Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet Replace kooky sctp random number generation by c...
details: https://anonhg.NetBSD.org/src/rev/18791bc9009d
branches: trunk
changeset: 1006585:18791bc9009d
user: riastradh <riastradh%NetBSD.org@localhost>
date: Sun Jan 19 20:51:13 2020 +0000
description:
Replace kooky sctp random number generation by cprng_strong32().
diffstat:
sys/netinet/sctp_pcb.c | 27 ++-------------------------
sys/netinet/sctp_pcb.h | 12 +++---------
sys/netinet/sctputil.c | 49 ++++---------------------------------------------
sys/netinet/sctputil.h | 4 +---
4 files changed, 10 insertions(+), 82 deletions(-)
diffs (197 lines):
diff -r 488e85a7cfe8 -r 18791bc9009d sys/netinet/sctp_pcb.c
--- a/sys/netinet/sctp_pcb.c Sun Jan 19 20:41:17 2020 +0000
+++ b/sys/netinet/sctp_pcb.c Sun Jan 19 20:51:13 2020 +0000
@@ -1,5 +1,5 @@
/* $KAME: sctp_pcb.c,v 1.39 2005/06/16 18:29:25 jinmei Exp $ */
-/* $NetBSD: sctp_pcb.c,v 1.19 2019/12/26 04:44:10 msaitoh Exp $ */
+/* $NetBSD: sctp_pcb.c,v 1.20 2020/01/19 20:51:13 riastradh Exp $ */
/*
* Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
@@ -33,7 +33,7 @@
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.19 2019/12/26 04:44:10 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sctp_pcb.c,v 1.20 2020/01/19 20:51:13 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1465,29 +1465,6 @@
/* Add adaption cookie */
m->adaption_layer_indicator = 0x504C5253;
- /* seed random number generator */
- m->random_counter = 1;
- m->store_at = SCTP_SIGNATURE_SIZE;
-#if NRND > 0
- rnd_extract_data(m->random_numbers, sizeof(m->random_numbers),
- RND_EXTRACT_ANY);
-#else
- {
- u_int32_t *ranm, *ranp;
- ranp = (u_int32_t *)&m->random_numbers;
- ranm = ranp + (SCTP_SIGNATURE_ALOC_SIZE/sizeof(u_int32_t));
- if ((u_long)ranp % 4) {
- /* not a even boundary? */
- ranp = (u_int32_t *)SCTP_SIZE32((u_long)ranp);
- }
- while (ranp < ranm) {
- *ranp = random();
- ranp++;
- }
- }
-#endif
- sctp_fill_random_store(m);
-
/* Minimum cookie size */
m->size_of_a_cookie = (sizeof(struct sctp_init_msg) * 2) +
sizeof(struct sctp_state_cookie);
diff -r 488e85a7cfe8 -r 18791bc9009d sys/netinet/sctp_pcb.h
--- a/sys/netinet/sctp_pcb.h Sun Jan 19 20:41:17 2020 +0000
+++ b/sys/netinet/sctp_pcb.h Sun Jan 19 20:51:13 2020 +0000
@@ -1,5 +1,5 @@
/* $KAME: sctp_pcb.h,v 1.21 2005/07/16 01:18:47 suz Exp $ */
-/* $NetBSD: sctp_pcb.h,v 1.2 2019/06/08 23:23:34 rjs Exp $ */
+/* $NetBSD: sctp_pcb.h,v 1.3 2020/01/19 20:51:13 riastradh Exp $ */
#ifndef __SCTP_PCB_H__
#define __SCTP_PCB_H__
@@ -250,11 +250,6 @@
uint16_t pre_open_stream_count;
uint16_t max_open_streams_intome;
- /* random number generator */
- uint32_t random_counter;
- uint8_t random_numbers[SCTP_SIGNATURE_ALOC_SIZE];
- uint8_t random_store[SCTP_SIGNATURE_ALOC_SIZE];
-
/*
* This timer is kept running per endpoint. When it fires it
* will change the secret key. The default is once a hour
@@ -265,7 +260,6 @@
int auto_close_time;
uint32_t initial_sequence_debug;
uint32_t adaption_layer_indicator;
- char store_at;
uint8_t max_burst;
char current_secret_number;
char last_secret_number;
@@ -447,7 +441,7 @@
/* The INP locks we will use for locking an SCTP endpoint, so for
* example if we want to change something at the endpoint level for
- * example random_store or cookie secrets we lock the INP level.
+ * example cookie secrets we lock the INP level.
