Changeset 147

Timestamp:

Nov 26, 2007, 8:34:29 PM (17 years ago)

Author:

katerina

Message:

Fix regression in the seeding routine of the PRNG

Location:

trunk

Files:

• Makefile.in (modified) (1 diff)
• configure.ac (modified) (1 diff)
• depend.dep (modified) (1 diff)
• depend.sum (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• src/sh_entropy.c (modified) (3 diffs)
• test/testcompile.sh (modified) (1 diff)

trunk/Makefile.in

@@ -1650 +1650 @@
 sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h 
 sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h 
-sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h 
+sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 
 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 
 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h 

trunk/configure.ac

@@ -13 +13 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 2.4.0a)
+AM_INIT_AUTOMAKE(samhain, 2.4.1)
 AC_CANONICAL_HOST
 

trunk/depend.dep

@@ -16 +16 @@
 sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h 
 sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h 
-sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h 
+sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h 
 sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_mail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h 
 sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_kern.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h 

trunk/depend.sum

@@ -1 @@
-
+1541314115

trunk/docs/Changelog

@@ -1 +1 @@
 2.4.1:
+        * security fix: regression in the seeding routine for the PRNG 
+          (detected by C. Mueller)
+        * regression test added for PRNG seeding routine
         * fix problem with PCI ROM check (spurious messages about modified
           timestamps, reported by S. Clormann)

trunk/src/sh_entropy.c

@@ -295 +295 @@
       if (0 == sh_unix_device_readable(fd2)) 
         {
-          m_count = sl_read_timeout_fd(fd2, &nbuf, nbytes, 
+          m_count = sl_read_timeout_fd(fd2, nbuf, nbytes, 
                                        timeout_val, SL_FALSE);
           if (m_count < 0)
@@ -387 +387 @@
       SH_MUTEX_UNLOCK_UNSAFE(mutex_skey);
       memset (keybuf, '\0', KEY_BYT);
+      memset (kbuf,   '\0', sizeof(kbuf));
       
       SL_RETURN(0, _("sh_entropy"));
@@ -960 +961 @@
 #endif
 
-
-
-
-
-
-
+#ifdef SH_CUTEST
+#include "CuTest.h"
+
+void Test_entropy (CuTest *tc)
+{
+  char                 bufx[9 * sizeof(UINT32) + 1];
+  char                 bufy[9 * sizeof(UINT32) + 1];
+  int                  status;
+
+  memset(skey->poolv, '\0', KEY_BYT);
+
+  status = sh_entropy (24, bufx);
+  CuAssertTrue(tc, 0 == status);
+
+  memset(skey->poolv, '\0', KEY_BYT);
+
+  status = sh_entropy (24, bufy);
+  CuAssertTrue(tc, 0 == status);
+
+  CuAssertTrue(tc, 0 != memcmp(bufx, bufy, 24));
+}
+#endif
+
+
+
+
+
+
+
+

trunk/test/testcompile.sh

@@ -414 +414 @@
         # test standalone compilation
         #
-        TEST="${S}standalone w/o mail${E}"
-        #
-        if test -r "Makefile"; then
-                $MAKE clean
-        fi
-        #
-        ${TOP_SRCDIR}/configure --quiet --disable-mail --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test  > /dev/null 2>> test_log  
+        TEST="${S}standalone w/o mail w/unix_rnd${E}"
+        #
+        if test -r "Makefile"; then
+                $MAKE clean
+        fi
+        #
+        ${TOP_SRCDIR}/configure --quiet --disable-mail --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$PW_DIR/samhainrc.test --with-rnd=unix > /dev/null 2>> test_log  
         #
         let "num = num + 1" >/dev/null