Attachment 21429 Details for Bug 31440 – patch against httpd-2.2.8 to resolve weak PRNG seeding

[patch] patch against httpd-2.2.8 to resolve weak PRNG seeding

htpasswd-salt.diff (text/plain), 3.39 KB, created by Peter Watkins on 2008-01-25 10:10:34 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Peter Watkins

Created: 2008-01-25 10:10:34 UTC

Size: 3.39 KB

patch

obsolete

>--- ./support/htpasswd.c	2006/07/12 03:38:44	1.1
>+++ ./support/htpasswd.c	2008/01/25 18:07:07
>@@ -46,6 +46,8 @@
> #include "apr_general.h"
> #include "apr_signal.h"
> 
>+#include <math.h>
>+
> #if APR_HAVE_STDIO_H
> #include <stdio.h>
> #endif
>@@ -101,6 +103,7 @@
> 
> apr_file_t *errfile;
> apr_file_t *ftemp = NULL;
>+FILE *FP = NULL;
> 
> #define NL APR_EOL_STR
> 
>@@ -115,6 +118,66 @@
>     }
> }
> 
>+static void seed_prng()
>+{
>+    int randBits = 0;
>+    int seedInt = 0;
>+    int toAdd = 0;
>+    int intSize = (8*(int)sizeof(int));
>+    int charSize = (8*(int)sizeof(char));
>+    if ( (!FP) && getenv("RANDOM_SEED") ) 
>+    {
>+        /* use the device specified by the user */
>+        FP = fopen(getenv("RANDOM_SEED"), "r");
>+    } else if (!FP) {
>+        /* use /dev/urandom for better (less predictable) seeding if available */
>+        FP = fopen("/dev/urandom", "r");
>+    }
>+    if (FP) 
>+    {
>+        while ( randBits < intSize ) {
>+            /* how many bits to read (maximum == bytes in a char) */
>+            toAdd = (intSize - randBits) > charSize ? charSize : (intSize - randBits);
>+            /* we could watch the fgetc() call for EOF and warn the user,
>+               but the user should know better than to provide a small pool */
>+            seedInt += ((int)fgetc(FP) % (int)pow(2,toAdd)) * (int)pow(2,randBits);
>+            randBits += toAdd;
>+        }
>+        (void) srand(seedInt);
>+        /* deliberately leave FP open in case seed_prng() is called again and
>+           FP behaves like a static file and always provides the same content;
>+           with devices like /dev/urandom and /dev/random, there would be bo reason
>+           not to fclose(FP) here */
>+    } else {
>+        fprintf(stderr,"Warning: weak salt generation!\n");
>+        fprintf(stderr,"For better security, install /dev/urandom or provide the name of a file or device\n");
>+        fprintf(stderr,"that can provide enough random data in the environment variable RANDOM_SEED\n",(intSize/8));
>+        (void) srand((int) time((time_t *) NULL));
>+    }
>+}
>+
>+static void generate_salt(char *s, size_t size)
>+{
>+   static unsigned char tbl[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
>+   size_t i;
>+   int bitsUsed = 0;
>+   for (i = 0; i < size; ++i) {
>+       int idx = (int) (64.0 * rand() / (RAND_MAX + 1.0));
>+       bitsUsed += 6;
>+       s[i] = tbl[idx];
>+       /* re-seed the PRNG if already used an integer's worth of bytes, or if the next 
>+          loop iteration would use more than an int, since the seed for rand() is an int.
>+          This will only need to happen on platforms with integers less than 48 bits. */
>+       if ( (bitsUsed + 6) > (8*sizeof(int)) )
>+       {
>+           /* re-seed */
>+           (void)seed_prng();
>+           /* reset our counter */
>+           bitsUsed = 0;
>+       }
>+   }
>+}
>+
> static void putline(apr_file_t *f, const char *l)
> {
>     apr_file_puts(l, f);
>@@ -162,8 +225,8 @@
>         break;
> 
>     case ALG_APMD5:
>-        (void) srand((int) time((time_t *) NULL));
>-        to64(&salt[0], rand(), 8);
>+        (void)seed_prng();
>+        generate_salt(&salt[0], 8);
>         salt[8] = '\0';
> 
>         apr_md5_encode((const char *)pw, (const char *)salt,
>@@ -178,7 +241,7 @@
> #if !(defined(WIN32) || defined(NETWARE))
>     case ALG_CRYPT:
>     default:
>-        (void) srand((int) time((time_t *) NULL));
>+        (void)seed_prng();
>         to64(&salt[0], rand(), 8);
>         salt[8] = '\0';
>

Actions: View | Diff

Attachments on bug 31440: 12871 | 21429 | 21433 | 24178 | 24179