[PATCH] When generating the token, don't use a weak PRNG.
Nick Lowe
nick.lowe at lugatech.com
Wed Jan 27 07:45:00 PST 2016
Version with sane whitespace attached.
When generating the token, don't use a weak PRNG.
Signed-off-by: Nick Lowe <nick.lowe at lugatech.com>
---
src/eap_server/eap_server_pwd.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
index 36ac555..eb3e00f 100644
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -178,8 +178,11 @@ static void eap_pwd_build_id_req(struct eap_sm
*sm, struct eap_pwd_data *data,
return;
}
- /* an lfsr is good enough to generate unpredictable tokens */
- data->token = os_random();
+ if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
+ eap_pwd_state(data, FAILURE);
+ return;
+ }
+
wpabuf_put_be16(data->outbuf, data->group_num);
wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_RAND_FUNC);
wpabuf_put_u8(data->outbuf, EAP_PWD_DEFAULT_PRF);
--
2.5.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-When-generating-the-token-don-t-use-a-weak-PRNG.patch
Type: text/x-patch
Size: 1052 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160127/58f22f3e/attachment.bin>
More information about the Hostap
mailing list