https://bugzilla.novell.com/show_bug.cgi?id=852224 https://bugzilla.novell.com/show_bug.cgi?id=852224#c5 --- Comment #5 from Marcus Meissner <meissner@suse.com> 2013-11-30 10:08:38 UTC --- Is suppose this is part of the fix. +void +xb_crypt_init_iv() +{ + uint seed = time(NULL); + srandom(seed); +} + +void +xb_crypt_create_iv(void* ivbuf, size_t ivlen) +{ + size_t i; + ulong rndval; + + for (i = 0; i < ivlen; i++) { + if (i % 4 == 0) { + rndval = (ulong) random(); + } + ((uchar*)ivbuf)[i] = ((uchar*)&rndval)[i % 4]; + } +} This still risks keystream reuse because time() is fairly coarse. What's worse, on 64-bit big-endian architectures, it results in a constant zero IV because RAND_MAX is not large enough to reach the upper 32 bits in the first four bytes of the rndval variable. -- Florian Weimer / Red Hat Product Security Team -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.