Replace kooky sctp random number generation by cprng_strong32().
This commit is contained in:
riastradh
parent
08a157de6e
commit
a2f9ec556c
@ -1,5 +1,5 @@
|
||||
/* $KAME: sctp_pcb.c,v 1.39 2005/06/16 18:29:25 jinmei Exp $ */
|
||||
/* $NetBSD: sctp_pcb.c,v 1.19 2019/12/26 04:44:10 msaitoh Exp $ */
|
||||
/* $NetBSD: sctp_pcb.c,v 1.20 2020/01/19 20:51:13 riastradh Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
|
||||
@ -33,7 +33,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.19 2019/12/26 04:44:10 msaitoh Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.20 2020/01/19 20:51:13 riastradh Exp $");
|
||||
|
||||
#ifdef _KERNEL_OPT
|
||||
#include "opt_inet.h"
|
||||
@ -1465,29 +1465,6 @@ sctp_inpcb_alloc(struct socket *so)
|
||||
/* Add adaption cookie */
|
||||
m->adaption_layer_indicator = 0x504C5253;
|
||||
|
||||
/* seed random number generator */
|
||||
m->random_counter = 1;
|
||||
m->store_at = SCTP_SIGNATURE_SIZE;
|
||||
#if NRND > 0
|
||||
rnd_extract_data(m->random_numbers, sizeof(m->random_numbers),
|
||||
RND_EXTRACT_ANY);
|
||||
#else
|
||||
{
|
||||
u_int32_t *ranm, *ranp;
|
||||
ranp = (u_int32_t *)&m->random_numbers;
|
||||
ranm = ranp + (SCTP_SIGNATURE_ALOC_SIZE/sizeof(u_int32_t));
|
||||
if ((u_long)ranp % 4) {
|
||||
/* not a even boundary? */
|
||||
ranp = (u_int32_t *)SCTP_SIZE32((u_long)ranp);
|
||||
}
|
||||
while (ranp < ranm) {
|
||||
*ranp = random();
|
||||
ranp++;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
sctp_fill_random_store(m);
|
||||
|
||||
/* Minimum cookie size */
|
||||
m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
|
||||
sizeof(struct sctp_state_cookie);
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/* $KAME: sctp_pcb.h,v 1.21 2005/07/16 01:18:47 suz Exp $ */
|
||||
/* $NetBSD: sctp_pcb.h,v 1.2 2019/06/08 23:23:34 rjs Exp $ */
|
||||
/* $NetBSD: sctp_pcb.h,v 1.3 2020/01/19 20:51:13 riastradh Exp $ */
|
||||
|
||||
#ifndef __SCTP_PCB_H__
|
||||
#define __SCTP_PCB_H__
|
||||
@ -250,11 +250,6 @@ struct sctp_pcb {
|
||||
uint16_t pre_open_stream_count;
|
||||
uint16_t max_open_streams_intome;
|
||||
|
||||
/* random number generator */
|
||||
uint32_t random_counter;
|
||||
uint8_t random_numbers[SCTP_SIGNATURE_ALOC_SIZE];
|
||||
uint8_t random_store[SCTP_SIGNATURE_ALOC_SIZE];
|
||||
|
||||
/*
|
||||
* This timer is kept running per endpoint. When it fires it
|
||||
* will change the secret key. The default is once a hour
|
||||
@ -265,7 +260,6 @@ struct sctp_pcb {
|
||||
int auto_close_time;
|
||||
uint32_t initial_sequence_debug;
|
||||
uint32_t adaption_layer_indicator;
|
||||
char store_at;
|
||||
uint8_t max_burst;
|
||||
char current_secret_number;
|
||||
char last_secret_number;
|
||||
@ -447,7 +441,7 @@ void SCTP_INP_INFO_WLOCK(void);
|
||||
|
||||
/* The INP locks we will use for locking an SCTP endpoint, so for
|
||||
* example if we want to change something at the endpoint level for
|
||||
* example random_store or cookie secrets we lock the INP level.
|
||||
* example cookie secrets we lock the INP level.
|
||||
*/
|
||||
#define SCTP_INP_LOCK_INIT(_inp) \
|
||||
mtx_init(&(_inp)->inp_mtx, "sctp", "inp", MTX_DEF | MTX_DUPOK)
|
||||
@ -556,7 +550,7 @@ void SCTP_INP_WLOCK(struct sctp_inpcb *);
|
||||
|
||||
/* The INP locks we will use for locking an SCTP endpoint, so for
|
||||
* example if we want to change something at the endpoint level for
|
||||
* example random_store or cookie secrets we lock the INP level.
