[PATCH] When generating the token, don't use a weak PRNG.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Version with sane whitespace attached.

When generating the token, don't use a weak PRNG.

Signed-off-by: Nick Lowe <nick.lowe@xxxxxxxxxxxx>
---
 src/eap_server/eap_server_pwd.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 36ac555..eb3e00f 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -178,8 +178,11 @@ static void eap_pwd_build_id_req(struct eap_sm
*sm, struct eap_pwd_data *data,
         return;
     }

-    /* an lfsr is good enough to generate unpredictable tokens */
-    data->token = os_random();
+    if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
+        eap_pwd_state(data, FAILURE);
+        return;
+    }
+
     wpabuf_put_be16(data->outbuf, data->group_num);
     wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
     wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
-- 
2.5.0
From c6711f6bd7078c00b723780f7818b91912f4f4d2 Mon Sep 17 00:00:00 2001
From: Nick Lowe <nick.lowe@xxxxxxxxxxxx>
Date: Wed, 27 Jan 2016 15:20:40 +0000
Subject: [PATCH] When generating the token, don't use a weak PRNG.

Signed-off-by: Nick Lowe <nick.lowe@xxxxxxxxxxxx>
---
 src/eap_server/eap_server_pwd.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 36ac555..eb3e00f 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -178,8 +178,11 @@ static void eap_pwd_build_id_req(struct eap_sm *sm, struct eap_pwd_data *data,
 		return;
 	}
 
-	/* an lfsr is good enough to generate unpredictable tokens */
-	data->token = os_random();
+	if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
+		eap_pwd_state(data, FAILURE);
+		return;
+	}
+
 	wpabuf_put_be16(data->outbuf, data->group_num);
 	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
 	wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
-- 
2.5.0

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux