[PATCH] Correct the security weak construction of client_random and server_random in Client and Server Hellos.
Nick Lowe
nick.lowe at lugatech.com
Wed Feb 10 06:39:21 PST 2016
Correct the security weak construction of client_random and
server_random in Client and Server Hellos. random_get_bytes(...) already
mixes in the current date and time via its entropy pool.
Signed-off-by: Nick Lowe <nick.lowe at lugatech.com>
---
src/tls/tlsv1_client_write.c | 5 +----
src/tls/tlsv1_server_write.c | 5 +----
2 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index 04d895e..ae76a19 100644
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -45,7 +45,6 @@ static size_t tls_client_cert_chain_der_len(struct
tlsv1_client *conn)
u8 * tls_send_client_hello(struct tlsv1_client *conn, size_t *out_len)
{
u8 *hello, *end, *pos, *hs_length, *hs_start, *rhdr;
- struct os_time now;
size_t len, i;
u8 *ext_start;
u16 tls_version = TLS_VERSION;
@@ -71,9 +70,7 @@ u8 * tls_send_client_hello(struct tlsv1_client
*conn, size_t *out_len)
tls_version_str(tls_version));
*out_len = 0;
- os_get_time(&now);
- WPA_PUT_BE32(conn->client_random, now.sec);
- if (random_get_bytes(conn->client_random + 4, TLS_RANDOM_LEN - 4)) {
+ if (random_get_bytes(conn->client_random, TLS_RANDOM_LEN)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
"client_random");
return NULL;
diff --git a/src/tls/tlsv1_server_write.c b/src/tls/tlsv1_server_write.c
index bdc6c11..584462d 100644
--- a/src/tls/tlsv1_server_write.c
+++ b/src/tls/tlsv1_server_write.c
@@ -43,7 +43,6 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
u8 **msgpos, u8 *end)
{
u8 *pos, *rhdr, *hs_start, *hs_length, *ext_start;
- struct os_time now;
size_t rlen;
pos = *msgpos;
@@ -52,9 +51,7 @@ static int tls_write_server_hello(struct tlsv1_server *conn,
rhdr = pos;
pos += TLS_RECORD_HEADER_LEN;
- os_get_time(&now);
- WPA_PUT_BE32(conn->server_random, now.sec);
- if (random_get_bytes(conn->server_random + 4, TLS_RANDOM_LEN - 4)) {
+ if (random_get_bytes(conn->server_random, TLS_RANDOM_LEN)) {
wpa_printf(MSG_ERROR, "TLSv1: Could not generate "
"server_random");
return -1;
--
2.5.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Correct-the-security-weak-construction-of-client_ran.patch
Type: text/x-patch
Size: 2291 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160210/bd25221e/attachment-0001.bin>
More information about the Hostap
mailing list