|
||||
* example cookie secrets we lock the INP level.
|
||||
*/
|
||||
#define SCTP_INP_LOCK_INIT(_inp) \
|
||||
mutex_init(&(_inp)->inp_mtx, MUTEX_DEFAULT, IPL_NET)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/* $KAME: sctputil.c,v 1.39 2005/06/16 20:54:06 jinmei Exp $ */
|
||||
/* $NetBSD: sctputil.c,v 1.15 2019/08/13 19:55:40 rjs Exp $ */
|
||||
/* $NetBSD: sctputil.c,v 1.16 2020/01/19 20:51:13 riastradh Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
|
||||
@ -34,7 +34,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: sctputil.c,v 1.15 2019/08/13 19:55:40 rjs Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: sctputil.c,v 1.16 2020/01/19 20:51:13 riastradh Exp $");
|
||||
|
||||
#ifdef _KERNEL_OPT
|
||||
#include "opt_inet.h"
|
||||
@ -54,6 +54,7 @@ __KERNEL_RCSID(0, "$NetBSD: sctputil.c,v 1.15 2019/08/13 19:55:40 rjs Exp $");
|
||||
#include <sys/proc.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/cprng.h>
|
||||
|
||||
#include <sys/callout.h>
|
||||
|
||||
@ -614,52 +615,10 @@ find_next_best_mtu(int totsz)
|
||||
return (sctp_mtu_sizes[perfer]);
|
||||
}
|
||||
|
||||
void
|
||||
sctp_fill_random_store(struct sctp_pcb *m)
|
||||
{
|
||||
/*
|
||||
* Here we use the MD5/SHA-1 to hash with our good randomNumbers
|
||||
* and our counter. The result becomes our good random numbers and
|
||||
* we then setup to give these out. Note that we do no lockig
|
||||
* to protect this. This is ok, since if competing folks call
|
||||
* this we will get more gobbled gook in the random store whic
|
||||
* is what we want. There is a danger that two guys will use
|
||||
* the same random numbers, but thats ok too since that
|
||||
* is random as well :->
|
||||
*/
|
||||
m->store_at = 0;
|
||||
sctp_hash_digest((char *)m->random_numbers, sizeof(m->random_numbers),
|
||||
(char *)&m->random_counter, sizeof(m->random_counter),
|
||||
(char *)m->random_store);
|
||||
m->random_counter++;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
sctp_select_initial_TSN(struct sctp_pcb *m)
|
||||
{
|
||||
/*
|
||||
* A true implementation should use random selection process to
|
||||
* get the initial stream sequence number, using RFC1750 as a
|
||||
* good guideline
|
||||
*/
|
||||
u_long x, *xp;
|
||||
uint8_t *p;
|
||||
|
||||
if (m->initial_sequence_debug != 0) {
|
||||
u_int32_t ret;
|
||||
ret = m->initial_sequence_debug;
|
||||
m->initial_sequence_debug++;
|
||||
return (ret);
|
||||
}
|
||||
if ((m->store_at+sizeof(u_long)) > SCTP_SIGNATURE_SIZE) {
|
||||
/* Refill the random store */
|
||||
sctp_fill_random_store(m);
|
||||
}
|
||||
p = &m->random_store[(int)m->store_at];
|
||||
xp = (u_long *)p;
|
||||
x = *xp;
|
||||
m->store_at += sizeof(u_long);
|
||||
return (x);
|
||||
return cprng_strong32();
|
||||
}
|
||||
|
||||
u_int32_t sctp_select_a_tag(struct sctp_inpcb *m)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/* $KAME: sctputil.h,v 1.15 2005/03/06 16:04:19 itojun Exp $ */
|
||||
/* $NetBSD: sctputil.h,v 1.2 2016/05/22 23:04:27 rjs Exp $ */
|
||||
/* $NetBSD: sctputil.h,v 1.3 2020/01/19 20:51:13 riastradh Exp $ */
|
||||
|
||||
#ifndef __SCTPUTIL_H__
|
||||
#define __SCTPUTIL_H__
|
||||
@ -141,8 +141,6 @@ u_int32_t sctp_select_a_tag(struct sctp_inpcb *);
|
||||
|
||||
int sctp_init_asoc(struct sctp_inpcb *, struct sctp_association *, int, uint32_t);
|
||||
|
||||
void sctp_fill_random_store(struct sctp_pcb *);
|
||||
|
||||
int sctp_timer_start(int, struct sctp_inpcb *, struct sctp_tcb *,
|
||||
struct sctp_nets *);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user