Feature: Work around and warn user if no PRNG seeds are configured

2025-02-02 15:07:36 -05:00 · 2020-10-22 09:49:10 +00:00 · 2020-10-22 09:49:10 +00:00 · a5f7b621c0
commit a5f7b621c0
parent f688dce8a5
4 changed files with 25 additions and 0 deletions
--- a/src/admin.c
+++ b/src/admin.c
@ -1472,6 +1472,8 @@ static void command_dashboard           (client_t *client, source_t *source, adm
        __reportxml_add_maintenance(reportnode, config->reportxml_db, "8defae31-a52e-4bba-b904-76db5362860f", "warning", "No useful location is given in <location>.", NULL);
    if (config->config_problems & CONFIG_PROBLEM_ADMIN)
        __reportxml_add_maintenance(reportnode, config->reportxml_db, "cf86d88e-dc20-4359-b446-110e7065d17a", "warning", "No admin contact given in <admin>. YP directory support will is disabled.", NULL);
+    if (config->config_problems & CONFIG_PROBLEM_PRNG)
+        __reportxml_add_maintenance(reportnode, config->reportxml_db, "e2ba5a8b-4e4f-41ca-b455-68ae5fb6cae0", "error", "No PRNG seed configured. PRNG is insecure.", NULL);

    if (!has_sources)
        __reportxml_add_maintenance(reportnode, config->reportxml_db, "f68dd8a3-22b1-4118-aba6-b039f2c5b51e", "info", "Currently no sources are connected to this server.", NULL);
--- a/src/cfgfile.c
+++ b/src/cfgfile.c
@ -1166,6 +1166,23 @@ static void _parse_root(xmlDocPtr       doc,
    if (configuration->port == 0)
        configuration->port = 8000;

+    if (!configuration->prng_seed) {
+        configuration->config_problems |= CONFIG_PROBLEM_PRNG;
+#ifndef _WIN32
+        configuration->prng_seed = calloc(1, sizeof(prng_seed_config_t));
+        if (configuration->prng_seed) {
+            configuration->prng_seed->filename = (char*)xmlStrdup(XMLSTR("linux")); // the linux profile is also fine on BSD.
+            configuration->prng_seed->type = PRNG_SEED_TYPE_PROFILE;
+            configuration->prng_seed->size = -1;
+            ICECAST_LOG_WARN("Warning, no PRNG seed configured, using default profile \"linux\".");
+        } else {
+            ICECAST_LOG_ERROR("No PRNG seed configured and unable to add one. PRNG is insecure.");
+        }
+#else
+        ICECAST_LOG_ERROR("No PRNG seed configured and unable to add one. PRNG is insecure.");
+#endif
+    }
+
    /* issue some warnings on bad configurations */
    if (!configuration->fileserve)
        ICECAST_LOG_WARN("Warning, serving of static files has been disabled "
--- a/src/cfgfile.h
+++ b/src/cfgfile.h
@ -31,6 +31,7 @@
 #define CONFIG_PROBLEM_HOSTNAME         0x0001U
 #define CONFIG_PROBLEM_LOCATION         0x0002U
 #define CONFIG_PROBLEM_ADMIN            0x0004U
+#define CONFIG_PROBLEM_PRNG             0x0008U

 typedef enum _http_header_type {
    /* static: headers are passed as is to the client. */
--- a/web/assets/css/style.css
+++ b/web/assets/css/style.css
@ -343,6 +343,11 @@ aside {
    list-style: none;
 }

+.maintenance-level-error > *:first-child::before {
+    font-weight: bold;
+    content: "Error: ";
+}
+
 .maintenance-level-warning > *:first-child::before {
    font-weight: bold;
    content: "Warning: ";