(OPENSSL_VERSION_NUMBER >= 0x0090803fl))
+static void
+seed_weak_rng(void)
+{
+ unsigned seed;
+ crypto_rand((void*)&seed, sizeof(seed));
+ tor_init_weak_random(seed);
+}
+
/** Seed OpenSSL's random number generator with bytes from the operating
* system. <b>startup</b> should be true iff we have just started Tor and
* have not yet allocated a bunch of fds. Return 0 on success, -1 on failure.
@@ -1985,6 +1993,7 @@ crypto_seed_rng(int startup)
}
RAND_seed(buf, sizeof(buf));
memset(buf, 0, sizeof(buf));
+ seed_weak_rng();
return 0;
#else
for (i = 0; filenames[i]; ++i) {
@@ -2001,6 +2010,7 @@ crypto_seed_rng(int startup)
}
RAND_seed(buf, (int)sizeof(buf));
memset(buf, 0, sizeof(buf));
+ seed_weak_rng();
return 0;
}
diff --git a/src/or/relay.c b/src/or/relay.c
index 8a4edb9..c64afe2 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1517,7 +1517,7 @@ circuit_resume_edge_reading_helper(edge_connection_t *first_conn,
* don't need cryptographic randomness here. */
for (conn = first_conn; conn; conn = conn->next_stream) {
num_streams++;
- if ((random() % num_streams)==0)
+ if ((tor_weak_random() % num_streams)==0)
chosen_stream = conn;
/* Invariant: chosen_stream has been chosen uniformly at random from among
* the first num_streams streams on first_conn. */
--
1.7.1