121 lines
3.4 KiB
Diff
121 lines
3.4 KiB
Diff
From c7d94eb33a2de5a0f3fdcb4eae7ffdee711cc3e1 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
|
|
Date: Tue, 19 Aug 2025 19:22:18 +0200
|
|
Subject: [PATCH] Use cryptographically-secure pseudo-random generator
|
|
everywhere
|
|
|
|
It was discovered in an upcoming academic paper that a xoshiro128**
|
|
internal state can be recovered by an external 3rd party allowing to
|
|
predict UDP ports and DNS IDs in the outgoing queries. This could lead
|
|
to an attacker spoofing the DNS answers with great efficiency and
|
|
poisoning the DNS cache.
|
|
|
|
Change the internal random generator to system CSPRNG with buffering to
|
|
avoid excessive syscalls.
|
|
|
|
Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
|
|
for responsibly reporting this to us. Very cool research!
|
|
|
|
(cherry picked from commit cffcab9d5f3e709002f331b72498fcc229786ae2)
|
|
(cherry picked from commit 8330b49fb90bfeae14b47b7983e9459cc2bbaffe)
|
|
---
|
|
lib/isc/include/isc/random.h | 2 +-
|
|
lib/isc/random.c | 14 +++++++-------
|
|
tests/isc/random_test.c | 4 +++-
|
|
3 files changed, 11 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
|
|
index 1e30d0c..fd55343 100644
|
|
--- a/lib/isc/include/isc/random.h
|
|
+++ b/lib/isc/include/isc/random.h
|
|
@@ -20,7 +20,7 @@
|
|
#include <isc/types.h>
|
|
|
|
/*! \file isc/random.h
|
|
- * \brief Implements wrapper around a non-cryptographically secure
|
|
+ * \brief Implements wrapper around a cryptographically secure
|
|
* pseudo-random number generator.
|
|
*
|
|
*/
|
|
diff --git a/lib/isc/random.c b/lib/isc/random.c
|
|
index 7eead66..fb04669 100644
|
|
--- a/lib/isc/random.c
|
|
+++ b/lib/isc/random.c
|
|
@@ -85,7 +85,7 @@ static thread_local uint32_t seed[4] = { 0 };
|
|
|
|
static uint32_t
|
|
rotl(const uint32_t x, int k) {
|
|
- return ((x << k) | (x >> (32 - k)));
|
|
+ return (x << k) | (x >> (32 - k));
|
|
}
|
|
|
|
static uint32_t
|
|
@@ -104,7 +104,7 @@ next(void) {
|
|
|
|
seed[3] = rotl(seed[3], 11);
|
|
|
|
- return (result_starstar);
|
|
+ return result_starstar;
|
|
}
|
|
|
|
static thread_local isc_once_t isc_random_once = ISC_ONCE_INIT;
|
|
@@ -128,21 +128,21 @@ uint8_t
|
|
isc_random8(void) {
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
|
|
ISC_R_SUCCESS);
|
|
- return (next() & 0xff);
|
|
+ return next() & 0xff;
|
|
}
|
|
|
|
uint16_t
|
|
isc_random16(void) {
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
|
|
ISC_R_SUCCESS);
|
|
- return (next() & 0xffff);
|
|
+ return next() & 0xffff;
|
|
}
|
|
|
|
uint32_t
|
|
isc_random32(void) {
|
|
RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
|
|
ISC_R_SUCCESS);
|
|
- return (next());
|
|
+ return next();
|
|
}
|
|
|
|
void
|
|
@@ -174,7 +174,7 @@ isc_random_uniform(uint32_t upper_bound) {
|
|
ISC_R_SUCCESS);
|
|
|
|
if (upper_bound < 2) {
|
|
- return (0);
|
|
+ return 0;
|
|
}
|
|
|
|
#if (ULONG_MAX > 0xffffffffUL)
|
|
@@ -202,5 +202,5 @@ isc_random_uniform(uint32_t upper_bound) {
|
|
}
|
|
}
|
|
|
|
- return (r % upper_bound);
|
|
+ return r % upper_bound;
|
|
}
|
|
diff --git a/tests/isc/random_test.c b/tests/isc/random_test.c
|
|
index 1935846..0016252 100644
|
|
--- a/tests/isc/random_test.c
|
|
+++ b/tests/isc/random_test.c
|
|
@@ -321,7 +321,9 @@ random_test(pvalue_func_t *func, isc_random_func test_func) {
|
|
}
|
|
break;
|
|
case ISC_RANDOM_BYTES:
|
|
- isc_random_buf(values, sizeof(values));
|
|
+ for (i = 0; i < ARRAY_SIZE(values); i++) {
|
|
+ values[i] = isc_random32();
|
|
+ }
|
|
break;
|
|
case ISC_RANDOM_UNIFORM:
|
|
uniform_values = (uint16_t *)values;
|
|
--
|
|
2.51.1
|
|
|