[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#815442: stun: seeds RNG from TSC clock? (was: FTBFS on kfreebsd-amd64: #error Need some way to seed the random number generator)

tags 815442 + security
retitle 815442 stun: seeds RNG from TSC clock?


Andreas Beckmann wrote:
> stun FTBFS on kfreebsd-amd64 (but it built there previously and it
> also builds on kfreebsd-i386):
> [...]
> stun.cxx:681:7: error: #error Need some way to seed the random number generator
>  #     error Need some way to seed the random number generator 
>        ^

And normally it seeds from what!?

 661 #if defined(WIN32) 
 672 #elif defined(__GNUC__) && ( defined(__i686__) || defined(__i386__)
 673       asm("rdtsc" : "=A" (tick));
 676 #elif defined(__MACH__)  || defined(__linux)
 677       int fd=open("/dev/random",O_RDONLY);

the TSC clock!?  *omg*  Is that really a good entropy source?  And even
using it in *preference* to /dev/random (on linux-i386)?

I would have filed a simple patch to fix the build on kfreebsd-amd64,
but it seems there are bigger problems.  What is this RNG used for?  Not
for the actual crypto I hope?

 678       read(fd,&tick,sizeof(tick));
 679       closesocket(fd);

does not even check that it could open /dev/random or that it has really
read anything.  Will fail silently and seed with 0x0000000000000000, if
in a misconfigured chroot /dev/random is missing, or if there are too
many open fds for example.  Maybe it could also read fewer than 64 bits.

Steven Chamberlain

Attachment: signature.asc
Description: Digital signature

Reply to: