diff --git a/daemon/codec.c b/daemon/codec.c index 5327e714c..ff81b6a11 100644 --- a/daemon/codec.c +++ b/daemon/codec.c @@ -368,7 +368,7 @@ struct codec_handler *codec_handler_make_playback(const struct rtp_payload_type handler->ssrc_handler = (void *) __ssrc_handler_transcode_new(handler); handler->ssrc_handler->first_ts = last_ts; while (handler->ssrc_handler->first_ts == 0) - handler->ssrc_handler->first_ts = random(); + handler->ssrc_handler->first_ts = ssl_random(); handler->ssrc_handler->rtp_mark = 1; ilogs(codec, LOG_DEBUG, "Created media playback context for " STR_FORMAT " -> " STR_FORMAT "", @@ -1194,7 +1194,7 @@ static void __rtcp_timer_run(struct timerthread_queue *q, void *p) { __rtcp_timer_free(rt); goto out; } - timeval_add_usec(&rtcp_timer, 5000000 + (random() % 2000000)); + timeval_add_usec(&rtcp_timer, 5000000 + (ssl_random() % 2000000)); media->rtcp_timer = rtcp_timer; __codec_rtcp_timer_schedule(media); @@ -1232,7 +1232,7 @@ static void __codec_rtcp_timer(struct call_media *receiver) { return; receiver->rtcp_timer = rtpe_now; - timeval_add_usec(&receiver->rtcp_timer, 5000000 + (random() % 2000000)); + timeval_add_usec(&receiver->rtcp_timer, 5000000 + (ssl_random() % 2000000)); __codec_rtcp_timer_schedule(receiver); // XXX unify with media player into a generic RTCP player } diff --git a/daemon/media_player.c b/daemon/media_player.c index 9447f0051..f0441875d 100644 --- a/daemon/media_player.c +++ b/daemon/media_player.c @@ -107,7 +107,7 @@ struct media_player *media_player_new(struct call_monologue *ml) { uint32_t ssrc = 0; while (ssrc == 0) - ssrc = random(); + ssrc = ssl_random(); struct ssrc_ctx *ssrc_ctx = get_ssrc_ctx(ssrc, ml->call->ssrc_hash, SSRC_DIR_OUTPUT, ml); ssrc_ctx->next_rtcp = rtpe_now; @@ -119,7 +119,7 @@ struct media_player *media_player_new(struct call_monologue *ml) { mp->run_func = media_player_read_packet; // default mp->call = obj_get(ml->call); mp->ml = ml; - mp->seq = random(); + mp->seq = ssl_random(); mp->ssrc_out = ssrc_ctx; av_init_packet(&mp->pkt); @@ -174,7 +174,7 @@ static void send_timer_rtcp(struct send_timer *st, struct ssrc_ctx *ssrc_out) { // XXX missing locking? ssrc_out->next_rtcp = rtpe_now; - timeval_add_usec(&ssrc_out->next_rtcp, 5000000 + (random() % 2000000)); + timeval_add_usec(&ssrc_out->next_rtcp, 5000000 + (ssl_random() % 2000000)); } diff --git a/daemon/sdp.c b/daemon/sdp.c index 4e2aa4412..dd6efe75f 100644 --- a/daemon/sdp.c +++ b/daemon/sdp.c @@ -2455,7 +2455,7 @@ int sdp_replace(struct sdp_chopper *chop, GQueue *sessions, struct call_monologu if (!monologue->sdp_version) { monologue->sdp_version = session->origin.version_num; if (monologue->sdp_version == 0 || monologue->sdp_version == ULLONG_MAX) - monologue->sdp_version = random(); + monologue->sdp_version = ssl_random(); } sess_conn = 0; diff --git a/daemon/ssrc.c b/daemon/ssrc.c index 22e52c249..b0148bdee 100644 --- a/daemon/ssrc.c +++ b/daemon/ssrc.c @@ -14,7 +14,7 @@ static void init_ssrc_ctx(struct ssrc_ctx *c, struct ssrc_entry_call *parent) { c->parent = parent; payload_tracker_init(&c->tracker); while (!c->ssrc_map_out) - c->ssrc_map_out = random(); + c->ssrc_map_out = ssl_random(); } static void init_ssrc_entry(struct ssrc_entry *ent, u_int32_t ssrc) { ent->ssrc = ssrc; @@ -26,8 +26,8 @@ static struct ssrc_entry *create_ssrc_entry_call(void *uptr) { ent = obj_alloc0("ssrc_entry_call", sizeof(*ent), __free_ssrc_entry_call); init_ssrc_ctx(&ent->input_ctx, ent); init_ssrc_ctx(&ent->output_ctx, ent); - //ent->seq_out = random(); - //ent->ts_out = random(); + //ent->seq_out = ssl_random(); + //ent->ts_out = ssl_random(); return &ent->h; } static void add_ssrc_entry(u_int32_t ssrc, struct ssrc_entry *ent, struct ssrc_hash *ht) { diff --git a/include/aux.h b/include/aux.h index 5a9a94945..0c9b7f1d9 100644 --- a/include/aux.h +++ b/include/aux.h @@ -242,6 +242,16 @@ INLINE int rlim(int res, rlim_t val) { +/*** TAINT FUNCTIONS ***/ + +#define taint_func(symbol, reason) \ + __typeof__(symbol) symbol __attribute__((__error__(reason))) + +taint_func(rand, "use ssl_random() instead"); +taint_func(random, "use ssl_random() instead"); +taint_func(srandom, "use RAND_seed() instead"); + + /*** INET ADDRESS HELPERS ***/ diff --git a/lib/ssllib.c b/lib/ssllib.c index c355192c5..144cbd237 100644 --- a/lib/ssllib.c +++ b/lib/ssllib.c @@ -39,9 +39,6 @@ static void make_OpenSSL_thread_safe(void) { void rtpe_ssl_init(void) { - struct timespec ts; - clock_gettime(CLOCK_REALTIME, &ts); - srandom(ts.tv_sec ^ ts.tv_nsec); #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) SSL_library_init(); SSL_load_error_strings(); diff --git a/t/test-transcode.c b/t/test-transcode.c index 8a6b08666..bd1c1bb6d 100644 --- a/t/test-transcode.c +++ b/t/test-transcode.c @@ -333,8 +333,10 @@ static void dtmf(const char *s) { #define AMR_WB_payload_noe "\xf1\xfc\xc1\x82\x04\x1d\xcc\x88\xc8\x34\xd4\x18\x84\xb1\xdf\x38\xba\xa1\x03\x9b\xbd\x13\x79\x1f\xf2\x53\x33\x16\x17\x7b\x73\x17\x5f\x1b\x05\x1f\x70" // bandwidth efficient int main(void) { + unsigned long random_seed = 0; + codeclib_init(0); - srandom(time(NULL)); + RAND_seed(&random_seed, sizeof(random_seed)); statistics_init(); codecs_init();