*/
#define SCTP_INP_LOCK_INIT(_inp) \
mtx_init(&(_inp)->inp_mtx, "sctp", "inp", MTX_DEF | MTX_DUPOK)
@@ -556,7 +550,7 @@
/* The INP locks we will use for locking an SCTP endpoint, so for
* example if we want to change something at the endpoint level for
- * example random_store or cookie secrets we lock the INP level.
+ * example cookie secrets we lock the INP level.
*/
#define SCTP_INP_LOCK_INIT(_inp) \
mutex_init(&(_inp)->inp_mtx, MUTEX_DEFAULT, IPL_NET)
diff -r 488e85a7cfe8 -r 18791bc9009d sys/netinet/sctputil.c
--- a/sys/netinet/sctputil.c Sun Jan 19 20:41:17 2020 +0000
+++ b/sys/netinet/sctputil.c Sun Jan 19 20:51:13 2020 +0000
@@ -1,5 +1,5 @@
/* $KAME: sctputil.c,v 1.39 2005/06/16 20:54:06 jinmei Exp $ */
-/* $NetBSD: sctputil.c,v 1.15 2019/08/13 19:55:40 rjs Exp $ */
+/* $NetBSD: sctputil.c,v 1.16 2020/01/19 20:51:13 riastradh Exp $ */
/*
* Copyright (c) 2001, 2002, 2003, 2004 Cisco Systems, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sctputil.c,v 1.15 2019/08/13 19:55:40 rjs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sctputil.c,v 1.16 2020/01/19 20:51:13 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -54,6 +54,7 @@
#include <sys/proc.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
+#include <sys/cprng.h>
#include <sys/callout.h>
@@ -614,52 +615,10 @@
return (sctp_mtu_sizes[perfer]);
}
-void
-sctp_fill_random_store(struct sctp_pcb *m)
-{
- /*
- * Here we use the MD5/SHA-1 to hash with our good randomNumbers
- * and our counter. The result becomes our good random numbers and
- * we then setup to give these out. Note that we do no lockig
- * to protect this. This is ok, since if competing folks call
- * this we will get more gobbled gook in the random store whic
- * is what we want. There is a danger that two guys will use
- * the same random numbers, but thats ok too since that
- * is random as well :->
- */
- m->store_at = 0;
- sctp_hash_digest((char *)m->random_numbers, sizeof(m->random_numbers),
- (char *)&m->random_counter, sizeof(m->random_counter),
- (char *)m->random_store);
- m->random_counter++;
-}
-
uint32_t
sctp_select_initial_TSN(struct sctp_pcb *m)
{
- /*
- * A true implementation should use random selection process to
- * get the initial stream sequence number, using RFC1750 as a
- * good guideline
- */
- u_long x, *xp;
- uint8_t *p;
-
- if (m->initial_sequence_debug != 0) {
- u_int32_t ret;
- ret = m->initial_sequence_debug;
- m->initial_sequence_debug++;
- return (ret);
- }
- if ((m->store_at+sizeof(u_long)) > SCTP_SIGNATURE_SIZE) {
- /* Refill the random store */
- sctp_fill_random_store(m);
- }
- p = &m->random_store[(int)m->store_at];
- xp = (u_long *)p;
- x = *xp;
- m->store_at += sizeof(u_long);
- return (x);
+ return cprng_strong32();
}
u_int32_t sctp_select_a_tag(struct sctp_inpcb *m)
diff -r 488e85a7cfe8 -r 18791bc9009d sys/netinet/sctputil.h
--- a/sys/netinet/sctputil.h Sun Jan 19 20:41:17 2020 +0000
+++ b/sys/netinet/sctputil.h Sun Jan 19 20:51:13 2020 +0000
@@ -1,5 +1,5 @@
/* $KAME: sctputil.h,v 1.15 2005/03/06 16:04:19 itojun Exp $ */
-/* $NetBSD: sctputil.h,v 1.2 2016/05/22 23:04:27 rjs Exp $ */
+/* $NetBSD: sctputil.h,v 1.3 2020/01/19 20:51:13 riastradh Exp $ */
#ifndef __SCTPUTIL_H__
#define __SCTPUTIL_H__
@@ -141,8 +141,6 @@
int sctp_init_asoc(struct sctp_inpcb *, struct sctp_association *, int, uint32_t);
-void sctp_fill_random_store(struct sctp_pcb *);
-
int sctp_timer_start(int, struct sctp_inpcb *, struct sctp_tcb *,
struct sctp_nets *);
Home |
Main Index |
Thread Index |
Old Index