From 6cd89d5e9f24278ffafd39d65701213a47a99d8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= Date: Fri, 12 Oct 2018 11:59:33 +0000 Subject: [PATCH] Use non-cryptographically-secure PRNG to generate a nonce for cookies. Rationale: the nonce here is only used to make sure there is a low probability of duplication, according to section B.2 of RFC7873. It is only 32-bit, and even if an attacker knows the algorithm used to generate nonces it won't, in any way, give him any platform to attack the server as long as server secret used to sign the (nonce, time) pair with HMAC-SHA1 is secure. On the other hand, currently, each packet sent requires (unnecessarily) a CS pseudo-random number which is ineffective. --- CHANGES | 3 +++ lib/ns/client.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 892a2107a0..27bf2ce4de 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5062. [func] Use non-crypto-secure PRNG to generate nonces for + cookies [GL !887] + 5061. [protocol] Add support for EID and NIMLOC. [GL #626] 5060. [bug] GID, UID and UINFO could not be loaded using unknown diff --git a/lib/ns/client.c b/lib/ns/client.c index 32c8ddfe22..7b789047e6 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -1656,7 +1656,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message, isc_buffer_init(&buf, cookie, sizeof(cookie)); isc_stdtime_get(&now); - isc_nonce_buf(&nonce, sizeof(nonce)); + isc_random_buf(&nonce, sizeof(nonce)); compute_cookie(client, now, nonce, client->sctx->secret, &buf);