[PATCH] Correct the security weak construction of client_random and server_random in Client and Server Hellos.

Nick Lowe nick.lowe at lugatech.com
Wed Feb 10 06:39:21 PST 2016 

Correct the security weak construction of client_random and
server_random in Client and Server Hellos. random_get_bytes(...) already
mixes in the current date and time via its entropy pool.

Signed-off-by: Nick Lowe <nick.lowe at lugatech.com>
---
 src/tls/tlsv1_client_write.c | 5 +----
 src/tls/tlsv1_server_write.c | 5 +----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index 04d895e..ae76a19 100644
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -45,7 +45,6 @@ static size_t tls_client_cert_chain_der_len(struct
tlsv1_client *conn)
 u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
 {
     u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
-    struct os_time now;
     size_t len, i;
     u8 *ext_start;
     u16 tls_version = TLS_VERSION;
@@ -71,9 +70,7 @@ u8 * tls_send_client_hello(struct tlsv1_client
*conn, size_t *out_len)
            tls_version_str(tls_version));
     *out_len = 0;

-    os_get_time(&now);
-    WPA_PUT_BE32(conn->client_random, now.sec);
-    if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
+    if (random_get_bytes(conn->client_random, TLS_RANDOM_LEN)) {
         wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
                "client_random");
         return NULL;
diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c
index bdc6c11..584462d 100644
--- a/src/tls/tlsv1_server_write.c
+++ b/src/tls/tlsv1_server_write.c
@@ -43,7 +43,6 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
                   u8 **msgpos, u8 *end)
 {
     u8 *pos, *rhdr, *hs_start, *hs_length, *ext_start;
-    struct os_time now;
     size_t rlen;

     pos = *msgpos;
@@ -52,9 +51,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
     rhdr = pos;
     pos += TLS_RECORD_HEADER_LEN;

-    os_get_time(&now);
-    WPA_PUT_BE32(conn->server_random, now.sec);
-    if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
+    if (random_get_bytes(conn->server_random, TLS_RANDOM_LEN)) {
         wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
                "server_random");
         return -1;
-- 
2.5.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Correct-the-security-weak-construction-of-client_ran.patch
Type: text/x-patch
Size: 2291 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160210/bd25221e/attachment-0001.bin>

More information about the Hostap mailing list