Browse Source

[core] remove srv->entropy[]

unlikely to provide any real additional benefit as long as
PRNG has been appropriately initialized with random data
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
544ccee5e1
  1. 2
      src/base.h
  2. 7
      src/mod_auth.c
  3. 2
      src/mod_usertrack.c
  4. 1
      src/server.c

2
src/base.h

@ -642,8 +642,6 @@ typedef struct server {
time_t last_generated_debug_ts;
time_t startup_ts;
char entropy[8]; /* from /dev/[u]random if possible, otherwise rand() */
buffer *ts_debug_str;
buffer *ts_date_str;

7
src/mod_auth.c

@ -809,18 +809,11 @@ static handler_t mod_auth_send_401_unauthorized_digest(server *srv, connection *
/* generate nonce */
/* using unknown contents of srv->tmp_buf (modified elsewhere)
* adds dubious amount of randomness. Remove use of srv->tmp_buf in nonce? */
/* generate shared-secret */
li_MD5_Init(&Md5Ctx);
li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(srv->tmp_buf)); /*(dubious randomness)*/
li_MD5_Update(&Md5Ctx, CONST_STR_LEN("+"));
/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
li_itostrn(hh, sizeof(hh), srv->cur_ts);
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
li_itostrn(hh, sizeof(hh), li_rand_pseudo_bytes());
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));

2
src/mod_usertrack.c

@ -227,10 +227,8 @@ URIHANDLER_FUNC(mod_usertrack_uri_handler) {
li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(con->uri.path));
li_MD5_Update(&Md5Ctx, CONST_STR_LEN("+"));
/* we assume sizeof(time_t) == 4 here, but if not it ain't a problem at all */
li_itostrn(hh, sizeof(hh), srv->cur_ts);
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));
li_MD5_Update(&Md5Ctx, (unsigned char *)srv->entropy, sizeof(srv->entropy));
li_itostrn(hh, sizeof(hh), li_rand_pseudo_bytes());
li_MD5_Update(&Md5Ctx, (unsigned char *)hh, strlen(hh));

1
src/server.c

@ -244,7 +244,6 @@ static server *server_init(void) {
}
li_rand_reseed();
li_rand_bytes((unsigned char *)srv->entropy, (int)sizeof(srv->entropy));
srv->cur_ts = time(NULL);
srv->startup_ts = srv->cur_ts;

Loading…
Cancel
Save