[Openvpn-devel] [PATCH] Move create_temp_file() out of #ifdef ENABLE_CRYPTO

Steffan Karger Tue, 25 Jul 2017 14:05:44 -0700

From: Steffan Karger <steffan.kar...@fox-it.com>

By using get_random() instead of prng_bytes(), we no longer have to place
create_temp_file() inside #ifdef ENABLE_CRYPTO.


The resulting filename now has 62 bits of entropy (2 * [0-INT_MAX])
instead of the previous 128 bits, but that should be plenty.  Assuming an
int is 32 bits, we would need about 2**31 (2147483648) files to have a
(roughly) 0.5 chance of failing in one of the 6 attempts we do.

(This is preparing to move the function out of misc.c, where I'd prefer to
not have to add a #include "crypto.h".)

Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
---
 src/openvpn/misc.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 4f729911..1537a2e4 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -831,8 +831,6 @@ test_file(const char *filename)
     return ret;
 }
 
-#ifdef ENABLE_CRYPTO
-
 /* create a temporary filename in directory */
 const char *
 create_temp_file(const char *directory, const char *prefix, struct gc_arena 
*gc)
@@ -845,15 +843,11 @@ create_temp_file(const char *directory, const char 
*prefix, struct gc_arena *gc)
 
     do
     {
-        uint8_t rndbytes[16];
-        const char *rndstr;
-
         ++attempts;
         ++counter;
 
-        prng_bytes(rndbytes, sizeof rndbytes);
-        rndstr = format_hex_ex(rndbytes, sizeof rndbytes, 40, 0, NULL, gc);
-        buf_printf(&fname, PACKAGE "_%s_%s.tmp", prefix, rndstr);
+        buf_printf(&fname, PACKAGE "_%s_%08lx%08lx.tmp", prefix,
+                   (unsigned long) get_random(), (unsigned long) get_random());
 
         retfname = gen_path(directory, BSTR(&fname), gc);
         if (!retfname)
@@ -884,6 +878,8 @@ create_temp_file(const char *directory, const char *prefix, 
struct gc_arena *gc)
     return NULL;
 }
 
+#ifdef ENABLE_CRYPTO
+
 /*
  * Prepend a random string to hostname to prevent DNS caching.
  * For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov.
-- 
2.11.0


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Move create_temp_file() out of #ifdef ENABLE_CRYPTO

Reply via email to