summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>1999-08-26 13:37:02 +0000
committerNiels Provos <provos@cvs.openbsd.org>1999-08-26 13:37:02 +0000
commitc26d3d2d3a2688f716bda400cb413ea51aa98658 (patch)
tree25195dc35e2c5d91b08289989207c2ab65b3ef10 /sys
parent8a0d1090d7418f7f9d0ae904ede1b5015347068b (diff)
add an inner xor to make prediction attacks against the ids harder, due
to an attack pointed out by David Wagner.
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/ip_id.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/netinet/ip_id.c b/sys/netinet/ip_id.c
index 54ab20fbf42..4f03a48d1a1 100644
--- a/sys/netinet/ip_id.c
+++ b/sys/netinet/ip_id.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_id.c,v 1.1 1998/12/26 12:35:12 provos Exp $ */
+/* $OpenBSD: ip_id.c,v 1.2 1999/08/26 13:37:01 provos Exp $ */
/*
* Copyright 1998 Niels Provos <provos@citi.umich.edu>
@@ -76,7 +76,7 @@ const static u_int16_t pfacts[PFAC_N] = {
};
static u_int16_t ru_x;
-static u_int16_t ru_seed;
+static u_int16_t ru_seed, ru_seed2;
static u_int16_t ru_a, ru_b;
static u_int16_t ru_g;
static u_int16_t ru_counter = 0;
@@ -136,6 +136,8 @@ ip_initid(void)
/* 15 bits of random seed */
ru_seed = (tmp >> 16) & 0x7FFF;
+ get_random_bytes((void *) &tmp, sizeof(tmp));
+ ru_seed2 = tmp & 0x7FFF;
get_random_bytes((void *) &tmp, sizeof(tmp));
@@ -195,5 +197,5 @@ ip_randomid(void)
ru_counter += i;
- return (ru_seed ^ pmod(ru_g,ru_x,RU_N)) | ru_msb;
+ return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x,RU_N)) | ru_msb;
}