tags 815442 + security
retitle 815442 stun: seeds RNG from TSC clock?
thanks
Hi,
Andreas Beckmann wrote:
> stun FTBFS on kfreebsd-amd64 (but it built there previously and it
> also builds on kfreebsd-i386):
> [...]
> stun.cxx:681:7: error: #error Need some way to seed the random number generator
> # error Need some way to seed the random number generator
> ^
And normally it seeds from what!?
661 #if defined(WIN32)
[...]
672 #elif defined(__GNUC__) && ( defined(__i686__) || defined(__i386__)
)
673 asm("rdtsc" : "=A" (tick));
[...]
676 #elif defined(__MACH__) || defined(__linux)
677 int fd=open("/dev/random",O_RDONLY);
the TSC clock!? *omg* Is that really a good entropy source? And even
using it in *preference* to /dev/random (on linux-i386)?
I would have filed a simple patch to fix the build on kfreebsd-amd64,
but it seems there are bigger problems. What is this RNG used for? Not
for the actual crypto I hope?
678 read(fd,&tick,sizeof(tick));
679 closesocket(fd);
does not even check that it could open /dev/random or that it has really
read anything. Will fail silently and seed with 0x0000000000000000, if
in a misconfigured chroot /dev/random is missing, or if there are too
many open fds for example. Maybe it could also read fewer than 64 bits.
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Attachment:
signature.asc
Description: Digital signature