| Revisão | 28805243f676e769f7c8035125c9e78bf5606434 (tree) |
|---|---|
| Hora | 2022-05-29 14:44:36 |
| Autor | hanishkvc <hanishkvc@gmai...> |
| Commiter | Waldemar Brodkorb |
DnsLookup: stdint, timeforced reseeding
Explicitly include stdint header as logic uses INT[64]_MAX, just
in case for future, even though the chain of headers from existing
includes brings in the definition indirectly as of now.
Cross check for time gap between prngplus reseeding, periodically,
has the internal state is being consumed, so that if there is too
much time gap, then prng reseeding can be forced, before the normal
reseed window is reached. This is useful for long running programs
which trigger dns queries only intermittently.
If clock_gettime is not available, then reseed more frequently, by
default. A platform developer may change the reseed frequence, to
be bit more less often in this case, if needed, by tweaking the
defines in the source.
Signed-off-by: hanishkvc <hanishkvc@gmail.com>
libc/inet/resolv.c (diff)| @@ -248,6 +248,7 @@ Domain name in a message can be represented as either: | ||
| 248 | 248 | #include <netdb.h> |
| 249 | 249 | #include <ctype.h> |
| 250 | 250 | #include <stdbool.h> |
| 251 | +#include <stdint.h> | |
| 251 | 252 | #include <time.h> |
| 252 | 253 | #include <arpa/nameser.h> |
| 253 | 254 | #include <sys/utsname.h> |
| @@ -1131,6 +1132,22 @@ int _dnsrand_getrandom_urcl(int *rand_value) { | ||
| 1131 | 1132 | #define DNSRAND_RESEED_OP1 (DNSRAND_PRNGSTATE_INT32LEN*6) |
| 1132 | 1133 | #define DNSRAND_RESEED_OP2 DNSRAND_PRNGSTATE_INT32LEN |
| 1133 | 1134 | #endif |
| 1135 | + | |
| 1136 | +#define DNSRAND_TIMEFORCED_RESEED_CHECKMOD (DNSRAND_PRNGSTATE_INT32LEN/8) | |
| 1137 | +#define DNSRAND_TIMEFORCED_RESEED_SECS 120 | |
| 1138 | + | |
| 1139 | +time_t clock_getcursec(void) { | |
| 1140 | + static time_t dummyTime = 0; | |
| 1141 | +#if defined __USE_POSIX199309 && defined __UCLIBC_HAS_REALTIME__ | |
| 1142 | + struct timespec ts; | |
| 1143 | + if (clock_gettime(CLOCK_REALTIME, &ts) == 0) { | |
| 1144 | + return ts.tv_sec; | |
| 1145 | + } | |
| 1146 | +#endif | |
| 1147 | + dummyTime += DNSRAND_TIMEFORCED_RESEED_SECS; | |
| 1148 | + return dummyTime; | |
| 1149 | +} | |
| 1150 | + | |
| 1134 | 1151 | /* |
| 1135 | 1152 | * This logic uses uclibc's random PRNG to generate random int. This keeps the |
| 1136 | 1153 | * logic fast by not depending on a more involved CPRNG kind of logic nor on a |
| @@ -1171,6 +1188,9 @@ int _dnsrand_getrandom_urcl(int *rand_value) { | ||
| 1171 | 1188 | * |
| 1172 | 1189 | */ |
| 1173 | 1190 | int _dnsrand_getrandom_prng(int *rand_value) { |
| 1191 | + static time_t reSeededSec = 0; | |
| 1192 | + time_t curSec = 0; | |
| 1193 | + bool bTimeForcedReSeed = 0; | |
| 1174 | 1194 | static int cnt = -1; |
| 1175 | 1195 | static int nextReSeedWindow = DNSRAND_RESEED_OP1; |
| 1176 | 1196 | static int32_t prngState[DNSRAND_PRNGSTATE_INT32LEN]; /* prng logic internally assumes int32_t wrt state array, so to help align if required */ |
| @@ -1185,7 +1205,15 @@ int _dnsrand_getrandom_prng(int *rand_value) { | ||
| 1185 | 1205 | initstate_r(prngSeed, (char*)&prngState, DNSRAND_PRNGSTATE_INT32LEN*4, &prngData); |
| 1186 | 1206 | } |
| 1187 | 1207 | cnt += 1; |
| 1188 | - if ((cnt % nextReSeedWindow) == 0) { | |
| 1208 | + if ((cnt % DNSRAND_TIMEFORCED_RESEED_CHECKMOD) == 0) { | |
| 1209 | + curSec = clock_getcursec(); | |
| 1210 | + if ((curSec - reSeededSec) >= DNSRAND_TIMEFORCED_RESEED_SECS) { | |
| 1211 | + bTimeForcedReSeed = 1; | |
| 1212 | + } | |
| 1213 | + } | |
| 1214 | + if (((cnt % nextReSeedWindow) == 0) || bTimeForcedReSeed) { | |
| 1215 | + if (curSec == 0) curSec = clock_getcursec(); | |
| 1216 | + reSeededSec = curSec; | |
| 1189 | 1217 | if (_dnsrand_getrandom_urcl(&prngSeed) != 0) { |
| 1190 | 1218 | random_r(&prngData, &prngSeed); |
| 1191 | 1219 | } |
Fork